top of page

Azure API Management Policies

This post is about a scenario I had to overcome when connecting to a third party API trough Azure API Management.

Below I just have a small explanation on what are Policies in Azure API Management. that i just copied and pasted from Microsoft.

After will tell the issue and the solution i had to implement.

“Policies are a powerful capability of the system that allow the publisher to change the behavior of the API through configuration. Policies are a collection of Statements that are executed sequentially on the request or response of an API. Popular Statements include format conversion from XML to JSON and call rate limiting to restrict the amount of incoming calls from a developer. Many more policies are available out of the box.

Policy expressions can be used as attribute values or text values in any of the API Management policies, unless the policy specifies otherwise. Some policies such as the Control flow and Set variable policies are based on policy expressions. For more information, see Advanced policies and Policy expressions.”


I have 2 API’s in my API Management service, one I called AUTH, the other, Services. From the Auth I just get a Token then after I will need to pass in all methods inside the Services API.

Another thing that worth to mention is, all needs to be deployed with Azure Devops Release Pipelines, don’t want actually anything that needs to be deployed manually.


Because of some import restrictions of importing API definitions to Azure API Management from a Swagger file, when importing the Swagger file, the required headers, that were defined in the file were not configured in the API.


I had to add a policy to check if a header was being passed from in my case a Logic App inside the API Management Service, but had to apply to all API’s inside, so I could automate the deployment as said in the scenario.

With this, I only had to use 2 artifacts on the release in DEV Ops, the first to create the API Management, and the other one to import an API from a swagger file to the API Management service created with the first artifact.

The condition inside the policy is important in here because as I said, I have 2 API’s inside my API Management Service, however, i only want the policy to be applied in one of the cases.

It is visible in the example below, that the headers will not be applied in the /Auth api, only to the Services one.

The Policy XML I added is below:

Hope it helps.

Any trouble contact me.

1 view0 comments

Recent Posts

See All
bottom of page