Unlock the Future of API Compliance with AI and Azure API Center
Published Sep 19 2024 03:30 PM 5,655 Views
Microsoft

Discover how you can revolutionize your API compliance process using Azure API Center, Logic Apps, GitHub, and cutting-edge AI technology. Learn how our innovative approach analyzes your API design governance, generates insightful compliance reports, and seamlessly notifies developers with actionable feedback. Stay ahead of the curve and ensure your APIs meet the highest standards with our automated, AI-driven solution.

Introduction

API compliance is crucial for organizations to make sure that APIs designed and built follow the established rules, standards, and guidelines defined by the organization as well as industry best practices, which developers must adhere to while developing APIs. Further, it becomes time consuming to review APIs and identify design guidelines gaps manually, and integrating compliance with existing eco-system, which impacts developer productivity.

This article shows how you can revolutionize and enhance your API compliance process using Azure API Center’s Analysis capabilities and Integration Services, and generate insightful compliance reports using Azure OpenAI, notifying developers with actionable feedback to ensure APIs adhere to organization’s API guidelines and industry best practices.

 

The solution will achieve following objectives.

  • Improved Developer Productivity: The use of AI-driven insights reduces the time developers spend manually reviewing APIs, allowing them to focus on critical tasks with real-time, actionable feedback on API design gaps.
  • Automate API Compliance: By integrating Azure API Center with Azure OpenAI, the solution ensures that APIs comply with organizational design standards and best practices through automated analysis.
  • Seamless Integration: The solution automates the workflow by integrating with GitHub and Azure services, streamlining the compliance review process and creating an efficient feedback loop for developers.

Intelligent API Compliance Solution using Azure API Center and Azure OpenAI

Azure API Center provides robust API analysis to ensure APIs adhere to design standards through API Analysis, which analyzes API definitions and provides reports on compliance. Analysis reports are in JSON format and can be pulled via API center data place endpoint.

Utilizing Azure OpenAI alongside API Center’s analysis will improve compliance by providing developers with practical feedback and explanations. Azure OpenAI can transform JSON analysis reports into easily understandable outputs, including summaries, the count of errors/warnings, and steps for remediation using prompt engineering technique. In our solution we will provide “system message” as shown below to AOAI model followed by analysis report to get “summary of findings” and “high level remediation guide” which can then be used in issue, tasks, or any reporting platform. We can customize system message as per our needs and what information we are looking for. In our solution we have used GPT4 model, and the output might be different based on model used and system message.

 

System Message:
User will provide spectral json results and you will provide users with two headings named "Summary of findings" and "High Level Remediation Guidance". "Summary of findings" will have a table with columns Rule, Severity and Total Count which will have unique analyzerRuleName and severity and total count, and another section which show over all total number of errors and warnings. "High Level Remediation Guidance" will have high level remediation guidance in bullet numbers. Please output all information in proper html email friendly format and avoid using heading tags.

 

Additionally, combining this with Azure Integration Service (Logic Apps Standard and Event Grid) allows automation and integration into existing source control and feedback systems for example GitHub.

Important: Ensure that your AI solutions follow Responsible AI principles to promote fairness, transparency, and accountability, safeguarding users and building trust in your technology. For more information see Responsible AI Practices for Azure OpenAI Model.

 

How components will work together

The solution diagram below shows how all Azure services work together to enhance and transform API compliance, and generate intelligent insights.

abbasnan_0-1726225686699.png

 

  1. API Submission & API Center Analysis: When a new API definition is registered/updated, it is submitted to Azure API Center, which runs the analysis. In this solution we will be using Microsoft Managed API Analysis.
    Azure API Center acts as the central hub for managing and analyzing API definitions. It ensures consistency and compliance by running API linting rules against the defined standards of the organization. API Center performs analysis of APIs and generates detailed reports that identify compliance or design gaps.

  2. Event Triggering: Event Grid captures the analysis event “Microsoft.ApiCenter.AnalysisResultsUpdated” and triggers Logic Apps workflow. Event Grid is responsible for detecting and responding to changes in the API definitions stored in Azure API Center. It triggers an event whenever a new API analysis report is generated. This event is then captured by Logic Apps to initiate automated workflow.

  3. Orchestration using Logic Apps Standard: Logic Apps retrieves the analysis report from API Center and sends it to Azure OpenAI for intelligent insights using built in Azure OpenAI connector. Logic Apps orchestrate the entire workflow by retrieving the API analysis report from API Center when triggered by Event Grid, sending it to Azure OpenAI for intelligent processing, and creating GitHub issues with insights and recommendations.

  4. AI-Powered Insights using Azure OpenAI: Azure OpenAI Service plays a critical role in transforming the analysis data in JSON format into meaningful insights. It takes the API analysis report from Logic Apps and uses advanced language models to generate returns easily understandable outputs, including summaries, the count of errors/warnings, and remediation guidance for developers.

  5. GitHub Issue Creation: Once the compliance report is generated, Logic Apps creates an issue in the GitHub repository. This issue includes transformed analysis results from Azure OpenAI which includes high-level remediation suggestions, and any necessary guidance for developers, as shown below. By integrating with GitHub, teams can collaborate on resolving compliance issues directly in their existing development workflow.

    abbasnan_0-1726610148240.png

Pre-requisites

Deployment Architecture

The intelligent API compliance solution's architecture incorporates Azure API Center, Azure Integration Services, Azure OpenAI features, and GitHub for collaboration and reporting. The diagram below illustrates the components of this architecture which need to be deployed in your subscription.

abbasnan_1-1726225686702.png

 

Key Points:

Workflow

Follow steps below to create workflow. After completing your workflow, it should look like below. To test workflow, register API by following “Tutorial: Register APIs in your API inventory”.

abbasnan_1-1726610362377.png

Steps to Create Workflow

  1. Create Workflow: In you logic apps standard, create a new stateful workflow.
    abbasnan_3-1726225686705.png

     


  2. Add Event Grid Trigger: In designer add “When a resource event occurs - Azure Event Grid” and set following parameters

    Parameter

    Value

    Resource Type

    Microsoft.ApiCenter.Services

    Subscription

    select your subscription

    Resource Name

    select your api center resource

    Event Type

    Microsoft.ApiCenter.AnalysisResultsUpdated

 

  1. Add action “Initialize variable” and set below parameters

    Parameter

    Value

    Name

    varApiDefRes

    Type

    Array

    Value (expression)

    split(triggerBody()?['subject'],'/')


    abbasnan_9-1726226748839.png

 

  1. Add action “Compose” and set “Inputs” expression parameter as follows
    concat('https://management.azure.com/subscriptions/',variables('varApiDefRes')[2],'/resourceGroups/',variables('varApiDefRes')[4],'/providers/Microsoft.ApiCenter/services/',variables('varApiDefRes')[8],'/workspaces/default/apis/',variables('varApiDefRes')[12],'/versions/',variables('varApiDefRes')[14],'/definitions/',variables('varApiDefRes')[16],'/analysisResults?api-version=2024-03-01')

    abbasnan_5-1726225686706.png

     



  2. HTTP action: Add HTTP action to call endpoint api center to get analysis report. Set following parameters

    Parameter

    Value

    URI

    output of compose action from previous step

    Method

    GET

    Authentication Type

    Managed Identity

    Managed Identity

    System-assigned managed identity

    Audience

    https://management.azure.com/


  1. Azure OpenAI action: we will break this into two parts for better clarity. We will first add Azure OpenAI action an set basic parameters and than set “Messages”
    1. Add “Azure OpenAI – Get chat completions” action and provide information to create connection to Azure OpenAI, and set following parameters. Feel free to change advanced parameters according to your needs as this will generate different output.

      Parameter

      Value

      Deployment Identifier

      Your AOAI model deployment name

      Sampling Temperature

      0.5

      Presence Penalty

      0

    2. Now in same action we will setup two messages, one for system to provide instruction and one for user input, which in our case will be analysis report output from previous http action. Add below parameters in order.
      Chat Role - 1

      Parameter

      Value

      Chat Role - 1

      System

      Chat Message - 1

      User will provide spectral json results and you will provide users with two headings named "Summary of findings" and "High Level Remediation Guidance". "Summary of findings" will have a table with columns Rule, Severity and Total Count which will have unique analyzerRuleName and severity and total count, and another section which show over all total number of errors and warnings. "High Level Remediation Guidance" will have high level remediation guidance in bullet numbers. Please output all information in proper html email friendly format and avoid using heading tags.


      abbasnan_10-1726226944868.png

      Chat Role - 2

      Chat Role - 2

      User

      Chat Message – 2 (type expression)

      string(body('HTTP'))

      abbasnan_12-1726227052386.png

       

  1. GitHub Action: Finally add GitHub action “Create an issue”, and provide information to create connection. Set required parameters and for parameter Body (under advanced) select “Chat completion response” from previous “Azure OpenAI” action.

    abbasnan_8-1726225686712.png

     

Conclusion

The combination of Azure API Center, Logic Apps, GitHub, and Azure OpenAI presents a powerful framework for creating thorough compliance reports and automating processes. By harnessing AI-driven insights, this strategy not only boosts developer efficiency but also ensures that APIs conform to both organizational standards and industry best practices. The smooth integration of these technologies simplifies the compliance review process by offering real-time, actionable feedback to developers. This cutting-edge solution marks a significant advance in API management, allowing organizations to uphold high standards of quality and compliance within their API ecosystems.

Share Your Thoughts! Your insights are invaluable to us. We're eager to hear what you think about Azure API Center and to understand your needs. Is there something specific that would make you and your organization even more successful? Your feedback is the key to our continuous improvement.
 
If you prefer a more personal touch, feel free to reach out via LinkedIn Abbas Nandwani (Sr Cloud Solution Architect - Digital & App Innovation @ microsoft) and Julia Kasper (Product Manager - Azure API Center @ microsoft). Thank you for being a part of our journey!

 

Co-Authors
Version history
Last update:
‎Sep 18 2024 12:42 PM
Updated by: