Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Deprecation notice: This is deprecated and is no longer being updated. To ensure only the best guidance is surfaced, this article will be deleted in May 2026.
For alternative guidance, see Azure API Management landing zone architecture guidance in the Azure Architecture Center.
If you would like to save this guidance, you can select Download a PDF at the bottom left of this page or download the files from GitHub.
This article provides design considerations and recommendations for governance when using the API Management landing zone accelerator. Azure governance establishes the tooling needed to support cloud governance, compliance auditing, and automated guardrails.
Learn more about the Azure governance design area.
Design considerations
- Research the available built-in RBAC roles available for the API Management service.
- Review the Azure Policy built-in policy definitions and the Azure Policy Regulatory Compliance controls for API Management. Azure Policy can help enforce vital management and security conventions across Azure platform services.
- Consider what level of logging is necessary to meet your organization's compliance requirements.
- Consider how non-compliance should be detected.
- Consider how to standardize error responses returned by APIs.
Design recommendations
- Use Azure built-in roles to provide least-privilege permissions to manage the API Management service.
- Configure diagnostic settings within API Management to output logs and metrics to Azure Monitor.
- Implement an error handling policy at the global level.
- All API Management policies should include a
<base/>element.