Azure Developer Portal: A Comprehensive Guide

The Azure Developer Portal is a one-stop-shop for all your Azure development needs. It's a centralized location where you can manage your Azure resources, monitor your applications, and troubleshoot issues.

With the Azure Developer Portal, you can easily create, manage, and deploy cloud-based applications. You can also monitor your application's performance, diagnose issues, and optimize its resources.

One of the key features of the Azure Developer Portal is its ability to provide a unified view of your Azure resources, including virtual machines, storage accounts, and databases. This makes it easier to manage and troubleshoot your applications.

You can access the Azure Developer Portal through the Azure portal or by using the Azure CLI.

To get started with an Azure Developer Portal, you'll need to have a few things in place. You'll need an API Management service instance, which you can create by following the Quickstart guide.

You'll also need an Azure storage account with the static websites feature enabled. This is a crucial step, as it allows you to host your developer portal.

Additionally, you'll need to have Git, Node.js, and npm installed on your machine. Git can be installed by following this tutorial, while Node.js can be downloaded and installed by following these steps.

Here are the specific requirements you'll need to meet:

To get started, you'll need to meet some prerequisites.

First, create an Azure API Management instance by completing the quickstart. This will be the foundation for the rest of your setup.

You'll also need to import and publish an API, which will give you a working API to build upon.

If you want to change the site's domain name, you'll need to set up a custom domain in your API Management instance.

Here's a list of the specific steps you'll need to take:

To set up a local development environment, you'll need a few more things.

You'll need an API Management service instance, which you can create by following the Quickstart - Create an Azure API Management instance tutorial.

You'll also need an Azure storage account with the static websites feature enabled, and a Git repository on your machine.

Additionally, you'll need Node.js and npm installed on your machine, and the Azure CLI.

Here's a more detailed list of the requirements:

To register Azure APIM Developer Portal as an App within Azure AD B2C, you'll need to fill out the New Web App Integration form.

To get started with integrating Azure and Okta, you'll need to follow a series of steps. The process begins with registering your app in Azure.

The first step is to register your new app in Azure. This is a crucial step that sets the foundation for the rest of the integration process.

Here are the steps you'll need to follow:

API Management is a crucial aspect of building and maintaining APIs. APIM can be used to apply observability to all APIs in a consistent way.

With APIM, you can update or alter instances using the Management plan, which can be accessed from different tools like VS Code extension, Azure portal, PowerShell, or ARM templates. Observability can be achieved by integrating API with Azure Monitor, Azure application insight, and Azure Event Hubs.

API Inspector is a feature that allows you to troubleshoot your API in Realtime, viewing information like request received, policies applied, duration of each policy execution, and the request sent to the backend, as well as viewing exceptions happening while executing your API.

API Management allows you to observe your APIs in a consistent way, increasing their observability. This is crucial for knowing how others are using your API, its performance, and latency.

You can update or alter APIM instances using the Management plan, which can be accessed from tools like VS Code extension, Azure portal, PowerShell, and ARM templates.

API Inspector is a feature that allows you to troubleshoot your API in Realtime, viewing information like the Request received by the API, policies applied to these requests, and the request sent by the API to the backend.

Built-in reports provide Aggregated metrics and request scopes logs, always enabled by default and sampling all requests for a quick review of your APIs' overall health.

Custom CA root certificates can be used to achieve observability, specifically from linked API Management services.

Publishing your APIM resource is a crucial step in making your API Management setup live and accessible to visitors. You need to publish the portal whenever you want to expose changes to the portal's content or styling.

To publish from the administrative interface of the developer portal, make sure you save your changes and then select Publish site from the menu at the top. This operation may take a few minutes.

Publishing the portal also requires updating the API Management service configuration changes that affect the developer portal. This includes assigning a custom domain, updating the identity providers, setting delegation, or specifying sign-in and product terms.

There are two ways to publish the portal: from the administrative interface of the developer portal or from the Azure portal. To publish from the Azure portal, navigate to the Portal overview page of your API Management instance and select Publish.

Here's a step-by-step guide to publishing your APIM resource:

After publishing, the 'Publish' button should no longer be greyed out, and your API Management setup will be live and accessible to visitors.

Control access to the developer portal by synchronizing it with your API Management instance, making APIs and products visible only when they're in a published state. This ensures that only authorized content is displayed to developers.

API Management uses groups to manage visibility of products and APIs, allowing you to create custom groups to suit your needs. Products are first made visible to groups, and then developers in those groups can view and subscribe to the products.

Visibility and access controls are supported only in the managed developer portal, not in the self-hosted portal. To control access to specific pages or sections, select the gear icon next to the page name on the Pages tab or use the Change access icon to edit the users or groups that can see the element.

Here are some key facts about visibility and access controls:

To control access to portal content, you need to make sure APIs and products are in a published state. This will make them visible in the developer portal.

APIs and products must be published to be visible in the developer portal. This ensures that only authorized users can view and subscribe to them.

You can use built-in groups or create custom groups to manage visibility of products and their associated APIs. This is useful for controlling access to specific content.

Groups are used to manage visibility of products and APIs. You can create custom groups to suit your needs.

To control access to specific pages or sections, you can use the "Access" option when editing page settings. This allows you to select which users or groups can see the page.

When editing page settings, select the "Access" option to control visibility. You can choose to display the page to specific users or groups.

The developer portal automatically hides buttons or navigation items that point to pages a user doesn't have access to. This ensures that users only see content they're authorized to access.

To preview pages as a user associated with any built-in or custom group, select "View as" in the menu at the top. This is useful for testing access controls.

You can also use the "Change access" icon to control visibility of specific page elements, such as sections, menus, or buttons. This allows you to fine-tune access controls for each element.

To enable a content security policy, navigate to your API Management instance and select "Portal settings" under Developer portal. This adds a layer of security to your developer portal and helps mitigate certain types of attacks.

A content security policy ensures that the developer portal only loads resources from trusted locations. This helps prevent cross-site scripting and data injection attacks.

To enable a content security policy, add one or more hostnames that specify trusted locations under "Allowed sources". You can also specify a wildcard character to allow all subdomains of a domain.

User authentication is a crucial aspect of security and access control in Azure API Management. You can enable user sign-up and sign-in by creating a developer portal website setting that requires users to sign in to access the portal.

By default, the developer portal enables anonymous access, allowing anyone to view the portal and its content without signing in. However, access to certain content and functionality may be restricted. You can restrict access to the portal by requiring users to sign up or sign in with a Microsoft Entra ID or Azure AD B2C account.

The portal supports several options for user sign-up and sign-in, including basic authentication for developers to sign in with credentials for API Management user accounts. Developers can sign up for an account directly through the portal, or you can create accounts for them.

To secure user sign-up and sign-in, you can use a custom IDP (Identity Provider) like Okta. You can add a new identity provider in Azure by navigating to your Azure AD B2C Tenant and selecting Identity providers, then click New OpenID Connect provider.

Here are the steps to add a new identity provider in Azure:

You can also create a new user flow in Azure AD B2C to manage user sign-up and sign-in. To do this, navigate to your Azure AD B2C Tenant and select User flows, then click New user flow. Choose Sign up and sign in, and fill out the form with the required information, such as user attributes and token claims.

Once you have added a new identity provider and created a new user flow, you can add a new identity to your APIM resource in the Azure Portal. From the left hand menu under ‘Developer portal’ select Identities, then click Add, and fill out the form with the required information, such as the client ID and client secret.

The Azure developer portal is ready to be customized out of the box, with placeholder pages, content, and navigation menus to get you started. To access the portal, you'll need network connectivity to both the developer portal's endpoint and the API Management instance's management endpoint.

To customize the portal, you can use the administrative interface to change the appearance and functionality. For a step-by-step walkthrough, see Tutorial: Access and customize the developer portal.

You'll also need to configure CORS settings for storage account, which involves setting allowed origins, methods, headers, and max age in the Azure portal. Additionally, you may need to configure CORS settings for the developer portal backend to allow requests originating through your self-hosted developer portal.

Here's a summary of the steps to configure CORS settings for storage account:

The config.runtime.json file is a crucial part of the customization process, and it's where you'll need to paste a value from the previous configuration file.

You'll need to copy and paste the managementApiUrl value from the config.design.json file into the config.runtime.json file.

This value is used to connect to your API Management instance, so make sure to get it right.

To configure the static website, go to your storage account in the Azure portal and select Static website from the menu on the left.

Selecting Static website will take you to a page where you can enable the feature. To do this, simply select the Enabled toggle.

In the Index document name field, enter index.html to specify the default page for your website.

You'll also need to specify the error page, which you can do by entering 404/index.html in the Error document path field.

Once you've made these changes, select Save to apply them.

By following these steps, you'll have successfully configured your static website in Azure.

To configure CORS settings, head to your storage account in the Azure portal and select CORS from the menu on the left. This will allow you to configure the settings for the Blob service tab.

In the Blob service tab, configure the following rules: Allowed origins should be set to *, Allowed methods should be set to all the HTTP verbs, Allowed headers should be set to *, Exposed headers should be set to *, and Max age should be set to 0.

Selecting Save will apply these changes. This will enable CORS for your storage account.

For the developer portal backend, you'll need to configure CORS settings to allow requests originating through your self-hosted developer portal. This is necessary for features like CAPTCHA verification, OAuth 2.0 authorization in the test console, and delegation of user authentication and product subscription.

To do this, you'll need to update the backendUrl value in the config.runtime.json file with the name of your API Management instance. If you have a custom domain, use that instead.

Here are the specific values you'll need to update:

Once you've updated these values, you'll be able to enable CORS for your developer portal backend.