Streamlining API Management with Workspaces: A Comprehensive Guide
Published May 09 2023 01:33 PM 4,800 Views

In this blog post, I will explain the API Management Workspace, how to create a workspace and the key features and benefits that you will get while using the APIM Workspace in your API Management. We will also cover how APIM Workspace will help organizations streamline API governance, collaboration, and deployment.


Workspace Overview:

Azure API Management is a popular cloud-based service that allows organizations to create, manage, and secure APIs at scale. One of the key features of API Management that recently got announced is Workspace, which is designed to help organizations streamline API governance, collaboration, and deployment.

At a high level, Workspace is a logical container that allows you to group related APIs, policies, and configurations together. You can create multiple Workspaces within a single API Management instance, which can be useful for organizing your APIs by department, project, or environment.

Within Azure API Management, workspaces offer a decentralized approach to API development, enabling individual teams to manage and market their own APIs independently while a central API platform team oversees the overall API Management infrastructure. Each workspace consists of APIs, products, subscriptions, and associated entities that are exclusively accessible to the workspace collaborators. Access to these resources is regulated using Azure's role-based access control (RBAC) mechanism.


You can read more about the workspace from the link: Workspaces in Azure API Management | Microsoft Learn

 

Create a Workspace:

  • Sign in to the Azure portal and navigate to your API Management instance.

  • In the left-hand menu, click on the "Workspaces" tab.

sraghuvanshi_13-1683280140166.png

 

  • Click on the "Add" button to create a new workspace.

    sraghuvanshi_14-1683280140170.png

  • In the "Add workspace" page, enter a name for the workspace and optionally provide a description.

    sraghuvanshi_15-1683280140171.png

Key Features of Workspace

  • Managing APIs in the Workspace:

    Adding APIs to a workspace within Azure API Management can provide several benefits for organizations. By grouping related APIs together in a workspace, teams can more easily manage, govern, and deploy their APIs in a more streamlined way. This can improve collaboration between teams, reduce errors and downtime during deployments, and ultimately lead to better scalability and reliability for the API Management solution. Additionally, access to the APIs within a workspace is controlled through Azure's role-based access control (RBAC) mechanism, providing added security and governance. Overall, adding APIs to a workspace within Azure API Management can help organizations better manage their APIs and drive greater business value from their API initiatives.

  • Managing policy for all the APIs in a workspace:

Implementing policies within a workspace in Azure API Management can provide numerous benefits to organizations. Policies allow teams to enforce security, governance, and compliance requirements across all APIs in the workspace, which improves the consistency and quality of API management. By applying policies at the workspace level, teams can also reduce the time and effort required to manage individual APIs, making it easier to monitor and maintain the entire API portfolio.

  • Managing policy for all the APIs in a workspace:

    Implementing policies within a workspace in Azure API Management can provide numerous benefits to organizations. Policies allow teams to enforce security, governance, and compliance requirements across all APIs in the workspace, which improves the consistency and quality of API management. By applying policies at the workspace level, teams can also reduce the time and effort required to manage individual APIs, making it easier to monitor and maintain the entire API portfolio.
    • Implementing Policy at the Workspace scope is very similar to implementing on the APIM itself.
    • Use context.Api.Workspace and context.Product.Workspace objects in workspace-scoped policies and in the all-APIs policy on the service level.
    • From the Workspace go to the APIs -> All APIs then click on the editor tab:
      sraghuvanshi_0-1683527008206.png
    • Add the policy here that you want to apply to all the APIs in the workspace:
    • There are many pre-built policies that are available into the APIM that you can use in the Workspace as well: Azure API Management policy samples | Microsoft Learn
  • Product and Subscription into the Workspace:

    In a workspace, a product is scoped to the specific workspace and is only available to collaborators within that workspace. This allows teams to manage and monetize their APIs within the context of their own API development and deployment processes.
    A subscription in a workspace within Azure API Management is a way to grant access to a specific product or set of products to a developer or consumer. Subscriptions are created within a workspace and are only accessible to collaborators within that workspace. The main difference between a subscription in a workspace and a product in the global instance of Azure API Management is the scope of the subscription. In a workspace, a subscription is scoped to the specific workspace and is only available to collaborators within that workspace.
    • Publish APIs with products. APIs in a workspace can be part of a service-level product or a workspace-level product.
      • Workspace-level product - Visibility can be configured based on user membership in a workspace-level or a service-level group.
      • Service-level product - Visibility can be configured only for service-level groups.
    • Manage access to APIs with subscriptions. Subscriptions requested to an API or product within a workspace are created in that workspace.
  • Product and Subscription into the Workspace:

    In a workspace, a product is scoped to the specific workspace and is only available to collaborators within that workspace. This allows teams to manage and monetize their APIs within the context of their own API development and deployment processes.

    A subscription in a workspace within Azure API Management is a way to grant access to a specific product or set of products to a developer or consumer. Subscriptions are created within a workspace and are only accessible to collaborators within that workspace. The main difference between a subscription in a workspace and a product in the global instance of Azure API Management is the scope of the subscription. In a workspace, a subscription is scoped to the specific workspace and is only available to collaborators within that workspace.
    • Publish APIs with products. APIs in a workspace can be part of a service-level product or a workspace-level product.
      • Workspace-level product - Visibility can be configured based on user membership in a workspace-level or a service-level group.
      • Service-level product - Visibility can be configured only for service-level groups.
    • Manage access to APIs with subscriptions. Subscriptions requested to an API or product within a workspace are created in that workspace.
  • Assigning workspace access to the users:
    • Service-scoped role:
      • From the API Management instance page click on Access Control (IAM) from the left-hand blade
        sraghuvanshi_2-1683527503971.png
      • Click on Add then Add role assignment
        sraghuvanshi_3-1683527503976.png
      • Assign one of the following service-scoped roles to each member of the workspace:
        sraghuvanshi_4-1683527503979.png
        • API Management Service Workspace API Developer:
          Has read access to tags and products and write access to allow assigning APIs to products, assigning tags to products and APIs. This role should be assigned on the service scope.
        • API Management Service Workspace API Product Manager:
          Has the same access as API Management Service Workspace API Developer as well as read access to users and write access to allow assigning users to groups. This role should be assigned on the service scope.
    • Workspace-scoped role:
      • From the API Management instance, click on Workspaces (preview):
        sraghuvanshi_5-1683527503982.png

         

      • Go inside the workspace that you created.
      • From the workspace page click on Access control (IAM) from left hand blade:
        sraghuvanshi_6-1683527503984.png
      • Click on Add then Add role assignment
        sraghuvanshi_7-1683527503988.png
      • Assign one of the following workspace-scoped roles to the workspace members to manage workspace APIs and other resources.
        sraghuvanshi_8-1683527503993.png
        • API Management Workspace Reader:
          Has read-only access to entities in the workspace. This role should be assigned on the workspace scope.
        • API Management Workspace Contributor:
          Can manage the workspace and view, but not modify its members. This role should be assigned on the workspace scope.
        • API Management Workspace API Developer:
          Has read access to entities in the workspace and read and write access to entities for editing APIs. This role should be assigned on the workspace scope.
        • API Management Workspace API Product Manager:
          Has read access to entities in the workspace and read and write access to entities for publishing APIs. This role should be assigned on the workspace scope.

Reference:

1 Comment
Version history
Last update:
‎May 08 2023 04:39 AM
Updated by: