Azure API Management Proxy to Cosmos DB

It took me some time to figure it out. Here is a howto to proxy from an Azure API Management to Cosmos DB.

Note down some point from your Cosmos Environment.

In my case we have the

URL https://fellowtest.documents.azure.com

Collections Id Items

Database ToDoList

We need this point later in the script. Go the Key section and write down the Primary Key:

Now open your API Management.

Enter here the Values

Now click on API and add a black API

Do not forget Products here.

Create a new operation

Select your new policy and click on to open the editor

Add the policy

 

    
        
        
        
            @{
         
            bool idBased = true;
            var date = context.Variables.GetValueOrDefault("requestDateString");
            var databaseId = "ToDoList";
            var collectionId = "Items";
            var verb = "GET";
            var resourceType = "docs";
            //var resourceLink = string.Format("dbs/{0}/colls/{1}/docs", databaseId, collectionId);
            var resourceId = string.Format("dbs/{0}/colls/{1}", databaseId, collectionId);
            var key = context.Variables.GetValueOrDefault("cosmoskey");
            var keyType="master";
            var tokenVersion="1.0";
 
            var hmacSha256 = new System.Security.Cryptography.HMACSHA256 { Key = Convert.FromBase64String(key) };
 
            verb = verb ?? ""; 
            resourceType = resourceType ?? "";
            resourceId = resourceId ?? "";
 
            string payLoad = string.Format("{0}\n{1}\n{2}\n{3}\n{4}\n",
                    verb.ToLowerInvariant(),
                    resourceType.ToLowerInvariant(),
                    resourceId,
                    date.ToLowerInvariant(),
                    ""
            );
 
            byte[] hashPayLoad = hmacSha256.ComputeHash(System.Text.Encoding.UTF8.GetBytes(payLoad));
            string signature = Convert.ToBase64String(hashPayLoad);
 
            return System.Uri.EscapeDataString(String.Format("type={0}&amp;ver={1}&amp;sig={2}",
                keyType,
                tokenVersion,
                signature));  
            
            
 

        }
        
        
            application/query+json
        
        
            True
        
        
            @(context.Variables.GetValueOrDefault("requestDateString"))
        
        
            2017-02-22
        
        
            true
        
    
    
        
    
    
        
            @(context.LastError.Source)
        
        
            @(context.LastError.Reason)
        
        
            @(context.LastError.Message)
        
        
            @(context.LastError.Scope)
        
        
            @(context.LastError.Section)
        
        
            @(context.LastError.Path)
        
        
            @(context.LastError.PolicyId)
        
        
            @(context.Response.StatusCode.ToString())
        
        
    
    
        
    

Now the point you need to change are:var databaseId = "ToDoList";
var collectionId = "Items";Click now on TestNow write down the Public IP from your API ManagmentGo back to Cosmos DB and click on FirewallYour Cosmos is now protected