Secure Logic App endpoint with API Management

​

Introduction

The Application Programming Interface (API) is playing a key role in Application connectivity in today’s world. As per wiki you can define API as

Application programming interface (API) is a set of subroutine definitions, protocols, and tools for building application software. In general terms, it's a set of clearly defined methods of communication between various software components.

In this wiki article we will not go inside API or API programming model but we will discuss one of the key aspects of API Management with ** “Azure API Management”.**

In real world, Organisations goes on creating plethora of API’s to connect their internal or external partners and develop large number of Web API, WCF endpoint, REST and SOAP services . The endpoints behavior for these services such as security, content-type handling, caching, and many more are being managed separately and require a development effort for each change request. When these Organisations are small and provides limited functionality, maintaining these API are easy and Organisations often don't think of any abstraction layer for their countable API’s. The story changes when the same Organisation expand, the number of API endpoints goes on increase because of new functional and structural changes within farm and partner often changing requirement. Managing all these distinct API’s becomes cumbersome at one point of time, often causing issues like duplication, rework, security issues, tightly-coupled applications and many more. Listening to the same stories from multiple customers Microsoft has provided arsenal inform of” Azure API Management “

Microsoft Azure API Management is a PaaS offering from Microsoft to manage the organisation internal and external API’s. In this article we will combine two powerful Azure offerings in integration space Azure API management and Logic Apps.  In this article we will do a walk through of a process of creating a loosely coupled endpoint for the logic apps using API management.

Solution Design

In this solution we are developing interface for our fictitious company Millennium Car Service which takes customer order in web portal and creates a job in Dynamic CRM to provide best support  life cycle to their customers.  In this solution we will provide a layer of abstraction to logic app endpoint by using Azure API management so that internal logic behind the logic app remains hidden from the end user. This layer of abstraction will be beneficial for the company because the same endpoint can be called through sister partners with change in the security model for the published API.

   

The workflow action being listed below

1. Customer Login into the Millennium Car Service portal through mobile or the desktop.
2. The customer enters his/her personal information details into the web portal and click on the submit button to create a service request in the Dynamics 365 CRM system.
3. The request from web page is taken up by the endpoint listed in API management and forward the request to the Logic Apps for further processing
4. Logic Apps uses the workflow engine create a service job entry into the CRM entity.

Prerequisite

To work with the scenario, you need to have a valid subscription to Microsoft Azure. You can register for free subscription at link: Jump https://azure.microsoft.com/en-us/free/

Azure API Management Publisher Portal and Developer Portal

Azure API Management can be configured in three different tiers.  The different tiers of API Management are

• Premium tier
• Standard tier
• Developer instance

These different tiers have additional features and they also differ in pricing plan. For more information of API Management pricing plan you can go through Microsoft documentation at https://azure.microsoft.com/en-us/pricing/details/api-management/

For more description of API Management you can refer to Microsoft documentation available at web https://docs.microsoft.com/en-us/azure/api-management/ .

In this wiki article we will create developer instance of API Management in Azure and it is always recommended to take wiser decision when you choose API Management instance for your production  

We will go step-by step to and configure the necessary artifacts along with its explanation.

• Login to into azure portal http://portal.azure.com with valid Azure subscription.
• Go to more services and under Enterprise Integration select API Management. You can also use search option in Azure to search for API Management.

• Click on the Add which will open the Azure API management blade where you need to fill the required description to create API Management instance 

• Next on the Azure API Management blade enter the required information like Name, resource group, **organisation, **select appropriate location under which you want your API Management instance to run along with pricing tier and click on create. This will take approx. 20 min to create a new developer instance of API Management under your Azure subscription.

• In the next step go to the listed resource group in which you have created developer instance of API Management and  click on the new instance to open up its Azure portal. Under overview section you will see links for publisher portal, developer portal and various API Management artifacts like products, API Preview etc.

We will define some of key pointers for API Management like Publisher portal, Product and Developer Portal below . You can refer them in more details at getting started link for API Management /en-us/azure/api-management/api-management-get-started 

Publisher Portal

In API Management Publisher portal refers to administrative interface to import and manage API’s. Generally the user with admin privilege within API Management can do the following activity.

• Import the API based on swagger and WADL definition.
• Create Products and provide Product level as well as  API Level security
• Define rate limit and usage quota through different policies
• Transformation of content type at the interface level

For more feature list look at Microsoft documentation /en-us/azure/api-management/api-management-howto-protect-backend-with-aad

Coming back to our solution you can look into the API Management Publisher Portal by clicking on to the link of the publisher portal at API Management blade 

   

Product

API Management Product refers to container of one or more API. The Product is acting as a boundary were you can define common behavior like security, policies etc.  Once an API is being added into product and published through API Management  it will be accessible in developer portal.

 

Microsoft has defined the Product and how you can work with Product at /en-us/azure/api-management/api-management-howto-add-products

For this article we have created a Product and named it as TechNetwikiLogicAppInterface where we have provided the description for the product and unchecked required subscription. We have also unchecked "Require subscription" so that we can test the API endpoint through tools like Fiddler and Postman without passing extra header information.

