Project focused on creating an API focused on payments, with an emphasis on security and access management using Azure resources.
-
Created a Web App in Azure using:
Runtime stack: Python 3.13
OS: Linux
Publish type: Code (not container)
-
Accessed the web app file system via Kudu Bash console.
-
Created backend logic using Flask, including:
app.py to return mock JSON data
requirements.txt for Python dependencies (flask, gunicorn)
Startup.txt to run the app using Gunicorn
-
Configured Startup Command in App Service β Configuration β General Settings:
startup.txt
-
Installed dependencies and restarted the service to test responses at:
https://webapppayment.azurewebsites.net/api/payment https://webapppayment.azurewebsites.net/api/payment/v1
-
Created an API Management Service named APImanagement-payment.
-
Created a new API using the βImport from App Serviceβ option:
Imported the backend App Service: webapppayment
Set:
Base URL: https://apimanagement-payment.azure-api.net/payment Version identifier: v1 Versioning scheme: Path
-
Linked this API again manually via App Service > API Management tab to ensure exposure through API Management.
-
Created a Virtual Network (VNet) for future integrations.
-
Configured networking rules for the web app:
Inbound traffic access: Set to Allow (No Restrictions)
-
Enabled CORS for cross-origin access in the Web App settings.
-
Enabled and generated a new subscription key for the API Management service to authorize requests.
-
Tested GET request from Postman using this key:
Verified 200 OK status and correct JSON response.
-
Applied a validate-jwt policy in the Inbound processing of the API Management service to enforce JWT-based access control.
-
Successfully accessed the API via:
Direct App Service endpoint
Azure API Management endpoint
-
Confirmed secure, authenticated API responses using subscription keys and JWT validation.
-
Backend properly responds at versioned endpoints like:
- built a Python-based REST API using Flask, deploying it not on your local machine, but on a scalable cloud platform (Azure App Service).
- learned to manage application files in a cloud environment using tools like Kudu Bash and basic Linux commands.
- understood how to serve production-grade apps using Gunicorn, and configure startup behavior in a Linux-hosted web app.
- implemented clean REST endpoints like /api/payment and /api/payment/v1, which reflects good API design principles.
- observed how versioning via URL paths (/v1) can help maintain backwards compatibility in production APIs.
-
used Azure API Management to expose your backend API securely and professionally.
-
learned how to:
Import APIs from App Services Apply base paths and version identifiers Enable authentication policies and subscription management -
had first-hand experience in creating a full API lifecycle management system β including consumption control and analytics capabilities.
- configured CORS to allow secure cross-origin requests, a crucial part of any frontend-backend integration.
- applied JWT validation policies and learned how to work with subscription keys β exposing you to real-world API authentication and access strategies.
- created and understood the role of a Virtual Network (VNet), even if not heavily used in this scenario, preparing you for more complex architectures.
- explored how different Azure services (App Service, APIM, Networking) interconnect to form a unified, secure, and scalable platform.
-
practiced cloud debugging techniques like:
Using the Kudu console Viewing Log Streams Modifying startup behavior and verifying routes -
learned how to identify and fix issues like 404 errors, missing Python runtimes, and incorrect routing or configuration.