'Use case of API Management + App Gateway for hosting internet facing API

We intended to host the internet facing API in azure app service.

We see the use of app gateway, the use case of WAF on top of the L7 load balancer

API Management use case is the one debatable, though it does provides a lot goodies,

  • $$$$, can't afford the premium tier, so the use without vnet does not quite make a lot of sense in security view
  • team also argues could use a sidecar container (e.g. dapr) to serve as an api manager, e.g. to parse the jwt

Thoughts? Thanks

azure-api-managementazure-application-gateway


Solution 1:[1]

If you try to access any external API which is hosted on any on-premise server, then you can consider this path : On-premise ----> s2s ( Site to Site) VPN ----> VNet ----> application in VNet.

You may follow : https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal Please consider these links for the case:

https://medium.com/azure-architects/azure-api-management-and-application-gateway-integration-a31fde80f3db

https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-integrate-internal-vnet-appgateway

https://docs.microsoft.com/en-us/azure/architecture/example-scenario/apps/publish-internal-apis-externally

Solution 2:[2]

You could use the API Management self-hosted gateway along with a Dapr sidecar leveraging API Management Dapr integration policies. That way you wouldn't need the Premium Tier for VNet support.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 JayaChatterjee-MSFT
Solution 2 tommasodotNET

Related Questions

API Management with GIT and Octopus - Git PUSH / Git PULL

Need to modify request payload in Azure APIM set body to send modified request body to BE

Azure api management returns status 500 after enabling "assignment required" on Azure function Enterprise application properties

Azure API Management - Versioning

What are main difference between Subscription Key and OAth 2.0 in Azure API Management?

how to check value passed in header is Guid or not in azure APIM policy if not throw bad request

Azure api works locally but not in Azure deployment, for the endpoint which need data from Azure sql db. Endpoint with hardcoded data is fine though

How can I disable gzip compression on requests going through APIM?

APIM liquid How to check that the coming request include specific header?

How to get Pull Requests associated with a Work Item via the Azure DevOps API

Getting authentication failed error when calling APIM API which has Product scope from postman

Getting error while accessing Azure API developer portal while using Azure Application Gateway with Azure API Management service

Access-Control-Allow-Origin is added to the header when request is made from Python(Google Colab), but not when the request is made from ReactJS

Update Azure APIM Name (Api.Id) after cloning using Azure Portal?

Azure api management ssl certificate must have a private key