Implement API backend security using Azure API Management
Intermediate
Security Engineer
Azure
Azure API Management
Azure OpenAI Service
Microsoft Defender for Cloud
Implement security policies for backend API protection using Azure API Management. Configure subscription key management, JSON Web Token (JWT) validation, and OAuth 2.0 policies, and apply IP filtering and rate limiting. Then enforce mutual Transport Layer Security (mTLS) for secure backend API connections, and configure AI Gateway to secure and govern AI model endpoints.
Learning objectives
After completing this module, you can:
- Configure API authentication and authorization policies including JWT validation and OAuth 2.0 with Microsoft Entra ID
- Implement network security controls including IP filtering, rate limiting, and virtual network integration for API Management
- Enforce backend connection security using client certificate authentication and mutual TLS
- Configure AI Gateway in API Management to secure and govern AI model endpoints
Prerequisites
- Working knowledge of Azure API Management including creating APIs, operations, and products
- Understanding of HTTP/HTTPS, REST APIs, and token-based authentication concepts
- Familiarity with Microsoft Entra ID and OAuth 2.0 / OpenID Connect (OIDC) concepts
- Basic understanding of Azure Virtual Network concepts
Get started with Azure
Choose the Azure account that's right for you. Pay as you go or try Azure free for up to 30 days. Sign up.