Protecting Azure Logic Apps with Azure API Management (Middleware Friday)

Late last year at the MVP Summit, at a casual discussion, Jim Harrer – Program Manager of the Pro Integration Team at Microsoft challenged few MVPs to get involved in creating video content for specific topics. Saravana Kumar and Kent Weare discussed a “crazy idea” to have a short 15-20 minutes video blog (vLog) on the interesting Integration topics and add (more) value to the Integration community. It did not take long before the idea was christened as Middleware Friday and the episodes kicked off this initiative in the beginning of 2017.

A huge shout out to Kent Weare

At this juncture, it is only fair enough to thank and appreciate the efforts of Kent Weare to get these sessions on Middleware Friday. Since the launch of the program Kent is doing an amazing job by consistently delivering one video every week, and we at BizTalk360 are focused on hosting and promoting the content via various channels. The idea of Middleware Friday will help people in the Integration community to stay up to date on what’s happening in the integration space.

Other Similar Initiatives

Already, we have Integration Monday – a weekly webinar series occurring every Monday at 7:30 PM BST that has been happening over 2 years now and closing on 100 episodes. That’s quite a feat right? To celebrate this achievement, we are working on “something really special” to commemorate the success of Integration Monday on the eve of the 100th episode. Stay tuned for more updates from our end! Similarly, we also have the biggest annual Integration focused conference (INTEGRATE) happening every year in London. If you haven’t heard it yet, this year’s INTEGRATE 2017 event is happening between June 26-28 at Kings Place, London.

Middleware Friday Blog Series

Seeing the traction of the Middleware Friday video blog, we decided to publish the vLog as a detailed blog article so that you could have them handy as a bookmark for future reference. This blog is the first of the series of articles on the Middleware Friday episodes. In this blog, the featured content will talk about how you can Protect your Azure Logic Apps with Azure API Management.

Protecting Azure Logic App with Azure API Management

The first question you may get on your mind when you see the title of this blog is “Why should I use Azure API Management to protect my Azure Logic App?” or “Why should I use these two technologies together?”. By using Azure API Management with Azure Logic Apps, you will get the following advantages –

• Abstraction of your back-end implementation from consuming clients – With API Management, it allows you to change the backend without disrupting the consuming client. Say, you have an API that is being consumed by the client and you want to put that in front of the Logic App. You can achieve this integration without having to break the consuming client by using Azure API Management as an abstraction layer.
• Performance – Let’s say your application fetches common static data on a regular basis; you need not fetch the same data each and every time. With API Management, you can actually cache your response for common requests, thereby saving few hundred milliseconds to few seconds and increase the user satisfaction. Another performance improvement area is Rate Limiting. With Azure API Management, you can restrict the number of times your consumer can call your “freemium” service in a minute. The reason to do so is to give a better experience to your premium customers and protect the backend systems.
• Security – When you expose a Logic App with an HTTP endpoint, a SAS Token is included in the URL. In some organizations, they will look for additional security mechanisms on top of the existing one. Azure API Management is the perfect fit in these situations to provide the additional layer of security such as OAuth 2.0, Active Directory, Mutual Certificate Authentication, and Basic authentication.
• Agility – You can use the out-of-the-box provided policies that are small and very powerful.
• Monitoring – With Azure API Management out-of-the-box telemetry, you can see region specific information and information on the overall performance. You can also get to know which requests have been blocked by the API proxy to avoid unauthorized access to your backend service.
• API Orchestration – When dealing with an API Ecosystem (API Apps, connectors), they are primarily REST based APIs. They can be called directly from a consuming client or even be put behind an API Management instance. But, when you use Logic Apps for API Orchestration, you can actually stitch together the independent API components and reduce the complexity on the consuming clients.

Scenario

In this scenario, we will use ServiceNow – a popular IT Service Management SaaS application. The API App is a connector that will wrap the RESTful APIs with Swagger so that it can be easily plugged into Logic Apps. There are few fine grained API calls that will retrieve user details, assignee group details, creating the actual incident through the POST method. With Logic App, it becomes very easy to perform the ticket operations instead of writing long lines of code to actually retrieve the above mentioned details. For this scenario, as a part of the API App (custom connector), Kent has exposed different resources and operations such as AssignmentGroups, Incidents, Users. In order for the ServiceNow connector to be accessible to Logic Apps, you need to enable Cross Origin Resource Sharing (CORS) so that the Swagger metadata can be retrieved by Logic Apps. You also need to provide the URL for the Swagger API definition. Once you provide the URL, Logic Apps will be able to understand the required input and output when calling the ServiceNow API App Operations. Once you have made the above changes, you will be able to see the API App in the Logic Apps designer. The Logic App will look as follows Step 1: We will expose a Request trigger that will accept a JSON message body. Step 2: Retrieve the User and AssignementGroup details (GET) in order to retrieve the sysid for each entity Step 3: Perform the POST operation to create a ticket Step 4: Response message with HTTP Status Code of 201

Configure Azure API Management

Follow the steps as shown below to configure the Azure API Management. For detailed information, you can refer to this blog post by Kent Weare as a follow up to this Middleware Friday episode.

1. Open the API Management instance and select APIs – PREVIEW
2. Click the Logic App icon
3. Select the Logic App that you would like to import (from the list of Logic Apps displayed)
4. You can now add some additional information like Description, API URL suffix, and Base URL. Click Create to get a visual representation of the API.
5. You can now change the settings for the Frontend with information like Display name and Description. Alternatively, you can also define any URL Template parameters, Query parameters, Headers and Request/Response content types, schemas and status codes.
6. Next, you can edit the Inbound Processing stage and the Backend stage. You can refer the blog post by Kent Weare to know more about the configuration settings.
7. Lastly, select Outbound Processing stage and set any Outbound Headers or Body.
8. Finally, you can test the complete integration from the Test tab in the design surface of API Management instance. All you need to do is to submit a request and the HTTP response will include the Ticket Number from ServiceNow.

You can watch the cool demo here

Feedback

You can give your feedback about Middleware Friday episodes, any special topic of interest, or any guest speaker whom you would like to see at Middleware Friday. Simply tweet at @MiddlewareFri or drop an email to middlewarefriday@gmail.com. You can watch the Middleware Friday sessions here.