azure-mgmt-apimanagement-dotnet
by microsoft
Management plane SDK for provisioning and managing Azure API Management resources via Azure Resource Manager.
npx skills add https://github.com/microsoft/agent-skills --skill azure-mgmt-apimanagement-dotnetAzure.ResourceManager.ApiManagement (.NET)
Management plane SDK for provisioning and managing Azure API Management resources via Azure Resource Manager.
⚠️ Management vs Data Plane
- This SDK (Azure.ResourceManager.ApiManagement): Create services, APIs, products, subscriptions, policies, users, groups
- Data Plane: Direct API calls to your APIM gateway endpoints
Installation
dotnet add package Azure.ResourceManager.ApiManagement
dotnet add package Azure.Identity
Current Version: v1.3.0
Environment Variables
AZURE_SUBSCRIPTION_ID=<your-subscription-id> # Required: Azure subscription ID
AZURE_TOKEN_CREDENTIALS=prod # Required only if DefaultAzureCredential is used in production
AZURE_TENANT_ID=<tenant-id> # For service principal auth (optional)
AZURE_CLIENT_ID=<client-id> # For service principal auth (optional)
AZURE_CLIENT_SECRET=<client-secret> # For service principal auth (optional)
Authentication
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.ApiManagement;
// Local dev: DefaultAzureCredential. Production: set AZURE_TOKEN_CREDENTIALS=prod or AZURE_TOKEN_CREDENTIALS=<specific_credential>
var credential = new DefaultAzureCredential(
DefaultAzureCredential.DefaultEnvironmentVariableName
);
// Or use a specific credential directly in production:
// See https://learn.microsoft.com/dotnet/api/overview/azure/identity-readme?view=azure-dotnet#credential-classes
// var credential = new ManagedIdentityCredential();
var armClient = new ArmClient(credential);
// Get subscription
var subscriptionId = Environment.GetEnvironmentVariable("AZURE_SUBSCRIPTION_ID");
var subscription = armClient.GetSubscriptionResource(
new ResourceIdentifier($"/subscriptions/{subscriptionId}"));
Resource Hierarchy
ArmClient
└── SubscriptionResource
└── ResourceGroupResource
└── ApiManagementServiceResource
├── ApiResource
│ ├── ApiOperationResource
│ │ └── ApiOperationPolicyResource
│ ├── ApiPolicyResource
│ ├── ApiSchemaResource
│ └── ApiDiagnosticResource
├── ApiManagementProductResource
│ ├── ProductApiResource
│ ├── ProductGroupResource
│ └── ProductPolicyResource
├── ApiManagementSubscriptionResource
├── ApiManagementPolicyResource
├── ApiManagementUserResource
├── ApiManagementGroupResource
├── ApiManagementBackendResource
├── ApiManagementGatewayResource
├── ApiManagementCertificateResource
├── ApiManagementNamedValueResource
└── ApiManagementLoggerResource
Core Workflow
1. Create API Management Service
using Azure.ResourceManager.ApiManagement;
using Azure.ResourceManager.ApiManagement.Models;
// Get resource group
var resourceGroup = await subscription
.GetResourceGroupAsync("my-resource-group");
// Define service
var serviceData = new ApiManagementServiceData(
location: AzureLocation.EastUS,
sku: new ApiManagementServiceSkuProperties(
ApiManagementServiceSkuType.Developer,
capacity: 1),
publisherEmail: "[email protected]",
publisherName: "Contoso");
// Create service (long-running operation - can take 30+ minutes)
var serviceCollection = resourceGroup.Value.GetApiManagementServices();
var operation = await serviceCollection.CreateOrUpdateAsync(
WaitUntil.Completed,
"my-apim-service",
serviceData);
ApiManagementServiceResource service = operation.Value;
2. Create an API
var apiData = new ApiCreateOrUpdateContent
{
DisplayName = "My API",
Path = "myapi",
Protocols = { ApiOperationInvokableProtocol.Https },
ServiceUri = new Uri("https://backend.contoso.com/api")
};
var apiCollection = service.GetApis();
var apiOperation = await apiCollection.CreateOrUpdateAsync(
WaitUntil.Completed,
"my-api",
apiData);
ApiResource api = apiOperation.Value;
3. Create a Product
var productData = new ApiManagementProductData
{
DisplayName = "Starter",
Description = "Starter tier with limited access",
IsSubscriptionRequired = true,
IsApprovalRequired = false,
SubscriptionsLimit = 1,
