Mattias-Lögdberg-Integrate-2020-Remote

Integrate 2020 Remote Session Spoiler – Improve your API’s with RBAC security

Published on : May 13, 2020

Category : Events

Mohan Nagaraj

Author

Exposing APIs is all about making it easy for consumers to consume and understand your APIs. But there is a lot more to consider to create a robust, maintainable, and long-living API. One of those is security and this will be discussed during my session at Integrate 2020. When mixing security and usability we often end up in a situation where there are one or more operations in the API that needs more security than others. This also gets mixed with the fact that multiple consumers need access and that access need’s to be given in an easy manner. And all of this ends up in a situation where built-in security options in Azure API Management are not granular enough and we end up with adding specific code to solve this that in combination with different workarounds like groups etc. Soon we get a really complex setup that is hard to understand. So let’s look at how to solve this with an IDP instead, moving all that out of API Management and let the API focus on being a great API.

In this session, we will use Auth0 as an IDP and let API Management use OAuth validation to make sure the token provided is coming from Auth0.

We will then go thru how the trust setup is done to connect the API Management instance to my Auth0 instance. And then how to work with RBAC and permissions during these. We will, in the end, up in a solution where permission and access are managed at the IDP (Auth0) and where restrictions are enforced based on the permissions inside the operation in API Management.

Come and join me to see how this is achieved!

Ask tons of questions and bring in your thoughts so we can discuss and share experience and knowledge!

Hope to see you there!

Why I should attend INTEGRATE 2020 Remote?

With INTEGRATE 2020 Remote, we are consolidating all Microsoft Integration focused content in a single place covering on-premise (BizTalk Server), cloud (Azure Logic Apps, Functions, API Management, Service Bus, Event Grid, Event Hub, Power Platform), and Hybrid in an intense 3 days conference, with its own keynote.

If you are a Microsoft Integration professional, even if you attend part of the conference here and there, you’ll still see significant value educating and preparing yourself for the future. Please go ahead and register now.