I added an axios dependency to create the custom http client instance to have my custom header in place. Note that Twilio account funds are required to trigger serverless Twilio Functions Custom HandleSMS/process Twilio functionĮxports.handler = function (context, event, callback) My Twilio Function for calling into Azure APIM. Using Twilio Functions with Node.js, we can write the function like this, and customise our HTTP POST call to APIM with the headers we need: The default config for a SMS Webhook call as used in Overhead Part 1 in the Twilio dashboard does not allow the adding of extra HTTP headers. In my Twilio environment, having an extra HTTP header to send to APIM meant I had to utilise a Twilio Function (Twilio's serverless functions) in order to make this request. The Ocp-Apim-Subscription Key is sent specifically as an HTTP header in the request to APIM. This Ocp-Apim-Subscription Key can be given to our users/client apps to use as part of their requests that are sent to Azure APIM rather than sending requests to the Azure Function directly. In my implementation of API Management as structured above, I used the Developer Tier(explained later**) for API Management and I used the Ocp-Apim-Subscription Key as part of verifying the calling client (the authentication processes with APIM are beyond scope here but an ideal way is to use Client certificate authentication).
The diagram would now look like following with some changes to key components discussed further below: Azure APIM can act as a safety guard against incoming traffic and then direct it to our backend service (an Azure Function)
Enter Azure API Management!.Īzure API Management acts as a first line front door that our users and client apps call into to interact with our processing resources in Azure such as our Functions that can serve back results (if need be), back through API Management and back to the calling client again. The client app does not necessarily need to be aware that we are using Azure Functions to fetch the data it wants, thus creating more abstraction. This gave too much direct/concrete access to trigger the Azure FunctionĪ better way would be not to give the FunctionUrl to the client at all. In essence, the link between my Twilio Environment and Azure Environment was as follows: The webhook calls the Azure Function using the Function URL.
#Ocp apim subscription key postman full#
In my case back in Overhead Part 1, I was giving the away the full Function URL to the client (in the form of a Twilio webhook). But it really does not have to be this way, the client that has been given a Function URL may act maliciously for example and create an unlimited number of requests to the Azure Function. In the case of Azure Functions the common scenario is to give the client/caller/user a Function URL with a Function key associated with the function for authorisation. When dealing with resources in Azure that can be called when the right credentials are known by a calling client, it can be easy to simply grant direct access to the cloud resource itself.
#Ocp apim subscription key postman code#
Without the Options variable I get a status code of 401 which means I am hitting the URL. However, using Postman, one error I kept getting was the following: So, I went on to set-up an API, provided some operations, configured security, etc… Starting to play with things you often miss the simplest details or take things for granted. I have the chance to ‘play’ with the technology with a project I’m working on for one particular client.
Azure API Management is awesome! The thought of API virtualization and the power, flexibility and ease-of-use it can bring, is impressive to say the least.
0 kommentar(er)
