Replicate Azure API Management accounts

These days I’m working a lot with Azure Api Management, preparing environments, making changes continuously, etc. That’s why I needed to replicate an account on more than one occasion in order to simulate staging and production environments. I read this article about How to implement disaster recovery using backup and restore in Azure API serviceManagement, explaining how to create backups and restore them, which can be equally useful for replication environments.

Access to the Resource Manager API

The first thing you should do is to create an application within the Azure Active Directory that manages your Microsoft Azure subscription where is the API Management account that you want to replicate.

Azure Active Directory - Add application
Azure Active Directory – Add application
The type of action must be Add an application my organization is developingchoose a descriptive name (in my case resources) and the type must be a native client application. The last step of the wizard is the URL which is redirected to the server‘s authentication response. It doesn’t have to be a real address, so for this application will be http://resources.

Once created, in the section CONFIGURE you will have to add the Windows Azure Service Management API application through the Add button at the bottom.

Azure AD - Permissions to other applications
Azure AD – Permissions to other applications

Finally, in the combo Delegated permissions of the application that you just added, you must select Access Azure Service Management (preview) and save the changes.

Azure Active Directory - Delegated permissions
Azure Active Directory – Delegated permissions

Prior to invoking the APIs that generate the backup and restore it, it is necessary to get a token. To achieve this, you can use a code like the following, using Microsoft.IdentityModel.Clients.ActiveDirectory  nuget package:

using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System;
namespace GetTokenResourceManagerRequests
    class Program
        static void Main(string[] args)
            var authenticationContext = new AuthenticationContext("{tenant id}");
            var result = authenticationContext.AcquireToken("", {application id}, new Uri({redirect uri});
            if (result == null) {
                throw new InvalidOperationException("Failed to obtain the JWT token");

The values that you should replace the previous code are:

  • {tenantId}: It is the Id of the tenant of Azure Active Directory, which you can find in the View Endpoints section of the application that you just created.
    Azure Active Directory - app - view endpoints
    Azure Active Directory – app – view endpoints

    You can copy the tenant id that is associated with that application of any of the endpoints.

  • {application id} and {redirect uri} are the Client ID of the application and the URL contained in redirect URIs, that you specified during the creation of the application.

    Azure Active Directory - Configure - Client ID - URL
    Azure Active Directory – Configure – Client ID – URL

If the data are correct, you will get a result similar to this:

Azure Active Directory - resources - token
Azure Active Directory – resources – token

With these steps you’ve already spent the most tedious part. Now just create backup and restore it on another account to replicate the content.

Backup and restore

In order to facilitate the understanding of the calls, I have used Postman, one of the clients that I use for testing APIs. In it I have created an environment with the following values:

Postman - Api Management env
Postman – Api Management env

To create a backup of an environment, you must make a POST call to the next URL:{{subscriptionId}}/resourceGroups/{{resourceGroupName}}/providers/Microsoft.ApiManagement/service/{{serviceName}}/backup?api-version={{api-version}}

As headers are necessary Content-Type: application/json and Authentication:Bearer {{AccessToken}}. You have to add the previous token to the AccessToken variable in your environmentThe body of the message consists of a JSON with the storage account information where the backup will be stored:

    "storageAccount" : "{{StorageName}}",
    "accessKey" : "{{StorageKey}}",
    "containerName" : "{{ContainerName}}",
    "backupName" : "{{BackupName}}"

If you launch the application, you will receive a 202 (Accepted) and have to wait for the process to end.

Postman - Backup Api Management

If you want to verify that the backup has completed, you can make a GET call to the URL returned in the header named Location (while is in process the result will be a 202 and 200 when the process is complete).

Api Management- Backup - Location header
Api Management- Backup – Location header

Postman – Backup Api Management

The ultimate goal of this post was to replicate the contents of the main one in a development environment, so finally you must make a POST call to the following URL:{{subscriptionId}}/resourceGroups/{{resourceGroupName}}/providers/Microsoft.ApiManagement/service/{{serviceNameTarget}}/restore?api-version={{api-version}}

The body of the message will be exactly the same as that used during the backup. It will also return a 202 (Accepted) and you can also check the status of restoration in the new environment via the URL in the Location header.