问题描述
APIM默认提供了开发者门户,可以让用户体验如何来调用接口。但如果不想开发这个功能的情况下,是否有办法关闭呢?
问题解答
答案是:开发人员门户是没有办法关闭的。但是作为另一种的代替方案,如自定义域名时,不为开发者门户配置DNS,删除开发者门户的登录权限(Identities)。从而实现让用户访问开发者门户,但是无法登录的效果。
解决方法
第一种:对于新创建的 APIM服务,默认情况下是不会不发布开发人员门户的。如果不主动发布它,则实际上等于禁用。但是,如果有意或无意,发布了它,则没有支持取消发布它的方法,就可以参考下面第二种,第三种方式。
第二种:当要自定义APIM的访问域名时,不配置 APIM开发门户的DNS 映射。虽然还是可以通过默认的域名进行访问,但是一般人很难弄清楚默认名称和默认域名,可以实现阻止绝大多数人的访问。
第三种:可以使用以下两个配置,使得开发门户达到不可使用的效果:
- 通过删除所有标识类型来禁用注册(这可以在 Azure 门户中完成 - 选择 API 管理实例,然后单击"标识"并删除每个标识类型)。
- 强制将匿名用户定向到注册页(这是在 Azure 门户的同一部分中完成的)。
方案参考
Support disabling developer portal :https://github.com/Azure/api-management-developer-portal/issues/833
Please consider adding an option to completely disable the developer portal. For example, customers who have their own custom portal will not want to have a platform-provided portal accessible.
Currently there are some workarounds (see below), but it would be even better to have the option to not have the developer portal made available by the platform.
Workarounds
- For new API Management instances, the developer portal is not published by default. If a customer does not publish it themselves then it is effectively disabled. However, if a customer publishes it (intentionally or accidentally) there is no supported way to unpublish it.
- Customers can avoid mapping a DNS name to the developer portal hostname provided by the platform. This does not prevent someone from figuring it out, but it makes it much less likely they will do so.
- Customers can configure the developer portal with the following two settings, which together have the effect of making the developer portal unusable:
- Disable sign-up by removing all identity types (this can be done in the Azure portal - choose the API Management instance, then click Identities and remove each identity type).
- Force anonymous users to be directed to the sign-up page (this is done in the same part of the Azure portal).