Common API Management policies

When settings up new API Management instances at customers, I notice that I often specify the same policies at the highest scope, All API's.  This blog is just a small note to myself and hopefully it might help you too. Inbound policies Two inbound policies are very common: Delete the subscription key header in order not … Continue reading Common API Management policies

Validating RS256-signed JWT in Azure API Management without an Open ID Connect configuration endpoint.

What a long blog title 🙂 Today, I've encountered an issue while using the validate-jwt policy in Azure API Management.  Let's have a look at it and let me explain how I worked around it. The scenario For a proof of concept, I had to integrate Azure API Management with a custom SSO implementation.  The custom … Continue reading Validating RS256-signed JWT in Azure API Management without an Open ID Connect configuration endpoint.

API Platforms: centralized vs decentralized?

Throughout the last years, we really see a rise of API platforms!  The business cases behind these platforms vary from B2B/B2C marketplaces, over data-sharing initiatives towards exploration of new, innovative business models. Regardless of the scenario, there's one fundamental question that always pops-up:  will the data be stored centralized or decentralized?  Let's investigate the options! … Continue reading API Platforms: centralized vs decentralized?

My experiences on liquid templates in Azure API Management

Recently, I had the chance to apply Liquid templates within Azure API Management policies.  I stumbled upon some caveats, that I want to share with you. Scenario My scenario was to expose a legacy SOAP service in a restful way.  As the customer had already API Management in place, including VNET integration, it was obvious … Continue reading My experiences on liquid templates in Azure API Management