⛔Never push sensitive information such as client id's, secrets or keys into repositories including in the README file⛔
The APIM developer API is the inner API used to managed subscriptions to externally faced APIs. It also provides a mechanism for formatting the open API definition of the external API, excluding any headers that arent applicable.
The APIM Developer API connects to the Azure APIM API to allow the following operations.
- Get API Products
- Get Subscriptions
- Create User
- Authenticate User
The API products are retrieved by UserType, currently the available user types are
- Documentation
- External
- Provider
- Employer
These types are defined against the API when registered in APIM. All APIs have the documentation type defined against them so that they appear in the developer.apprenticeships.gov.uk site
The subscriptions are created in the following format $"{apimUserType}-{internalUserId}-{productName}"
where the following is allowed:
apimUserType - Provider, Employer, External
internalUserId - this is the identifier, which is either the UKPRN, EmployerAccountId or External User Id GUID.
productName - The product which the user is subscribing to that is available to them
The subscriptions are then stored in Azure APIM
This is used to create a user that is able to access the API and is part of the External APIM user type group.
The authentication process is done using the Azure APIM api, this validates the credentials against what is stored in Azure APIM. No user information is stored in the database for this API
There is an internal audit process that runs, this stores a record in the database to record when a subscription has been created or a subscription has been renewed. This is stored in a SQL database.
- A clone of this repository
- A code editor that supports Azure functions and .NetCore 3.1
- An Azure Active Directory account with the appropriate roles as per the config
- SQL server - Publish the
SFA.DAS.APIM.Developer.Database
project to create the SQL database
The APIM developer api uses the standard Apprenticeship Service configuration. All configuration can be found in the das-employer-config repository.
- appsettings.json file
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"ConfigurationStorageConnectionString": "UseDevelopmentStorage=true;",
"ConfigNames": "SFA.DAS.Apim.Developer.Api",
"Environment": "LOCAL",
"Version": "1.0",
"APPINSIGHTS_INSTRUMENTATIONKEY": "",
"AllowedHosts": "*"
}
Azure Table Storage config
Row Key: SFA.DAS.Apim.Developer.Api_1.0
Partition Key: LOCAL
Data:
{
"AzureApimManagement": {
"ApimUserManagementUrl" : "https://{AZURE-APIM-URL}}",
"ApimResourceId": "/subscriptions/{SUBSCRIPTION-ID}}/resourceGroups/{RESOURCE-GROUP-NAME}/providers/Microsoft.ApiManagement/service/{APIM-NAME}"
},
"ApimDeveloperApi": {
"ConnectionString": "Data Source=.;Initial Catalog=SFA.DAS.Apim.Developer;Integrated Security=True;Pooling=False;Connect Timeout=30"
},
"AzureAd": {
"Identifier": "https://{TENANT-NAME}/{IDENTIFIER}",
"Tenant": "{TENANT-NAME}"
}
}
- .NetCore 3.1
- Azure APIM API access with Azure APIM
- SQL
- NLog
- Azure Table Storage
- NUnit
- Moq
- FluentAssertions
Do not run using IISExpress