Sven Malvik svenmalvik

## apim.tf
provider "azurerm" {
    subscription_id = "YOUR_SUBSCRIPTION_ID"
    tenant_id       = "YOUR_TENANT_ID"
}

resource "azurerm_resource_group" "rg" {
    name     = "test-rg"
    location = "westeurope"
}

## deployApim.ps1
#Requires -Version 3.0

<#
.SYNOPSIS
TenantId of where API Management will be created
.PARAMETER TenantId
SubscriptionId of where API Management will be created
.PARAMETER SubscriptionId
Resource Group to be created or updated where API Management will be created
.PARAMETER ResourceGroupName

## appservice.json
{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "servicename": {
            "type": "String",
            "defaultValue": "YOUR_SERVICENAME"
        },
        "connectionstring": {
            "type": "String"

## azure-app-configuration-pre-request.js
var credential = "YOUR-APP-CONFIGURATION-CREDENTIAL-ID";
var secret = "YOUR-APP-CONFIGURATION-CREDENTIAL-VALUE";

function signRequest(host,
                     method,      // GET, PUT, POST, DELETE
                     url,         // path+query
                     body,        // request body (undefined of none)
                     credential,  // access key id
                     secret)      // access key value (base64 encoded)
{

## apim-masterkey-prevention.policy.xml
<choose>
    <when condition="@(context.Subscription != null && context.Subscription.Id == "master")">
        <return-response>
            <set-status code="400" reason="Bad Request" />
            <set-header name="Content-Type" exists-action="override">
                <value>application/json; charset=UTF-8</value>
            </set-header>
            <set-body>{"message": "Access denied due to invalid subscription key."}</set-body>
        </return-response>
    </when>

## apim-logging-body-header.policy.xml

<policies>
	<inbound>
		<log-to-eventhub logger-id="svenmalvik-logger">
            @{
                var body =  context.Request.Body.As<string>(preserveContent: true);
                // ToBase64 to get it better tranfered
                var bodyToLog = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(body));

                var headers = context.Request.Headers;
	provider "azurerm" {
	subscription_id = "YOUR_SUBSCRIPTION_ID"
	tenant_id = "YOUR_TENANT_ID"
	}

	resource "azurerm_resource_group" "rg" {
	name = "test-rg"
	location = "westeurope"
	}
	#Requires -Version 3.0

	<#
	.SYNOPSIS
	TenantId of where API Management will be created
	.PARAMETER TenantId
	SubscriptionId of where API Management will be created
	.PARAMETER SubscriptionId
	Resource Group to be created or updated where API Management will be created
	.PARAMETER ResourceGroupName
	{
	"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
	"contentVersion": "1.0.0.0",
	"parameters": {
	"servicename": {
	"type": "String",
	"defaultValue": "YOUR_SERVICENAME"
	},
	"connectionstring": {
	"type": "String"
	var credential = "YOUR-APP-CONFIGURATION-CREDENTIAL-ID";
	var secret = "YOUR-APP-CONFIGURATION-CREDENTIAL-VALUE";

	function signRequest(host,
	method, // GET, PUT, POST, DELETE
	url, // path+query
	body, // request body (undefined of none)
	credential, // access key id
	secret) // access key value (base64 encoded)
	{
	<choose>
	<when condition="@(context.Subscription != null && context.Subscription.Id == "master")">
	<return-response>
	<set-status code="400" reason="Bad Request" />
	<set-header name="Content-Type" exists-action="override">
	<value>application/json; charset=UTF-8</value>
	</set-header>
	<set-body>{"message": "Access denied due to invalid subscription key."}</set-body>
	</return-response>
	</when>