Synchronize APIs from an API Management instance

This article shows how to create a link to an API Management instance so that the instances's APIs are continuously kept up to date in your API center inventory.

About linking an API Management instance

Although you can use the Azure CLI to import APIs on demand from Azure API Management to Azure API Center, linking an API Management instance enables continuous synchronization so that the API inventory stays up to date.

When you link an API Management instance as an API source, the following happens:

  1. All APIs, and optionally API definitions (specs), from the API Management instance are added to the API center inventory.
  2. You configure an environment of type Azure API Management in the API center.
  3. An associated deployment is created for each synchronized API definition from API Management.

API Management APIs automatically synchronize to the API center whenever existing APIs' settings change (for example, new versions are added), new APIs are created, or APIs are deleted. This synchronization is one-way from API Management to your Azure API center, meaning API updates in the API center aren't synchronized back to the API Management instance.

Note

  • There are limits for the number of linked API Management instances (API sources).
  • API updates in API Management typically synchronize to your API center within minutes but synchronization can take up to 24 hours.

Entities synchronized from API Management

You can add or update metadata properties and documentation in your API center to help stakeholders discover, understand, and consume the synchronized APIs. Learn more about Azure API Center's built-in and custom metadata properties.

The following table shows entity properties that can be modified in Azure API Center and properties that are determined based on their values in a linked Azure API Management instance. Also, entities' resource or system identifiers in Azure API Center are generated automatically and can't be modified.

Entity Properties configurable in API Center Properties determined in API Management
API summary
lifecycleStage
termsOfService
license
externalDocumentation
customProperties
title
description
kind
API version lifecycleStage title
Environment title
description
kind
server.managementPortalUri
onboarding
customProperties
server.type
Deployment title
description
server
state
customProperties
server.runtimeUri

For property details, see the Azure API Center REST API reference.

Prerequisites

  • An API center in your Azure subscription. If you haven't created one, see Quickstart: Create your API center.

  • An Azure API Management instance, in the same or a different subscription. The instance must be in the same directory.

  • For Azure CLI:

    Note

    az apic commands require the apic-extension Azure CLI extension. If you haven't used az apic commands, the extension can be installed dynamically when you run your first az apic command, or you can install the extension manually. Learn more about Azure CLI extensions.

    See the release notes for the latest changes and updates in the apic-extension.

    Note

    Azure CLI command examples in this article can run in PowerShell or a bash shell. Where needed because of different variable syntax, separate command examples are provided for the two shells.

Add a managed identity in your API center

For this scenario, your API center uses a managed identity to access APIs in your API Management instance. Depending on your needs, configure either a system-assigned or one or more user-assigned managed identities.

The following examples show how to configure a system-assigned managed identity by using the Azure portal or the Azure CLI. At a high level, configuration steps are similar for a user-assigned managed identity.

  1. In the portal, navigate to your API center.
  2. In the left menu, under Security, select Managed identities.
  3. Select System assigned, and set the status to On.
  4. Select Save.

Assign the managed identity the API Management Service Reader role

To allow import of APIs, assign your API center's managed identity the API Management Service Reader role in your API Management instance. You can use the portal or the Azure CLI.

  1. In the portal, navigate to your API Management instance.
  2. In the left menu, select Access control (IAM).
  3. Select + Add role assignment.
  4. On the Add role assignment page, set the values as follows:
    1. On the Role tab - Select API Management Service Reader.
    2. On the Members tab, in Assign access to - Select Managed identity > + Select members.
    3. On the Select managed identities page - Select the system-assigned managed identity of your API center that you added in the previous section. Click Select.
    4. Select Review + assign.

You can link an API Management instance using the portal.

  1. In the portal, navigate to your API center.
  2. Under Assets, select Environments.
  3. Select Links (preview) > + New link.
  4. In the Link your Azure API Management Service page:
    1. Select the Subscription, Resource group, and Azure API Management service that you want to link.
    2. In Link details, enter an identifier.
    3. In Environment details, enter an Environment title (name), Environment type, and optional Environment description.
    4. In API details, select a Lifecycle stage for the synchronized APIs. (You can update this value for your APIs after they're added to your API center.) Also, select whether to synchronize API definitions.
  5. Select Create.

Screenshot of linking an Azure API Management Service in the portal.

The environment is added in your API center. The API Management APIs are imported to the API center inventory.

Screenshot of environment list in the portal.

While an API Management instance is linked, you can't delete synchronized APIs from your API center. If you need to, you can delete the link. When you delete a link:

  • The synchronized API Management APIs in your API center inventory are deleted
  • The environment and deployments associated with the API Management instance are deleted

To delete an API Management link:

  1. In the portal, navigate to your API center.
  2. Under Assets, select Environments > Link (preview).
  3. Select the link, and then select Delete (trash can icon).