Merge pull request #50728 from v-thpra/azure-triage-fix-1055074

v-dirichards · web-flow · commit d38d5c66c859 · 2025-06-06T13:55:34.000-05:00
Technical Review 1055074: Protect your APIs on Azure API Management
diff --git a/learn-pr/azure/protect-apis-on-api-management/1-introduction.yml b/learn-pr/azure/protect-apis-on-api-management/1-introduction.yml
@@ -1,14 +1,14 @@
-### YamlMime:ModuleUnit
-uid: learn.protect-apis-on-api-management.1-introduction
-title: Introduction
-metadata:
-  title: Introduction
-  description: In this unit, you'll learn about a business scenario that you can solve by using API protection policies in Azure API Management.
-  ms.date: 08/10/2023
-  author: dlepow
-  ms.author: danlep
-  ms.topic: unit
-durationInMinutes: 3
-content: |
-  [!include[](includes/1-introduction.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.protect-apis-on-api-management.1-introduction
+title: Introduction
+metadata:
+  title: Introduction
+  description: In this unit, you learn about a business scenario that you can solve by using API protection policies in Azure API Management.
+  ms.date: 05/30/2025
+  author: dlepow
+  ms.author: danlep
+  ms.topic: unit
+durationInMinutes: 3
+content: |
+  [!include[](includes/1-introduction.md)]
+
diff --git a/learn-pr/azure/protect-apis-on-api-management/2-remove-technical-info.yml b/learn-pr/azure/protect-apis-on-api-management/2-remove-technical-info.yml
@@ -1,14 +1,14 @@
-### YamlMime:ModuleUnit
-uid: learn.protect-apis-on-api-management.2-remove-technical-info
-title: Remove technical information from API responses
-metadata:
-  title: Remove technical information from API responses
-  description: Create an API gateway and remove some of the headers from web API responses.
-  ms.date: 08/10/2023
-  author: dlepow
-  ms.author: danlep
-  ms.topic: unit
-durationInMinutes: 5
-content: |
-  [!include[](includes/2-remove-technical-info.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.protect-apis-on-api-management.2-remove-technical-info
+title: Remove technical information from API responses
+metadata:
+  title: Remove technical information from API responses
+  description: Create an API gateway and remove some of the headers from web API responses.
+  ms.date: 05/30/2025
+  author: dlepow
+  ms.author: danlep
+  ms.topic: unit
+durationInMinutes: 5
+content: |
+  [!include[](includes/2-remove-technical-info.md)]
+
diff --git a/learn-pr/azure/protect-apis-on-api-management/3-exercise-remove-header.yml b/learn-pr/azure/protect-apis-on-api-management/3-exercise-remove-header.yml
@@ -1,16 +1,16 @@
-### YamlMime:ModuleUnit
-uid: learn.protect-apis-on-api-management.3-exercise-remove-header
-title: Exercise - Remove header information
-metadata:
-  title: Exercise - Remove header information
-  description: In this exercise, you'll add a web API to Azure API Management and then use a policy to control the HTTP headers that the API returns.
-  ms.date: 08/10/2023
-  author: dlepow
-  ms.author: danlep
-  ms.topic: unit
-durationInMinutes: 10
-interactive: bash
-azureSandbox: false
-content: |
-  [!include[](includes/3-exercise-remove-header.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.protect-apis-on-api-management.3-exercise-remove-header
+title: Exercise - Remove header information
+metadata:
+  title: Exercise - Remove header information
+  description: In this exercise, you add a web API to Azure API Management and then use a policy to control the HTTP headers that the API returns.
+  ms.date: 05/30/2025
+  author: dlepow
+  ms.author: danlep
+  ms.topic: unit
+durationInMinutes: 10
+interactive: bash
+azureSandbox: false
+content: |
+  [!include[](includes/3-exercise-remove-header.md)]
+
diff --git a/learn-pr/azure/protect-apis-on-api-management/4-hide-url-transformation.yml b/learn-pr/azure/protect-apis-on-api-management/4-hide-url-transformation.yml
@@ -1,14 +1,14 @@
-### YamlMime:ModuleUnit
-uid: learn.protect-apis-on-api-management.4-hide-url-transformation
-title: Mask URLs with a transformation policy
-metadata:
-  title: Mask URLs with a transformation policy
-  description: In this module, you'll learn about transformation policies and how to use them to modify the content of an API response.
-  ms.date: 08/10/2023
-  author: dlepow
-  ms.author: danlep
-  ms.topic: unit
-durationInMinutes: 5
-content: |
-  [!include[](includes/4-hide-url-transformation.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.protect-apis-on-api-management.4-hide-url-transformation
+title: Mask URLs with a transformation policy
+metadata:
+  title: Mask URLs with a transformation policy
+  description: In this module, you learn about transformation policies and how to use them to modify the content of an API response.
+  ms.date: 05/30/2025
+  author: dlepow
+  ms.author: danlep
+  ms.topic: unit
+durationInMinutes: 5
+content: |
