API platform
Azure API Management
APIM is the front door for every API you expose — REST, GraphQL, gRPC, WebSocket, SOAP and, increasingly, LLM and agent endpoints. It decouples consumers from backends with a programmable gateway, a management plane, and a developer portal.
How it works: core architecture
APIM has three building blocks that scale and deploy independently:
Gateway (data plane)
Accepts API calls, verifies keys/JWTs, enforces quotas and policies, transforms requests/responses, caches, and emits logs, traces and metrics. Deployable in Azure, on-premises, or in any Kubernetes cluster (self-hosted gateway).
Management plane
Azure portal, ARM/Bicep/Terraform, CLI, REST API and APIOps pipelines to define APIs, products, policies, users and subscriptions.
Developer portal
Auto-generated, customizable site where consumers discover APIs, read docs, try operations, and self-serve subscription keys.
flowchart LR
subgraph Consumers
C1[Web / mobile apps]
C2[Partner systems]
C3[Internal services]
C4[AI agents / copilots]
end
subgraph APIM[API Management]
GW[Gateway
policies · auth · cache · rate limits]
DP[Developer portal]
MP[Management plane]
end
subgraph Backends
B1[App Service / AKS /
Container Apps]
B2[Azure Functions]
B3[Logic Apps]
B4[Azure OpenAI /
AI Foundry]
B5[On-prem & SaaS APIs]
end
C1 --> GW
C2 --> GW
C3 --> GW
C4 --> GW
GW --> B1
GW --> B2
GW --> B3
GW --> B4
GW --> B5
MP -.configures.-> GW
DP -.onboards.-> Consumers
The policy pipeline
Policies are XML-defined statements executed sequentially in four sections. They can apply at global, workspace, product, API, or operation scope, and compose across scopes via <base />.
sequenceDiagram
participant Client
participant GW as APIM Gateway
participant BE as Backend
Client->>GW: Request
Note over GW: INBOUND
validate-jwt · rate-limit · quota ·
ip-filter · rewrite-uri · set-header ·
cache-lookup · mock-response
GW->>BE: Forward (BACKEND section:
retry · forward-request · timeout)
BE-->>GW: Response
Note over GW: OUTBOUND
set-body · redact fields ·
cache-store · CORS headers
GW-->>Client: Response
Note over GW: ON-ERROR
custom error shaping · logging ·
trace to App Insights
Policies you will actually use
| Category | Policy | What it does |
|---|---|---|
| Security | validate-jwt / validate-azure-ad-token | Enforce OAuth 2.0 / Entra ID tokens, audiences, claims. |
ip-filter, check-header | Allow/deny by IP, require headers. | |
authentication-managed-identity | Gateway authenticates to backends with its managed identity — no secrets. | |
| Throttling | rate-limit-by-key | Sliding-window rate limits per subscription, IP, user or any expression. |
quota-by-key | Long-period call/bandwidth quotas (monetization tiers). | |
| Transformation | set-body, set-header, rewrite-uri | Reshape requests/responses; XML↔JSON conversion; liquid templates. |
return-response, mock-response | Short-circuit calls — great for façades and API-first development. | |
| Caching | cache-lookup / cache-store | Built-in or external Redis cache for responses and values. |
| AI / GenAI | llm-token-limit | Token-based rate limiting for LLM APIs (prompt + completion tokens), per key/consumer. |
llm-emit-token-metric | Emit token consumption metrics to App Insights for chargeback and cost visibility. | |
llm-semantic-cache-lookup/store | Serve semantically similar prompts from cache — cut latency and token spend. | |
llm-content-safety | Screen prompts through Azure AI Content Safety before they reach the model. | |
| Resilience | retry, limit-concurrency, backend circuit breaker & load-balanced pools | Retries with conditions, concurrency caps, automatic failover across backend pools with priority/weight rules. |
Example: JWT validation + spike protection
<inbound>
<base />
<validate-azure-ad-token tenant-id="{{tenant-id}}">
<audiences><audience>api://my-api</audience></audiences>
<required-claims>
<claim name="roles" match="any"><value>Orders.Read</value></claim>
</required-claims>
</validate-azure-ad-token>
<rate-limit-by-key calls="100" renewal-period="60"
counter-key="@(context.Subscription.Id)" />
<set-header name="X-Correlation-Id" exists-action="skip">
<value>@(Guid.NewGuid().ToString())</value>
</set-header>
</inbound>
AI Gateway: fronting Azure OpenAI & AI Foundry
This is the fastest-moving part of APIM. The same gateway that protects REST APIs now acts as a GenAI gateway in front of Azure OpenAI, Azure AI Foundry model deployments, and third-party/self-hosted LLMs — giving you one governed entry point for every model and agent in the company.
- One-click import of Azure OpenAI and AI Foundry endpoints as APIs (OpenAI-compatible or Azure AI Model Inference API), with keyless managed-identity auth to the backend.
- Token governance — per-team token limits (
llm-token-limit) and token metrics (llm-emit-token-metric) for chargeback across cost centers. - Model load balancing & failover — backend pools spread traffic across regional deployments (round-robin, weighted, priority) and the circuit breaker skips throttled (429) deployments; PTU-first with PAYG spillover is the canonical setup.
