APIM between internal services and a service broker

Fred A 25 Reputation points
2024-03-08T07:04:08.6233333+00:00

Hi,

I have some internal services that need to connect to an external API. We have created a service broker, so that internal services can connect to, and the service broker to connect to the external API. We want to have authentication between internal services and the service broker. Would it be possible to use Azure APIM? What would be the flow? Any suggestion?

I appreciate your help in advance!

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,074 questions
0 comments
Accepted answer
  1. Luis Arias 6,541 Reputation points
    2024-03-08T21:29:06.57+00:00

    Hi Fred A,

    The bellow recomendation may vary accord your environment: Internal Services to APIM:

    • Your internal services will make requests to the APIM gateway.
    • Configure authentication policies in APIM to ensure that only authorized requests are allowed. You can use OAuth, API keys, or other authentication mechanisms.
    • Set up client authentication for your internal services. For example, issue API keys or tokens to each internal service.

    APIM to Service Broker:

    • APIM acts as an intermediary between your internal services and the service broker.
    • Define an outbound policy in APIM to authenticate with the service broker. This could involve using client certificates, API keys, or other methods.
    • Ensure that the service broker endpoint is secured and accessible only from APIM.

    enter image description here

    Flow:

    • When an internal service wants to communicate with the external API:
    • The internal service sends its request to the APIM gateway.
    • APIM validates the request using the configured authentication policies.
    • If authorized, APIM forwards the request to the service broker.
    • The service broker processes the request and communicates with the external API.
    • The response flows back through APIM to the internal service.

    Suggestions:

    • OAuth 2.0: Consider using OAuth 2.0 for secure authentication. APIM can act as an OAuth provider, issuing tokens to internal services.
    • API Keys: Generate unique API keys for each internal service. Validate these keys in APIM before forwarding requests.
    • Certificates: Use client certificates for mutual authentication between APIM and the service broker.
    • Rate Limiting and Quotas: Implement rate limiting and quotas in APIM to prevent abuse.
    • Logging and Monitoring: Set up logging and monitoring to track requests, errors, and performance.

    References:

    If the information helped address your question, please Accept the answer. Luis

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.