Hey everyone! I'm relatively new to Azure, and we're thinking about introducing an API gateway for managing traffic to our APIs. We're looking at the APIM Standard, but it seems pricey and hard to justify. Are there any more affordable options on Azure that can work for our needs and ideally integrate with Entra? Thanks in advance!
3 Answers
If APIM Standard feels too heavy for your needs, there are more affordable options depending on the level of control required:
- **Azure Application Gateway** with WAF rules: Cheaper than full APIM and sufficient for traffic management & basic security.
- **Azure Front Door**: Great for global load balancing and routing with basic security features.
- **Self-hosted solutions like NGINX, Kong, or Ocelot**: They’re way cheaper but you'll need to manage operations yourself. Ocelot works great with .NET.
For Entra integration, securing your setup with **App Gateway + Azure AD App Proxy** or using OAuth directly on your services might be enough if you don't need the full API management features.
If your main goal is traffic visibility, you might want to check if storing logs in Azure Log Analytics could be a feasible solution. You can usually track requests at the application insights level and filter them from your Log Analytics queries as needed.
Have you looked into YARP? It’s lightweight and has a minimal attack surface, making it easy to configure. I use YARP behind an Application Gateway to keep all backend APIs internal, plus it scales nicely and is cost-effective!
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads