Azure API Management
This module provides the following capabilities:
- Azure API Management
- Installation
- Backing up an API Management service
- Creating a new API operation in the Azure API Management instance
- Creating a new user in an Azure API Management service
- Importing a policy to an API in the Azure API Management instance
- Importing a policy to an operation in the Azure API Management instance
- Removing all Azure API Management defaults from the instance
- Restoring an API Management service
- Setting authentication keys to an API in the Azure API Management instance
- Uploading private certificates to the Azure API Management certificate store
Installation#
To have access to the following features, you have to import the module:
PS> Install-Module -Name Arcus.Scripting.ApiManagementBacking up an API Management service#
Backs up an API Management service (with built-in storage context retrieval).
| Parameter | Mandatory | Description |
|---|---|---|
ResourceGroupName | yes | The name of the of resource group under which the API Management deployment exists. |
StorageAccountResourceGroupName | yes | The name of the resource group under which the storage account exists. |
StorageAccountName | yes | The name of the Storage account for which this cmdlet gets keys. |
ServiceName | yes | The name of the API Management deployment that this cmdlet backs up. |
ContainerName | yes | The name of the container of the blob for the backup. If the container does not exist, this cmdlet creates it. |
BlobName | no | The name of the blob for the backup. If the blob does not exist, this cmdlet creates it (default value based on pattern: {Name}-{yyyy-MM-dd-HH-mm}.apimbackup. |
PassThru | no | Indicates that this cmdlet returns the backed up PsApiManagement object, if the operation succeeds. |
DefaultProfile | no | The credentials, account, tenant, and subscription used for communication with azure. |
Example
Simplest way to back up an API Management service.
PS> Backup-AzApiManagementService -ResourceGroupName "my-resource-group" -StorageAccountResourceGroupName "my-storage-account-resource-group" -StorageAccountName "my-storage-account" -ServiceName "my-service" -ContainerName "my-target-blob-container"# Getting Azure storage account key..# Got Azure storage key!# Create new Azure storage context with storage key...# New Azure storage context with storage key created!# Start backing up API management service...# API management service is backed-up!Creating a new API operation in the Azure API Management instance#
Create an operation on an existing API in Azure API Management.
| Parameter | Mandatory | Description |
|---|---|---|
ResourceGroupName | yes | The resource group containing the Azure API Management instance |
ServiceName | yes | The name of the Azure API Management instance located in Azure |
ApiId | yes | The ID to identify the API running in Azure API Management |
OperationId | yes | The ID to identify the to-be-created operation on the API |
Method | yes | The method of the to-be-created operation on the API |
UrlTemplate | yes | The URL-template, or endpoint-URL, of the to-be-created operation on the API |
OperationName | no | The optional descriptive name to give to the to-be-created operation on the API (default: OperationId) |
Description | no | The optional explanation to describe the to-be-created operation on the API |
PolicyFilePath | no | The path to the file containing the optional policy of the to-be-created operation on the API |
Example
Creates a new API operation on the Azure API Management instance with using the default base operation policy.
PS> Create-AzApiManagementApiOperation -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -ApiId $ApiId -OperationId $OperationId -Method $Method -UrlTemplate $UrlTemplate# New API operation '$OperationName' on Azure API Management instance was added.Creates a new API operation on the Azure API Management instance with using a specific operation policy.
PS> Create-AzApiManagementApiOperation -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -ApiId $ApiId -OperationId $OperationId -Method $Method -UrlTemplate $UrlTemplate -OperationName $OperationName -Description $Description -PolicyFilePath $PolicyFilePath# New API operation '$OperationName' on API Management instance was added.Creating a new user in an Azure API Management service#
Signup or invite a new user in an existing Azure API Management instance.
| Parameter | Mandatory | Description |
|---|---|---|
ResourceGroupName | yes | The resource group containing the Azure API Management instance |
ServiceName | yes | The name of the Azure API Management instance located in Azure |
FirstName | yes | The first name of the user that is to be created |
LastName | yes | The last name of the user that is to be created |
MailAddress | yes | The email address of the user that is to be created |
UserId | no | The UserId that will be used to create the user |
Password | no | The password that the user will be able to login with |
Note | no | A note that will be added to the user |
SendNotification | no | Wether or not a notification will be sent to the email address of the user |
ConfirmationType | no | The confirmation type that will be used when creating the user, this can be invite (default) or signup |
ApiVersion | no | The version of the management API to be used. (default: 2021-08-01) |
SubscriptionId | no | The Id of the subscription containing the Azure API Management instance. When not provided, it will be retrieved from the current context (Get-AzContext). |
AccessToken | no | The access token to be used to add the user to the Azure API Management instance. When not provided, it will be retrieved from the current context (Get-AzContext). |
Example
Invite a new user in an existing Azure API Management instance.
PS> Create-AzApiManagementUserAccount -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -FirstName $FirstName -LastName $LastName -MailAddress $MailAddress# Attempting to invite $FirstName $LastName ($MailAddress)# Invitation has been sent to FirstName $LastName ($MailAddress)Invite a new user in an existing Azure API Management instance and specify a UserId.
PS> Create-AzApiManagementUserAccount -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -FirstName $FirstName -LastName $LastName -MailAddress $MailAddress -UserId $UserId# Attempting to invite $FirstName $LastName ($MailAddress)# Invitation has been sent to FirstName $LastName ($MailAddress)Invite a new user in an existing Azure API Management instance and include a note.
PS> Create-AzApiManagementUserAccount -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -FirstName $FirstName -LastName $LastName -MailAddress $MailAddress -Note $Note# Attempting to invite $FirstName $LastName ($MailAddress)# Invitation has been sent to FirstName $LastName ($MailAddress)Invite a new user in an existing Azure API Management instance and send a notification.
PS> Create-AzApiManagementUserAccount -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -FirstName $FirstName -LastName $LastName -MailAddress $MailAddress -SendNotification# Attempting to invite $FirstName $LastName ($MailAddress)# Invitation has been sent to FirstName $LastName ($MailAddress)Signup a new user in an existing Azure API Management instance.
PS> Create-AzApiManagementUserAccount -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -FirstName $FirstName -LastName $LastName -MailAddress $MailAddress -ConfirmationType signup# Attempting to create account for FirstName $LastName ($MailAddress)# Account has been created for FirstName $LastName ($MailAddress)# Since no password was provided, one has been generated. Please advise the user to change this password the first time logging inSignup a new user in an existing Azure API Management instance and specify a password.
PS> Create-AzApiManagementUserAccount -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -FirstName $FirstName -LastName $LastName -MailAddress $MailAddress -Password $Password -ConfirmationType signup# Attempting to create account for FirstName $LastName ($MailAddress)# Account has been created for FirstName $LastName ($MailAddress)Removing a user from an Azure API Management service#
Remove a user from an existing Azure API Management instance based on e-mail address.
| Parameter | Mandatory | Description |
|---|---|---|
ResourceGroupName | yes | The resource group containing the Azure API Management instance |
ServiceName | yes | The name of the Azure API Management instance located in Azure |
MailAddress | yes | The email address of the user that is to be removed |
SubscriptionId | no | The Id of the subscription containing the Azure API Management instance. When not provided, it will be retrieved from the current context (Get-AzContext). |
AccessToken | no | The access token to be used to add the user to the Azure API Management instance. When not provided, it will be retrieved from the current context (Get-AzContext). |
Example
Remove a user from an existing Azure API Management instance.
PS> Remove-AzApiManagementUserAccount -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -MailAddress $MailAddress# Retrieving the user account with e-mail '$MailAddress'# Attempting to remove the user account with e-mail '$MailAddress' and id '1'# Removed the user account with e-mail '$MailAddress' and id '1'Importing a policy to a product in the Azure API Management instance#
Imports a policy from a file to a product in Azure API Management.
| Parameter | Mandatory | Description |
|---|---|---|
ResourceGroupName | yes | The resource group containing the Azure API Management instance |
ServiceName | yes | The name of the Azure API Management instance located in Azure |
ProductId | yes | The ID to identify the product in Azure API Management |
PolicyFilePath | yes | The path to the file containing the to-be-imported policy |
PS> Import-AzApiManagementProductPolicy -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -ProductId $ProductId -PolicyFilePath $PolicyFilePath# Updating policy of the product '$ProductId'Importing a policy to an API in the Azure API Management instance#
Imports a base-policy from a file to an API in Azure API Management.
| Parameter | Mandatory | Description |
|---|---|---|
ResourceGroupName | yes | The resource group containing the Azure API Management instance |
ServiceName | yes | The name of the Azure API Management instance located in Azure |
ApiId | yes | The ID to identify the API running in Azure API Management |
PolicyFilePath | yes | The path to the file containing the to-be-imported policy |
PS> Import-AzApiManagementApiPolicy -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -ApiId $ApiId -PolicyFilePath $PolicyFilePath# Updating policy of the API '$ApiId'Importing a policy to an operation in the Azure API Management instance#
Imports a policy from a file to an API operation in Azure API Management.
| Parameter | Mandatory | Description |
|---|---|---|
ResourceGroupName | yes | The resource group containing the Azure API Management instance |
ServiceName | yes | The name of the Azure API Management service located in Azure |
ApiId | yes | The ID to identify the API running in Azure API Management |
OperationId | yes | The ID to identify the operation for which to import the policy |
PolicyFilePath | yes | The path to the file containing the to-be-imported policy |
PS> Import-AzApiManagementOperationPolicy -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -ApiId $ApiId -OperationId $OperationId -PolicyFilePath $PolicyFilePath# Updating policy of the operation '$OperationId' in API '$ApiId'Removing all Azure API Management defaults from the instance#
Remove all default API's and products from the Azure API Management instance ('echo-api' API, 'starter' & 'unlimited' products), including the subscriptions.
| Parameter | Mandatory | Description |
|---|---|---|
ResourceGroupName | yes | The resource group containing the Azure API Management instance |
ServiceName | yes | The name of the Azure API Management instance located in Azure |
PS> Remove-AzApiManagementDefaults -ResourceGroupName $ResourceGroup -ServiceName $ServiceName# Removing Echo Api...# Removing Starter product...# Removing Unlimited product...Restoring an API Management service#
The Restore-AzApiManagement cmdlet restores an API Management Service from the specified backup residing in an Azure Storage blob.
| Parameter | Mandatory | Description |
|---|---|---|
ResourceGroupName | yes | The name of resource group under which API Management exists. |
StorageAccountResourceGroupName | yes | The name of the resource group that contains the Storage account. |
StorageAccountName | yes | The name of the Storage account for which this cmdlet gets keys. |
ServiceName | yes | The name of the API Management instance that will be restored with the backup. |
ContainerName | yes | The name of the Azure storage backup source container. |
BlobName | yes | The name of the Azure storage backup source blob. |
PassThru | no | Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output. |
DefaultProfile | no | The credentials, account, tenant, and subscription used for communication with azure. |
PS> Restore-AzApiManagementService -ResourceGroupName $ResourceGroupName -$StorageAccountResourceGroupName -StorageAccountName $StorageAccountName -ServiceName $ServiceName -ContainerName $ContainerName -BlobName $BlobName# Getting Azure storage account key...# Got Azure storage key!# Create new Azure storage context with storage key...# New Azure storage context with storage key created!# Start restoring up API management service...# API management service is restored!Setting authentication keys to an API in the Azure API Management instance#
Sets the subscription header/query parameter name to an API in Azure API Management.
| Parameter | Mandatory | Description |
|---|---|---|
ResourceGroupName | yes | The resource group containing the Azure API Management instance |
ServiceName | yes | The name of the Azure API Management instance located in Azure |
ApiId | yes | The ID to identify the API running in Azure API Management |
HeaderName | no | The name of the header where the subscription key should be set. (default: x-api-key) |
QueryParamName | no | The name of the query parameter where the subscription key should be set. (default: apiKey) |
Using default
PS> Set-AzApiManagementApiSubscriptionKey -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -ApiId $ApiIdWrite-Host "Using API Management instance '$ServiceName' in resource group '$ResourceGroup'"Write-Host "Subscription key header 'x-api-key' was assigned"Write-Host "Subscription key query parameter 'apiKey' was assigned"User-defined values
PS> Set-AzApiManagementApiSubscriptionKey -ResourceGroupName $ResourceGroup -ServiceName $ServiceName -ApiId $ApiId -HeaderName "my-api-key" -QueryParamName "myApiKey"Write-Host "Using API Management instance '$ServiceName' in resource group '$ResourceGroup'"Write-Host "Subscription key header 'my-api-key' was assigned"Write-Host "Subscription key query parameter 'myApiKey' was assigned"Uploading private certificates to the Azure API Management certificate store#
Uploads a private certificate to the Azure API Management certificate store, allowing authentication against backend services.
| Parameter | Mandatory | Description |
|---|---|---|
ResourceGroupName | yes | The resource group containing the Azure API Management instance |
ServiceName | yes | The name of the Azure API Management instance |
CertificateFilePath | yes | The full file path to the location of the private certificate |
CertificatePassword | yes | The password for the private certificate |
Example
PS> Upload-AzApiManagementCertificate -ResourceGroupName "my-resource-group" -ServiceName "my-api-management-instance' -CertificateFilePath "c:\temp\certificate.pfx" -CertificatePassword "P@ssw0rd"# Using API Management instance 'my-api-management-instance' in resource group 'my-resource-group'# Uploaded private certificate at 'c:\temp\certificate.pfx'