Securing external SaaS APIs with Azure API Management (GAB2022)

Thank you for attending my session at the Global Azure Bootcamp 2022 Austria. This blog post contains a link to my github repository, where I published the slides along with all my policy and api definitions. You also can find the steps I used to create my certificate chain with open ssl. To do that I used this guide to create a self-signed certificate chain with openssl here.

The recording of this session will be published soon on YouTube (Link will be updated here).

Session abstract

Some vendors have very limited abilities to restrict the access to their APIs to a minimum. Especially when highly sensitive data is stored with the SaaS-Provider (e.g. CRM Solutions) it can be a challenge from a security perspective to outsource an integration to a 3rd party. Of course you have contracts, liabilities and other things in place, but it does not f.e. prevent breaches at the 3rd Party provider. While it is necessary that the integration partner retrieves some customer data, they should not be able to retrieve all data. Seeking for an easy way to secure this we found Azure API Management to be a good fit. In this session I will show you how we used Azure API Management to secure the APIs with certificate authentication and make sure that only a subset of the API can be used.

Enjoy a great day