API Management is an Azure Service for publishing, managing, securing and monitoring APIs. It can be deployed along with your Serverless function app by specifying its configuration in serverless.yml. Here is a basic example of how to configure API Mangement:
Simply setting apim: true in your configuration will automatically deploy a consumption based APIM resource to Azure. By default it will create a API with path of /api in your APIM instance and will map all operations defined in the serverless yaml to your function app.
service: greeter
provider:
prefix: greeter
name: azure
# Default to West US, allow for command line arg --region to override
region: ${opt:region, 'westus'}
# Default to dev, allow for command line arg -- stage to override
stage: ${opt:stage, 'dev'}
# Azure subscription ID for deployment
subscriptionId: 00000000-0000-0000-0000-000000000000
# Start of your API Management configuration
apim: true
plugins:
- serverless-azure-functions
functions:
hello:
handler: src/handlers/hello.handler
events:
- http: true
methods:
- GET
authLevel : functionIn this example you can see the configuration support is quite verbose. You have the ability to create multiple APIs and Backends as well as associate an operation to a specific api/backend. If the operation is not specifically defined it will default to the first API / Backend that has been defined.
service: greeter
provider:
prefix: greeter
name: azure
# Default to West US, allow for command line arg --region to override
region: ${opt:region, 'westus'}
# Default to dev, allow for command line arg -- stage to override
stage: ${opt:stage, 'dev'}
# Azure subscription ID for deployment
subscriptionId: 00000000-0000-0000-0000-000000000000
# Start of your API Management configuration
apim:
# API specifications
apis:
# Name of the API
- name: products-api
subscriptionRequired: false
# Display name
displayName: Products API
# Description of API
description: The Products REST API
# HTTP protocols allowed
protocols:
- https
# Base path of API calls
path: products
# Tags for ARM resource
tags:
- tag1
- tag2
# No authorization
authorization: none
# Name of the API
- name: categories-api
subscriptionRequired: false
# Display name
displayName: Categories API
# Description of API
description: The Categories REST API
# HTTP protocols allowed
protocols:
- https
# Base path of API calls
path: categories
# Tags for ARM resource
tags:
- tag1
- tag2
# No authorization
authorization: none
backends:
- name: products-backend
url: api/products
- name: categories-backend
url: api/categories
# CORS Settings for APIM
cors:
allowCredentials: false
allowedOrigins:
- "*"
allowedMethods:
- GET
- POST
- PUT
- DELETE
- PATCH
allowedHeaders:
- "*"
exposeHeaders:
- "*"
# JWT validation APIM policy
jwtValidate:
headerName: authorization
scheme: bearer
failedStatusCode: 401
failedErrorMessage: "Authorization token is missing or invalid"
openId:
metadataUrl: "https://path/to/openid/metadata/config"
audiences:
- "audience1"
- "audience2"
issuers:
- "https://path/to/openid/issuer"
# Header validation APIM policy
checkHeaders:
- headerName: x-example-header-1
failedStatusCode: 400
failedErrorMessage: Not Authorized
values: # List of allowed values, otherwise returns error code/message
- value1
- value2
- headerName: x-example-header-2
failedStatusCode: 403
failedErrorMessage: Forbidden
values: # List of allowed values, otherwise returns error code/message
- value1
- value2
# IP Validation APIM policies
ipFilters:
- action: allow
addresses: # List of allowed IP addresses
- 1.1.1.1
- 2.2.2.2
addressRange: # Also optionally support range of IP addresses
from: 1.1.1.1
to: 2.2.2.2
- action: forbid
addresses: # List of forbidden IP addresses
- 3.3.3.3
- 4.4.4.4
addressRange: # Also optionally support range of IP addresses
from: 3.3.3.3
to: 4.4.4.4
plugins:
- serverless-azure-functions
functions:
getProducts:
handler: src/handlers/getProducts.handler
# API Management configuration for `hello` handler
apim:
# The API to attach this operation
api: products-api
# The Backend use for the operation
backend: products-backend
operations:
# GET operation for `getProducts` handler
- method: get
# URL path for accessing handler
urlTemplate: /
# Display name inside Azure Portal
displayName: GetProducts
events:
- http: true
methods:
- GET
authLevel : function
getCategories:
handler: src/handlers/getCategories.handler
# API Management configuration for `getCategories` handler
apim:
# The API to attach this operation
api: categories-api
# The Backend use for the operation
backend: categories-backend
operations:
# GET operation for `getCategories` handler
- method: get
# URL path for accessing handler
urlTemplate: /
# Display name inside Azure Portal
displayName: GetCategories
events:
- http: true
methods:
- GET
authLevel : function