Recently, the Azure API Management team announced a new feature called Workspaces. This purpose of this blog is to explain what is does and how you might take benefit of this. The architecture The main architecture of Azure API Management consists of three...
The weakest link in security is the human element. This statement gets regularly confirmed, when we are setting up OAuth2 or Open ID Connect at a customer. This blog explains the security issue and how you can overcome it with some very little effort. The problem In...
Each Azure integration project needs Azure Service Bus to perform real decoupling between applications. When interacting with the Service Bus, to write and read messages, you need to have special attention to the reliability. Loosing a message can potentially have a...
When connecting with legacy systems, Basic Authentication is often the only supported security scheme that is available. Azure API Management has an out-of-the-box policy that implements Basic Authentication between API Management and the backend API (backdoor). ...
Today, Mötz Jensen, informed me on Twitter about the ability to access the Logic Apps correlation id (client-tracking-id) at runtime. After some investigation, it turns out that there are some new (but undocumented?) properties available on the trigger() object:...
Since recently, Logic Apps has the ability to configure OAuth2 authorization on the HTTP trigger. You can define authorization policies, that perform basic validations on the claims inside the incoming Bearer token. Role-based access control When securing API...
When using Azure Active Directory for adding role-based access control to your web applications and APIs, it is highly recommended to use application roles. This allows you to define custom application roles and these can be assigned to users and applications. A...