At the start of a new Azure project, we typically conduct a short Azure governance exercise. One of the items that are covered is role-based access control: both for the people that access the Azure portal and for the DevOps agents that have to deploy our solutions...
Last week, I spoke at the INTEGRATE conference. During my talk, I've conducted a survey about Azure API Management. 200 attendees participated in this survey, which leads to interesting insights! You can discover them here.
Last week, I've presented at INTEGRATE my 10 favorite tips and tricks for Azure API Management. I want to share them here with you! Automate your backups Dynamically expose your Open API definitions Send API Inspector Traces to Application Insights Hide stack traces...
Stack traces are a nice gift for hackers, because they reveal details about the underlying technology that you are using. From a security perspective, it is good to remove stack traces when exceptions occur and just return a generic error message, like I described in...
Azure API Management has a very powerful concept of policies: logic that you can inject in the request or response pipeline of your APIs. These policies can be defined on four levels: All APIs: a global policy that is applicable for all your API calls Product: a...
Lately, I had the requirement to access data from the incoming HTTP body, which was form-urlencoded (Content-Type: application/x-www-form-urlencoded). I assumed this was something simple to do, however it turned out more complex than expected. HttpUtility? My first...
Azure API Management's default security mechanism is built on top of subscriptions. Whilst this is a very simple way to protect your APIs, it's often not secure enough. Many scenarios require the APIs to be protected with OAuth2, which is perfectly possible with...