- Print
- DarkLight
- PDF
Choosing between Azure API Management serverless and other pricing tiers
- Print
- DarkLight
- PDF
Azure API Management (APIM) is an old and mature Azure service. With the rise of API-driven architectures, APIM has become a first-class citizen in most Azure solutions. A while back, Microsoft proposed a serverless flavor of APIM, namely the Consumption tier. This pricing tier offers what we like about serverless: automatic scalability, cost friendliness, and nearly zero operations.
However, there are also a few downsides when using the serverless tier. The online Microsoft documentation already lists all the features available in each tier. Still, I thought it would be more relevant to list the use cases instead of the features, especially for people still discovering Azure. Below is a list of use cases and when it makes sense to use serverless and when it does not.
Serverless | Other tiers | |
---|---|---|
You want to create a service catalog, and you want to benefit from API versioning and revisions, which first and third parties can consume | Yes (1) | Yes |
You want to standardize the way your backend services are exposed for consumption | Yes | Yes |
You want to monitor your APIs and get insights into their consumption | Yes | Yes |
You want to leverage the API gateway as a policy enforcement point (PEP) | Yes (2) | Yes |
You do not want to be in charge of APIM scaling | Yes | No |
You want to mitigate DOS/DDOS with throttling policies and protect your backend services against service abuse | No | Yes |
You want to integrate your APIs into a Hub & Spoke topology | No | Yes |
Do you want to privatize APIM for internal consumption | No | Yes |
You want to use APIM’s control plane as a multi-cloud and multi-datacenter solution | No | Yes |
You want to maximize high availability and disaster recovery | No | Yes |
Since the developer portal is unavailable for the Consumption tier, you will have to onboard API consumers your way.
Because the serverless tier does not offer a VIP (Virtual IP address), nor does it integrate with virtual networks, it is impossible to lock down the network and restrict traffic to your APIM instance only. However, if your backend services integrate with Azure Active Directory, you can leverage APIM’s managed identity (system and user-assigned) to authenticate APIM against your backend. It will make sure traffic goes through the API gateway. However, beware that not all the policies are available for the serverless tier. It means you won’t be able to enforce as many controls as with the other APIM tiers.
In conclusion, the Consumption tier is suitable for companies who do not want to invest too much money in their APIs and deal with basic API needs. It would help if you considered using another tier when you have stricter security and high availability requirements.