Links

Microsoft ApiManagement

Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes

Identification and Authentication

Design Guidance:

Microsoft.ApiManagement/service

Identity-Type
Terraform
Additional Properties-Client Id
Terraform
Additional Properties-Principal Id
Terraform
Certificates
Terraform

Microsoft.ApiManagement/service/apis

Subscription Required
Terraform
O Auth2-Authorization Server Id
Terraform
O Auth2-Scope
Terraform
Openid-Bearer Token Sending Methods
Terraform
Openid-Openid Provider Id
Terraform

Microsoft.ApiManagement/service/identityProviders

Allowed Tenants
Terraform
Signin Tenant
Terraform
Name
Terraform

Microsoft.ApiManagement/service/products

Subscription Required
Terraform

Microsoft.ApiManagement/service/subscriptions

Microsoft.ApiManagement/service/Users

Name
Terraform
State
Terraform
Identities-Provider
Terraform
Identities-Id
Terraform
First Name
Terraform
Last Name
Terraform
Password
Terraform

Microsoft.ApiManagement/service/openidConnectProviders

Name
Terraform
Client Id
Terraform
Client Secret
Terraform
Display Name
Terraform

Application Lifecycle Management

Design Guidance:

Microsoft.ApiManagement/service

Name
Terraform
Api Version Constraint-Min Api Version
Terraform
Hostname Configurations-Host Name
Terraform
Hostname Configurations-Type
Terraform

Microsoft.ApiManagement/service/apis

Name
Terraform
Api Revision
Terraform
Api Type
Terraform
Api Version Set-Id
Terraform
Api Version Set-Name
Terraform
Display Name
Terraform
Is Current
Terraform
Source Api Id
Terraform

Microsoft.ApiManagement/service/apis/diagnostics

Microsoft.ApiManagement/service/apiVersionSets

Microsoft.ApiManagement/service/diagnostics

Microsoft.ApiManagement/service/gateways

Microsoft.ApiManagement/service/gateways/apis

Microsoft.ApiManagement/service/gateways/hostnameConfigurations

Microsoft.ApiManagement/service/products

Microsoft.ApiManagement/service/subscriptions

Microsoft.ApiManagement/service/apis/operations

Name
Terraform
Display Name
Terraform
Url Template
Terraform

Microsoft.ApiManagement/service/backends


Network Isolation and Segregation

Microsoft.ApiManagement/service

Virtual Network Configuration-Subnet Resource Id
Terraform
Virtual Network Configuration-Subnet Resource Id
Terraform
Virtual Network Type
Terraform

Authenticator Lifetime and Reuse Limiting

Design Guidance:

Microsoft.ApiManagement/service

Certificate-Expiry
Terraform
Certificate-Expiry
Terraform

Design a Hierarchical PKI

Microsoft.ApiManagement/service

Certificate-Thumbprint
Terraform
Certificate-Thumbprint
Terraform

Authenticator Protection

Design Guidance:

Microsoft.ApiManagement/service

Certificates-Certificate Password
Terraform
Hostname Configurations-Certificate Password
Terraform

Microsoft.ApiManagement/service/authorizationServers

Client Authentication Method
Terraform
Resource Owner Password
Terraform
Resource Owner Username
Terraform

Microsoft.ApiManagement/service/certificates

Microsoft.ApiManagement/service/namedValues


TLS

Design Guidance:

Microsoft.ApiManagement/service

Certificates-Encoded Certificate
Terraform
Hostname Configurations-Encoded Certificate
Terraform
Hostname Configurations-Key Vault Id
Terraform

Microsoft.ApiManagement/service/apis

Protocols
Terraform

Microsoft.ApiManagement/service/certificates

Microsoft.ApiManagement/service/gateways/hostnameConfigurations

Certificate Id
Hostname

Microsoft.ApiManagement/service/backends

TLS-Validate Certificate Chain
Terraform
TLS-Validate Certificate Name
Terraform

Issue Keys from Trusted Authorities

Microsoft.ApiManagement/service

Certificates-Store Name
Terraform
Certificate-Subject
Terraform

Source Authentication

Design Guidance:

Microsoft.ApiManagement/service

Enable Client Certificate
Terraform
Hostname Configurations-Negotiate Client Certificate
Terraform

Microsoft.ApiManagement/service/authorizationServers

Bearer Token Sending Methods
Terraform
Client Id
Terraform
Client Registration Endpoint
Terraform
Client Secret
Terraform

Microsoft.ApiManagement/service/gateways/hostnameConfigurations

Negotiate Client Certificate

Microsoft.ApiManagement/service/backends

Authorization-Parameter
Terraform
Authorization-Scheme
Terraform
Credentials-Certificate
Terraform
Service Fabric Cluster-Client Certificatethumbprint
Terraform
Service Fabric Cluster-Management Endpoints
Terraform

Session Binding

Microsoft.ApiManagement/service

Hostname Configurations-Default SSL Binding
Terraform

Microsoft.ApiManagement/service/apis

Subscription Key Parameter Names-Header
Terraform
Subscription Key Parameter Names-Query
Terraform

Microsoft.ApiManagement/service/authorizationServers

Token Body Parameters-Name
Terraform
Token Body Parameters-Value
Terraform
Token Endpoint
Terraform

Hardening

Design Guidance:

Microsoft.ApiManagement/service/apis

Api Version Set-Version Header Name
Terraform
Api Version Set-Versioning Scheme
Terraform
Api Version Set-Version Query Name
Terraform

Microsoft.ApiManagement/service/apiVersionSets

Version Header Name
Terraform
Versioning Scheme
Terraform
Version Query Name
Terraform

Input Validation

Design Guidance:

Microsoft.ApiManagement/service/apis

Microsoft.ApiManagement/service/apis/operations

Headers-Default Value
Terraform
Headers-Name
Terraform
Headers-Type
Terraform
Headers-Values
Terraform
Query Parameters-Default Value
Terraform
Query Parameters-Name
Terraform
Query Parameters-Type
Terraform
Query Parameters-Values
Terraform
Representations-Content Type
Terraform
Form Parameters-Default Value
Terraform
Form Parameters-Name
Terraform
Form Parameters-Type
Terraform
Form Parameters-Values
Terraform
Representations-Schema Id
Terraform

Information Flow Routing

Microsoft.ApiManagement/service/apis

Path
Terraform
Wsdl Selector-Wsdl Endpoint Name
Terraform
Wsdl Selector-Wsdl Service Name
Terraform

Microsoft.ApiManagement/service/subscriptions


Logging