State = ApiManagementProductState.Published
};
var productCollection = service.GetApiManagementProducts();
var productOperation = await productCollection.CreateOrUpdateAsync(
WaitUntil.Completed,
"starter",
productData);
ApiManagementProductResource product = productOperation.Value;
// Add API to product
await product.GetProductApis().CreateOrUpdateAsync(
WaitUntil.Completed,
"my-api");
4. Create a Subscription
var subscriptionData = new ApiManagementSubscriptionCreateOrUpdateContent
{
DisplayName = "My Subscription",
Scope = $"/products/{product.Data.Name}",
State = ApiManagementSubscriptionState.Active
};
var subscriptionCollection = service.GetApiManagementSubscriptions();
var subOperation = await subscriptionCollection.CreateOrUpdateAsync(
WaitUntil.Completed,
"my-subscription",
subscriptionData);
ApiManagementSubscriptionResource subscription = subOperation.Value;
// Get subscription keys
var keys = await subscription.GetSecretsAsync();
Console.WriteLine($"Primary Key: {keys.Value.PrimaryKey}");
5. Set API Policy
var policyXml = @"
<policies>
<inbound>
<rate-limit calls=""100"" renewal-period=""60"" />
<set-header name=""X-Custom-Header"" exists-action=""override"">
<value>CustomValue</value>
</set-header>
<base />
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>";
var policyData = new PolicyContractData
{
Value = policyXml,
Format = PolicyContentFormat.Xml
};
await api.GetApiPolicy().CreateOrUpdateAsync(
WaitUntil.Completed,
policyData);
6. Backup and Restore
// Backup
var backupParams = new ApiManagementServiceBackupRestoreContent(
storageAccount: "mystorageaccount",
containerName: "apim-backups",
backupName: "backup-2024-01-15")
{
AccessType = StorageAccountAccessType.SystemAssignedManagedIdentity
};
await service.BackupAsync(WaitUntil.Completed, backupParams);
// Restore
await service.RestoreAsync(WaitUntil.Completed, backupParams);
Key Types Reference
| Type | Purpose |
|---|---|
ArmClient | Entry point for all ARM operations |
ApiManagementServiceResource | Represents an APIM service instance |
ApiManagementServiceCollection | Collection for service CRUD |
ApiResource | Represents an API |
ApiManagementProductResource | Represents a product |
ApiManagementSubscriptionResource | Represents a subscription |
ApiManagementPolicyResource | Service-level policy |
ApiPolicyResource | API-level policy |
ApiManagementUserResource | Represents a user |
ApiManagementGroupResource | Represents a group |
ApiManagementBackendResource | Represents a backend service |
ApiManagementGatewayResource | Represents a self-hosted gateway |
SKU Types
| SKU | Purpose | Capacity |
|---|---|---|
Developer | Development/testing (no SLA) | 1 |
Basic | Entry-level production | 1-2 |
Standard | Medium workloads | 1-4 |
Premium | High availability, multi-region | 1-12 per region |
Consumption | Serverless, pay-per-call | N/A |
Best Practices
- Use
WaitUntil.Completedfor operations that must finish before proceeding - Use
WaitUntil.Startedfor long operations like service creation (30+ min) - Always use
DefaultAzureCredential— never hardcode keys - Handle
RequestFailedExceptionfor ARM API errors - Use
CreateOrUpdateAsyncfor idempotent operations - Navigate hierarchy via
Get*methods (e.g.,service.GetApis()) - Policy format — Use XML format for policies; JSON is also supported
- Service creation — Developer SKU is fastest for testing (~15-30 min)
Error Handling
using Azure;
try
{
var operation = await serviceCollection.CreateOrUpdateAsync(
WaitUntil.Completed, serviceName, serviceData);
}
catch (RequestFailedException ex) when (ex.Status == 409)
{
Console.WriteLine("Service already exists");
}
catch (RequestFailedException ex) when (ex.Status == 400)
{
Console.WriteLine($"Bad request: {ex.Message}");
}
catch (RequestFailedException ex)
{
Console.WriteLine($"ARM Error: {ex.Status} - {ex.ErrorCode}: {ex.Message}");
}
Reference Files
| File | When to Read |
|---|---|
| references/service-management.md | Service CRUD, SKUs, networking, backup/restore |
| references/apis-operations.md | APIs, operations, schemas, versioning |
| references/products-subscriptions.md | Products, subscriptions, access control |
| references/policies.md | Policy XML patterns, scopes, common policies |
Related Resources
| Resource | Purpose |
|---|---|
| API Management Documentation | Official Azure docs |
| Policy Reference | Complete policy reference |
| SDK Reference | .NET API reference |
More skills from microsoft
oss-growth
microsoft
OSS growth hacker persona
official
microsoft-foundry
microsoft
Deploy, evaluate, and manage Foundry agents end-to-end: Docker build, ACR push, hosted/prompt agent create, container start, batch eval, continuous eval, prompt optimizer workflows, agent.yaml, dataset curation from traces. USE FOR: deploy agent to Foundry, hosted agent, create agent, invoke agent, evaluate agent, run batch eval, continuous eval, continuous monitoring, continuous eval status, optimize prompt, improve prompt, prompt optimizer, optimize agent instructions, improve agent...
officialdevelopmentdevops
azure-ai
microsoft
Use for Azure AI: Search, Speech, OpenAI, Document Intelligence. Helps with search, vector/hybrid search, speech-to-text, text-to-speech, transcription, OCR. WHEN: AI Search, query search, vector search, hybrid search, semantic search, speech-to-text, text-to-speech, transcribe, OCR, convert text to speech.
officialdevelopmentapi
azure-deploy
microsoft
Execute Azure deployments for ALREADY-PREPARED applications that have existing .azure/deployment-plan.md and infrastructure files. DO NOT use this skill when the user asks to CREATE a new application — use azure-prepare instead. This skill runs azd up, azd deploy, terraform apply, and az deployment commands with built-in error recovery. Requires .azure/deployment-plan.md from azure-prepare and validated status from azure-validate. WHEN: "run azd up", "run azd deploy", "execute deployment",...
officialdevopsaws
azure-storage
microsoft
Azure Storage Services including Blob Storage, File Shares, Queue Storage, Table Storage, and Data Lake. Answers questions about storage access tiers (hot, cool, cold, archive), when to use each tier, and tier comparison. Provides object storage, SMB file shares, async messaging, NoSQL key-value, and big data analytics. Includes lifecycle management. USE FOR: blob storage, file shares, queue storage, table storage, data lake, upload files, download blobs, storage accounts, access tiers,...
officialdevelopmentdatabase
azure-diagnostics
microsoft
Debug Azure production issues on Azure using AppLens, Azure Monitor, resource health, and safe triage. WHEN: debug production issues, troubleshoot app service, app service high CPU, app service deployment failure, troubleshoot container apps, troubleshoot functions, troubleshoot AKS, kubectl cannot connect, kube-system/CoreDNS failures, pod pending, crashloop, node not ready, upgrade failures, analyze logs, KQL, insights, image pull failures, cold start issues, health probe failures,...
officialdevopsdevelopment
azure-prepare
microsoft
Prepare Azure apps for deployment (infra Bicep/Terraform, azure.yaml, Dockerfiles). Use for create/modernize or create+deploy; not cross-cloud migration (use azure-cloud-migrate). DO NOT USE FOR: copilot-sdk apps (use azure-hosted-copilot-sdk). WHEN: "create app", "build web app", "create API", "create serverless HTTP API", "create frontend", "create back end", "build a service", "modernize application", "update application", "add authentication", "add caching", "host on Azure", "create and...
officialdevelopmentdevops
azure-validate
microsoft
Pre-deployment validation for Azure readiness. Run deep checks on configuration, infrastructure (Bicep or Terraform), RBAC role assignments, managed identity permissions, and prerequisites before deploying. WHEN: validate my app, check deployment readiness, run preflight checks, verify configuration, check if ready to deploy, validate azure.yaml, validate Bicep, test before deploying, troubleshoot deployment errors, validate Azure Functions, validate function app, validate serverless...
officialdevopstesting