What is the difference between API Gateway provided by Azure API Management and Azure Application Gateway?

Question

What is the difference between API Gateway provided by Azure API Management and Azure Application Gateway?

Vigneshwaran Rajan 11

I'm new to Azure and I skimmed through Azure official documentation.

What I would like to understand is :

The difference and similarities between the API Gateway provided by Azure API Management and Azure Application Gateway?
When do we require Application Gateway in front of API Gateway (provided by Api Management)?
- When API Gateway hosted normally.
- When API Gateway hosted inside VNet.
When do we require Azure Front Door in front of Application Gateway?
Do we need to chain Azure Front Door --> Application Gateway --> API Gateway in what scenario, instead can't we do this Azure Front Door --> API Gateway, if yes in which scenario?

I want to understand solution to above questions based on below two compute solutions:

When my API is hosted in Azure Containers Instance.
When my API is composed of only Azure Functions.

Pramod Valavala 14,971 Reputation points Microsoft Employee

2020-07-10T07:56:15.56+00:00

@VigneshwaranRajan-9211 Just checking in to see if my response helps here

Pramod Valavala 14,971 Reputation points Microsoft Employee

2020-07-10T07:56:15.56+00:00

@VigneshwaranRajan-9211 Just checking in to see if my response helps here

Answer 1

MOHIDDIN SHAIK 51

I have to say this is super confusing , will be nice to have some topology diagrams and patterns to understand the use cases and scenarios.
Thank you.

Answer 2

The difference and similarities between the API Gateway provided by Azure API Management and Azure Application Gateway?

While both do behave like a reverse proxy, APIM provides a powerful policy framework to manipulate requests both inbound and outbound, along with advanced features rate limiting and conditional caching.

When do we require Application Gateway in front of API Gateway (provided by Api Management)?
When API Gateway hosted normally.

Not required as APIM is already exposed to the internet

When API Gateway hosted inside VNet.

Required on in the case of Internal VNET Mode where APIM is not exposed to the internet.

When do we require Azure Front Door in front of Application Gateway?

Azure Front Door is like a global application gateway with edge nodes in many regions enabling high performance and reliability across regions

Do we need to chain Azure Front Door --> Application Gateway --> API Gateway in what scenario, instead can't we do this Azure Front Door --> API Gateway, if yes in which scenario?

If all your APIs are in APIM, you could opt for the Premium Tier which can be deployed to multiple regions directly and is fronted by Azure Traffic Manager.

If you APIs are exposed as a mix of APIM, Functions, App Services, VMs, etc., you could opt for Azure Front Door. Azure Application Gateway would be required for APIs deployed inside a VNET.

You can read more about the various load-balancing services offered by Azure in this official doc.

Answer 3

Jim M 136

Regarding the point about a public APIM being exposed to the internet - what mechanisms does Azure provide for security? An application gateway can include Windows Application Firewall (WAF) for protection. Does APIM have the ability to incorporate WAF?

Christian Henriksen 1 Reputation point

2021-01-31T16:22:36.767+00:00

WAF is a Web Application Firewall and has nothing to do with Windows, just for making it clear.

Answer 4

Jose Fernandez 6

@MOHIDDIN SHAIK

https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/apis/protect-apis

Maybe these diagrams help a little bit.

What is the difference between API Gateway provided by Azure API Management and Azure Application Gateway?

4 answers

Activity