I’ve been working with Azure API Management for a while now, and one of the challenges I’ve faced is finding a reliable way to validate the XML policies I write. While tools like SonarQube are excellent for code quality checks, they don’t support the specific checks required for Azure API Management policies. In this blog post, I’ll demonstrate how to use PSRule to validate your Azure API Management policies effectively.
When you have a string value in Bicep with multiple placeholders that you want to replace, it can be tricky to find a good way to do this. In this blog post, I will show you how you can replace placeholders in a string with a couple of user-defined functions.
When deploying Azure resources, it’s a good practice to apply a naming convention to your resources. This will help you to identify the purpose of the resource and the environment it belongs to. In this blog post, I will show you how to apply a naming convention using Bicep user-defined functions. This post also includes a short introduction to the (experimental) Bicep Testing Framework.
In this third post on working with client certificates in Azure API Management, we’ll focus on securing backend connections with mTLS. Using Bicep, we’ll reference a client certificate stored in Key Vault, make it available in API Management and configure a backend resource that uses the certificate during the mTLS handshake.
It’s not uncommon for Azure API Management to be deployed in a Virtual Network, only allowing external access via an Azure Application Gateway. In this second post on working with client certificates in API Management, we’ll explore how to configure an Application Gateway for mTLS and forward the client certificate to API Management for further validation. We’ll also look at the difference between strict and passthrough modes.
This blog post is the start of a series on how to work with client certificates in Azure API Management to set up a mutual TLS (mTLS) connection. While Azure’s official documentation provides excellent guidance on setting up client certificates via the Azure Portal, we’ll dive into using Bicep to automate the process. In this first post, we’ll cover the basics of how to validate client certificates in API Management.