This project demonstrates the use of Azure API Management (APIM) with private endpoints, featuring a sample API application with multiple endpoints and API versions.
- .NET Core Web API with versioned API endpoints (v1 and v2)
- Complete Bicep templates for Azure infrastructure deployment
- Private endpoint integration for secure access to APIM
- Multiple API versions to demonstrate APIM versioning capabilities
- Sample services for Products and Orders domains
APIMDemo/
├── Controllers/
│ ├── v1/ # Version 1 API controllers
│ │ ├── ProductsController.cs
│ │ └── OrdersController.cs
│ └── v2/ # Version 2 API controllers
│ ├── ProductsController.cs
│ └── OrdersController.cs
├── Models/ # Domain models for the API
│ ├── Product.cs
│ └── Order.cs
├── Interfaces/ # Service interfaces
│ ├── IProductService.cs
│ └── IOrderService.cs
├── Services/ # Service implementations
│ ├── ProductService.cs
│ ├── ProductServiceV2.cs
│ ├── OrderService.cs
│ └── OrderServiceV2.cs
└── infra/ # Infrastructure as Code (Bicep)
├── main.bicep # Main deployment template (with private networking)
│ ├── main-lite.bicep # Lightweight deployment template (without private networking)
├── modules/ # Modular Bicep templates
│ ├── network.bicep # VNet and subnet configuration
│ ├── apim.bicep # API Management resources (with private networking)
│ ├── apim-lite.bicep # API Management resources (without private networking)
│ ├── appservice.bicep # Web App hosting
│ └── privateendpoint.bicep # Private endpoint configuration
├── api-definitions/ # API definitions for APIM
│ ├── api-v1.json
│ └── api-v2.json
├── deploy.sh # Bash deployment script
└── deploy.ps1 # PowerShell deployment script
- Products API: Basic CRUD operations
- Orders API: Basic order management
- Products API: Adds stock information, category search
- Orders API: Adds shipping details, order status, tracking information
- Clone the repository
- Navigate to the project directory
- Run the API:
cd APIMDemo
dotnet run- Access the Swagger UI: http://localhost:5000/swagger
cd APIMDemo/infra
./deploy.ps1 -SubscriptionId "<your-subscription-id>"cd APIMDemo/infra
chmod +x deploy.sh
./deploy.sh --subscription "<your-subscription-id>"This option deploys only the essential components (App Service, APIM, App Insights) without private networking, private endpoints, or Front Door.
cd APIMDemo/infra
./deploy-lite.ps1 -SubscriptionId "<your-subscription-id>"cd APIMDemo/infra
chmod +x deploy-lite.sh
./deploy-lite.sh --subscription "<your-subscription-id>"You can deploy the infrastructure using the provided GitHub Action workflow:
- Configure Azure credentials as GitHub secrets in your repository settings
- Go to the Actions tab in your repository
- Select the "Deploy APIM Infrastructure" workflow
- Click "Run workflow"
- Fill in the required parameters and run the workflow
Note: You'll need to add an
AZURE_CREDENTIALSsecret containing a service principal JSON to authenticate with Azure.
The deployed infrastructure includes:
- Virtual Network: Isolated network for all components
- API Management: API gateway with internal networking mode
- Private Endpoint: Secure connection to API Management
- App Service: Hosting for the API backend
- Private DNS Zone: For DNS resolution of the private endpoint
The solution uses the following architecture:
-
A Virtual Network with subnets for:
- API Management
- Private Endpoints
- Backend API
-
API Management deployed in internal mode
-
Private Endpoint in the Private Endpoint subnet
-
Private DNS Zone for name resolution
-
VNet Integration for the App Service
This ensures that traffic between components stays within the Azure network and isn't exposed to the public internet.
- API Versioning
- Backend Services
- Products and Subscriptions
- API Definition Import
- Private Network Integration