In last few articles, I have been explaining my thoughts about API management. Till now, below topics are covered.
- Introduction to API Management
- How to create API Management instance
- How to publish APIs through API Management instance
- What are policies and how to apply policies in API Management
- Azure: Security in API Management
All of these article explain the API Management from the API publisher perspective. Till now, I always have said that there is a developer portal which is for developers which are working on consuming these APIs.
So, I thought I would explain few things which a consumer needs to know.
As this article is for API consumers, you do not need Azure portal. You can verify the UI of any APIs published by Azure cognitive services.
For ex. Face API reference developer portal you can check and you will be able to relate to the contents of this article.
Subscribing to a Subscription
The subscriptions can be associated with various scopes – Product, All APIs or Individual API.
Developers or consumers find the list of APIs of their interests. Then they can submit request for subscribing to API or List of APIs or Products.
This subscription request can then be approved by publisher (either manually or automatically).
Once the request is approved, developers get the subscription keys which can be used to call the APIs hosted in API management.
In most of the real world cases, the developers can subscribe to a product published by API publisher.
Please note that if subscription key is not present in the HTTP request headers, the call is rejected by API Management.
HTTP Requests to APIM APIs
As we already have stated, as a consumer / developer, you need to have subscription key in order to call the APIs hosted in API Management.
Let’s quickly have a look at how to do this.
You can find your subscription key in the developer portal. Below steps provide information on how to get the key provided you have access to developer portal.
- Go to Developer portal and select “Products” tab
- It will show list of all the products. Select the product you want to consume.
- Once it is selected, it will show list of APIs available in that product. If you have subscription for this product, it would also be visible on that page.
- Then you can click on the subscription and it will show you keys (primary and secondary).
Then you can click on Show to see the key of subscription and then use it asOcp-Apim-Subscription-Key header in the HTTP request from the Postman.
APIM Trace Headers
There is one more header which can be sent in the request. The Ocp-Apim-Trace header is an option header which you can specify in the HTTP request. This header can be set to boolean value true.
If this header is set to true, the response headers will have one header with name Ocp-Apim-Trace-Location. This is path of the trace file generated because of this call.
You can check which all inbound, outbound and backend sections in the trace and check the traces of your requests while evaluating this policies.
In addition to these two headers, you may want to add other HTTP headers in the HTTP request depending on the policies set on the API you want to consume.
e.g. OAuth2 header, JWT header, etc.
I hope you enjoyed reading this article and this article has provided you sufficient information to start consuming APIs published using API management.
I would really like to know your thoughts.