labs apim

scenario

sequenceDiagram
  
    title: oauth2 client credential 
  
    box gray Internet 
    participant C as Client 
    end

    box rgb(0, 80, 255) Azure
    participant AAD as Azure AD
    participant AG as Application<br/>Gateway 
    participant APM as API <br/> Management 
    participant R as Resource<br/>Server
    end

    
    autonumber
    Note over C, R:  requires app registration on Azure AD <br> for Client and Resource Server 
    %% token acquisition 
    C ->> AAD: access token request
    AAD ->> C: 
    
    %% api call
    C  ->> AG: api call 
    AG ->> APM:   
    activate C
    APM ->> APM: apply security policy
    APM ->> +R: forward request 
    R --> AAD:  validate jwt token
%%  R ->> R: serve
    R ->> -APM: response
    APM ->> AG: forward  response
    AG ->> C: 
    deactivate C

documentation

• docs
• labs-apim-app code

steps

• main infrstructure with terraform
• domain registered
• wild certificate
• API software
• WEB software
• Private DNS
• APIM instance
• APP GW instance

reference links

App GW & APIM

• Azure Learn

  1. APIM | Configure a JWT validation policy to pre-authorize requests
  2. APIM az cli

• other

  1. Protecting APIs with API Management and Application Gateway
  2. Azure Web Apps, Private Endpoint and APIM to host APIs privately
  3. Secure APIM with Application Gateway
  4. Integrate API Management in an Internal VNET with Application Gateway
  5. Integrating Azure Application Gateway with multiple custom domains with Azure APIM

Azure Terraform

1. Terraform Azure Modules

Let's encrypt

1. Wildcard SSL certificate by Let's Encrypt