Azure API Management Advanced policies using C# - I

Applying IP filter based on Api response in policy | Rest API call inside API management policy | Dynamically filtering IPs based on response json

Azure API Management Advanced policies using C# - I
Sanjeevi Subramani's photo
Sanjeevi Subramani

Published on Jun 24, 2021

2 min read

Subscribe to my newsletter and never miss my upcoming articles

In this article we can see how to use a rest API call inside APIM policies and apply IP restriction based on response from the API fully in policy.

By following this article from MSDN where we have when conditions and Ip filter policies and advanced C# code inside policy can be done.

Now we will first see how to do a Rest Api call inside API management policy:

Following code shows the send-request element where we can set timeout and response variable name and error should be ignored.

<send-request mode="new" timeout="300" response-variable-name="resdata" ignore-error="false">

Then the set-url element will set the URL of the Api to which we have to hit a request.

<set-url>https://apiendpoint.com/isipallowed/check</set-url>

Then set-method element is used for updating the method type like - GET, POST, PUT, PATCH.

<set-method>POST</set-method>

Then the set-header element is used for setting the header for the request. In our example we will hit a POST request with json content, so we need to add Content-Type header with value of application/json.

<set-header name="Content-Type" exists-action="override">
           <value>application/json</value>
</set-header>

set-body element is used for providing the json content to be sent in request.

<set-body>
       <value>@{
                    var body = "{ /"ipvalue/" : @context.Request.IpAddress }";
                    return body;          
                }
      </value>
</set-body>

overall send-request element now looks like the below:

<send-request mode="new" timeout="300" response-variable-name="resdata" ignore-error="false">
        <set-url>https://apiendpoint.com/isipallowed/check</set-url>
        <set-method>POST</set-method>
        <set-header name="Content-Type" exists-action="override">
                <value>application/json</value>
         </set-header>
         <set-body>
               <value>@{
                    var body = "{ /"ipvalue/" : @context.Request.IpAddress }";
                    return body;          
                    }
              </value>
          </set-body>
</send-request>

Now we will use Choose and when condition to check whether the IP sent is there in the list and the response code is 200. if it's not found then we must block the Ip.

<choose>
            <when condition="@(((IResponse)context.Variables.GetValueOrDefault<IResponse> 
                      ("resdata")).StatusCode != 200)">
                <--- your policy -->
            </when>
</choose>

For blocking the IP, we must add the following Ip filter policy inside the above tag.

<ip-filter action="forbid">
            <address>@(context.Request.IpAddress)</address>
</ip-filter>

Now the overall policy looks like below code:

<policies>
    <inbound>
        <base />
        <send-request mode="new" timeout="300" response-variable-name="resdata" ignore-error="false">
            <set-url>https://apiendpoint.com/isipallowed/check</set-url>
            <set-method>POST</set-method>
            <set-header name="Content-Type" exists-action="override">
                <value>application/json</value>
            </set-header>
            <set-body>
                 <value>@{
                    var body = "{ /"ipvalue/" : @context.Request.IpAddress }";
                    return body;          
                }</value></set-body>
        </send-request>
        <choose>
            <when condition="@(((IResponse)context.Variables.GetValueOrDefault<IResponse> 
                       ("resdata")).StatusCode != 200)">
                <ip-filter action="forbid">
                    <address>@(context.Request.IpAddress)</address>
                </ip-filter>
            </when>
        </choose>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>
 
Share this