Securing external SaaS APIs with Azure API Management

German Intermediate Main Conference

Some vendors have very limited abilities to restrict the access to their APIs to a minimum. Especially when highly sensitive data is stored with the SaaS-Provider (e.g. CRM Solutions) it can be a challenge from a security perspective to outsource an integration to a 3rd party. Of course you have contracts, liabilities and other things in place, but it does not f.e. prevent breaches at the 3rd Party provider. While it is necessary that the integration partner retrieves some customer data, they should not be able to retrieve all data. Seeking for an easy way to secure this we found Azure API Management to be a good fit. In this session I will show you how we used Azure API Management to secure the APIs with certificate authentication and make sure that only a subset of the API can be used.


Nina Pollak

Azure Enthusiast

Nina is an Azure Enthusiast, founder of SpectoLogic® and supports customers developing solutions on Microsoft Azure. Passionate about CosmosDB, Serverless Computing, IoT and loves to work with Visual Studio & DevOps and regular explores new exciting Azure Services. SpectoLogic® -

Code of Conduct

We seek to provide a respectful, friendly, professional experience for everyone, regardless of gender, sexual orientation, physical appearance, disability, age, race or religion. We do not tolerate any behavior that is harassing or degrading to any individual, in any form. The Code of Conduct will be enforced.

Who does this Code of Conduct apply to?

All live stream organizers using the Global Azure brand and Global Azure speakers are responsible for knowing and abiding by these standards. Each speaker who wishes to submit through our Call for Presentations needs to read and accept the Code of Conduct. We encourage every organizer and attendee to assist in creating a welcoming and safe environment. Live stream organizers are required to inform and enforce the Code of Conduct if they accept community content to their stream.

Where can I get help?

If you are being harassed, notice that someone else is being harassed, or have any other concerns, report it. Please report any concerns, suspicious or disruptive activity or behavior directly to any of the live stream organizers, or directly to the Global Azure admins at All reports to the Global admin team will remain confidential.

Code of Conduct for local live streams

We expect local organizers to set up and enforce a Code of Conduct for all Global Azure live stream.

A good template can be found at, including internationalized versions at An excellent version of a Code of Conduct, not a template, is built by the DDD Europe conference at