In the same way as other resources that can be exposed as an API, the Azure functions that you have built can be exposed via Azure API Management (APIM). The benefit of using this method is that you can have your functions adhere to the same rules as your APIs. In fact, you can apply exactly the same authentication, cache or per-second call limit rules as for your APIs.
All this can be achieved without a single line of code. This is what we will see in this article.
Let us start by creating a simple function that we will subsequently expose using API Management. This function takes a name as a parameter, and it returns the string “Hello ” if a name has actually been supplied in the call.
For an Azure function to be exposed from APIM, it must use an HTTP trigger (invoked by an HTTP request). Unfortunately, it is not possible to expose your other functions via APIM.
Once your Azure function is available, you can expose it from the APIM Publisher Portal by adding a new endpoint. This is done by going to the API Management portal and clicking on API. You will be directed to this page:
Clicking on “Function App” makes a pop-up appear, which will guide you through adding your Function App:
Click on Browse to bring up the list of your function apps, and the functions they contain:
Once you have confirmed, the pop-up will be populated with values, depending on your Function App’s name. These values can be modified if needed:
The main advantage to importing a Function App into the API Management portal is that the function access key does not need to be supplied when you call APIM. When importing a function, APIM, in fact, generates a setting. This setting is copied by the APIM Gateway before calling the function through the “set-backend-service” policy:
In the event the token on your functions changes, you must of course update this setting automatically generated by APIM.
We can now call our function using API Management:
As mentioned in the introduction, it is possible to add policies to this Azure Function.
In this example, we are going to add a policy that rejects the API function call if the “BLOG_MW” HTTP header does not contain the value “FROM_BLOG”:
<check-header name="BLOG_MW" failed-check-httpcode="403" failed-check-error-message="BLOG_MW header is not filled with the correct value" ignore-case="true"> <value>FROM_BLOG</value> </check-header>
It should be noted here that the call is blocked by the API Management front end, which means that the Function App is not even called in such cases.
A call without the header, therefore, returns the following error:
If we then add the header in the call to API Management:
With the header, we do in fact receive a response from the Function App:
Once the first function has been added, if you want to add others within the same Function App, you can do so directly from the “Platform features” tab in the Function App.
You can click on the link “API Management” in the section “API”:
You can then ask to import functions into APIM:
This method is simpler and quicker but does not work for the first edition. You can therefore only use this method when the Function App is already present in API Management.
We have seen how to publish Azure Functions in an Azure API Management service only using the Azure portal. All the functions you have configured on your APIs can be used on Function Apps. This enables your Function Apps to be subject to your API governance, and you can suggest that your partners use them when need be.