Integrating Azure Service Bus into your application architecture can enhance your system’s scalability and decoupling. Azure Service Bus is a highly reliable cloud messaging service (MaaS) that simplifies enterprise cloud messaging. It enables you to send data between different applications and services in a decoupled fashion. In this post, we’ll guide you through the steps to send data directly to a Service Bus topic or queue using Azure API Management (APIM) and set up the necessary access controls.
Pre-requisites
Before diving into the specifics, ensure you have the following:
- An Azure account.
- An Azure Service Bus namespace and a topic or queue created within it.
- Azure API Management instance.
Step 1: Set Up Backend Service in API Management
To begin, you need to configure your API Management instance to forward requests to your Azure Service Bus namespace. This involves setting up a backend service using policy definitions. Here’s how:
- Navigate to your API Management instance in the Azure portal.
- Select APIs from the sidebar, and then choose the API you wish to configure or create a new one.
- Within your API configuration, navigate to the “Design” tab, and scroll down to the “Inbound processing” section. Here, you can add or edit policies.
<policies>
<inbound>
<base />
<set-backend-service base-url="https://{serviceBusNamespace}.servicebus.windows.net" />
<rewrite-uri template="{topic/queue}/messages" copy-unmatched-params="true" />
<authentication-managed-identity resource="https://servicebus.azure.net/" />
<set-header name="BrokerProperties" exists-action="override">
<value>{ "Label": "{{ context.Request.MatchedParameters['Label'] }}" }</value>
</set-header>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
Define Backend Service Policy
You need to define a backend service policy that specifies the Service Bus namespace as the target. Use the following policy snippet:
<set-backend-service base-url="https://{serviceBusNamespace}.servicebus.windows.net" />
Replace {serviceBusNamespace}
with your actual Service Bus namespace.
Rewrite URI Template
Next, define how the URL is rewritten to target a specific topic or queue:
<rewrite-uri template="{topic/queue}/messages" copy-unmatched-params="true" />
Here, {topic/queue}
should be replaced with the path parameter that indicates your Service Bus topic or queue name dynamically.
Managed Identity Authentication
For secure communication, use a managed identity for authentication with Azure Service Bus:
<authentication-managed-identity resource="https://servicebus.azure.net/" />
This policy configures APIM to use a managed identity to authenticate requests to the Service Bus.
Set Broker Properties Header
Optionally, you can add custom properties to messages using headers. Here’s how to set the BrokerProperties
header:
<set-header name="BrokerProperties" exists-action="override">
<value>{ "Label": "{{ context.Request.MatchedParameters['Label'] }}" }</value>
</set-header>
This policy sets the Label
property of the message, which can be dynamic based on the request parameters.
Step 2: Grant Access to API Management
For API Management to send messages to your Service Bus, it needs the appropriate permissions. Follow these steps to assign the “Azure Service Bus Data Sender” role either to a specific entity for targeted access or to the entire namespace for broader permissions:
- In the Azure portal, navigate to the Service Bus entity (topic or queue) you wish to grant access to for targeted permissions or navigate to the Service Bus namespace for broader access.
- Select “Access control (IAM)” from the sidebar.
- Click on “Add role assignment.”
- Choose the “Azure Service Bus Data Sender” role.
- Search for your API Management instance by name and select it.
- Click “Save” to apply the changes.
This step ensures that your API Management instance has permission to send messages to your chosen Service Bus entity or any entity within the namespace, depending on your access level choice.
Conclusion
Integrating Azure Service Bus with Azure API Management enables you to architect highly scalable and decoupled applications. By following the steps outlined above, you can efficiently set up a direct communication channel to your Service Bus entities, leveraging Azure’s managed identities for secure and seamless authentication. This setup not only simplifies the messaging infrastructure but also enhances the overall security and reliability of your application architecture.