Introduction
Azure API Management is a powerful tool for managing APIs at scale, but what happens when disaster strikes?
Whether it’s an unexpected outage or the need to migrate to a new instance, having a reliable backup and restoration process is essential.
Without it, you risk having to manually redeploy your APIs and redo all your Developer Portal customisations – a time-consuming and error-prone process.
This guide provides a streamlined approach to safeguarding your API Management resources.
By following these steps, you can efficiently back up and restore both your deployed APIs and Developer Portal customisations. Beyond disaster recovery, these techniques are invaluable for migrating API Management to a new instance or environment and even transferring Developer Portal customisations between instances.
Let’s dive in and ensure your API Management strategy is as resilient and flexible as your business demands.
Assumptions and Constraints
This guide assumes that you already have an Infrastructure-as-Code (IaC) pipeline that can deploy your API Management service, as there are certain parts that don’t get backed up that you’ll want to deploy as part of your base APIM service deployment, including network settings and certificates.
See the following link for what is not backed up – aside from Developer Portal, this should all be deployed by your IaC for the API Management Service.
This guide also assumes that you have a storage account in a suitable location, such as a Management subscription, to back up to and restore from.
Lastly, this guide assumes that you have all the necessary access privileges required to perform these actions, as well as the following components installed.
- The Az PowerShell module
- PowerShell 7
- Az CLI
- NodeJS
The process for APIs deployed to APIM has some constraints which can be read in the following link, the most significant of which being that the pricing tier of the service being restored into must match the pricing tier of the backed-up service being restored.
Backup Process
APIs Deployed to API Management
The process described below references the following Microsoft documentation to create a backup of APIs deployed to an API Management instance.
That backup is located in a Storage Account which this guide assumes already exists.
Authenticating and Setting Variables
# authenticate and set subscription
Connect-AzAccount;
# set variables
$apiManagementName = "name-of-the-service";
$apiManagementResourceGroup = "resource-group-name-of-the-apim-service";
$storageAccountName = "storageaccountname";
$storageResourceGroup = "storage-account-resource-group-name";
$containerName = "containerName";
$blobName = "blobName.apimbackup"; # NOTE: use this file extension
Setting Storage Context
# set storage context
$storageKey = (Get-AzStorageAccountKey -ResourceGroupName $storageResourceGroup -StorageAccountName $storageAccountName)[0].Value;
$storageContext = New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageKey;
Running the Backup Job
# run backup job
Backup-AzApiManagement -ResourceGroupName $apiManagementResourceGroup -Name $apiManagementName -StorageContext $storageContext -TargetContainerName $containerName -TargetBlobName $blobName -AccessType "SystemAssignedManagedIdentity";
Developer Portal Content
The process described uses a set of scripts created by Microsoft that use NodeJS.
This process shows the backup content stored locally, though a storage account could be used for this purpose and would require a few extra steps.
First, clone the following repository.
git clone https://github.com/Azure/api-management-developer-portal
Navigate to the scripts.v3 folder and run the following commands substituting the correct values.
az login;
node ./capture --subscriptionId "subscriptionId" --resourceGroupName "resourceGroupName" --serviceName "serviceName";
This will create a folder locally named dist
, with a subfolder named snapshot
containing the backup.
Restore Process
As aforementioned, the first step to restoring API Management should be to run your IaC pipeline that has all of your main configuration including network configuration and TLS certificates, as those components are not included in the backup process.
See the following list for reference.
APIs Deployed to API Management
The process described below references the following Microsoft documentation to restore a backup of APIs deployed to an API Management instance located in a Storage Account.
Authenticating and Setting Variables
# authenticate and set subscription
Connect-AzAccount;
# set variables
$apiManagementName = "name-of-the-service";
$apiManagementResourceGroup = "resource-group-name-of-the-apim-service";
$storageAccountName = "storageaccountname";
$storageResourceGroup = "storage-account-resource-group-name";
$containerName = "containerName";
$blobName = "blobName.apimbackup"; # NOTE: use this file extension
Setting Storage Context
# set storage context
$storageKey = (Get-AzStorageAccountKey -ResourceGroupName $storageResourceGroup -StorageAccountName $storageAccountName)[0].Value;
$storageContext = New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageKey;
Running the Restore Job
# run restore job
Restore-AzApiManagement -ResourceGroupName $apiManagementResourceGroup -Name $apiManagementName -StorageContext $storageContext -SourceContainerName $containerName -SourceBlobName $blobName;
Developer Portal Content
The process described uses a set of scripts created by Microsoft that use NodeJS.
This process shows the content to restore from backup stored locally, though a storage account could be used for this purpose and would require a few extra steps.
First, clone the following repository.
git clone https://github.com/Azure/api-management-developer-portal
Navigate to the scripts.v3 folder and run the following commands substituting the correct values.
az login;
node ./generate --subscriptionId "subscriptionId" --resourceGroupName "resourceGroupName" --serviceName "serviceName";
This will reference a local folder named dist
, with a subfolder named snapshot
containing the backup.
Final Words
The processes outlined in this guide form a solid foundation for managing backups and restores of your Azure API Management instances. However, there’s always room for improvement.
One enhancement could be configuring these steps to run through an Azure DevOps pipeline. This would not only automate the backup and recovery processes but also integrate them seamlessly into your CI/CD workflows, ensuring consistent and reliable operations.
Another potential improvement is leveraging an Azure Storage Account for Developer Portal backups. This approach offers centralised storage, making backups more accessible and recovery processes more efficient.
By implementing these enhancements, you can elevate the robustness and efficiency of your API management strategy, ensuring quick recovery and minimal downtime in disaster scenarios.
If you’re looking for guidance with Azure API Management or want to explore how to optimize your API solutions, feel free to connect with the team at Arinco. We’re here to understand your needs, integrate Microsoft solutions seamlessly into your environment, and help make sure it’s “Done Right”.
Get in touch