Securing external SaaS APIs with Azure API Management (GAB2022)

Thank you for attending my session at the Global Azure Bootcamp 2022 Austria. This blog post contains a link to my github repository, where I published the slides along with all my policy and api definitions. You also can find the steps I used to create my certificate chain with open ssl. To do that I used this guide to create a self-signed certificate chain with openssl here.

The recording of this session will be published soon on YouTube (Link will be updated here).

Session abstract

Some vendors have very limited abilities to restrict the access to their APIs to a minimum. Especially when highly sensitive data is stored with the SaaS-Provider (e.g. CRM Solutions) it can be a challenge from a security perspective to outsource an integration to a 3rd party. Of course you have contracts, liabilities and other things in place, but it does not f.e. prevent breaches at the 3rd Party provider. While it is necessary that the integration partner retrieves some customer data, they should not be able to retrieve all data. Seeking for an easy way to secure this we found Azure API Management to be a good fit. In this session I will show you how we used Azure API Management to secure the APIs with certificate authentication and make sure that only a subset of the API can be used.

Enjoy a great day


Azure App Configuration presentation source code

On the 16th April 2021 I gave a presentation at Global Azure Bootcamp 2021 Austria. My talk about Azure App Configuration was presented in German (and you also can find the recording below).

You can download the source code of my presentation here at GitHub. Each finished Demo has been put in an extra branch.

It has been interesting to prepare and I created two specific implementation details I will follow up in future blog posts:

  • Use Azure Event Grid for pushing Azure App Configurations down to ASP.NET Core APP
  • Sticky Feature Session Manager for FeatureManagement

I hope you enjoyed my session!


CosmosDB – Build 2017 Recap Vienna

AzureCosmosDBViennaSpeakerAuf der Veranstaltung //BUILD on Tour gestern bei Microsoft Österreich durfte ich einen Vortrag zum Thema “CosmosDB” halten.

Die Slides zu meinem CosmosDB Vortrag könnt ihr hier herunterladen. Auf GitHub findet ihr meinen Source Code zum CosmosDB Vortrag und hier das Azure CosmosDB Graph Explorer Beispiel.

Hier auch die Gremlin Queries für das Beispiel aus The Hobbit.

Aja, nachdem es für einige Verwirrung gesorgt hat. In CosmosDB gibt es nur Request Units (RU) pro Sekunde/Minute und keine Orks Smile. Obwohl es hätte was.

Bester Sager eines Teilnehmers in dem Vortrag zu den UWP Apps: “Helene Fischer? Naja ohne Ton gehts” *haha*

Viel Spaß


Global Azure Bootcamp 2017 Nachlese


Wissensturm in Linz 2017 (c) by Andreas PollakWie jedes Jahr fand auch heuer das Global Azure Bootcamp  für Österreich im Linzer Wissensturm statt. Wie immer , dank Rainer Stropek und Karin Huber, ausgezeichnet organisiert und mit spannenden Vorträgen versehen.

Diesmal durfte ich gleich zwei Vorträge zu den Themen “Azure API Management” und “Azure DocumentDB” beisteuern.

Speaker Foto (c) by Rainer StropekUnterhalb findet ihr die Verweise zu den Vortragsslides. Dort könnt ihr auch die Codebeispiele von GitHub herunterladen.


Slidedecks & Source

Viel Spaß und bis demnächst