How to organize APIs and product for such scenario ?

Question

Hi,

We want to apply APIM to company internal teams and most of team's existing APIs are dedicated for client service use (ex: data team expose API to Europe CRM team, return columns they need).

And when it comes to Product-API-Operation design under subscription key protection, we have some ideas and not sure which idea is better for the long run.

Do you have any suggestions ?

Thank you

Answer 1

@NC0202 I believe you are trying to separate access for different groups. I am listing down multiple ways to do it:

• Try implementing the restriction at the product level
  Check your user list.
  Create a group with by selecting the required members.
  Create an product( Add required APIs) -> Go to access control -> Add a group (you may remove the Administrator group)
• You may check the standalone subscription https://learn.microsoft.com/en-us/azure/api-management/api-management-subscriptions#subscriptions-for-all-apis-or-an-individual-api - if this suffices the requirement
• Also, take a look into api-management-role-based-access-control

If this helps, please "accept the answer" and "up-vote" so that it helps others in the community!

Answer 2

Hi @NC0202 ,

I was thinking about another idea.

Idea#3 would be for each Group, in the APIM, create Product with all the required APIs. You can add multiple groups in each Product if requirements for those groups are same. Main challenge with this approach would be to create APIs in granular level. Each API could contain one or many operations. Do not add the same operation in multiple APIs. Keep in mind that when an API is added to any specific product, that means group(s) associated to that product will get access to all the operations that API has (please see the screenshot attached).

Please let me know if this helps. If this helps, please "accept the answer" and "up-vote"! Thank you!