Skip to main content
Azure API Gateway

Search

Azure API Management Integration

© 2024 Cequence Security. All Rights Reserved.

Azure API Management Integration

  • Updated on
  • ~ minute read
Download PDF

 

Before you start

Make sure that your Azure environment meets the following requirements before you start to deploy this integration.

  • Azure CLI installed and configured
  • The jq command-line JSON processor installed
  • Python 3.x installed

What you'll need

You'll need the following items to install this integration.

  • Access to an Azure Service Principal with Contributor permissions on each subscription where you plan to install this integration. A separate article discusses setting up this service principal.
  • The XML policy files to deploy.
  • The Azure Tenant ID, the Subscription ID, the Service Principal client ID and the Service Principal client Secret.
  • Generate a client ID and client secret from the Cequence UAP platform.
  • Cequence Bridge deployed closer to the deployed apis/application

Note: Cequence Bridge uses the same authentication method as API Edge. If your deployment uses Cequence Bridge, you can use the Cequence Bridge URL in any step of this procedure that refers to the API Edge URL. Configuration of traffic filtering and sensitive data masking for the Cequence Bridge is discussed in a separate article.

Generating the client ID and client secret

Several Cequence components must authenticate to the Cequence UAP platform in order to transmit and receive data. Create authentication credentials in the Cequence UAP platform to enable this authentication.

  1. Log in to the UAP management portal UI.
    The URL for the management portal is typically of the form https://ui.<your-tenant-name>.<domain>. Replace <your-tenant-name> with the name of your Cequence tenant organization. Replace <domain> with your domain name.
  2. Select General Settings > User Management.
    The User Management pane appears.
  3. Click the Clients tab.
  4. Click Add New Client.
    The new client dialog box appears.
  5. Type the client name in the Client Name field.
    This name is the client ID. Note the client ID for later use.
  6. Enable the Traffic Management toggle.
  7. (Optional) To change the token lifespan from the default of 1800 seconds, type a whole number of seconds in Token Lifespan.
  8. Click Save.
    A dialog box with the client secret appears.
  9. Click the blue Copy icon to copy the secret to the clipboard, then click Close.
    The client is now set up. Note the client name for future use.
    The client list appears.
  10. Note the value of the client secret for later use. This value will not be shown again later on the UI for security reasons.

Items to download

Download the compressed archive file of the integration.

Integration installation methods

You can install the Azure APIM integration using scripts to automate the process. Alternatively, you can install the Azure APIM integration by modifying values directly on the Azure Portal. Each approach is discussed in a separate section.

Installing the Azure APIM integration using Automation

You can automate the installation of the Azure APIM integration by using scripts that Cequence provides. This section lists the procedures for each step of the process.

Extract the compressed archive file

From a terminal in Azure, run the following command to extract the compressed archive file.

tar -xvzf cequence-apim-1.1.0.xxxxx.tar.gz

Configure the environment variables

  1. Navigate to the cequence-apim/config directory.
  2. Make a copy of the template config-example.jsonc file. Name the copy config.jsonc.

  3. In a text editor, open config.jsonc and type the following values.

    Variable Data type Description
    cequenceConfig.useAuth Boolean When you're using an authenticated policy, set this value to true. For no-authentication policies, set this value to false.
    cequenceConfig.edgeUrl String The integration sends transactions to this endpoint. The default value of this endpoint is /api-transaction. Specify your Cequence host URL here.
    cequenceConfig.authUrl String The authentication URL. When cequenceConfig.useAuth is set to false, omit this value.
    cequenceConfig.clientId String The Client ID used to authenticate. When cequenceConfig.useAuth is set to false, omit this value.
    cequenceConfig.clientSecret String The client Secret used to authenticate. When cequenceConfig.useAuth is set to false, omit this value.
    cequenceConfig.logLevel String Sets the logging level. Legal values are INFO or DEBUG.
    azureConfig.tenantId String ID of the tenant where the Plugin needs to be enabled
    azureConfig.servicePrincipalId String The Service Principal client ID used to authenticate to the subscription.
    azureConfig.servicePrincipalSecret String The Service Principal secret used to authenticate to the subscription.

    A full sample JSONC file is available at the end of this article.

The environment is ready for the scripts.

Set permissions for the scripts

  1. Navigate to the cequence-apim/bin directory.

  2. Set executable permission for the scripts in this directory with the following command.

    chmod +x *.sh

The scripts are ready to run.

Enable the integration

To enable the integration, run the script from the cequence-apim/bin directory.

./enable_apim_integration.sh

This script deploys the Azure APIM policy to the subscription specified in the cequence-apim/config/config.jsonc file.

Check your work

Generate traffic on the modified APIs and confirm that the activity appears correctly on the Dashboard of the Cequence UAP platform.

Disable the integration

To disable the integration, run this script from the cequence-apim/bin directory.

./disable_apim_integration.sh

Disabling the integration resets the Global Policy to its default state, replacing the current policy structure with the default <inbound>, <outbound>, <on-error>, and <backend> tags.

Disabling the integration doesn't require you to change any environment variables.

Disabling the integration resets policies on the Azure APIM resources specified in the config.jsonc file to the default policy.

Example config.jsonc file

{
  "cequenceConfig": {
    "useAuth": true, // true if we want to pass access token to edge
    "edgeUrl": "https://edge.org.cequence.ai",
    "authUrl": "https://auth.org.cequence.ai/auth/realms/cequence/protocol/openid-connect/token", // Specify if useAuth is true
    "clientId": "abcde", // Specify if useAuth is true
    "clientSecret": "xxxxxx", // Specify if useAuth is true
    "logLevel": "INFO" // Supported values INFO or DEBUG for troubleshooting purposes
    
  },
  "azureConfig": 
    {
      "tenantId": "xx-xxdd-dddx-xddx-xxx",
      "servicePrincipalId": "your-sp-id",
       "servicePrincipalSecret": "your-sp-secret"
    }
}
Was this article helpful?
Japanese (Japan)