DEV Community

Sanjeevi Subramani
Sanjeevi Subramani

Posted on • Originally published at lkgforit.com on

Azure API Management Advanced policies using C# - I

In this article we can see how to use a rest API call inside APIM policies and apply IP restriction based on response from the API fully in policy.

By following this article from MSDN where we have when conditions and Ip filter policies and advanced C# code inside policy can be done.

Now we will first see how to do a Rest Api call inside API management policy:

Following code shows the send-request element where we can set timeout and response variable name and error should be ignored.

<send-request mode="new" timeout="300" response-variable-name="resdata" ignore-error="false">

Enter fullscreen mode Exit fullscreen mode

Then the set-url element will set the URL of the Api to which we have to hit a request.

<set-url>https://apiendpoint.com/isipallowed/check</set-url>

Enter fullscreen mode Exit fullscreen mode

Then set-method element is used for updating the method type like - GET, POST, PUT, PATCH.

<set-method>POST</set-method>

Enter fullscreen mode Exit fullscreen mode

Then the set-header element is used for setting the header for the request. In our example we will hit a POST request with json content, so we need to add Content-Type header with value of application/json.

<set-header name="Content-Type" exists-action="override">
           <value>application/json</value>
</set-header>

Enter fullscreen mode Exit fullscreen mode

set-body element is used for providing the json content to be sent in request.

<set-body>
       <value>@{
                    var body = "{ /"ipvalue/" : @context.Request.IpAddress }";
                    return body;          
                }
      </value>
</set-body>

Enter fullscreen mode Exit fullscreen mode

overall send-request element now looks like the below:

<send-request mode="new" timeout="300" response-variable-name="resdata" ignore-error="false">
        <set-url>https://apiendpoint.com/isipallowed/check</set-url>
        <set-method>POST</set-method>
        <set-header name="Content-Type" exists-action="override">
                <value>application/json</value>
         </set-header>
         <set-body>
               <value>@{
                    var body = "{ /"ipvalue/" : @context.Request.IpAddress }";
                    return body;          
                    }
              </value>
          </set-body>
</send-request>

Enter fullscreen mode Exit fullscreen mode

Now we will use Choose and when condition to check whether the IP sent is there in the list and the response code is 200. if it's not found then we must block the Ip.

<choose>
            <when condition="@(((IResponse)context.Variables.GetValueOrDefault<IResponse> 
                      ("resdata")).StatusCode != 200)">
                <--- your policy -->
            </when>
</choose>

Enter fullscreen mode Exit fullscreen mode

For blocking the IP, we must add the following Ip filter policy inside the above tag.

<ip-filter action="forbid">
            <address>@(context.Request.IpAddress)</address>
</ip-filter>

Enter fullscreen mode Exit fullscreen mode

Now the overall policy looks like below code:

<policies>
    <inbound>
        <base />
        <send-request mode="new" timeout="300" response-variable-name="resdata" ignore-error="false">
            <set-url>https://apiendpoint.com/isipallowed/check</set-url>
            <set-method>POST</set-method>
            <set-header name="Content-Type" exists-action="override">
                <value>application/json</value>
            </set-header>
            <set-body>
                 <value>@{
                    var body = "{ /"ipvalue/" : @context.Request.IpAddress }";
                    return body;          
                }</value></set-body>
        </send-request>
        <choose>
            <when condition="@(((IResponse)context.Variables.GetValueOrDefault<IResponse> 
                       ("resdata")).StatusCode != 200)">
                <ip-filter action="forbid">
                    <address>@(context.Request.IpAddress)</address>
                </ip-filter>
            </when>
        </choose>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

Enter fullscreen mode Exit fullscreen mode

Discussion (0)