It took me some time to figure it out. Here is a howto to proxy from an Azure API Management to Cosmos DB.

Note down some point from your Cosmos Environment.

In my case we have the

URL https://fellowtest.documents.azure.com

Collections Id Items

Database ToDoList

We need this point later in the script. Go the Key section and write down the Primary Key:

Now open your API Management.

Enter here the Values

Now click on API and add a black API

Do not forget Products here.

Create a new operation

Select your new policy and click on to open the editor

@{
         
            bool idBased = true;
            var date = context.Variables.GetValueOrDefault("requestDateString");
            var databaseId = "ToDoList";
            var collectionId = "Items";
            var verb = "GET";
            var resourceType = "docs";
            //var resourceLink = string.Format("dbs/{0}/colls/{1}/docs", databaseId, collectionId);
            var resourceId = string.Format("dbs/{0}/colls/{1}", databaseId, collectionId);
            var key = context.Variables.GetValueOrDefault("cosmoskey");
            var keyType="master";
            var tokenVersion="1.0";
 
            var hmacSha256 = new System.Security.Cryptography.HMACSHA256 { Key = Convert.FromBase64String(key) };
 
            verb = verb ?? ""; 
            resourceType = resourceType ?? "";
            resourceId = resourceId ?? "";
 
            string payLoad = string.Format("{0}\n{1}\n{2}\n{3}\n{4}\n",
                    verb.ToLowerInvariant(),
                    resourceType.ToLowerInvariant(),
                    resourceId,
                    date.ToLowerInvariant(),
                    ""
            );
 
            byte[] hashPayLoad = hmacSha256.ComputeHash(System.Text.Encoding.UTF8.GetBytes(payLoad));
            string signature = Convert.ToBase64String(hashPayLoad);
 
            return System.Uri.EscapeDataString(String.Format("type={0}&ver={1}&sig={2}",
                keyType,
                tokenVersion,
                signature));  
            
            
 

        }
        
        
            application/query+json
        
        
            True
        
        
            @(context.Variables.GetValueOrDefault("requestDateString"))
        
        
            2017-02-22
        
        
            true
        
    
    
        
    
    
        
            @(context.LastError.Source)
        
        
            @(context.LastError.Reason)
        
        
            @(context.LastError.Message)
        
        
            @(context.LastError.Scope)
        
        
            @(context.LastError.Section)
        
        
            @(context.LastError.Path)
        
        
            @(context.LastError.PolicyId)
        
        
            @(context.Response.StatusCode.ToString())
        
        
    
    
        
    

Now the point you need to change are:

var databaseId = "ToDoList";
var collectionId = "Items";

Click now on Test

Now write down the Public IP from your API Managment

Go back to Cosmos DB and click on Firewall

Your Cosmos is now protected

Verpasse diese Tipps nicht!

Wir senden keinen Spam! Erfahre mehr in unserer Datenschutzerklärung.

Leave a Reply

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert