Azure Key Vault is a great service to manage secrets, keys & certificates. It uses RBAC to control access. Like all access control system, there is a chain of access. For instance, my user account has access to the vault: this means if my account’s credentials get leaked, the access to the vault is compromised. … More Accessing Azure Key Vault using Managed Service Identity Logic Apps
In our last article, we looked at how we could leverage the Azure DevOps REST API to trigger multiple releases. This is useful when rebuilding an environment: first we release the shared infrastructure then each service on top of it. In this article, we’ll see an implementation example using Azure Logic Apps. There are many … More Using Azure DevOps REST API to start multiple releases with Azure Logic Apps
Azure DevOps CI / CD (i.e. Build / Release) mechanism is very valuable to me. It makes things reproduceable & robust. It allows me to change whatever I want since I have this constant safety net underneath. For simple projects, having a build and release is fine. With micro-services I adopt the pattern of one … More Using Azure DevOps REST API to start multiple releases
We looked at Azure Functions. We also looked at security around Azure Function used to implement APIs. Something people will quickly notice when implementing an Webhook / API function is that its URL or route is always prepended by /api. For instance, if we create a webhook function in C# and we setup the route … More How to get rid of /api in Azure Function’s route?
Let’s consider security with APIs, i.e how to securely identify the caller. There are two authentication methods quite popular in the cloud to secure APIs: Key-based access OAuth, or token-based access in general Let’s compare them. Key-Based By key-based we mean an authentication scheme where we do pass a key to the API request. That … More Security with API: OAuth, token-based access vs key-based access
In a past article, we looked at Serverless compute in Azure in general and Azure Functions specifically. In this article we wanted to focus on Azure Function triggered by HTTP requests and the different options we have to authenticate: Anonymous Function Admin System User Those are called Authorization Levels. For each function in a function … More Azure Functions HTTP – Authorization Levels
I’ve had a few requests to explain how to use the Nuget WordPress REST API beyond authentication. In order to do this, I added a Demo App under source control. The Nuget package source code is available at http://wordpressrestapi.codeplex.com/ and if you download the code, you’ll see there are 3 projects: WordPressRestApi: essentially the Nuget … More Nuget WordPress REST API – Demo App