Before we can automate our infrastructure as code, there is always to need to grant the required permissions to our release pipelines. For GitHub Actions, this typically involved creating a Service Principal with a client secret. By storing those credentials as...
Last week, I spoke at the INTEGRATE conference. During my talk, I've conducted a survey about Azure API Management. 200 attendees participated in this survey, which leads to interesting insights! You can discover them here.
Last week, I've presented at INTEGRATE my 10 favorite tips and tricks for Azure API Management. I want to share them here with you! Automate your backups Dynamically expose your Open API definitions Send API Inspector Traces to Application Insights Hide stack traces...
Stack traces are a nice gift for hackers, because they reveal details about the underlying technology that you are using. From a security perspective, it is good to remove stack traces when exceptions occur and just return a generic error message, like I described in...
Azure API Management has a very powerful concept of policies: logic that you can inject in the request or response pipeline of your APIs. These policies can be defined on four levels: All APIs: a global policy that is applicable for all your API calls Product: a...
Lately, I had the requirement to access data from the incoming HTTP body, which was form-urlencoded (Content-Type: application/x-www-form-urlencoded). I assumed this was something simple to do, however it turned out more complex than expected. HttpUtility? My first...
Azure API Management's default security mechanism is built on top of subscriptions. Whilst this is a very simple way to protect your APIs, it's often not secure enough. Many scenarios require the APIs to be protected with OAuth2, which is perfectly possible with...