1 min read
Azure API Management: API Gateway Patterns
Azure API Management (APIM) is more than a reverse proxy - it’s a complete API gateway with policies, analytics, and developer portal.
Core Capabilities
- Request/Response Transformation
- Authentication & Authorization
- Rate Limiting & Throttling
- Caching
- Analytics & Monitoring
Policy Examples
Rate Limiting
<policies>
<inbound>
<rate-limit-by-key
calls="100"
renewal-period="60"
counter-key="@(context.Subscription.Id)"
increment-condition="@(context.Response.StatusCode >= 200 && context.Response.StatusCode < 300)" />
</inbound>
</policies>JWT Validation
<validate-jwt header-name="Authorization" failed-validation-httpcode="401">
<openid-config url="https://login.microsoftonline.com/{tenant}/.well-known/openid-configuration" />
<required-claims>
<claim name="aud" match="any">
<value>{app-id}</value>
</claim>
</required-claims>
</validate-jwt>Response Caching
<cache-lookup vary-by-developer="false" vary-by-developer-groups="false">
<vary-by-header>Accept</vary-by-header>
<vary-by-query-parameter>version</vary-by-query-parameter>
</cache-lookup>
<!-- outbound -->
<cache-store duration="3600" />Backend Circuit Breaker
<retry condition="@(context.Response.StatusCode == 503)" count="3" interval="10">
<forward-request />
</retry>Developer Portal
APIM includes a customizable developer portal where consumers can:
- Browse API documentation
- Test APIs interactively
- Register for API keys
- View usage analytics
For organizations exposing APIs to partners or developers, APIM is essential infrastructure.