π§ͺ
APIM β€οΈ AI - This repo contains experiments on Azure API Management's AI capabilities, integrating with Azure OpenAI, AI Foundry, and much more π
Azure-Samples
README
<!-- markdownlint-disable MD033 -->
π§ͺ AI Gateway Labs with Azure API Management
What's new β¨
β Model Context Protocol (MCP) βοΈ experiments with the client authorization flow
β the FinOps Framework lab to manage AI budgets effectively π°
β Agentic β¨ experiments with Model Context Protocol (MCP).
β Agentic β¨ experiments with OpenAI Agents SDK.
β Agentic β¨ experiments with AI Agent Service from Azure AI Foundry.
β the AI Foundry Deepseek lab with Deepseek R1 model from Azure AI Foundry.
β the Zero-to-Production lab with an iterative policy exploration to fine-tune the optimal production configuration.
β the Terraform flavor of backend pool load balancing lab.
β the AI Foundry SDK lab.
β the Content filtering and Prompt shielding labs.
β the Model routing lab with OpenAI model based routing.
β the Prompt flow lab to try the Azure AI Studio Prompt Flow with Azure API Management.
β priority and weight parameters to the Backend pool load balancing lab.
β the Streaming tool to test OpenAI streaming with Azure API Management.
β the Tracing tool to debug and troubleshoot OpenAI APIs using Azure API Management tracing capability.
β image processing to the GPT-4o inferencing lab.
β the Function calling lab with a sample API on Azure Functions.
Contents
- π§ GenAI Gateway
- π§ͺ Labs with AI Agents
- π§ͺ Labs with the Inference API
- π§ͺ Labs based on Azure OpenAI
- π Getting started
- β΅ Roll-out to production
- π¨ Supporting tools
- ποΈ Well-Architected Framework <!-- markdownlint-disable-line MD051 -->
- π Show and tell
- π₯ Other Resources
The rapid pace of AI advances demands experimentation-driven approaches for organizations to remain at the forefront of the industry. With AI steadily becoming a game-changer for an array of sectors, maintaining a fast-paced innovation trajectory is crucial for businesses aiming to leverage its full potential.
AI services are predominantly accessed via APIs, underscoring the essential need for a robust and efficient API management strategy. This strategy is instrumental for maintaining control and governance over the consumption of AI services.
With the expanding horizons of AI services and their seamless integration with APIs, there is a considerable demand for a comprehensive AI Gateway pattern, which broadens the core principles of API management. Aiming to accelerate the experimentation of advanced use cases and pave the road for further innovation in this rapidly evolving field. The well-architected principles of the AI Gateway provides a framework for the confident deployment of Intelligent Apps into production.
π§ GenAI Gateway
This repo explores the AI Gateway pattern through a series of experimental labs. The GenAI Gateway capabilities of Azure API Management plays a crucial role within these labs, handling AI services APIs, with security, reliability, performance, overall operational efficiency and cost controls. The primary focus is on Azure OpenAI, which sets the standard reference for Large Language Models (LLM). However, the same principles and design patterns could potentially be applied to any LLM.
Acknowledging the rising dominance of Python, particularly in the realm of AI, along with the powerful experimental capabilities of Jupyter notebooks, the following labs are structured around Jupyter notebooks, with step-by-step instructions with Python scripts, Bicep files and Azure API Management policies:
π§ͺ Labs with AI Agents
<!-- MCP Client Authorization -->
π§ͺ MCP Client Authorization
Playground to experiment the Model Context Protocol with the client authorization flow. In this flow, Azure API Management act both as an OAuth client connecting to the Microsoft Entra ID authorization server and as an OAuth authorization server for the MCP client (MCP inspector in this lab).
