Search Tutorials


AZ-204 - Consuming Azure Services & API Management | JavaInUse

AZ-204 - Consuming Azure Services & API Management

Azure API Management (APIM)

Azure API Management (APIM) is a fully managed service that helps organizations publish, secure, transform, maintain, and monitor APIs. It acts as a gateway between API consumers and backend services.

APIM Components

API Gateway

The endpoint that accepts API calls and routes them to backends. Enforces policies such as rate limiting, authentication, and request/response transformation.

Azure Portal (Management Plane)

The administrative interface where you define APIs, configure policies, manage products and subscriptions, set up users and groups, and view analytics.

Developer Portal

An auto-generated, fully customizable website where API consumers discover APIs, read documentation, try APIs via an interactive console, and obtain subscription keys.

APIM Tiers

TierUse CaseSLA
ConsumptionServerless, pay-per-call99.95%
DeveloperNon-production, evaluationNo SLA
BasicEntry-level production99.95%
StandardMedium traffic production99.95%
PremiumMulti-region, VNet, high scale99.99%

Configure API Management

Products

Products are how APIs are surfaced to developers. A product contains one or more APIs. Products can be Open (no subscription required) or Protected (subscription required).

Subscriptions & Keys

API consumers access protected products via subscription keys. Keys are passed in the Ocp-Apim-Subscription-Key header or as a query parameter.

Policies

Policies are XML-based statements that modify API behavior. They execute at four scopes:

<policies>
  <inbound> <!-- Applied on request -->
  </inbound>
  <backend> <!-- Before forwarding to backend -->
  </backend>
  <outbound> <!-- Applied on response -->
  </outbound>
  <on-error> <!-- On exception -->
  </on-error>
</policies>

Common Policies

PolicyPurpose
rate-limitLimit calls per time period (e.g., 100 calls per 60 seconds)
quotaLimit total calls or bandwidth per subscription over a period
ip-filterAllow or deny requests from specific IP addresses
set-headerAdd, remove, or modify HTTP headers
rewrite-uriTransform the request URL path before forwarding
validate-jwtValidate a JWT token for authentication
cache-lookup / cache-storeCache responses to improve performance
corsEnable Cross-Origin Resource Sharing

Test the API

APIM provides a built-in test console in the Azure Portal. You can send requests with headers, query parameters, and body content directly from the portal to test backend connectivity and policy behavior.

Add a New API

Import Methods

APIs can be added manually or imported from:

  • OpenAPI/Swagger - JSON or YAML specification files
  • WSDL - SOAP service definitions
  • Azure App Service - Direct import of web apps
  • Azure Function App - Direct import of function apps
  • Logic App - Import Logic App workflows as APIs

Swagger / OpenAPI

OpenAPI (formerly Swagger) is a specification for describing REST APIs. APIM natively supports OpenAPI v2 and v3 for importing and exporting API definitions.

OpenAPI Benefits in APIM

  • Auto-generates API operations from the spec
  • Populates request/response schemas and examples
  • Produces interactive documentation in the Developer Portal
  • Enables validation policies to enforce schemas

API Management Developer Portal

The Developer Portal is an auto-generated website for API consumers. It allows developers to:

  • Browse and search available APIs
  • Read auto-generated or custom documentation
  • Try API calls via an interactive console
  • Create accounts and subscribe to products
  • View usage analytics for their subscriptions

The portal is fully customizable via a visual editor or code. Administrators can brand it, add pages, and control access.

Key Terms

TermDefinition
API Management (APIM)A managed service that acts as a gateway for publishing, securing, transforming, and monitoring APIs.
ProductA grouping of one or more APIs that is published to developers. Can be Open or Protected.
Subscription KeyA key passed in the Ocp-Apim-Subscription-Key header to authenticate API calls to protected products.
PolicyXML-based statements that modify API behavior at inbound, backend, outbound, or on-error stages.
Developer PortalAn auto-generated, customizable website where API consumers discover APIs, read docs, and obtain keys.
OpenAPI (Swagger)A standard specification format for describing REST APIs, used for importing APIs into APIM.
Exam Tips:
  • APIM policies use XML and execute in four stages: inbound, backend, outbound, on-error.
  • rate-limit restricts calls per time window. quota restricts total calls over a longer period.
  • The Consumption tier is serverless and pay-per-call -- no infrastructure to manage.
  • Subscription keys are passed via the Ocp-Apim-Subscription-Key header.
  • validate-jwt policy is used for OAuth 2.0 / Azure AD authentication at the gateway.
  • OpenAPI specs can be imported to auto-generate API operations and documentation.
  • The Developer Portal is auto-generated but fully customizable.