+  [!include[](includes/4-hide-url-transformation.md)]
+
diff --git a/learn-pr/azure/protect-apis-on-api-management/5-exercise-hide-url.yml b/learn-pr/azure/protect-apis-on-api-management/5-exercise-hide-url.yml
@@ -1,15 +1,15 @@
-### YamlMime:ModuleUnit
-uid: learn.protect-apis-on-api-management.5-exercise-hide-url
-title: Exercise - Mask URLs with a transformation policy
-metadata:
-  title: Exercise - Mask URLs with a transformation policy
-  description: In this module, you use a policy to hide the URL of the hosted URL to ensure that its location is not passed to users.
-  ms.date: 08/10/2023
-  author: dlepow
-  ms.author: danlep
-  ms.topic: unit
-durationInMinutes: 5
-azureSandbox: false
-content: |
-  [!include[](includes/5-exercise-hide-url.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.protect-apis-on-api-management.5-exercise-hide-url
+title: Exercise - Mask URLs with a transformation policy
+metadata:
+  title: Exercise - Mask URLs with a transformation policy
+  description: In this module, you use a policy to hide the URL of the hosted URL to ensure that its location isn't passed to users.
+  ms.date: 05/30/2025
+  author: dlepow
+  ms.author: danlep
+  ms.topic: unit
+durationInMinutes: 5
+azureSandbox: false
+content: |
+  [!include[](includes/5-exercise-hide-url.md)]
+
diff --git a/learn-pr/azure/protect-apis-on-api-management/6-rate-limit-policy.yml b/learn-pr/azure/protect-apis-on-api-management/6-rate-limit-policy.yml
@@ -1,14 +1,14 @@
-### YamlMime:ModuleUnit
-uid: learn.protect-apis-on-api-management.6-rate-limit-policy
-title: Throttle API requests
-metadata:
-  title: Throttle API requests
-  description: In this unit, you'll learn about throttling (rate limiting) policies and how to use them to prevent users from overusing resources.
-  ms.date: 08/11/2023
-  author: dlepow
-  ms.author: danlep
-  ms.topic: unit
-durationInMinutes: 7
-content: |
-  [!include[](includes/6-rate-limit-policy.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.protect-apis-on-api-management.6-rate-limit-policy
+title: Throttle API requests
+metadata:
+  title: Throttle API requests
+  description: In this unit, you learn about throttling (rate limiting) policies and how to use them to prevent users from overusing resources.
+  ms.date: 05/30/2025
+  author: dlepow
+  ms.author: danlep
+  ms.topic: unit
+durationInMinutes: 7
+content: |
+  [!include[](includes/6-rate-limit-policy.md)]
+
diff --git a/learn-pr/azure/protect-apis-on-api-management/7-exercise-rate-limit-policy.yml b/learn-pr/azure/protect-apis-on-api-management/7-exercise-rate-limit-policy.yml
@@ -1,15 +1,15 @@
-### YamlMime:ModuleUnit
-uid: learn.protect-apis-on-api-management.7-exercise-rate-limit-policy
-title: Exercise - Throttle API requests
-metadata:
-  title: Exercise - Throttle API requests
-  description: In this exercise, you'll set up and test throttling (rate limiting) policies in API Management.
-  ms.date: 08/10/2023
-  author: dlepow
-  ms.author: danlep
-  ms.topic: unit
-durationInMinutes: 5
-azureSandbox: false
-content: |
-  [!include[](includes/7-exercise-rate-limit-policy.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.protect-apis-on-api-management.7-exercise-rate-limit-policy
+title: Exercise - Throttle API requests
+metadata:
+  title: Exercise - Throttle API requests
+  description: In this exercise, you set up and test throttling (rate limiting) policies in API Management.
+  ms.date: 05/30/2025
+  author: dlepow
+  ms.author: danlep
+  ms.topic: unit
+durationInMinutes: 5
+azureSandbox: false
+content: |
+  [!include[](includes/7-exercise-rate-limit-policy.md)]
+
diff --git a/learn-pr/azure/protect-apis-on-api-management/8-summary.yml b/learn-pr/azure/protect-apis-on-api-management/8-summary.yml
@@ -1,14 +1,14 @@
-### YamlMime:ModuleUnit
-uid: learn.protect-apis-on-api-management.8-summary
-title: Summary
-metadata:
-  title: Summary
-  description: In this unit, you'll review what you have learned about API Management policies you can use to protect your APIs.
-  ms.date: 08/10/2023
-  author: dlepow
-  ms.author: danlep
-  ms.topic: unit
-durationInMinutes: 3
-content: |
-  [!include[](includes/8-summary.md)]
-
+### YamlMime:ModuleUnit
+uid: learn.protect-apis-on-api-management.8-summary
+title: Summary
+metadata:
+  title: Summary
+  description: In this unit, you review what you learned about API Management policies you can use to protect your APIs.
+  ms.date: 05/30/2025
+  author: dlepow
+  ms.author: danlep
+  ms.topic: unit
+durationInMinutes: 3
+content: |
+  [!include[](includes/8-summary.md)]
+
diff --git a/learn-pr/azure/protect-apis-on-api-management/includes/1-introduction.md b/learn-pr/azure/protect-apis-on-api-management/includes/1-introduction.md
@@ -1,19 +1,19 @@
 Companies that publish web APIs often need to control the behavior of those APIs without recoding them.
 
-Suppose you are the lead developer for a government agency. The agency has created an API to make recent and historical census data available. They want to prevent any unnecessary backend information from being exposed that could be used in malicious attacks. They would also like to prevent abuse of the APIs in the form of a large volume of requests and need a mechanism to throttle requests if they exceed an allowed amount. They are serving their APIs on the Azure API Management service and would like to implement policies to address these concerns.
+Suppose you're the lead developer for a government agency. The agency created an API to make recent and historical census data available. They want to prevent any unnecessary backend information from being exposed that could be used in malicious attacks. They would also like to prevent abuse of the APIs in the form of a large volume of requests. They need a mechanism to throttle requests if the requests exceed an allowed amount. They're serving their APIs on the Azure API Management service and would like to implement policies to address these concerns.
 
 Azure API Management enables a consistent, modern, and secure gateway for all your web APIs. It offers policies to transform API requests and responses through configuration.
 
-In this module, you'll create an API gateway to publish a RESTful API. You will remove response headers, replace URLs, and throttle requests to achieve a secure endpoint for clients to communicate with.
+In this module, you create an API gateway to publish a RESTful API. Then, you remove response headers, replace URLs, and throttle requests to achieve a secure endpoint for clients to communicate with.
 
 ## Learning objectives
 
 In this module, you will:
 
-- Create an Azure API gateway
-- Import a RESTful API into the gateway
-- Implement policies to limit unintended information exposure and throttle the requests
-- Call an API to test the applied policies
+- Create an Azure API gateway.
+- Import a RESTful API into the gateway.
+- Implement policies to limit unintended information exposure and throttle the requests.
+- Test the applied policies by calling an API.
 
 ## Prerequisites
 
diff --git a/learn-pr/azure/protect-apis-on-api-management/includes/2-remove-technical-info.md b/learn-pr/azure/protect-apis-on-api-management/includes/2-remove-technical-info.md
@@ -1,8 +1,8 @@
 Any organization that publishes an API needs to make sure that users can access it securely and that malicious users can't successfully attack it.
 
-Governments store much personal data regarding citizens. Census data reveals a lot about each citizen, and their life. This data could be exploited to harm people. It is imperative that any data exposed through API endpoints are secured through modern standards.
+Governments store much personal data regarding citizens. Census data reveals a lot about each citizen, and their life. This data could be exploited to harm people. It's imperative that any data exposed through API endpoints are secured through modern standards.
 
-As the lead developer, you'll look at how to set up a secured API gateway, which will protect the census data from unauthorized access. It will also help protect the endpoints from denial-of-service attacks.
+As the lead developer, you look at how to set up a secured API gateway, which protects the census data from unauthorized access. It also helps protect the endpoints from denial-of-service attacks.
 
 ## Azure API Management
 
@@ -24,8 +24,8 @@ In the Census API example, it's important that you remove the following header:
 
 ## API Management setup
 
-To set up API Management, you will perform the following tasks:
+To set up API Management, perform the following tasks:
 
-- **Create an API Management gateway**. In this step, you create the API Management resource in the Azure portal. You also assign properties to the gateway, such as an FQDN and a pricing tier.
+- **Create an API Management gateway**. In this step, you create the API Management resource in the Azure portal. You also assign properties to the gateway, such as a fully qualified domain name (FQDN) and a pricing tier.
 - **Register an existing web API with the gateway**. In this step, you add the web API to the gateway. The API already has its own Azure app service host but you must add it to API Management in order to use policies and other API Management tools.
-- **Remove a header from the response**. In this step, you will apply a policy that removes an insecure header from all responses.
+- **Remove a header from the response**. In this step, you apply a policy that removes an insecure header from all responses.
diff --git a/learn-pr/azure/protect-apis-on-api-management/includes/3-exercise-remove-header.md b/learn-pr/azure/protect-apis-on-api-management/includes/3-exercise-remove-header.md
@@ -1,6 +1,6 @@
 Companies that publish web APIs often need to carefully control the HTTP headers that their APIs return, preferably without rewriting the API source code.
 
-The government has decided to share census data with its agencies through RESTful APIs. The critical requirements are that the data is shared securely and can be easily amended to facilitate quick integration. As lead developer, you need to create an API gateway. You use the gateway to publish a RESTful Census API that exposes an OpenAPI endpoint using modern security standards.
+The government decides to share census data with its agencies through RESTful APIs. The critical requirements are that the data is shared securely and can be easily amended to facilitate quick integration. As lead developer, you need to create an API gateway. You use the gateway to publish a RESTful Census API that exposes an OpenAPI endpoint using modern security standards.
 
 Here, you will:
 
@@ -14,7 +14,7 @@ Here, you will:
 
 ## Deploy the Census web API
 
-You've developed a .NET Core app that returns sensitive census information. The app includes Swashbuckle to generate OpenAPI documentation.
+You developed a .NET Core app that returns sensitive census information. The app includes Swashbuckle to generate OpenAPI documentation.
 
 To save time, let's start by running a script to host our RESTful API in Azure. The script performs the following steps:
 
@@ -64,11 +64,11 @@ To save time, let's start by running a script to host our RESTful API in Azure.
 
 The next step in this exercise is to create an API gateway in the Azure portal. In the next section, you'll use this gateway to publish your API:
 
-1. Sign in to the [Azure portal](https://portal.azure.com/)
-.
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
 1. On the Azure portal menu or from the **Home** page, select **Create a resource**. The **Create a resource** pane appears.
 
-1. In the left menu pane, select **Integration**, and then enter *API Management* in the **Search services and marketplace** search box. Select the **API Management** card in the results, and select **Create** to open the **Create API Management service** pane.
+1. In the left menu pane, select **Integration**, and then enter *API Management* in the **Search services and marketplace** search box. Select the **API Management** card in the results, and select **Create**. A pane titled **Create API Management service** appears.
  
 1. On the **Basics** tab, enter the following values for each setting.
 
@@ -79,19 +79,19 @@ The next step in this exercise is to create an API gateway in the Azure portal.
     | Resource group | Select a new or existing resource group. A resource group is a logical container that holds related resources for an Azure solution. |
     | **Instance details** |
     | Region | Select an available region. |
-    |Resource name | Enter `apim-CensusData<random number>`, replacing `random number` with your own series of numbers to ensure that the name is globally unique. |
+    |Resource name | Enter `apim-CensusData<random number>`. Replace `<random number>` with your own series of numbers so that the name is globally unique. |
     | Organization name | Enter `Government-Census`. The name of your organization for use in the developer portal and email notifications. (The developer portal and notifications aren't available in all service tiers.) |
     | Administrator email | The email address to receive all system notifications. |
     | **Pricing tier** |
     | Pricing tier | Select `Consumption (99.95% SLA)` from the dropdown list. |
     | | |
 
-    :::image type="content" source="../media/3-create-apim-gateway.png" alt-text="Screenshot of the completed settings on the Basics tab of the Create API Management service screen.":::
+    :::image type="content" source="../media/3-create-apim-gateway.png" alt-text="Screenshot of the completed settings on the Basics tab of the 'Create API Management service' screen.":::
 
     > [!NOTE]
     > The Consumption tier provides fast deployment for testing and has a pay-for-use pricing model. The overall API management experience is similar to the other pricing tiers.
 
