What is the difference between API Gateway provided by Azure API Management and Azure Application Gateway?

6
votes

I'm new to Azure and I skimmed through Azure official documentation.

  • What I would like to understand is the difference and similarities between the API Gateway provided by Azure API Management and Azure Application Gateway?

  • When do we require Application Gateway in front of API Gateway (provided by Api Management)?

    • When API Gateway hosted normally.
    • When API Gateway hosted inside VNet.

  • When do we require Azure Front Door in front of Application Gateway?

  • Do we need to chain Azure Front Door --> Application Gateway --> API Gateway in what scenario, instead can't we do this Azure Front Door --> API Gateway, if yes in which scenario?

I want to understand solution to above questions based on below two compute solutions:

  • When my API is hosted in Containers.
  • When my API is composed of only Azure Functions.
1
azuremicroservicesazure-api-managementazure-application-gatewayazure-front-door

1 Answers

4
votes

Good question, I'll try to answer.

API Gateway is a pattern very common in API scenarios. It act's as a facade where you can transform the incoming/outcoming requests. There are many services which you can use for it:

  • Kong
  • Ocelot
  • Apigee

and on Azure, API Management.

Azure Front Door and Azure Application Gateway (to me), offer more or less the same thing: Load balancer to your services + Web Application Firewall (WAF). If I have to choose one, I will go with Front Door as I think it's easier to setup.

When do we require Application Gateway in front of API Gateway (provided by Api Management)?

Whenever your API will be exposed to the internet. As I said, the benefit is having WAF in front of your APIs, it will block most common attacks (SQL Injection, XSS, etc).