Discover how you can revolutionize your API compliance process using Azure API Center, Logic Apps, GitHub, and cutting-edge AI technology. Learn how our innovative approach analyzes your API design governance, generates insightful compliance reports, and seamlessly notifies developers with actionable feedback. Stay ahead of the curve and ensure your APIs meet the highest standards with our automated, AI-driven solution.
API compliance is crucial for organizations to make sure that APIs designed and built follow the established rules, standards, and guidelines defined by the organization as well as industry best practices, which developers must adhere to while developing APIs. Further, it becomes time consuming to review APIs and identify design guidelines gaps manually, and integrating compliance with existing eco-system, which impacts developer productivity.
This article shows how you can revolutionize and enhance your API compliance process using Azure API Center’s Analysis capabilities and Integration Services, and generate insightful compliance reports using Azure OpenAI, notifying developers with actionable feedback to ensure APIs adhere to organization’s API guidelines and industry best practices.
The solution will achieve following objectives.
Azure API Center provides robust API analysis to ensure APIs adhere to design standards through API Analysis, which analyzes API definitions and provides reports on compliance. Analysis reports are in JSON format and can be pulled via API center data place endpoint.
Utilizing Azure OpenAI alongside API Center’s analysis will improve compliance by providing developers with practical feedback and explanations. Azure OpenAI can transform JSON analysis reports into easily understandable outputs, including summaries, the count of errors/warnings, and steps for remediation using prompt engineering technique. In our solution we will provide “system message” as shown below to AOAI model followed by analysis report to get “summary of findings” and “high level remediation guide” which can then be used in issue, tasks, or any reporting platform. We can customize system message as per our needs and what information we are looking for. In our solution we have used GPT4 model, and the output might be different based on model used and system message.
System Message: User will provide spectral json results and you will provide users with two headings named "Summary of findings" and "High Level Remediation Guidance". "Summary of findings" will have a table with columns Rule, Severity and Total Count which will have unique analyzerRuleName and severity and total count, and another section which show over all total number of errors and warnings. "High Level Remediation Guidance" will have high level remediation guidance in bullet numbers. Please output all information in proper html email friendly format and avoid using heading tags. |
Additionally, combining this with Azure Integration Service (Logic Apps Standard and Event Grid) allows automation and integration into existing source control and feedback systems for example GitHub.
Important: Ensure that your AI solutions follow Responsible AI principles to promote fairness, transparency, and accountability, safeguarding users and building trust in your technology. For more information see Responsible AI Practices for Azure OpenAI Model.
The solution diagram below shows how all Azure services work together to enhance and transform API compliance, and generate intelligent insights.
The intelligent API compliance solution's architecture incorporates Azure API Center, Azure Integration Services, Azure OpenAI features, and GitHub for collaboration and reporting. The diagram below illustrates the components of this architecture which need to be deployed in your subscription.
Key Points:
Follow steps below to create workflow. After completing your workflow, it should look like below. To test workflow, register API by following “Tutorial: Register APIs in your API inventory”.
Parameter |
Value |
Resource Type |
Microsoft.ApiCenter.Services |
Subscription |
select your subscription |
Resource Name |
select your api center resource |
Event Type |
Microsoft.ApiCenter.AnalysisResultsUpdated |
Parameter |
Value |
Name |
varApiDefRes |
Type |
Array |
Value (expression) |
|
concat('https://management.azure.com/subscriptions/',variables('varApiDefRes')[2],'/resourceGroups/',variables('varApiDefRes')[4],'/providers/Microsoft.ApiCenter/services/',variables('varApiDefRes')[8],'/workspaces/default/apis/',variables('varApiDefRes')[12],'/versions/',variables('varApiDefRes')[14],'/definitions/',variables('varApiDefRes')[16],'/analysisResults?api-version=2024-03-01')
Parameter |
Value |
URI |
output of compose action from previous step |
Method |
GET |
Authentication Type |
Managed Identity |
Managed Identity |
System-assigned managed identity |
Audience |
Parameter |
Value |
Deployment Identifier |
Your AOAI model deployment name |
Sampling Temperature |
0.5 |
Presence Penalty |
0 |
Parameter |
Value |
Chat Role - 1 |
System |
Chat Message - 1 |
User will provide spectral json results and you will provide users with two headings named "Summary of findings" and "High Level Remediation Guidance". "Summary of findings" will have a table with columns Rule, Severity and Total Count which will have unique analyzerRuleName and severity and total count, and another section which show over all total number of errors and warnings. "High Level Remediation Guidance" will have high level remediation guidance in bullet numbers. Please output all information in proper html email friendly format and avoid using heading tags. |
Chat Role - 2 |
User |
Chat Message – 2 (type expression) |
|
The combination of Azure API Center, Logic Apps, GitHub, and Azure OpenAI presents a powerful framework for creating thorough compliance reports and automating processes. By harnessing AI-driven insights, this strategy not only boosts developer efficiency but also ensures that APIs conform to both organizational standards and industry best practices. The smooth integration of these technologies simplifies the compliance review process by offering real-time, actionable feedback to developers. This cutting-edge solution marks a significant advance in API management, allowing organizations to uphold high standards of quality and compliance within their API ecosystems.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.