What is the difference between API Gateway provided by Azure API Management and Azure Application Gateway?

Question

I'm new to Azure and I skimmed through Azure official documentation.

• What I would like to understand is the difference and similarities between the API Gateway provided by Azure API Management and Azure Application Gateway?

• When do we require Application Gateway in front of API Gateway (provided by Api Management)?

  • When API Gateway hosted normally.
  • When API Gateway hosted inside VNet.

• When do we require Azure Front Door in front of Application Gateway?

• Do we need to chain Azure Front Door --> Application Gateway --> API Gateway in what scenario, instead can't we do this Azure Front Door --> API Gateway, if yes in which scenario?

I want to understand solution to above questions based on below two compute solutions:

• When my API is hosted in Containers.
• When my API is composed of only Azure Functions.

Answer 1

Good question, I'll try to answer.

API Gateway is a pattern very common in API scenarios. It act's as a facade where you can transform the incoming/outcoming requests. There are many services which you can use for it:

• Kong
• Ocelot
• Apigee

and on Azure, API Management.

Azure Front Door and Azure Application Gateway (to me), offer more or less the same thing: Load balancer to your services + Web Application Firewall (WAF). If I have to choose one, I will go with Front Door as I think it's easier to setup.

When do we require Application Gateway in front of API Gateway (provided by Api Management)?

Whenever your API will be exposed to the internet. As I said, the benefit is having WAF in front of your APIs, it will block most common attacks (SQL Injection, XSS, etc).