Secure your APIs with Azure Application Gateway and Azure API Management
Vložit
- čas přidán 23. 07. 2024
- Join this session to learn how to secure your APIs with Azure Application Gateway and Azure API Management. We will go over how to use Azure AD and Azure Key Vault with this solution to further secure access to their APIs.
Download slide deck: nzpowerlunchfiles.blob.core.w...
This is a goldmine. It covers 99% of the usecase of most enterprise backend APIs scenarios. Thankyou so much for posting this for free on youtube.
Really a PROD CASE you have explained here... Nice one..
0:00 - Introduction
1:15 - Agenda
1:34 - Overview of the services
6:06 - Problem Statement
7:00 - Step 1
10:43 - Step 2
12:39 - Step 3
13:45 - Step 4
16:12 - Reference Architecture
17:40 - Demo
Great video. A quick question, should the Non-Peered VNET access the APIM using Private Endpoint directly rather than the VMSS Port-Forwarding?
if there is a change in the scripts, do we have to re-create the entire API again? how do we handle updates with scripts?
is it possible to share script to create certificates ?
This is great. I am trying to setup APIM following this. Question around certificates and internal mode. I can't seem to figure out how many certificates I would need without using a wildcard (APP Gateway, Management Portal, Developer Portal, and Gateway? so 4? if you could elaborate more on the certificate piece, that would be great.
very good
Hi, How you setup the probes on Application Gateway?
Hello, Thanks for sharing the knowledge
Is it possible to make a video on Azure AppGateway??
If we create a service then we will have the service URL, Lets say if we have the swagger link for that service then anyone can access, so for the customer faced URL's we can secure that service URL using the app gateway right and also if we want to pass the customerId parameterid in the query param then its not a good idea so we can send it using the JWT token..
1) Create a Web api endpoint with asp net core which also have the customer info properties needs to pass in the querystring/body.
2) secure the service URL with app gateway which have the subscripion key so that only the services which want to consume needs to pass that subscription key
3) instead of passing the important customer details in the header/queryparams we can send it using JWT.
useless