Practice Questions

Q1. In which section of an APIM policy would you add rate limiting for incoming requests?

  • backend
  • outbound
  • inbound
  • on-error

Answer: C

Rate limiting is applied in the inbound section because it should be enforced before the request reaches the backend service.

Q2. Which header is used to pass the subscription key when calling an API through APIM?

  • Authorization
  • X-API-Key
  • Ocp-Apim-Subscription-Key
  • X-Subscription-Id

Answer: C

By default, APIM expects the subscription key in the Ocp-Apim-Subscription-Key header or as a query parameter named subscription-key.

Q3. Which APIM policy validates an OAuth 2.0 token at the gateway?

  • authenticate-basic
  • validate-jwt
  • check-header
  • ip-filter

Answer: B

The validate-jwt policy checks JSON Web Tokens for validity, including issuer, audience, expiration, and required claims.

Q4. Which APIM tier is serverless and charges per API call?

  • Developer
  • Basic
  • Consumption
  • Standard

Answer: C

The Consumption tier is serverless with pay-per-call pricing. It requires no infrastructure management and scales automatically.

Q5. A developer wants to import an existing REST API definition into APIM. Which format should they use?

  • RAML
  • GraphQL schema
  • OpenAPI (Swagger) JSON/YAML
  • Protocol Buffers

Answer: C

APIM natively supports importing APIs from OpenAPI (Swagger) v2 and v3 specification files in JSON or YAML format.

AZ-204 Developing Azure Solutions - Table of Contents

Master all exam topics with comprehensive study guides and practice questions.

Containers ACI, ACR, Docker, Web Apps Function App Triggers, bindings, monitoring Azure Storage Accounts Blobs, SAS, AzCopy, lifecycle CosmosDB Consistency, replication, change feed Azure Authentication Entra ID, Microsoft Graph, identity Data Encryption Storage encryption, SQL, Key Vault Application Insights Monitoring, metrics, logs, traces Consuming Azure Services API Management, Swagger, OpenAPI Event-Based Solutions Event Grid, Event Hub Application Messaging Storage Queues, Service Bus

Popular Posts

1Z0-830 Java SE 21 Developer Certification Prepare with Notes and Real Time Practice Tests 1Z0-819 Java SE 11 Developer Certification Prepare with Notes and Real Time Practice Tests 1Z0-829 Java SE 17 Developer Certification Prepare with Notes and Real Time Practice Tests AWS AI Practitioner Certification Prepare with Notes and Real Time Practice Tests AZ-204 Azure Developer Associate Certification Prepare with Notes and Real Time Practice Tests AZ-305 Azure Solutions Architect Expert Certification Prepare with Notes and Real Time Practice Tests AZ-400 Azure DevOps Engineer Expert Certification Prepare with Notes and Real Time Practice Tests DP-100 Azure Data Scientist Associate Certification Prepare with Notes and Real Time Practice Tests AZ-900 Azure Fundamentals Certification Prepare with Notes and Real Time Practice Tests PL-300 Power BI Data Analyst Certification Prepare with Notes and Real Time Practice Tests Spring Professional Certification Prepare with Notes and Real Time Practice Tests Azure AI Foundry Hello World What is Azure AI Foundry Azure AI Agent Hello World Set up and run your first agent Foundry vs Hub Projects When to choose Foundry or hub-based Build Agents with SDK Threads, messages, runs in Python Bing Web Search Agent Ground agents with real-time data Function Calling Agent Custom functions & tool integration Spring Boot + Azure Key Vault Hello World Example Fetch secrets from Azure Key Vault in Spring Boot Spring Boot + Elasticsearch + Azure Key Vault Example Secure Elasticsearch config using Azure Key Vault Spring Boot Azure AD (Entra ID) OAuth 2.0 Authentication Connect Spring Boot to Azure AD using OAuth2 Deploy Spring Boot App to Azure App Service Host Spring Boot application on Azure App Service Secure Azure App Service using Azure API Management Protect deployed Spring Boot app with API Management Deploy Spring Boot JAR to Azure App Service Deploy executable JAR directly to Azure Deploy Spring Boot + MySQL to Azure App Service Host Spring Boot with MySQL database on Azure Spring Boot + Azure Managed Identity Example Access Azure Key Vault using Managed Identity Secure Spring Boot Azure Web App with Managed Identity + App Registration Secure Spring Boot app via Azure Portal configuration Elasticsearch 8 Security - Integrate Azure AD OIDC Integrate Azure AD OIDC with Elasticsearch & Kibana