Azure API management is a great new service from Azure that is now in public beta. Azure API management allows you to expose your API’s and apply rate limits and manage users who can access them, as well as apply some transformations. You can find all about it on the Azure API Management service description. As Azure API Management allows for setting up permissions on who can access your API’s it is key to have a complete overview of who can access what.
In order to do so the Azure team made it easy to share API’s and grand users permissions by only requiring an e-mail address and password to sign in. These accounts are currently not stored in Azure and the only thing you need is an e-mail address and password. There is no e-mail restriction, so you can use an unmonitored alias (or non existing one). However the Azure API Management Service will try to send notifications to the provided address, so it might be useful to provide a monitored alias.
Once a user is created it will appear in the user overview:
A newly created user will have no subscriptions, but he or she can already be blocked. Blocking a user will prevent him from logging in or accessing any subscriptions they might have:
If a user is active he (or she) can subscribe to the published products that are visible for them and depending on the configuration there a subscription is active, or requires approval from an Administrator.
Obviously an administrator can also revoke any permissions the user has on a certain product (and all available API’s). So when ‘terminating’ a user an administrator has two options, access can be revoked for one or more products, prevent users from accessing that product. But users can also be blocked preventing them to access all products.
Once a user is created however he or she can not be deleted by an administrator. So in a scenario where the administrator create several users for applications that will be using Azure API Management, that same administrator cannot delete these created users. So if that administrator would have multiple applications and create multiple users for those the overview could get cluttered, especially if those users are no longer used and should have been deleted.
The only one that can delete a user account, and prevent it from showing up in the user overview, is the user it self. So if an administrator would like to delete an user he created, he should log in with the credentials of that user, and ‘close’ the account by clicking the large ‘close account’ button on the bottom of the screen.
If a user closes his account all references in Azure API Management will be deleted, and he or she will no longer appear in the overviews, keeping them clean.