Skip to main content

Connect Azure API Gateway

How to connect an new Azure API Gateway (Least Privilege Setup)

The following instructions summarize the detailed instructions found within the application when logged in.

Step 1 — Create an App Registration

Path:
Azure Portal → Microsoft Entra ID → App registrations → + New registration

Fields:

  • Name: apiable-apim-access-service-contributor

  • Supported account types: Accounts in this directory only

  • Redirect URI: (leave empty)

Click Register

Copy these values:

  • Application (client) ID → Client ID

  • Directory (tenant) ID → Tenant ID

Step 2 — Create a Client Secret

Path:
App → Client credentials → Add a certificate or secret

  1. Click + New client secret

  2. Description: ApiableSecret

  3. Expiry: 12 months

💡 Tip: Set a calendar reminder to renew your credentials before expiry.

Copy the secret value immediately — this will be your Client Secret (write-only in Apiable).

Step 3 — Assign a Narrow Role

Give the app rights only on your APIM instance, not the whole resource group or subscription.

  1. Go to your API Management instance.

  2. Open Access control (IAM)+ Add → Add role assignment

  3. Role: API Management Service Contributor

  4. Assign access to: User, group, or service principal

  5. Select members: find and select apiable-apim-access-service-contributor

  6. Click Next → Review + assign → Review + assign

✅ This role allows the app to list and update APIs, products, and subscriptions — but not delete the APIM resource or modify RBAC.

Step 4 — Collect the Fields for Apiable

Field

Where to find it

Tenant ID

Entra ID → Overview

Subscription ID

Subscriptions → Your subscription → Overview

Resource Group

APIM → Essentials pane

Service Name

APIM instance name (e.g. apiable-resource-north-europe)

Client ID / Secret

From Step 1 & 2

Step 5 — Plug Into Apiable

In Apiable → Azure connector setup:

  1. Auth method: Service Principal (Client ID + Secret)

  2. Fill in all the values from Step 4

  3. Test the connection

  4. Save and connect

⚠️ Once saved, the Client ID and Secret will no longer be visible. Test first!

Step 6 — Synchronize the New Gateway

  1. Go back to Gateways in Apiable
    → click ← Back to gateways

  2. Navigate to Catalog → API Catalog

  3. Press Synchronize

  4. Under Gateway filter, choose your new Azure API Gateway

Result: Apiable is now securely connected to your Azure API Management instance with the minimum privileges required to manage and synchronize APIs.

Did this answer your question?