Introspect Endpoint Integration with Azure aPI Manager

Question

Hello, We are working on Azure APIM integration with Ping IDP. The integration will be completely rest based integration and Azure APIM will protect backend APIs with Access token provided by Ping and by validating the same.

The design demands there is need of integration of APIM with Ping IDP's introspect end point . Please help to underatnd how to customie APIM to call external end points from APIM before calling backend apis.

What is the right process to integrate with IDP (withoth code flow / UI) . Please provide right refernece for my usecase.

Answer 1

Naman Shah You can use send-request policy in APIM to call Ping IDP introspect endpoint with the access token received from the client app and process the response to modify the behavior of the API. Here is sample code snippet:

<send-request mode="new" response-variable-name="introspectResponse" timeout="20" ignore-error="false">
    <set-url>https://your-ping-idp.com/introspect</set-url>
    <set-method>POST</set-method>
    <set-header name="Content-Type" exists-action="override">
        <value>application/x-www-form-urlencoded</value>
    </set-header>
    <set-body>@{
        var token = context.Request.Headers.GetValueOrDefault("Authorization", "");
        return "token=" + token;
    }</set-body>
</send-request>

The above policy sends POST request to Ping IDP introspect endpoint and response is stored in variable introspectResponse which you can validate if it is valid. Here is Send request doc for reference, and the policies are executed for every call. If you like to cache call for specific duration, you can explore cache-lookup or cache-lookup-value policy based on your need.

I hope this helps and let me know if you have any questions.

Answer 2

@Naman Shah Welcome to Microsoft Q&A, thank you for posting your question here!! The best practice to integrate Azure API Manager with IDP are in different level of experts therefore:

1. To customize Azure API Manager to call external endpoints, you can configure and manage custom backends in the Azure portal or using Azure APIs or tools.
2. After creating a backend, you can reference the backend in your APIs.
3. Also use the set-backend-service policy to redirect an incoming API request to the custom backend instead of the default backend for that API.
4. You can also use the provided link to review some necessary guides for your configuration. Connect privately to API Management using an inbound private endpoint: Link Backends in API Management: Link You can view API Management documentation: Here for more information. I hope this helps! Let me know if you have any other questions. You can also, use support service in your azure portal if you're having difficulties. Best Regards, Sina

Answer 3

@Naman Shah

Thank you for letting me know you need a reference policy for APIM implementation, that you can refer to. The link below is a Microsoft Document for APIM policy references for your use.

API Management policy reference

It contains links of pages for most tasks you would like to do, such as:

1. Access restriction policies
2. Advanced policies
3. Authentication policies
4. Caching policies
5. Cross-domain policies
6. Dapr integration policies
7. GraphQL resolver policies
8. Transformation policies
9. Validation policies

And many other sub-links and additional resourceful documents listed below:

Azure API Management policy reference - check-header

Reference for the check-header policy available for use in Azure API Management. Provides policy usage, settings, and examples.

Azure API Management policy reference - forward-request

Reference for the forward-request policy available for use in Azure API Management. Provides policy usage, settings, and examples.

Azure API management policy sample - Filter response content

Azure API management policy sample - Demonstrates how to filter data elements from the response payload based on the product associated with the request.

Azure API Management policy reference - authentication-basic

Reference for the authentication-basic policy available for use in Azure API Management. Provides policy usage, settings, and examples.

Azure API Management policy reference - limit-concurrency

Reference for the limit-concurrency policy available for use in Azure API Management. Provides policy usage, settings, and examples.

Policies in Azure API Management

Learn about policies in API Management, a way for API publishers to change API behavior through configuration. Policies are statements that run sequentially on the request or response of an API.

Sample API management policy - Send request context information to backend service - Azure API Management

Azure API management policy sample - Demonstrates how to send request context information to the backend service.

• Azure API Management policy reference - find-and-replace

Reference for the find-and-replace policy available for use in Azure API Management. Provides policy usage, settings, and examples.

I hope this is helpful!

Regards,

Sina

Answer 4

@Naman Shah

Thank you once again for posting your questions here and for confirming the previous answer @Sina Salam helps.

To understand your recent question: you were asking how much will be impact on performance if adding policies and calling URLs as part of APIM policy?

The impact on performance when adding policies and calling URLs as part of APIM policy depends on the number of policies you add and the complexity of the policies. Adding policies can increase the latency of your API calls. However, the impact on performance is usually negligible if you keep the number of policies low and avoid using complex policies. You can also use caching to improve performance when calling URLs as part of APIM policy.

You can read more here about policies and URL impact on performance.

https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-policies

I hope that helps! Let me know if you have any other questions.

If this answer solves your issue, please vote for it so other community members know that this is a quality answer.

Regards,

Sina Salam