In this blog post, I will explain the API Management Workspace, how to create a workspace and the key features and benefits that you will get while using the APIM Workspace in your API Management. We will also cover how APIM Workspace will help organizations streamline API governance, collaboration, and deployment.
Workspace Overview:
Azure API Management is a popular cloud-based service that allows organizations to create, manage, and secure APIs at scale. One of the key features of API Management that recently got announced is Workspace, which is designed to help organizations streamline API governance, collaboration, and deployment.
At a high level, Workspace is a logical container that allows you to group related APIs, policies, and configurations together. You can create multiple Workspaces within a single API Management instance, which can be useful for organizing your APIs by department, project, or environment.
Within Azure API Management, workspaces offer a decentralized approach to API development, enabling individual teams to manage and market their own APIs independently while a central API platform team oversees the overall API Management infrastructure. Each workspace consists of APIs, products, subscriptions, and associated entities that are exclusively accessible to the workspace collaborators. Access to these resources is regulated using Azure's role-based access control (RBAC) mechanism.
You can read more about the workspace from the link: Workspaces in Azure API Management | Microsoft Learn
Create a Workspace:
-
Sign in to the Azure portal and navigate to your API Management instance.
-
In the left-hand menu, click on the "Workspaces" tab.
Key Features of Workspace
-
Managing APIs in the Workspace:
Adding APIs to a workspace within Azure API Management can provide several benefits for organizations. By grouping related APIs together in a workspace, teams can more easily manage, govern, and deploy their APIs in a more streamlined way. This can improve collaboration between teams, reduce errors and downtime during deployments, and ultimately lead to better scalability and reliability for the API Management solution. Additionally, access to the APIs within a workspace is controlled through Azure's role-based access control (RBAC) mechanism, providing added security and governance. Overall, adding APIs to a workspace within Azure API Management can help organizations better manage their APIs and drive greater business value from their API initiatives.
-
Managing policy for all the APIs in a workspace:
Implementing policies within a workspace in Azure API Management can provide numerous benefits to organizations. Policies allow teams to enforce security, governance, and compliance requirements across all APIs in the workspace, which improves the consistency and quality of API management. By applying policies at the workspace level, teams can also reduce the time and effort required to manage individual APIs, making it easier to monitor and maintain the entire API portfolio.
- Managing policy for all the APIs in a workspace:
Implementing policies within a workspace in Azure API Management can provide numerous benefits to organizations. Policies allow teams to enforce security, governance, and compliance requirements across all APIs in the workspace, which improves the consistency and quality of API management. By applying policies at the workspace level, teams can also reduce the time and effort required to manage individual APIs, making it easier to monitor and maintain the entire API portfolio.
- Implementing Policy at the Workspace scope is very similar to implementing on the APIM itself.
- Use context.Api.Workspace and context.Product.Workspace objects in workspace-scoped policies and in the all-APIs policy on the service level.
- From the Workspace go to the APIs -> All APIs then click on the editor tab:
- Add the policy here that you want to apply to all the APIs in the workspace:
- There are many pre-built policies that are available into the APIM that you can use in the Workspace as well: Azure API Management policy samples | Microsoft Learn
- Product and Subscription into the Workspace:
In a workspace, a product is scoped to the specific workspace and is only available to collaborators within that workspace. This allows teams to manage and monetize their APIs within the context of their own API development and deployment processes.
A subscription in a workspace within Azure API Management is a way to grant access to a specific product or set of products to a developer or consumer. Subscriptions are created within a workspace and are only accessible to collaborators within that workspace. The main difference between a subscription in a workspace and a product in the global instance of Azure API Management is the scope of the subscription. In a workspace, a subscription is scoped to the specific workspace and is only available to collaborators within that workspace.
- Publish APIs with products. APIs in a workspace can be part of a service-level product or a workspace-level product.
- Workspace-level product - Visibility can be configured based on user membership in a workspace-level or a service-level group.
- Service-level product - Visibility can be configured only for service-level groups.
- Manage access to APIs with subscriptions. Subscriptions requested to an API or product within a workspace are created in that workspace.
- Product and Subscription into the Workspace:
In a workspace, a product is scoped to the specific workspace and is only available to collaborators within that workspace. This allows teams to manage and monetize their APIs within the context of their own API development and deployment processes.
A subscription in a workspace within Azure API Management is a way to grant access to a specific product or set of products to a developer or consumer. Subscriptions are created within a workspace and are only accessible to collaborators within that workspace. The main difference between a subscription in a workspace and a product in the global instance of Azure API Management is the scope of the subscription. In a workspace, a subscription is scoped to the specific workspace and is only available to collaborators within that workspace.
- Publish APIs with products. APIs in a workspace can be part of a service-level product or a workspace-level product.
- Workspace-level product - Visibility can be configured based on user membership in a workspace-level or a service-level group.
- Service-level product - Visibility can be configured only for service-level groups.
- Manage access to APIs with subscriptions. Subscriptions requested to an API or product within a workspace are created in that workspace.
- Assigning workspace access to the users:
- Service-scoped role:
- From the API Management instance page click on Access Control (IAM) from the left-hand blade
- Click on Add then Add role assignment
- Assign one of the following service-scoped roles to each member of the workspace:
- API Management Service Workspace API Developer:
Has read access to tags and products and write access to allow assigning APIs to products, assigning tags to products and APIs. This role should be assigned on the service scope.
- API Management Service Workspace API Product Manager:
Has the same access as API Management Service Workspace API Developer as well as read access to users and write access to allow assigning users to groups. This role should be assigned on the service scope.
- Workspace-scoped role:
Reference: