Azure Application (API) Gateway Management

Environments

There are currently 3 APIM’s in Azure

  • dev-seagen

    • Developer SKU

    • 1,000 max requests/minute per subscription

    • For testing new API’s

  • stg-seagen

    • Developer SKU

    • 1,000 max requests/minute per subscription

    • Staging area for tested API’s before they move to production

  • prd-seagen

    • Premium SKU

    • No call limits

    • Production APIM used for all users and services

Deployment to the APIM’s

There are 3 ways to deploy an API to the APIM - for all the below ways, the API should be deployed like any other code, to development first, then stage, then production after testing and a code review.

  1. There is a ‘core’ repository that holds all the Seagen global APIM settings and API’s, this project has its own documentation to help guide

    • https://github.com/Seagen/ets-ses-apim-IaaS

    • To update this project, you should coordinate / file a ticket for someone in the Cloud Operations team to terraform it out for you. They will then deploy to dev, stage, and production once the API is tested.

  2. There is a ‘self service’ terraform IaaS repository that clients can use to terraform out their Teams API’s, this project has its own documentation to help guide

    • https://github.com/Seagen/config-apim-api

    • People can update this on their own and request a code review from a relevant party to promote the code.

  3. By hand, this should be avoided if possible, if it’s not possible then document the API that was added for tracking purposes

Products

There are currently 9 product types:

  1. Internal

  2. Internal - Strategy

  3. Published

  4. Published - Cognitive Services

  5. Restricted

  6. Restricted - Life Sciences APIs

  7. Secret

  8. Starter

  9. Unlimited
    To use an API of the associated product the user needs to sign up for a subscription of said product to get a key for access

Subscriptions

You must request access and agree to the terms of service for all subscriptions needed to access the associated API. These should be named applicably so we know who is using this subscription and what product is the subscription for. If you have any questions about this process, please reach out to the Cloud Operations team

Developer Portal

There is a developer portal for each environment which can be used to sign up, subscribe to products, and test API’s

  • Development:

    • https://dev-seagen.developer.azure-api.net/

  • Staging:

    • https://stg-seagen.developer.azure-api.net/

  • Production

    • https://prd-seagen.developer.azure-api.net/

Signing up for an account

To sign up for the APIM and request a product, go to the developer portal for the environment you wish to register for. From here you can:

Note If you have an account or not, use the “Azure Active Directory” login method, not the sign in button which will authenticate you as a guest which will not have access to most subscriptions.

  1. Create a new account (if you have not already) by clicking the “Azure Active Directory” button to authenticate with Seagen AAD

  2. Navigate to the products page and click on the product you wish to subscribe to

  3. In the “your new product subscription name” put in something that can identify yourself and product that will be accessing the subscription

  4. Agree to the terms of service, and click “Subscribe”

  5. This will notify a member of the Cloud Operations team who will then approve the request after getting approval from the API owner

  6. One can now get the access key for your subscriptions on your Profile page in the developer portal

Accessing the API’s

Once you have an active subscription, you either test the API through the developer portal, simply navigate to the API’s page, select the API you want test and click the “Try it” button on the right side of the page. To access programmatically, get the primary key from your Profile page in the developer portal, and add this header to any requests going into the APIM

  • Ocp-Apim-Subscription-Key: YOUR_PRIMARY_KEY

Monitoring and Metrics

Navigate to the Azure portal and go to the APIM resource you wish to monitor. From here click on the Monitoring -> Analytics link in the left side blade navigation bar. From here you can:

  1. See Requests, Data Transfer, Response Time, and Cache graphs

  2. Select a specific time range to monitor

  3. Filter on Timeline, Geography, API’s, Operations, Products, Subscriptions, Users, or Requests

    For more granular logging one should setup an Application Insights instance for the API or Operation they wish to monitor, more information can be found here: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-app-insights

Contacting the Cloud Ops Team

If you have any questions, concerns, or just advice on setup or naming conventions please reach out to the Cloud Operations Team