How to call/retrieve value from Azure app config through APIM policy

Question

How to call/retrieve value from Azure app config through APIM policy

Amit Srivastava 60

Hi Team, need help, I want to make call from APIM policy(c# code) to Azure app config to retrieve value against a key. But I am unable to figure out how to achieve this. Can you please help me. Thanks in advance

Answer 1

Amit Srivastava Thank you for posting your question in Microsoft Q&A.

Here are the steps you can follow to achieve this:

Enable System-assigned Managed Identity for your APIM instance as described Use managed identities in Azure API Management.
Assign Azure App Configuration Data Reader role for the managed identity as per doc: AD Authentication
Then write a custom policy to send request to Azure App Configuration Rest API (https://learn.microsoft.com/en-us/azure/azure-app-configuration/rest-api-key-value#get-key-value) to get the key value and use authentication-managed-identity policy to generate authorization token. Refer sample code snippet below: (replace <app-config-name> and testkeyname with actual value)

   <send-request mode="new" timeout="20" ignore-error="false" response-variable-name="tokenstate">
               <set-url>@("https://<app-config-name>.azconfig.io/kv/testkeyname?api-version=1.0")</set-url>
               <set-method>GET</set-method>
               <authentication-managed-identity resource="https://azconfig.io" ignore-error="false" />
           </send-request>
           <set-variable name="keyValue" value="@(((IResponse)context.Variables["tokenstate"]).Body.As<JObject>()["value"])" />

Note, the above code snippet is a sample policy for your reference, and you can customize it based on your need. If you face any issues, let me know. I hope this helps with your question.

If you found the answer to your question helpful, please take a moment to mark it as "Yes" for others to benefit from your experience. Or simply add a comment tagging me and would be happy to answer your questions.

Amit Srivastava 60 Reputation points

2023-03-14T08:22:04.38+00:00

Hi MuthuKumaran, thanks for your response. I followed your approach and provided the correct value for keyName and app-config name, but I am getting "Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host" at send-request. Please suggest how to resolve this. @MuthuKumaranMurugaachari
MuthuKumaranMurugaachari-MSFT 8,646 Reputation points

2023-03-14T13:41:17.9666667+00:00

Amit Srivastava I have tested this policy snippet, and this set up works good for my APIM/App Configuration. The exception suggests that APIM is not able to make a proper connection to the endpoint (here App Configuration). I suggest you debug APIs using Trace a call and validate the policy expression really failed at send-request policy.

If so, then try making a direct request to App Configuration Rest API above with bearer token via Postman and see the results. Validate if public access is disabled in App Configuration (or private access is enabled; refer Disable public access). Second step is, do you have APIM in VNET (internal or external mode)? Make sure there is a network connectivity to Azure App Configuration /Azure AD in NSG rules and route table as described in doc: Configure NSG rules and route table. You can quickly set up APIM in public mode to test this scenario.

If you still face the issue, share the policy evaluation expression failure, and set up details. That would really help.

How to call/retrieve value from Azure app config through APIM policy

0 additional answers

Activity