Azure API Management to Accept Event Grid Web Hook (Error Validating The Provided Endpoint)

0
votes

I have a Premium Azure Service Bus sending messages to a "productupdate" topic. Currently, I am using a Logic App to receive the message, but it's not quite what I would like to do. Instead, I would like for Event Grid to pick up on these messages and fire a Web Hook to an endpoint in my API Management. The problem I am having is configuring the endpoint in API Management to be able to accept the Web Hook (validation code?).

I've read through all of the documentation, blog posts, and forum posts I can find on the subject but nothing has worked thus far. My Web Hook Endpoint I am trying to use is: "https://[apim].azure-api.net/OrdersService/v1/Products?subscription-key=[apim-key].

In the Inbound policies for that endpoint in APIM, I have the following:

        <set-variable name="Event" value="@(context.Variables.GetValueOrDefault<JArray>("Request")[0])" />
        <choose>
            <when condition="@(context.Variables.GetValueOrDefault<JObject>("Event")["eventType"].ToString() == "Microsoft.EventGrid.SubscriptionValidationEvent")">
                <return-response>
                    <set-status code="200" />
                    <set-header name="Content-Type" exists-action="override">
                        <value>application/json</value>
                    </set-header>
                    <set-body>@{
                                        var validationResponse = new JObject(new JProperty("validationResponse",context.Variables.GetValueOrDefault<JObject>("Event")["data"]["validationCode"].ToString()));
                                        return validationResponse.ToString();
                                    }</set-body>
                </return-response>
            </when>
            <otherwise>
                <set-header name="Content-Type" exists-action="override">
                    <value>application/json</value>
                </set-header>
                <set-header name="X-Event-Id" exists-action="override">
                    <value>@(context.Variables.GetValueOrDefault<JObject>("Event")["id"].ToString())</value>
                </set-header>
                <set-header name="X-Event-Subject" exists-action="override">
                    <value>@(context.Variables.GetValueOrDefault<JObject>("Event")["subject"].ToString())</value>
                </set-header>
                <set-header name="X-Event-Type" exists-action="override">
                    <value>@(context.Variables.GetValueOrDefault<JObject>("Event")["eventType"].ToString())</value>
                </set-header>
                <set-header name="X-Event-Time" exists-action="override">
                    <value>@(context.Variables.GetValueOrDefault<JObject>("Event")["eventTime"].ToString())</value>
                </set-header>
                <set-header name="X-Event-Data-Version" exists-action="override">
                    <value>@(context.Variables.GetValueOrDefault<JObject>("Event")["dataVersion"].ToString())</value>
                </set-header>
                <set-header name="X-Event-Metadata-Version" exists-action="override">
                    <value>@(context.Variables.GetValueOrDefault<JObject>("Event")["metadataVersion"].ToString())</value>
                </set-header>
                <set-header name="X-Event-Topic" exists-action="override">
                    <value>@(context.Variables.GetValueOrDefault<JObject>("Event")["topic"].ToString())</value>
                </set-header>
                <set-body>@(context.Variables.GetValueOrDefault<JObject>("Event")["data"].ToString())</set-body>
            </otherwise>
        </choose>

No matter what I set the Web Hook Endpoint to or what I put in the Inbound policy, I receive the following error when I click "Create" on the Event Subscription:

Deploying Event Subscription: productupdate
Deployment has failed with the following error: {"code":"Url
validation","message":"The attempt to validate the provided endpoint
https://<apim>.azure-api.net/OrdersService/v1/Products failed. For more details,
visit https://aka.ms/esvalidation."}

I have found plenty of information on the error, but nothing definitive that has applied to (or works with) being received by APIM. I'm pretty sure it has to do with returning the validation code, but I can't figure out how to make APIM do that. What am I missing or doing wrong?

2
azureazure-api-managementazure-eventgrid
Did you test your API? You can use a sample from the docs.microsoft.com/en-us/azure/event-grid/…. Note, that this validation will not work when the delivery schema is CloudEventSchemaV1_0.Roman Kiss
Yes, the API is all fine. Everything is currently hooked up to Logic Apps and works completely end-to-end. I'm trying to take out the Logic Apps and replace them with Event Grid Subscriptions. I'm also using the default schema (Event Grid Schema).Joseph Robinson
OK, the next step for testing is to make a call from the REST Client (for instance: Advanced Rest Client or Postman, etc.) with the same payload for validation and your apim url. You should received for that test sample the following response: { "validationResponse": "512d38b6-c7b8-40c8-89fe-f46f9e9622b6"}Roman Kiss
Btw. As you mentioned in your question, you would like to replace the Log App and receiving messages by Azure Event Grid. Note, that the AEG doesn't have a listener/receiver for retrieving the messages from the Azure Service Bus entity. The AEG can handled only the notifications (events) from the ASB entity, that the message arrived and there is no listener for that entity. In other words, in your solution the AEG will help to react that the message arrived (into the empty entitty and no active listener) and then calling the ASB service for retrieving one by one all messages from the entity.Roman Kiss

2 Answers

0
votes

See here on how to enable Azure Monitor and Log Analytics for your APIM service: https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-use-azure-monitor. Once done you should get GatewayLogs table in Log Analytics with a record for each request processed by APIM. Those records will contain description of request APIM received and response it provided. Internally I see that last requests made to your endpoint all were denied with 401 because subscription-key you're passing doesn't match any key in your APIM service.

0
votes

I have finally got it figured out and working. The problems ended up being in my APIM endpoint due to a fundamental misunderstanding of Event Grid on my part. It wasn't just one particular thing. Enabling Monitor and Log certainly helped me track it down. My APIM inbound policy was missing a key for setting the backend URL. Also, I didn't need to send the subscription key (because I have it disabled in APIM). I also had my endpoint set up to where it had a GET, a POST, and a PUT. I had to get rid of the GET and PUT.