Azure API Management — APIOps: GitOps for APIM

Extract/Publish APIM Config via GitHub Actions

Overview

APIOps applies DevOps practices to API management. Store APIM configuration in Git, use CI/CD pipelines to deploy changes, and maintain version control for APIs.

Export APIM Configuration

# Export all APIs
az apim api export \
  --resource-group my-rg \
  --name my-apim \
  --output-dir ./apis

# Export specific API
az apim api export \
  --resource-group my-rg \
  --name my-apim \
  --api-id my-api \
  --output-file ./apis/my-api.json

GitHub Actions: Deploy API

name: Deploy API to APIM

on:
  push:
    branches: [main]
    paths: ['apis/**']

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Azure Login
        uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}
      
      - name: Import API to APIM
        run: |
          for api in apis/*.json; do
            az apim api import \
              --resource-group my-rg \
              --api-id "$(basename $api .json)" \
              --spec-file "$api" \
              --format openapi \
              --service-name my-apim
          done

API Version Management

# Import with version
az apim api import \
  --resource-group my-rg \
  --api-id "myapi-v1" \
  --path "myapi/v1" \
  --spec-file ./myapi-v1.json

az apim api import \
  --resource-group my-rg \
  --api-id "myapi-v2" \
  --path "myapi/v2" \
  --spec-file ./myapi-v2.json

Policy as Code

<!-- Store in: policies/default.xml -->
<policies>
    <inbound>
        <base />
        <validate-jwt header-name="Authorization">
            <openid-config url="https://login.microsoftonline.com/tenant/.well-known/openid-configuration" />
        </validate-jwt>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
</policies>

Git Branch Strategy

main
├── apis/
│   ├── orders-api.json
│   └── users-api.json
├── policies/
│   ├── default.xml
│   └── rate-limit.xml
└── environments/
    ├── dev.parameters.json
    ├── staging.parameters.json
    └── prod.parameters.json

Deployment Pipeline

name: Deploy to Environment

on:
  pull_request:
    branches: [main]

jobs:
  deploy-dev:
    if: github.event.pull_request.base.ref == 'develop'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Deploy to Dev APIM
        run: |
          az deployment group create \
            --resource-group dev-rg \
            --template-file azuredeploy.bicep \
            --parameters environment=dev

Azure Integration Hub - Advanced Level