Azure API Management icon

API platform

Azure API Management

APIM is the front door for every API you expose — REST, GraphQL, gRPC, WebSocket, SOAP and, increasingly, LLM and agent endpoints. It decouples consumers from backends with a programmable gateway, a management plane, and a developer portal.

How it works: core architecture

APIM has three building blocks that scale and deploy independently:

Gateway (data plane)

Accepts API calls, verifies keys/JWTs, enforces quotas and policies, transforms requests/responses, caches, and emits logs, traces and metrics. Deployable in Azure, on-premises, or in any Kubernetes cluster (self-hosted gateway).

Management plane

Azure portal, ARM/Bicep/Terraform, CLI, REST API and APIOps pipelines to define APIs, products, policies, users and subscriptions.

Developer portal

Auto-generated, customizable site where consumers discover APIs, read docs, try operations, and self-serve subscription keys.

flowchart LR
    subgraph Consumers
        C1[Web / mobile apps]
        C2[Partner systems]
        C3[Internal services]
        C4[AI agents / copilots]
    end
    subgraph APIM[API Management]
        GW[Gateway
policies · auth · cache · rate limits] DP[Developer portal] MP[Management plane] end subgraph Backends B1[App Service / AKS /
Container Apps] B2[Azure Functions] B3[Logic Apps] B4[Azure OpenAI /
AI Foundry] B5[On-prem & SaaS APIs] end C1 --> GW C2 --> GW C3 --> GW C4 --> GW GW --> B1 GW --> B2 GW --> B3 GW --> B4 GW --> B5 MP -.configures.-> GW DP -.onboards.-> Consumers
APIM as the single front door: one gateway, many heterogeneous backends, consistent policy enforcement.

The policy pipeline

Policies are XML-defined statements executed sequentially in four sections. They can apply at global, workspace, product, API, or operation scope, and compose across scopes via <base />.

sequenceDiagram
    participant Client
    participant GW as APIM Gateway
    participant BE as Backend
    Client->>GW: Request
    Note over GW: INBOUND
validate-jwt · rate-limit · quota ·
ip-filter · rewrite-uri · set-header ·
cache-lookup · mock-response GW->>BE: Forward (BACKEND section:
retry · forward-request · timeout) BE-->>GW: Response Note over GW: OUTBOUND
set-body · redact fields ·
cache-store · CORS headers GW-->>Client: Response Note over GW: ON-ERROR
custom error shaping · logging ·
trace to App Insights
Every call flows through inbound → backend → outbound, with on-error catching failures anywhere in the pipeline.

Policies you will actually use

CategoryPolicyWhat it does
Securityvalidate-jwt / validate-azure-ad-tokenEnforce OAuth 2.0 / Entra ID tokens, audiences, claims.
ip-filter, check-headerAllow/deny by IP, require headers.
authentication-managed-identityGateway authenticates to backends with its managed identity — no secrets.
Throttlingrate-limit-by-keySliding-window rate limits per subscription, IP, user or any expression.
quota-by-keyLong-period call/bandwidth quotas (monetization tiers).
Transformationset-body, set-header, rewrite-uriReshape requests/responses; XML↔JSON conversion; liquid templates.
return-response, mock-responseShort-circuit calls — great for façades and API-first development.
Cachingcache-lookup / cache-storeBuilt-in or external Redis cache for responses and values.
AI / GenAIllm-token-limitToken-based rate limiting for LLM APIs (prompt + completion tokens), per key/consumer.
llm-emit-token-metricEmit token consumption metrics to App Insights for chargeback and cost visibility.
llm-semantic-cache-lookup/storeServe semantically similar prompts from cache — cut latency and token spend.
llm-content-safetyScreen prompts through Azure AI Content Safety before they reach the model.
Resilienceretry, limit-concurrency, backend circuit breaker & load-balanced poolsRetries with conditions, concurrency caps, automatic failover across backend pools with priority/weight rules.