  

Developer Portal

Developer portal in Azure API Management refers to the interface where partner or Organisation developer can find the published API and its definition. It provides first hand experience to test the Published API with sample request Message.  Administrator can give different level of rights to the developer or partner based on API usages and authorization.  The authorization is being nicely explained at https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-create-groups 

Logic App workflow  with Dynamics CRM 365

In next section we will create workflow in Logic App which will get HTTP request message and do multiple lookup against the Dynamic 365 before creating a recording  Job Entity within. If you are actively looking for Dynamic 365 capability you can create a trial instance of Dynamic CRM online by following the  link https://www.microsoft.com/en-us/dynamics/free-crm-trial.aspx

Step-by-Step process to create the Logic App workflow:

• In Azure Portal click on Add button and search for Logic Apps, this will list the Logic App template. Click on Logic Apps and populate the required Field like Logic App name, resource group under which you want to run the logic Apps and the required Location.

• The next step is to create a JSON schema from the sample JSON payload. For this select a HTTP Trigger and paste the JSON sample  message under "Use Sample Message to generate Schema"  and click on **Done.  **If you are new to Logic Apps and concept of trigger, action and workflow language, then you can start yourself from link /en-us/azure/logic-apps/logic-apps-http-endpoint

• Creation of  HTTP JSON request schema definition the development effort very less  very easy as you can easily  navigate through different elements of the request within the Logic Apps. If you do not define JSON Schema then also you can iterate through the elements using workflow definition language /en-us/rest/api/logic/definition-language

•  The Next Step to create a Dynamic 365 API connection for Logic Apps  .From the list of connector search for Dynamic 365 and click on create new record. This will open up the Connection Information page .

•  In the next step enter the correct connection information for your Organisation instance  like email address and password click sign in.

• Once the API connection is established with the Dynamic 365 search for action "List record in CRM " action within the CRM and select appropriate Organisation and entity within the logic Apps. For more information on Dynamic CRM connector and list of operation supported look at the Microsoft link at https://docs.microsoft.com/en-us/azure/connectors/connectors-create-api-crmonline 

• The overall workflow will be like below with multiple lookup against the CRM to fetch the guid values for the relevant entity record. In the last step we will create a job within the CRM based on the values fetched through CRM lookup and values which are passed from the HTTP request Trigger 

• Once the workflow is completed the next step is to test the interface using tool like postman or fiddler. In our case we have used postman to test the logic app interface with sample JSON payload.

• You can also Logic App run through Azure portal. Go to the specified logic app and click on the overview section this will list down all the successful, failed and skipped trigger details.

Import Logic App definition In API Management

In the next step we will import the Logic App definition in to the developer instance of Azure API Management which created as part of above section. To import the logic app definition copy the Logic App HTTP endpoint URL from Logic App overview section and save it in notepad so that we can easily use them when required .  

• Now open the API Management instance and click on API-Preview to open up the API import blade. This is still in preview stage but it makes very easy to import Logic App definition  and you can easily define administrative action like policy, Header for inbound calls and auto response from the API .

• Click on the Logic App, this will show all the logic app running under the specified Azure subscription. Click on the Logic App which is being made as part of this solution and click on create which will import the logic app endpoint within API Management. You also need to provide API URL suffix so that it can differentiated from other API within the same Product 

• Once you imported the API then it will open up the API Management blade were you can do the API customization like policy creation, addition of header, setting response parameter etc. For More details you can go through Microsoft documentation https://docs.microsoft.com/en-us/azure/api-management/api-management-sample-cache-by-key 

 

• For this sample we are not making any customization to the imported Logic App. In next step we will add the API endpoint for logicapps  into the Product and publish them so that developer can run test against the published API endpoint. For this task click on the publisher portal and click on the Product we created for Logic App and select Add API to Product

• Now imported the newly created API for  Logic App and click on save blade to get the API definition imported within the product   

• For authentication and authorization Under visibility tag click on the checkbox for the developers and guests. This way the API will be visible in the developer portal.

• In the next step, from the summary tab of the Product  click on publish tab to publish the API  for developers and users which have specified read/write access on the specific Product

• To test and validate the Published API, navigate to API Management developer portal and within the product section you can find the API url for the imported logic apps endpoint. To test the endpoint from developer portal click on Try it and send the request payload to the endpoint.

• You will see the API management url has responded with appropriate response

** **

• You can use tools like postman as well to test the API Management endpoint  passing appropriate header information along with sample JSON message . In this case you need to pass Ocp-Apim-Subscription-Key which you can be fetched from the developer as well as admin portal

See Also

• Integrate 2016 resources
• Logic Apps Live

An important place to find a huge amount of BizTalk related articles is the TechNet Wiki itself. The best entry point is BizTalk Server Resources on the TechNet Wiki. Another important place to find Logic App related articles is the TechNet Wiki itself. The best entry point is Logic App Resources on the TechNet Wiki.