Skip to main content

Connect Azure API Gateway

How to connect an new Azure API Gateway (Least Privilege Setup)

Updated over a month ago

The following instructions summarize the detailed instructions found within the application when logged in.

Step 1 — Create an App Registration

Path:
Azure Portal → Microsoft Entra ID → App registrations → + New registration

Fields:

  • Name: apiable-apim-access-service-contributor

  • Supported account types: Accounts in this directory only

  • Redirect URI: (leave empty)

Click Register

Copy these values:

  • Application (client) ID → Client ID

  • Directory (tenant) ID → Tenant ID

Step 2 — Create a Client Secret

Path:
App → Client credentials → Add a certificate or secret

  1. Click + New client secret

  2. Description: ApiableSecret

  3. Expiry: 12 months

💡 Tip: Set a calendar reminder to renew your credentials before expiry.

Copy the secret value immediately — this will be your Client Secret (write-only in Apiable).

Step 3 — Assign a Narrow Role

Give the app rights only on your APIM instance, not the whole resource group or subscription.

  1. Go to your API Management instance.

  2. Open Access control (IAM)+ Add → Add role assignment

  3. Role: API Management Service Contributor

  4. Assign access to: User, group, or service principal

  5. Select members: find and select apiable-apim-access-service-contributor

  6. Click Next → Review + assign → Review + assign

✅ This role allows the app to list and update APIs, products, and subscriptions — but not delete the APIM resource or modify RBAC.

Step 4 — Collect the Fields for Apiable

Field

Where to find it

Tenant ID

Entra ID → Overview

Subscription ID

Subscriptions → Your subscription → Overview

Resource Group

APIM → Essentials pane

Service Name

APIM instance name (e.g. apiable-resource-north-europe)

Client ID / Secret

From Step 1 & 2

Step 5 — Plug Into Apiable

In Apiable → Azure connector setup:

  1. Auth method: Service Principal (Client ID + Secret)

  2. Fill in all the values from Step 4

  3. Test the connection

  4. Save and connect

⚠️ Once saved, the Client ID and Secret will no longer be visible. Test first!

Step 6 — Synchronize the New Gateway

  1. Go back to Gateways in Apiable
    → click ← Back to gateways

  2. Navigate to Catalog → API Catalog

  3. Press Synchronize

  4. Under Gateway filter, choose your new Azure API Gateway

Result: Apiable is now securely connected to your Azure API Management instance with the minimum privileges required to manage and synchronize APIs.

Did this answer your question?