- Decide on the access management for APIM services through all possible channels like portal, ARM REST API, DevOps etc.
- Decide on the access management for APIM entities.
- Decide on how to sign up and authorize the developer accounts.
- Decide on how subscriptions are used.
- Decide on the visibility of products and APIs on the developer portal.
- Decide on access revocation policies.
- Decide on reporting requirements for access control.
- Using built-in roles to control access to APIM service to delegate responsibilities across teams to manage the APIM instance.
- Using custom roles using API Management RBAC Operations to set fine-grained access to APIM entities. For example. API developers, Backup operators, DevOps Automation, etc.
- Associate subscriptions at the appropriate scope like products.
- Create appropriate groups to control the visibility of the products.
- Manage access to the developer portal using Azure Active Directory B2C.
- Reporting:
- Make use of built-in analytics.
- Review Audit logs.
- Create custom reports.