[APIC] APIM synchronization

Author: gitName

articles/api-center/import-api-management-apis.md

@@ -58,7 +58,7 @@ az apim api export --api-id my-api --resource-group myResourceGroup \
 ```
 
 ```azurecli
-#! PowerShell syntax
+# Formatted for PowerShell
 az apim api export --api-id my-api --resource-group myResourceGroup `
     --service-name myAPIManagement --export-format OpenApiJsonFile `
     --file-path '/path/to/folder'
@@ -76,7 +76,7 @@ link=$(az apim api export --api-id my-api --resource-group myResourceGroup \
 ```
 
 ```azurecli
-# PowerShell syntax
+# Formatted for PowerShell
 $link=$(az apim api export --api-id my-api --resource-group myResourceGroup `
     --service-name myAPIManagement --export-format OpenApiJsonUrl --query properties.value.link `
     --output tsv)
@@ -107,7 +107,7 @@ az apic api definition import-specification \
 ```
 
 ```azurecli
-# PowerShell syntax
+# Formatted for PowerShell
 az apic api definition import-specification `
     --resource-group myResourceGroup --service-name myAPICenter `
     --api-id my-api --version-id v1-0-0 `
@@ -128,29 +128,11 @@ When you add APIs from an API Management instance to your API center using `az a
 
 ### Add a managed identity in your API center
 
-For this scenario, your API center uses a [managed identity](/entra/identity/managed-identities-azure-resources/overview) to access APIs in your API Management instance. Depending on your needs, configure either a system-assigned or one or more user-assigned managed identities. 
-
-The following examples show how to configure a system-assigned managed identity by using the Azure portal or the Azure CLI. At a high level, configuration steps are similar for a user-assigned managed identity. 
-
-#### [Portal](#tab/portal)
-
-1. In the [portal](https://azure.microsoft.com), navigate to your API center.
-1. In the left menu, under **Security**, select **Managed identities**.
-1. Select **System assigned**, and set the status to **On**.
-1. Select **Save**.
-
-#### [Azure CLI](#tab/cli)
-
-Set the system-assigned identity in your API center using the following [az apic update](/cli/azure/apic#az-apic-update) command. Substitute the names of your API center and resource group:
-
-```azurecli 
-az apic update --name <api-center-name> --resource-group <resource-group-name> --identity '{"type": "SystemAssigned"}'
-```
----
+[!INCLUDE [enable-managed-identity](includes/enable-managed-identity.md)]
 
 ### Assign the managed identity the API Management Service Reader role
 
-To allow import of APIs, assign your API center's managed identity the **API Management Service Reader** role in your API Management instance. You can use the [portal](../role-based-access-control/role-assignments-portal-managed-identity.yml) or the Azure CLI.
+[!INCLUDE [configure-managed-identity-apim-reader](includes/configure-managed-identity-apim-reader.md)]
 
 #### [Portal](#tab/portal)
 
@@ -175,7 +157,7 @@ To allow import of APIs, assign your API center's managed identity the **API Man
     ```
 
     ```azurecli
-    # PowerShell syntax
+    # Formatted for PowerShell
     $apicObjID=$(az apic show --name <api-center-name> `
         --resource-group <resource-group-name> `
         --query "identity.principalId" --output tsv)
@@ -189,7 +171,7 @@ To allow import of APIs, assign your API center's managed identity the **API Man
     ```
 
     ```azurecli
-    # PowerShell syntax
+    # Formatted for PowerShell
     $apimID=$(az apim show --name <apim-name> --resource-group <resource-group-name> --query "id" --output tsv)
     ```
 
@@ -207,7 +189,7 @@ To allow import of APIs, assign your API center's managed identity the **API Man
     ```
     
     ```azurecli
-    #! PowerShell syntax
+    # Formatted for PowerShell
     $scope=$apimID.substring(1)
 
     az role assignment create `
@@ -238,7 +220,7 @@ az apic import-from-apim --service-name <api-center-name> --resource-group <reso
 ```
 
 ```azurecli
-# PowerShell syntax
+# Formatted for PowerShell
 az apic import-from-apim --service-name <api-center-name> --resource-group <resource-group-name> `
     --apim-name <api-management-name> --apim-resource-group <api-management-resource-group-name> `
     --apim-apis '*'  
@@ -262,7 +244,7 @@ az apic import-from-apim --service-name <api-center-name> --resource-group <reso
 
 
 ```azurecli
-# PowerShell syntax
+# Formatted for PowerShell
 az apic import-from-apim --service-name <api-center-name> --resource-group <resource-group-name> `
     --apim-name <api-management-name> --apim-resource-group <api-management-resource-group-name> `
     --apim-apis 'petstore-api'    

articles/api-center/includes/api-center-service-limits.md

@@ -7,7 +7,7 @@ author: dlepow
 
 ms.service: azure-api-center
 ms.topic: include
-ms.date: 05/14/2024
+ms.date: 10/18/2024
 ms.author: danlep
 ms.custom: Include file
 ---
@@ -24,7 +24,10 @@ ms.custom: Include file
 | Maximum number of child properties in custom metadata property of type "object" | 10 |10 | 
 | Maximum requests per minute (data plane) | 3,000 | 6,000  |
 | Maximum number of API definitions [linted](../enable-managed-api-analysis-linting.md) per 4 hours | 10 | 100  |
+| Maximum number of linked API sources<sup>4</sup> | 1  |  3 |
+| Maximum number of API [synchronizations](../synchronize-api-management-apis.md)<sup>4</sup> per 4 hours | 1 | 10  |
 
 <sup>1</sup> To increase a limit in the Standard plan, contact [support](https://azure.microsoft.com/support/options/).<br/>
 <sup>2</sup> In the Free plan, use of full service features including API analysis and access through the data plane API is limited to 5 APIs.<br/>
 <sup>3</sup> Custom metadata properties assigned to APIs, deployments, and environments.
+<sup>4</sup> API sources include API Management instances linked to the API center for synchronization.

articles/api-center/includes/configure-managed-identity-apim-reader.md

@@ -0,0 +1,79 @@
+---
+title: Include file
+description: Include file
+services: api-center
+author: dlepow
+
+ms.service: azure-api-center
+ms.topic: include
+ms.date: 10/18/2024
+ms.author: danlep
+ms.custom: Include file
+---
+
+To allow import of APIs, assign your API center's managed identity the **API Management Service Reader** role in your API Management instance. You can use the [portal](../role-based-access-control/role-assignments-portal-managed-identity.yml) or the Azure CLI.
+
+#### [Portal](#tab/portal)
+
+1. In the [portal](https://azure.microsoft.com), navigate to your API Management instance.
+1. In the left menu, select **Access control (IAM)**.
+1. Select **+ Add role assignment**.
+1. On the **Add role assignment** page, set the values as follows: 
+    1. On the **Role** tab - Select **API Management Service Reader**.
+    1. On the **Members** tab, in **Assign access to** - Select **Managed identity** > **+ Select members**.
+    1. On the **Select managed identities** page - Select the system-assigned managed identity of your API center that you added in the previous section. Click **Select**.
+    1. Select **Review + assign**.
+
+#### [Azure CLI](#tab/cli)
+
+1. Get the principal ID of the identity. For a system-assigned identity, use the [az apic show](/cli/azure/apic#az-apic-show) command. 
+
+    ```azurecli
+    #! /bin/bash
+    apicObjID=$(az apic show --name <api-center-name> \
+        --resource-group <resource-group-name> \
+        --query "identity.principalId" --output tsv)
+    ```
+
+    ```azurecli
+    # Formatted for PowerShell
+    $apicObjID=$(az apic show --name <api-center-name> `
+        --resource-group <resource-group-name> `
+        --query "identity.principalId" --output tsv)
+    ```
+
+1. Get the resource ID of your API Management instance using the [az apim show](/cli/azure/apim#az-apim-show) command.
+ 
+    ```azurecli
+    #! /bin/bash
+    apimID=$(az apim show --name <apim-name> --resource-group <resource-group-name> --query "id" --output tsv)
+    ```
+
+    ```azurecli
+    # Formatted for PowerShell
+    $apimID=$(az apim show --name <apim-name> --resource-group <resource-group-name> --query "id" --output tsv)
+    ```
+
+1. Assign the managed identity the **API Management Service Reader** role in your API Management instance using the [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create) command.
+
+    ```azurecli
+    #! /bin/bash
+    scope="${apimID:1}"
+
+    az role assignment create \
+        --role "API Management Service Reader Role" \
+        --assignee-object-id $apicObjID \
+        --assignee-principal-type ServicePrincipal \
+        --scope $scope 
+    ```
+    
+    ```azurecli
+    # Formatted for PowerShell
+    $scope=$apimID.substring(1)
+
+    az role assignment create `
+        --role "API Management Service Reader Role" `
+        --assignee-object-id $apicObjID `
+        --assignee-principal-type ServicePrincipal `
+        --scope $scope 
+---

articles/api-center/includes/enable-managed-identity.md

@@ -0,0 +1,101 @@
+---
+title: Include file
+description: Include file
+services: api-center
+author: dlepow
+
+ms.service: azure-api-center
+ms.topic: include
+ms.date: 10/18/2024
+ms.author: danlep
+ms.custom: Include file
+---
+
+For this scenario, your API center uses a [managed identity](/entra/identity/managed-identities-azure-resources/overview) to access APIs in your API Management instance. Depending on your needs, configure either a system-assigned or one or more user-assigned managed identities. 
+
+The following examples show how to configure a system-assigned managed identity by using the Azure portal or the Azure CLI. At a high level, configuration steps are similar for a user-assigned managed identity. 
+
+#### [Portal](#tab/portal)
+
+1. In the [portal](https://azure.microsoft.com), navigate to your API center.
+1. In the left menu, under **Security**, select **Managed identities**.
+1. Select **System assigned**, and set the status to **On**.
+1. Select **Save**.
+
+#### [Azure CLI](#tab/cli)
+
+Set the system-assigned identity in your API center using the following [az apic update](/cli/azure/apic#az-apic-update) command. Substitute the names of your API center and resource group:
+
+```azurecli 
+az apic update --name <api-center-name> --resource-group <resource-group-name> --identity '{"type": "SystemAssigned"}'
+```
+---
+
+### Assign the managed identity the API Management Service Reader role
+
+To allow import of APIs, assign your API center's managed identity the **API Management Service Reader** role in your API Management instance. You can use the [portal](../role-based-access-control/role-assignments-portal-managed-identity.yml) or the Azure CLI.
+
+#### [Portal](#tab/portal)
+
+1. In the [portal](https://azure.microsoft.com), navigate to your API Management instance.
+1. In the left menu, select **Access control (IAM)**.
+1. Select **+ Add role assignment**.
+1. On the **Add role assignment** page, set the values as follows: 
+    1. On the **Role** tab - Select **API Management Service Reader**.
+    1. On the **Members** tab, in **Assign access to** - Select **Managed identity** > **+ Select members**.
+    1. On the **Select managed identities** page - Select the system-assigned managed identity of your API center that you added in the previous section. Click **Select**.
+    1. Select **Review + assign**.
+
+#### [Azure CLI](#tab/cli)
+
+1. Get the principal ID of the identity. For a system-assigned identity, use the [az apic show](/cli/azure/apic#az-apic-show) command. 
+
+    ```azurecli
+    #! /bin/bash
+    apicObjID=$(az apic show --name <api-center-name> \
+        --resource-group <resource-group-name> \
+        --query "identity.principalId" --output tsv)
+    ```
+
+    ```azurecli
+    # Formatted for PowerShell
+    $apicObjID=$(az apic show --name <api-center-name> `
+        --resource-group <resource-group-name> `
+        --query "identity.principalId" --output tsv)
+    ```
+
+1. Get the resource ID of your API Management instance using the [az apim show](/cli/azure/apim#az-apim-show) command.
+ 
+    ```azurecli
+    #! /bin/bash
+    apimID=$(az apim show --name <apim-name> --resource-group <resource-group-name> --query "id" --output tsv)
+    ```
+
+    ```azurecli
+    # Formatted for PowerShell
+    $apimID=$(az apim show --name <apim-name> --resource-group <resource-group-name> --query "id" --output tsv)
+    ```
+
+1. Assign the managed identity the **API Management Service Reader** role in your API Management instance using the [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create) command.
+
+    ```azurecli
+    #! /bin/bash
+    scope="${apimID:1}"
+
+    az role assignment create \
+        --role "API Management Service Reader Role" \
+        --assignee-object-id $apicObjID \
+        --assignee-principal-type ServicePrincipal \
+        --scope $scope 
+    ```
+    
+    ```azurecli
+    # Formatted for PowerShell
+    $scope=$apimID.substring(1)
+
+    az role assignment create `
+        --role "API Management Service Reader Role" `
+        --assignee-object-id $apicObjID `
+        --assignee-principal-type ServicePrincipal `
+        --scope $scope 
+---

articles/api-center/media/synchronize-api-management-apis/environment-link-list.png

@@ -0,0 +1,89 @@
+---
+title: Synchronize APIs from Azure API Management to Azure API Center
+description: Link an API Management instance to Azure API Center and automatically synchronize APIs from API Management to  inventory.
+author: dlepow
+ms.service: azure-api-center
+ms.topic: how-to
+ms.date: 10/18/2024
+ms.author: danlep 
+ms.custom: devx-track-azurecli
+# Customer intent: As an API program manager, I want to link my Azure API Management instance to my API center and synchronize API Management APIs to my inventory.
+---
+
+# Link an API Management instance to your API center and synchronize APIs
+
+This article shows how to create a link (preview) to an API Management instance in your [API center](overview.md) using the Azure portal.
+
+Linking an API Management instance automates the regular synchronization of APIs from API Management to your API center inventory. This makes the API Management APIs easily discoverable and accessible to developers, API program managers, and other stakeholders.
+
+## About linking an API Management instance
+
+While you can export APIs from Azure API Management and [import](import-api-management-apis.md) them to Azure API Center using the Azure CLI as a one-time operation, linking an API Management instance ensures regular, automatic synchronization.
+
+When you link an API Management instance to an API center, the following happens:
+
+* All APIs and related API specifications from the API Management instance are imported to the API center inventory.
+* An [environment](key-concepts.md#environment) is created in the API center.
+
+API Management APIs automatically synchronize to the API center whenever there are changes detected to existing API properties, new versions are added, new APIs are created, or APIs are deleted. This synchronization is one-way from API Management to your Azure API center, meaning API updates in the API center are not synchronized back to the API Management instance.
+
+> [!NOTE]
+> * Certain properties of API Management APIs such as the name, description, and API definition can't be edited in the API center. 
+> * Links to API Management instances are subject to [certain limits](../azure-resource-manager/management/azure-subscription-service-limits.md?toc=/azure/api-center/toc.json&bc=/azure/api-center/breadcrumb/toc.json#api-center-limits) on number of links and frequency of synchronization.
+
+
+## Prerequisites
+
+* An API center in your Azure subscription. If you haven't created one, see [Quickstart: Create your API center](set-up-api-center.md).
+
+* One or more instances of Azure API Management, in the same or a different subscription. The resources must be in the same directory. 
+
+* One or more APIs managed in your API Management instance that you want to synchronize to your API center. 
+
+* For Azure CLI:
+    [!INCLUDE [include](~/reusable-content/azure-cli/azure-cli-prepare-your-environment-no-header.md)]
+
+    [!INCLUDE [install-apic-extension](includes/install-apic-extension.md)]
+
+    > [!NOTE]
+    > Azure CLI command examples in this article can run in PowerShell or a bash shell. Where needed because of different variable syntax, separate command examples are provided for the two shells.
+
+
+## Add a managed identity in your API center
+
+[!INCLUDE [enable-managed-identity](includes/enable-managed-identity.md)]
+
+## Assign the managed identity the API Management Service Reader role
+
+[!INCLUDE [configure-managed-identity-apim-reader](includes/configure-managed-identity-apim-reader.md)]
+
+## Link an API Management instance 
+
+You can create a link to an API Management in the portal.
+
+1. In the [portal](https://portal.azure.com), navigate to your API center.
+1. Under **Assets**, select **Environments**.
+1. Select **Links (preview)** > **+ Create a link**.
+
+A link is added in the list of links. The API Management APIs are imported to the API center inventory and an environment is created.
+
+:::image type="content" source="media/synchronize-api-management-apis/environment-link-list.png" alt-text="Screenshot of link to API Management in the portal.":::
+
+## Unlink an API Management instance
+
+You can delete a link to an API Management instance. When you unlink an API Management instance from your API center:
+
+* All the APIs in the inventory from API Management are deleted
+* The environment associated with the API Management instance is deleted
+
+To delete a link:
+
+1. In the [portal](https://portal.azure.com), navigate to your API center.
+1. Under **Assets**, select **Environments** > **Links (preview)**.
+1. Select the link, and then select **Delete** (trash can icon). 
+
+## Related content
+ 
+* [Manage API inventory with Azure CLI commands](manage-apis-azure-cli.md)
+* [Import APIs from API Management to your Azure API center](import-api-management-apis.md)
+* [Azure API Management documentation](../api-management/index.yml)