Example: JWT validation + spike protection

<inbound>
  <base />
  <validate-azure-ad-token tenant-id="{{tenant-id}}">
    <audiences><audience>api://my-api</audience></audiences>
    <required-claims>
      <claim name="roles" match="any"><value>Orders.Read</value></claim>
    </required-claims>
  </validate-azure-ad-token>
  <rate-limit-by-key calls="100" renewal-period="60"
      counter-key="@(context.Subscription.Id)" />
  <set-header name="X-Correlation-Id" exists-action="skip">
    <value>@(Guid.NewGuid().ToString())</value>
  </set-header>
</inbound>

AI Gateway: fronting Azure OpenAI & AI Foundry

This is the fastest-moving part of APIM. The same gateway that protects REST APIs now acts as a GenAI gateway in front of Azure OpenAI, Azure AI Foundry model deployments, and third-party/self-hosted LLMs — giving you one governed entry point for every model and agent in the company.

flowchart TB
    subgraph Clients
        A1[Apps & copilots]
        A2[AI Foundry Agents]
        A3[MCP clients
GitHub Copilot · Claude · VS Code] end subgraph APIM[APIM · AI Gateway] P1[llm-token-limit
llm-emit-token-metric] P2[llm-semantic-cache] P3[llm-content-safety] P4[Backend pool
load balancing + circuit breaker] MCP[MCP server façade
REST APIs exposed as tools] end subgraph Models[Model backends] M1[Azure OpenAI
PTU deployment] M2[Azure OpenAI
PAYG deployment] M3[AI Foundry
model deployments
DeepSeek · Llama · Mistral] end subgraph Tools[Enterprise APIs] T1[Orders API] T2[Inventory API] end A1 --> P1 A2 --> P1 A3 --> MCP A2 --> MCP P1 --> P2 --> P3 --> P4 P4 -->|priority 1| M1 P4 -->|priority 2 spillover| M2 P4 --> M3 MCP --> T1 MCP --> T2
The AI Gateway pattern: token policies, semantic cache and safety checks in the pipeline; pooled model backends with PTU-first spillover; enterprise APIs published to agents as MCP tools.
Why this matters: without a gateway, every team hardcodes model endpoints and keys, cost is invisible, and 429s cascade. With APIM in front, you rotate models without touching apps, meter tokens per consumer, and give agents a governed tool surface instead of raw API keys.

Tiers & deployment options

TierBest forNotes
ConsumptionServerless, spiky traffic, PoCsPer-call pricing, auto-scale, no VNet injection.
Basic v2 / Standard v2 / Premium v2New deployments (default choice)Fast provisioning/scaling, VNet integration (outbound) and, on Premium v2, VNet injection; replaces classic tiers over time.
Premium (classic)Multi-region, availability zones, full VNet injectionMulti-region gateways behind one management plane; internal mode for private APIs.
Self-hosted gatewayHybrid, on-prem, multi-cloud, edgeContainer image of the gateway running in your Kubernetes/Arc cluster, federated to the cloud management plane.
Workspaces (Premium)Federated API managementTeams get isolated workspaces (APIs, products, subscriptions) with optional dedicated workspace gateways — platform team keeps central governance.
flowchart LR
    subgraph Azure
        MPlane[APIM management plane
+ developer portal] CGW[Cloud gateway] end subgraph OnPrem[On-premises / other cloud / edge] SHGW[Self-hosted gateway
container in K8s] LB[Local backends] end Client1[Cloud clients] --> CGW Client2[Local clients] --> SHGW SHGW --> LB SHGW -.config sync & telemetry.-> MPlane MPlane -.configures.-> CGW
Self-hosted gateway: keep traffic local for latency/compliance while managing everything from one control plane.

Detailed use cases

Use case

Enterprise AI gateway

All Azure OpenAI / Foundry traffic flows through APIM. Token limits per product tier, token metrics per team for chargeback, semantic cache for FAQ-style prompts, load-balanced PTU + PAYG pools. Apps get one stable endpoint; platform team swaps models freely.

Use case

Agent tool hub (MCP)

Expose the existing order, inventory and CRM APIs as MCP servers through APIM. Foundry agents and GitHub Copilot consume them with Entra ID auth, per-tool rate limits, and full tracing — no raw credentials in agent configs.

Use case

Legacy modernization façade

Put APIM in front of a SOAP/on-prem ERP. Policies convert SOAP↔REST/JSON, mock unfinished operations, and let you strangler-fig migrate backends to Functions/Container Apps with zero client changes.

Use case

API monetization

Products define Bronze/Silver/Gold tiers with quotas and rate limits; the developer portal handles onboarding and key self-service; token/call metrics feed billing.

Use case

Microservices BFF & routing

One API surface routes operations to many microservices (Container Apps/AKS), centralizes CORS, JWT validation and response shaping — services stay thin.

Use case

Hybrid & sovereign APIs

Self-hosted gateways in factories/hospitals keep sensitive traffic on-site, while the cloud management plane governs policy and observability across all locations.

Best practices