Difference between Application Gateway and API Management

Biswojit Kumar Sahu 1 Reputation point
2022-10-27T07:38:37.27+00:00

What is the difference between Azure Application Gateway and API Management? When to use what? Is it mandatory to use both or can be used mutually exclusive?

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,853 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
988 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Sam Cogan 10,327 Reputation points MVP
    2022-10-27T09:19:54.193+00:00

    API Management is a tool for managing API's. It provides functionality for you to deliver API's to your customers such as:

    • Controlled exposure of API's letting you restrict what API's you reveal to the outside world
    • Authenticaiton to your API's using subscription keys, Azure AD, JWT etc.
    • Product and subscription management including self service through a developer portal
    • Rate limiting and other security controls
    • Custom policies to intercept and adapt requests as required

    App Gateway on the other hand is essentially a layer 7 load balancer. You can put App Gateway as the entry point of your applicaitons and have it direct traffic to the right location. It provides:

    • Security as a single point of entry into your application and the only thing exposed to the internet
    • Routing to allow you to direct a public URL to a prive application URL, or have path based routing go to different apps etc.
    • An optional Web Application Firewall to protect from OWASP top 10 attacks and similar

    Which one you use depends on what service you are offering. If you just have a web application that is not exposing API's to the end user then generally APIM won't be of much benfefit and you can just implement App Gateway to handle routing and security. If you are offering API's then you may want the features of APIM to help you expose your API's securely and provide better services for the user. In this scenario you might also consider using App Gateway as well as APIM, primarily if you want to implement the Webb Application Firewall (WAF) features. APIM does not provide a WAF so if you want that protection you can look at App Gateway.

    If you are purely implementing App Gateway for WAF, you could also look at Front Door, the Premium SKU also offers a WAF and can be less complex to implement than App Gateway. Front Door can also be used for global load balencing if needed, whereas App Gateway would require Traffic Manager to do that.

    1 person found this answer helpful.
    0 comments No comments

  2. rafalzak 3,216 Reputation points
    2022-10-27T09:15:41.68+00:00

    Hi @Biswojit Kumar Sahu ,

    Welcome on Microsoft Q&A,

    Azure Application Gateway is a web traffic load balancer that manages traffic to web applications. Load balancers operate at the transport layer, OSI layer 4 TCP and UDP, and route traffic based on source IP address and port to a destination IP address and port.

    Azure API Management is a hybrid, multi-cloud management platform for APIs across all environments. API Management creates consistent, modern API gateways for existing backend services.

    Is it mandatory to use both or can be used mutually exclusive?

    It depends what you want to achieve. Sometimes you can use both like in below example when you want to forward all requests to API Management Gateway through Application Gateway:
    https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/apis/protect-apis

    but you can use only Applicaiton Gateway when you want to expose web app for example:
    https://learn.microsoft.com/en-us/azure/application-gateway/configure-web-app?tabs=customdomain%2Cazure-portal

    0 comments No comments