When settings up new API Management instances at customers, I notice that I often specify the same policies at the highest scope, All API's. This blog is just a small note to myself and hopefully it might help you too. Inbound policies Two inbound policies are very common: Delete the subscription key header in order not … Continue reading Common API Management policies
What a long blog title 🙂 Today, I've encountered an issue while using the validate-jwt policy in Azure API Management. Let's have a look at it and let me explain how I worked around it. The scenario For a proof of concept, I had to integrate Azure API Management with a custom SSO implementation. The custom … Continue reading Validating RS256-signed JWT in Azure API Management without an Open ID Connect configuration endpoint.
Throughout the last years, we really see a rise of API platforms! The business cases behind these platforms vary from B2B/B2C marketplaces, over data-sharing initiatives towards exploration of new, innovative business models. Regardless of the scenario, there's one fundamental question that always pops-up: will the data be stored centralized or decentralized? Let's investigate the options! … Continue reading API Platforms: centralized vs decentralized?
Recently, I had the chance to apply Liquid templates within Azure API Management policies. I stumbled upon some caveats, that I want to share with you. Scenario My scenario was to expose a legacy SOAP service in a restful way. As the customer had already API Management in place, including VNET integration, it was obvious … Continue reading My experiences on liquid templates in Azure API Management