-1. Select **Review + create**. After validation passes, select **Create**. Deployment may take several minutes. When the deployment has completed, you'll see the API Management instance listed in the Azure resources. Select **Go to resource** to view the pane for your API Management service.
+1. Select **Review + create**. After validation passes, select **Create**. Deployment can take several minutes. When the deployment completes, the API Management instance is listed in your Azure resources. Select **Go to resource** to view the pane for your API Management service.
 
 ## Import the API
 
@@ -106,13 +106,13 @@ Now, import the Census API into the API Management gateway:
    :::image type="content" source="../media/3-import-api.png" alt-text="Screenshot of the Create from OpenAPI specification dialog box with the swagger JSON URL entered.":::
 
    > [!NOTE]
-   > You will notice that, when you tab out of the box, some of the other fields are populated for you. This is because you have used OpenAPI which specifies most of the required connection details.
+   > Notice that when you tab out of the box, some of the other fields are populated for you. The OpenAPI specification fills in most of the required connection details.
 
 1. Leave the other settings at their defaults, and then select **Create**.
 
 ## Test the API
 
-Let's see what data is returned in from the API by default:
+Let's see what data is returned from the API by default:
 
 1. In the [Azure portal](https://portal.azure.com/) menu or from the **Home** page, select **All Resources**, and then select your API Management instance.
 
diff --git a/learn-pr/azure/protect-apis-on-api-management/includes/4-hide-url-transformation.md b/learn-pr/azure/protect-apis-on-api-management/includes/4-hide-url-transformation.md
@@ -1,4 +1,4 @@
-Organizations may need to adjust the information that an API publishes at short notice. For example, to comply with a change of legislation or address a new security threat.
+Organizations might need to adjust the information that an API publishes at short notice. For example, to comply with a change of legislation or address a new security threat.
 
 The Census API example exposes details about the URL from which the API is being called. This information could allow a malicious user to attempt to access the census data by bypassing the API Management gateway and exposing a less secure endpoint. As lead developer, you want to mask these URLs within the response body of the API.
 
@@ -15,7 +15,7 @@ These links are based on the Census API endpoints and need to be masked to show
 To achieve this configuration, create a transformation policy.
 
 > [!NOTE]
-> It's best practice to secure the backend API using one of the available mechanisms in API Management. For example, configure it to require a client certificate, and then configure API Management to supply that certificate. In this configuration, no one can call the backend API directly and circumvent your API Management gateway because they don't have a certificate that's recognized by the backend.
+> It's best practice to secure the backend API using one of the available mechanisms in API Management. For example, configure it to require a client certificate, and then configure API Management to supply that certificate. In this configuration, no one can call the backend API directly and circumvent your API Management gateway, because they don't have a certificate recognized by the backend.
 
 ## Transformation policy
 
diff --git a/learn-pr/azure/protect-apis-on-api-management/includes/5-exercise-hide-url.md b/learn-pr/azure/protect-apis-on-api-management/includes/5-exercise-hide-url.md
diff --git a/learn-pr/azure/protect-apis-on-api-management/includes/6-rate-limit-policy.md b/learn-pr/azure/protect-apis-on-api-management/includes/6-rate-limit-policy.md
diff --git a/learn-pr/azure/protect-apis-on-api-management/includes/7-exercise-rate-limit-policy.md b/learn-pr/azure/protect-apis-on-api-management/includes/7-exercise-rate-limit-policy.md
diff --git a/learn-pr/azure/protect-apis-on-api-management/includes/8-summary.md b/learn-pr/azure/protect-apis-on-api-management/includes/8-summary.md
diff --git a/learn-pr/azure/protect-apis-on-api-management/index.yml b/learn-pr/azure/protect-apis-on-api-management/index.yml
