Calling API Management from Azure Function using Managed Identities

One of the solutions I am consulting on today is securing a number of APIs with OAuth with client credential flow, using Azure Active Directory as the identity provider. Those APIs are exposed via Azure API Management, which makes the validation of the access tokens provided as simple as injecting a policy at a product, API or operation level.

While this all works nicely, there is one item in this process which is a painpoint from an operations point of view: as they use client certificates to request access tokens, the certificate management is becoming a bit of a chore with the number of APIs and clients that access those APIs increasing.

A lot of those clients are either Azure Functions or Azure Logic Apps, which today provide the ability to using a managed identity to easy the burden of maintaining credentials.

So it was only logical to think about how would we be able to use the managed identities configured in both Azure Functions and Logic Apps to generate a token that can be validated by API Management. Turns out that this is quite possible, but needs a bit of preparation…

Continue reading “Calling API Management from Azure Function using Managed Identities”

Azure Functions with a Static Outbound IP Address

“So to complete our configuration we just need your outbound static IP…” This is something that pops up again and again, specially if you work integrating legacy systems, like banks, government agencies or other older systems that requires a static IP Address to add to firewall inbound rules.

In the past I had to use on of the subscription tiers from Azure API Management or in some cases deploy the code within a self hosted service in a Virtual Machine. And both of them are valid options if you already have one of those components in place. But in a couple of my last projects, Not only I needed to implement a new component (in this case API Management) just to fulfil this requirement. I also had to change my design a bit, because API Management didn’t support one of the streaming requirements I had (but that is a story for another post).

But I wouldn’t be writing a post just to complain about this (not that this has never happened before) – I actually found another solution – one that I’ve tried and discarded earlier this year, but thanks to some good work from the App Services Engineering team, is finally a viable solution: Azure Functions + VNET Integration + NAT Gateways!

Continue reading “Azure Functions with a Static Outbound IP Address”

MS Build Recap – The AIS Edition

This year’s MS Build was very different – we all know that. But for most of us, me included, was the first opportunity to join the event officially. And what event it was.

Ran across three time zone, with a mix of live sessions, Teams Live events and smaller Teams events, like focus groups, which allowed the attendees to really interact with the product groups and advocates from Microsoft.

This year there were some interesting announcements around the Azure Integration Services technologies. I’ve recently shared those announcements on a Auckland Azure User Group meetup, and thought that, since I already had everything collated, it would be a good idea to just share this with you on the blog as well. So, let’s talk about what is now available, or just \around the corner for AIS

Continue reading “MS Build Recap – The AIS Edition”

Omitting Empty Elements on JSON Payloads

I am working on a Logic Apps project where the client API validates the elements before saving, and is not expecting null values to come through. For example, in the payload below:

{
	"Email": {
		"StartDate": "21/11/2018",
		"EmailAddress": "randel.menezes@nzhomeloans.co.nz",
		"EmailStatus": "Active"
	},
	"AlternateEmail": {
		"StartDate": "21/11/2018",
		"EmailAddress": null,
		"EmailStatus": "Inactive"
	}
}

It doesn’t expect the data like showed above (which is fair enough), but also don’t like “AlternateEmail”: null. Instead it expects the AlternateEmail element to be dropped from the payload. Trying to do this with logic apps components would make the workflow really hard to maintain later (and to be honest I don’t even sure if I would be able to pull that off with out of the box components like composite and variables).

Continue reading “Omitting Empty Elements on JSON Payloads”