- Semantic caching — embedding-based cache so repeated/similar prompts don't hit the model at all.
- Content safety — inspect prompts centrally before they reach any model.
- MCP support — expose existing APIM-managed APIs as MCP servers (tools) and gateway remote MCP servers, so agents in AI Foundry, GitHub Copilot or any MCP client consume governed tools with APIM policies (auth, rate limits, observability) in front.
- Foundry integration — AI Foundry can front its model deployments with an AI Gateway; agents built in Foundry Agent Service call tools published through APIM, keeping enterprise APIs governed while agents act on them.
flowchart TB
subgraph Clients
A1[Apps & copilots]
A2[AI Foundry Agents]
A3[MCP clients
GitHub Copilot · Claude · VS Code]
end
subgraph APIM[APIM · AI Gateway]
P1[llm-token-limit
llm-emit-token-metric]
P2[llm-semantic-cache]
P3[llm-content-safety]
P4[Backend pool
load balancing + circuit breaker]
MCP[MCP server façade
REST APIs exposed as tools]
end
subgraph Models[Model backends]
M1[Azure OpenAI
PTU deployment]
M2[Azure OpenAI
PAYG deployment]
M3[AI Foundry
model deployments
DeepSeek · Llama · Mistral]
end
subgraph Tools[Enterprise APIs]
T1[Orders API]
T2[Inventory API]
end
A1 --> P1
A2 --> P1
A3 --> MCP
A2 --> MCP
P1 --> P2 --> P3 --> P4
P4 -->|priority 1| M1
P4 -->|priority 2 spillover| M2
P4 --> M3
MCP --> T1
MCP --> T2
Tiers & deployment options
| Tier | Best for | Notes |
|---|---|---|
| Consumption | Serverless, spiky traffic, PoCs | Per-call pricing, auto-scale, no VNet injection. |
| Basic v2 / Standard v2 / Premium v2 | New deployments (default choice) | Fast provisioning/scaling, VNet integration (outbound) and, on Premium v2, VNet injection; replaces classic tiers over time. |
| Premium (classic) | Multi-region, availability zones, full VNet injection | Multi-region gateways behind one management plane; internal mode for private APIs. |
| Self-hosted gateway | Hybrid, on-prem, multi-cloud, edge | Container image of the gateway running in your Kubernetes/Arc cluster, federated to the cloud management plane. |
| Workspaces (Premium) | Federated API management | Teams get isolated workspaces (APIs, products, subscriptions) with optional dedicated workspace gateways — platform team keeps central governance. |
flowchart LR
subgraph Azure
MPlane[APIM management plane
+ developer portal]
CGW[Cloud gateway]
end
subgraph OnPrem[On-premises / other cloud / edge]
SHGW[Self-hosted gateway
container in K8s]
LB[Local backends]
end
Client1[Cloud clients] --> CGW
Client2[Local clients] --> SHGW
SHGW --> LB
SHGW -.config sync & telemetry.-> MPlane
MPlane -.configures.-> CGW
Detailed use cases
Enterprise AI gateway
All Azure OpenAI / Foundry traffic flows through APIM. Token limits per product tier, token metrics per team for chargeback, semantic cache for FAQ-style prompts, load-balanced PTU + PAYG pools. Apps get one stable endpoint; platform team swaps models freely.
Agent tool hub (MCP)
Expose the existing order, inventory and CRM APIs as MCP servers through APIM. Foundry agents and GitHub Copilot consume them with Entra ID auth, per-tool rate limits, and full tracing — no raw credentials in agent configs.
Legacy modernization façade
Put APIM in front of a SOAP/on-prem ERP. Policies convert SOAP↔REST/JSON, mock unfinished operations, and let you strangler-fig migrate backends to Functions/Container Apps with zero client changes.
API monetization
Products define Bronze/Silver/Gold tiers with quotas and rate limits; the developer portal handles onboarding and key self-service; token/call metrics feed billing.
Microservices BFF & routing
One API surface routes operations to many microservices (Container Apps/AKS), centralizes CORS, JWT validation and response shaping — services stay thin.
Hybrid & sovereign APIs
Self-hosted gateways in factories/hospitals keep sensitive traffic on-site, while the cloud management plane governs policy and observability across all locations.
Best practices
- Adopt APIOps: APIs and policies in Git, deployed via CI/CD (APIOps toolkit / Bicep), never hand-edited in production.
- Use managed identity from gateway to backends; never store backend keys in policy when avoidable — use named values + Key Vault when you must.
- Version APIs explicitly (path or header versioning) and use revisions for non-breaking changes.
- Always return a
Retry-Afteron 429s from token limits; clients behave better. - Front every LLM endpoint with the AI Gateway policies from day one — retrofitting cost controls is painful.
- Send gateway logs/traces to Application Insights + Log Analytics; alert on 4xx/5xx ratios and token consumption anomalies.
- Prefer v2 tiers for new instances; Premium classic only when you need multi-region or full VNet injection today.