{tocify} $title={Table of Contents}
In this article we can see how to use a rest API call inside APIM policies and apply IP restriction based on response from the API fully in policy.
By
following this article from MSDN where we have when
conditions and Ip filter policies and advanced C# code inside policy can be
done.
Now
we will first see how to do a Rest Api call inside API management policy:
The following code shows the send-request element where we can set timeout and response
variable name and error should be ignored.
<send-request mode="new" timeout="300" response-variable-name="resdata" ignore-error="false">
Then
the set-url element will set the URL of the Api to which we have to hit a request.
<set-url>https://apiendpoint.com/isipallowed/check</set-url>
Then
set-method element is used for updating the method type like - GET, POST, PUT,
PATCH.
<set-method>POST</set-method>
Then
the set-header element is used for setting the header for the request. In our
example we will hit a POST request with json content, so we need to add
Content-Type header with value of application/json.
<set-header name="Content-Type" exists-action="override">
<value>application/json</value>
</set-header>
set-body
element is used for providing the json content to be sent in request.
<set-body>
<value>@{
var body = "{ /"ipvalue/" : @context.Request.IpAddress }";
return body;
}
</value>
</set-body>
overall
send-request element now looks like the below:
<send-request mode="new" timeout="300" response-variable-name="resdata" ignore-error="false">
<set-url>https://apiendpoint.com/isipallowed/check</set-url>
<set-method>POST</set-method>
<set-header name="Content-Type" exists-action="override">
<value>application/json</value>
</set-header>
<set-body>
<value>@{
var body = "{ /"ipvalue/" : @context.Request.IpAddress }";
return body;
}
</value>
</set-body>
</send-request>
Now
we will use Choose and when condition to check whether the IP sent is there in
the list and the response code is 200. if it's not found then we must block the
Ip.
<choose>
<when condition="@(((IResponse)context.Variables.GetValueOrDefault<IResponse>
("resdata")).StatusCode != 200)">
<--- your policy -->
</when>
</choose>
For
blocking the IP, we must add the following Ip filter policy inside the above
tag.
<ip-filter action="forbid">
<address>@(context.Request.IpAddress)</address>
</ip-filter>
Now
the overall policy looks like below code:
<policies>
<inbound>
<base />
<send-request mode="new" timeout="300" response-variable-name="resdata" ignore-error="false">
<set-url>https://apiendpoint.com/isipallowed/check</set-url>
<set-method>POST</set-method>
<set-header name="Content-Type" exists-action="override">
<value>application/json</value>
</set-header>
<set-body>
<value>@{
var body = "{ /"ipvalue/" : @context.Request.IpAddress }";
return body;
}</value></set-body>
</send-request>
<choose>
<when condition="@(((IResponse)context.Variables.GetValueOrDefault<IResponse>
("resdata")).StatusCode != 200)">
<ip-filter action="forbid">
<address>@(context.Request.IpAddress)</address>
</ip-filter>
</when>
</choose>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>