Today, Mötz Jensen, informed me on Twitter about the ability to access the Logic Apps correlation id (client-tracking-id) at runtime. After some investigation, it turns out that there are some new (but undocumented?) properties available on the trigger() object:...
Modern API security protocols, like OAuth2 and Open ID Connect, assume that all HTTP traffic is encrypted on the wire, using TLS. Therefor, it is a good security practice to enforce the usage of HTTPS within API Management. In Azure, the Azure Policy engine is...
On my latest project, I developed a global policy to ensure that no stack traces get returned to the API consumer. This is a good security measure, because stack traces reveal too much information about the underlying technology and setup. Inside the All APIs policy,...
It's a good practice to configure backups for your API Management instances in production. A disaster can always occur, so it's better that you are prepared for that. Even when your API Management is completely deployed through automation, this advise still...
As you might know, Microsoft is working hard to create brand new SDKs for most of its services. The goal of this effort is to simplify development, increase productivity, introduce uniformization across SDKs and to focus hard on documentation and samples. An...
In API Management, you can automate the creation of subscriptions and their corresponding subscription keys. There are several reasons why you would like to do this: Configuration as code: the access control to your APIs is managed and automated through automated...
In a previous post, I explained why and how you could enforce the usage of product subscriptions within Azure API Management. As I was not entirely happy about the solution, I invested a little more time to check if Azure Policy could achieve the same result! And...