Creating API services with Azure Logic Apps and API Management

As we provide server-to-server APIs and expose business logic and data to partners and developers, we end up with a large amount of services on different systems, platforms, endpoints and domains. It can be challenging to keep order and structure to all these services. Azure API Management provides a comprehensive solution to that problem.

Why API Management?

I have seen many attempts to organise services and data by forcing an organisation and their teams to use a single platform. For example, use IBM Integration Bus or Microsoft Biztalk Server for all integrations as a policy. This leads to a huge bottleneck, both in workload and on the IT platforms themselves. Instead, we need to embrace the fact that thousands of loosely-coupled services can support an enterprise and do so in an ordered fashion.

API management simply adds a layer on top of the "chaos". We can set a custom domain, say api.mydomain.com, that will act as the standard entry point for all integrations and services. We can then build logical URL structures under this domain name for all service endpoints. The API management services then secures and throttles calls and reroutes requests to their end destination. We can also group specific services together into products and allow user-specific access to a group of services. API management also deals with versioning of APIs.

Azure API management can really scale to your needs and is a very cost effective solution. To set it up, simply create a new Azure API Management Service in your subscription and, once completed, open the APIs section.

Exposing a logic app

We can connect a logic app directly to the Azure API management service by selecting "Logic App" under API/New in the Azure portal. The logic app version tags and URL settings are automatically managed by the service so no need to change URLs as the logic app gets updated.

Azure API management requires, by standard, the end user to send an API subscription key named 'Ocp-Apim-Subscription-Key' which is sent in the header. You can disable this requirement from the Settings area in your new API and also change the name of the header. If enabled then you should create user-specific subscription keys so that you can revoke access to the API at a later stage.

The combination of API management and logic apps can give you a low-code/no-code integration service in a matter of minutes.