all Technical posts

Azure API Management - Conditional Policies

The Azure API Management Portal allows API Publishers to set policies to change the behavior of the underlying API by configuration.

The Policies act like a pipeline that executes a set of conditions or rules in a sequence. Policies contain configurable rules for authentication, validation, quota and IP level restriction, caching and more.

Massimo Crippa

14 April 2015

The Microsoft Product team is constantly adding features to the service, recently conditional policies have been added.

Policies overview

Policies can be applied at different scopes (Global, Product, API, and Operation), some are allowed only on the inbound channel, some others on the contrary only on the outbound.

The table summarizes the policies as today with their scope and the applicability.

Matrix

The Policies that are defined at different scopes are then pulled from the higher level to the lowest through the “<base/>” element and flattened to a single policy definition that executes the steps in a sequence.

Here the definition of the policies I setup for this blog post and the effective result per scope.

Flattern

Conditional policies

On April 10^th conditional policies have been rolled out:

Policy expressions. C#-based expressions that can be used as values in policy attributes and elements.
Control flow policy. That’s an if-then-else construct to conditionally apply policies based on the evaluation of logical expressions.
Set variable policy. Use this policy to store a computed value for later re-use within the scope of a single request.
Set backend service policy. To override the backend service URL.

The conditional policies bring flexibility to the API Management policy engine enabling the definition of more complex complex rules like evaluate headers in the inbound pipeline, save it in the context and then, based on that properties, take decisions on the outbound channel.

In the very basic example below I combined these 4 new policies in a single policy definition to route the request message to different endpoints depending on the datetime millisecond.

Conditional Policy

Test and analyze the trace

To test the policy definition I used the API management built-in console and I added the “ocp-apim-trace:true” header to the operation call to enable the API inspector.

The trace location is returned in the response ocp-apim-trace-location header which can be used to download the json data to inspect the execution.

Response

Here I got the json using fiddler and then the online json visualizer to easily inspect the trace, check the policy execution and the debug messages.

Visualizer

With the Azure API Management policies you gain the ability to protect, transform and to modify the underlying behavior of the virtualized backend service.

The April service update and the conditional policies brought more flexibility and power to the policy engine.

Cheers

Massimo

Subscribe to our RSS feed

Demystifying Role-Based Access with System Assigned Managed Identities in Azure

Traditionally, security between Azure components is assured through the use of SAS tokens. For some time, you have been able to use managed identities between Azure components. In this blog post, we'll go over how to leverage this.

Customer Care: A Deep Dive into CloudBrew 2023

CloudBrew 2023 ran from December 7th to 8th this year, and a team from Customer Care immersed ourselves in a variety of insightful sessions presented by engaging speakers covering diverse topics. In this blog post, we’ll take a deep dive into three talks that left a lasting impression on us.

Navigating the Future of IT Infrastructure and Security: Insights from CloudBrew 2023

As the main system administrator in our company, staying ahead in the ever-evolving landscape of IT infrastructure and security is not just a responsibility but a necessity. Recently, I had the opportunity to attend a series of enlightening sessions at CloudBrew, which focused on the latest advancements in IT infrastructure,…

Brussels Airlines’ Digital Transformation Takes Off

IoT Takes Bühler Group from Field to Fork

Going the Distance with Cloud-Connected Industrial Sensors

Swiss Re leverages Cloud Technology and Data Services for its Digital Risk Intelligence Solutions

Soudal is Digitally Transforming Sales in the Chemical Industry

Creating New Revenue Streams in Logistics by Connecting Data

Brussels Airlines’ Digital Transformation Takes Off

IoT Takes Bühler Group from Field to Fork

Going the Distance with Cloud-Connected Industrial Sensors

Swiss Re leverages Cloud Technology and Data Services for its Digital Risk Intelligence Solutions

Soudal is Digitally Transforming Sales in the Chemical Industry

Creating New Revenue Streams in Logistics by Connecting Data

Azure API Management - Conditional Policies

Policies overview

Conditional policies

Test and analyze the trace

Related articles

Send blog to my inbox

Thanks, we've sent the link to your inbox

Your download should start shortly!

What can we connect for you?

Brussels Airlines’ Digital Transformation Takes Off

IoT Takes Bühler Group from Field to Fork

Going the Distance with Cloud-Connected Industrial Sensors

Swiss Re leverages Cloud Technology and Data Services for its Digital Risk Intelligence Solutions

Soudal is Digitally Transforming Sales in the Chemical Industry

Creating New Revenue Streams in Logistics by Connecting Data

Azure API Management - Conditional Policies

Policies overview

Conditional policies

Test and analyze the trace

Related articles

Send blog to my inbox

Thanks, we've sent the link to your inbox

Your download should start shortly!

Stay in Touch - Subscribe to Our Newsletter

Great you’re on the list!

What can we connect for you?