What is the difference between API Gateway provided by Azure API Management and Azure Application Gateway?

About

Asked 13/6, 2020 at 19:51 Answered 15/6, 2020 at 19:25

Solved azure microservices azure-api-management azure-application-gateway azure-front-door

I'm new to Azure and I skimmed through Azure official documentation.

What I would like to understand is the difference and similarities between the API Gateway provided by Azure API Management and Azure Application Gateway?
When do we require Application Gateway in front of API Gateway (provided by Api Management)?
- When API Gateway hosted normally.
- When API Gateway hosted inside VNet.
When do we require Azure Front Door in front of Application Gateway?
Do we need to chain Azure Front Door --> Application Gateway --> API Gateway in what scenario, instead can't we do this Azure Front Door --> API Gateway, if yes in which scenario?

I want to understand solution to above questions based on below two compute solutions:

When my API is hosted in Containers.
When my API is composed of only Azure Functions.

Lundy answered 13/6, 2020 at 19:51 Comment(1)

learn.microsoft.com/en-us/answers/questions/35787/… – Eutrophic 21/12, 2021 at 10:25

Good question, I'll try to answer.

API Gateway is a pattern very common in API scenarios. It act's as a facade where you can transform the incoming/outcoming requests. There are many services which you can use for it:

Kong
Ocelot
Apigee

and on Azure, API Management.

Azure Front Door and Azure Application Gateway (to me), offer more or less the same thing: Load balancer to your services + Web Application Firewall (WAF). If I have to choose one, I will go with Front Door as I think it's easier to setup.

When do we require Application Gateway in front of API Gateway (provided by Api Management)?

Whenever your API will be exposed to the internet. As I said, the benefit is having WAF in front of your APIs, it will block most common attacks (SQL Injection, XSS, etc).

Intricacy answered 15/6, 2020 at 19:25 Comment(6)

Thank you, I want to also understand how Application Gateway L7 Load Balancer and Api Management Gateway facade interact. Lets say I have 10 Containers deployed in blackened serving a single API CalculateAndReturnStudentAverage, I want to mange and load balance the API. But if I chain Application Gateway --> API Management Gateway -> 10 Containers, won't API Gateway be hindering the load balancer as it will be exposing single api for all 10 containers. Please help me understand. – Lundy 16/6, 2020 at 15:44

or Does Api Management Gateway act as a Discovery Service to Application Gateway? – Lundy 16/6, 2020 at 15:51

you'll need to update api management whenever you add a new service. In terms of discovery, the tools you're using are the wrong ones. You need to use an orchestrator (e.g. Service Fabric / K8s) – Intricacy 16/6, 2020 at 16:13

The use of APIM (like all cloud resources) very much depends on your use case, but for APIM & AKS I use Option 3 in this guide learn.microsoft.com/en-us/azure/api-management/…. By using "internal" anotation on the Kubernetes service, the container loadbalancing is addressed with no additional ingress configuration, as you can set a static internal IP, which your API can direct traffic to. – Posey 26/9, 2021 at 19:42

For discovery aspects, I use OAS injection into APIM in the CD pipeline, avoiding any manual configuration of APIM, this is not as sophisticated as ISTIO but if you want to get up and running in a low touch manner, this will get you going. – Posey 26/9, 2021 at 19:45

Have a look at this github.com/Azure/azure-quickstart-templates/blob/master/… – Caul 18/11, 2021 at 11:0

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags