API Management (APIM) helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services. Azure API Management provides the core competencies to ensure a successful API program through developer engagement, business insights, analytics, security, and protection.
This blog will cover the key concepts about Azure API Management followed by monitoring them in various perspectives using Turbo360.
API Management Products
Products are how APIs are surfaced to developers. Products in APIM will have one or more APIs and are configured with a title, description, and terms of use. Products can be Open or Protected.
Protected products must be subscribed to before they can be used, while open products can be used without a subscription.
When subscribed, users get a subscription key that is good for any API in that product. Subscription approval is configured at the product level and can either require administrator approval or be auto-approved.
API Management APIs
Each API contains a reference to the back-end service that implements the API, and its operations map to the operations implemented by the back-end service.
API Management Operations
Each API represents a set of operations available to developers. Operations in APIs map to the operations implemented by the back-end service. Operations in APIM are highly configurable, with control over URL mapping, query and path parameters, request and response content, and operation response caching. Rate limits, quotas, and IP restriction policies can also be implemented at the API or individual operation level.
Groups
Groups are used to manage the visibility of products to developers. APIM has the following immutable system groups:
- Administrators– Azure subscription administrators are members of this group. Administrators manage API Management service instances, creating the APIs, operations, and products that are used by developers.
- Developers– Authenticated developer portal users fall into this group. Developers are the customers that build applications using your APIs. Developers are granted access to the developer portal and build applications that call the operations of an API.
- Guests– Unauthenticated developer portal users, such as prospective customers visiting the developer portal of an API Management instance fall into this group. They can be granted certain read-only access, such as the ability to view APIs but not call them.
Developers
Developers represent the user accounts in an API Management service instance. Developers can be created or invited to join by administrators, or they can sign up from the Developer portal. Each developer is a member of one or more groups and can subscribe to the products that grant visibility to those groups.
Policies
Policies are a powerful capability of API Management that allows the Azure portal to change the behavior of the API through configuration.
Policies are a collection of statements that are executed sequentially on the request or response of an API.
Popular statements include format conversion from XML to JSON and call rate limiting to restrict the number of incoming calls from a developer, and many other policies are available.
Developer portal
The developer portal is where developers can learn about your APIs, view and call operations, and subscribe to products. Prospective customers can visit the developer portal, view APIs and operations, and sign up. The URL for your developer portal is located on the dashboard in the Azure portal for your API Management service instance.
Why should Azure API Management be monitored?
API Management Products: Developers would build business solutions consuming APIs in a Product. As their business depends on these APIM Products it becomes necessary to monitor the same.
API Management APIs: When APIs include the critical business logic in the solution, there is a necessity to evaluate the reliability, efficiency, performance of the API Management APIs.
API Management Operations: Operations solve several businesses ‘ demands which makes it necessary to have an eye on their efficiency, reliability, and consumption.
Turbo360 Monitoring for API Management
When an APIM is associated to a Turbo360 Composite Application, it is possible to monitor the APIM in various perspectives using the monitors in Turbo360.
State-Based Monitoring
The state of the APIM can be monitored using Turbo360 Status Monitor or Threshold Monitor. Configure Status or Threshold Monitor on the desired state to meet the monitoring requirements.
Metrics Based Monitoring
The efficiency, reliability or consumption of the APIM can be monitored using Turbo360 Data Monitor. Data Monitoring can be configured for an APIM on an extensive set of metrics. Configure data monitor on desired metrics with appropriate warning and error threshold values to meet the monitoring requirement.
The extensive set of Metrics on which APIM can be monitored are:
- Successful Requests
- Unauthorized Requests
- Failed Requests
- Other Requests
- Total Requests
- Data Transfer
- Cache Hits
- Cache Misses
- Average Response Time
- Minimum Response Time
- Maximum Response Time
- Average Service Response Time
- Minimum Service Response Time
- Maximum Service Response Time
APIM Product can be monitored using both Metrics Based Monitoring (Data Monitor) and State-Based Monitoring (Status or Threshold Monitor)
APIM APIs can be monitored using Metrics Based Monitoring (Data Monitor)
APIM Operation can be monitored using Metrics Based Monitoring (Data Monitor)
APIM Product: State-Based Monitoring
When a product is ready for use by developers, it can be published. Once it is published, it can be viewed by developers (it becomes publicly accessible to the developers with the subscription key). Changing the state of the published APIM to not published will make the APIs unavailable for those using the APIs in that Product. In such scenarios monitoring the state of the APIM becomes crucial.
By associating APIM to a Status Monitor or Threshold Monitor, it is possible to monitor the state and get alerted through configured notification channels by comparing the current state against the expected state.
APIM Product: Metrics Based Monitoring
Data Monitoring can be configured for an APIM Product on an extensive set of metrics.
If the requirement is to monitor the number of requests to the product and maximum response time. Configure a data monitor with Total Requests and Maximum Response Time being monitored against appropriate warning and error threshold values.
APIM APIs: Metrics Based Monitoring
Data Monitoring can be configured for an APIM API on an extensive set of metrics.
If the requirement is to measure the reliability configure monitor on the number of failed requests. To evaluate performance the choice should be average response time metric of the API. Configure data monitor on desired metrics with appropriate warning and error threshold values to meet the monitoring requirement.
APIM Operation: Metrics Based Monitoring
Data Monitoring can be configured for an APIM Operation on its extensive set of metrics.
For example, to monitor the bandwidth utilization of the APIM Operation, configure data monitor on its metric Data Transfer with appropriate warning and error threshold values.
Conclusion
Use API Management to publish APIs to external, partner, and employee developers securely and at scale. Explore you can perform monitoring and logging on Azure API Management can be monitored using Turbo360 here.