We all know the statements that Microsoft made about linux. They love Linux. They even wrote a blogpost about it. But that love falls short when you use Firefox on Linux. In my research on identity and access management, I have been exploring various login options. One of the approaches I tested is passwordless login using technologies like WebAuthn and YubiKey support. I experimented with this on various operating systems, browsers and Identity Providers, including Microsoft Entra ID.

Sometimes you don’t want to expose all the operations of your API on APIM. For example, you might have an API that has a lot of operations, but you only want to expose a subset of those operations on APIM. Or you might have an API that has operations that are not meant to be called by external consumers. In this post, I’ll show you how you can expose a subset of your openapi spec via Azure devops on APIM.

Over the years Microsoft has released ceveral libraries for authentication. We had ADAL. It was ok at the time, but didn’t work with the Azure AD 2.0 authorization endpoints. After some time we got the MSAL library, but it took a while before it was usable. Now new libraries are on the horizon to make it easier for the developers. Well … the constant change of libraries doesn’t make it easier for developers.

Azure API management automatically exposes openapi documentation through the developer portal. But what if your company doesn’t activate the portal? This article describes how you can make the openapi documentation available through your API.

When deploying your Azure API management via ARM templates you want to avoid putting environment depending variables in your template files. But injecting all settings via a parameter file is sometimes easier said than done. In my case, I needed to set an API policy to verify a certificate thumbprint. And that simple thing took me a few hours.