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- Model Context Protocol (MCP) -->
π§ͺ Model Context Protocol (MCP)
Playground to experiment the Model Context Protocol with Azure API Management to enable plug & play of tools to LLMs. Leverages the credential manager for managing OAuth 2.0 tokens to backend tools and client token validation to ensure end-to-end authentication and authorization.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- OpenAI Agents -->
π§ͺ OpenAI Agents
Playground to try the OpenAI Agents with Azure OpenAI models and API based tools controlled by Azure API Management.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- AI Agent Service -->
π§ͺ AI Agent Service
Use this playground to explore the Azure AI Agent Service, leveraging Azure API Management to control multiple services, including Azure OpenAI models, Logic Apps Workflows, and OpenAPI-based APIs.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- Function calling -->
π§ͺ Function calling
Playground to try the OpenAI function calling feature with an Azure Functions API that is also managed by Azure API Management.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
π§ͺ Labs with the Inference API
<!-- AI Foundry Deepseek -->
π§ͺ AI Foundry Deepseek
Playground to try the Deepseek R1 model via the AI Model Inference from Azure AI Foundry. This lab uses the Azure AI Model Inference API and two APIM LLM policies: llm-token-limit and llm-emit-token-metric.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- SLM self-hosting -->
π§ͺ SLM self-hosting (phy-3)
Playground to try the self-hosted phy-3 Small Language Model (SLM) through the Azure API Management self-hosted gateway with OpenAI API compatibility.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
π§ͺ Labs based on Azure OpenAI
<!--FinOps framework -->
π§ͺ FinOps Framework
This playground leverages the FinOps Framework and Azure API Management to control AI costs. It uses the token limit policy for each product and integrates Azure Monitor alerts with Logic Apps to automatically disable APIM subscriptions that exceed cost quotas.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- Backend pool load balancing -->
π§ͺ Backend pool load balancing - Available with Bicep and Terraform
Playground to try the built-in load balancing backend pool functionality of Azure API Management to either a list of Azure OpenAI endpoints or mock servers.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- Token rate limiting -->
π§ͺ Token rate limiting
Playground to try the token rate limiting policy to one or more Azure OpenAI endpoints. When the token usage is exceeded, the caller receives a 429.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- Token metrics emitting -->
π§ͺ Token metrics emitting
Playground to try the emit token metric policy. The policy sends metrics to Application Insights about consumption of large language model tokens through Azure OpenAI Service APIs.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- Semantic caching -->
π§ͺ Semantic caching
Playground to try the semantic caching policy. Uses vector proximity of the prompt to previous requests and a specified similarity score threshold.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- Access controlling -->
π§ͺ Access controlling
Playground to try the OAuth 2.0 authorization feature using identity provider to enable more fine-grained access to OpenAPI APIs by particular users or client.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- zero-to-production -->
π§ͺ Zero-to-Production
Playground to create a combination of several policies in an iterative approach. We start with load balancing, then progressively add token emitting, rate limiting, and, eventually, semantic caching. Each of these sets of policies is derived from other labs in this repo.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- GPT-4o inferencing -->
π§ͺ GPT-4o inferencing
Playground to try the new GPT-4o model. GPT-4o ("o" for "omni") is designed to handle a combination of text, audio, and video inputs, and can generate outputs in text, audio, and image formats.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- Model Routing -->
π§ͺ Model Routing
Playground to try routing to a backend based on Azure OpenAI model and version.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- Vector searching -->
π§ͺ Vector searching
Playground to try the Retrieval Augmented Generation (RAG) pattern with Azure AI Search, Azure OpenAI embeddings and Azure OpenAI completions.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- Built-in logging -->
π§ͺ Built-in logging
Playground to try the buil-in logging capabilities of Azure API Management. Logs requests into App Insights to track details and token usage.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- Message storing -->
π§ͺ Message storing
Playground to test storing message details into Cosmos DB through the Log to event hub policy. With the policy we can control which data will be stored in the DB (prompt, completion, model, region, tokens etc.).
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- Prompt flow -->
π§ͺ Prompt flow
Playground to try the Azure AI Studio Prompt Flow with Azure API Management.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- Content Filtering -->
π§ͺ Content Filtering
Playground to try integrating Azure API Management with Azure AI Content Safety to filter potentially offensive, risky, or undesirable content.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
<!-- Prompt Shielding -->
π§ͺ Prompt Shielding
Playground to try Prompt Shields from Azure AI Content Safety service that analyzes LLM inputs and detects User Prompt attacks and Document attacks, which are two common types of adversarial inputs.
π¦Ύ Bicep β βοΈ Policy β π§Ύ Notebook
Backlog of Labs
This is a list of potential future labs to be developed.
- Real Time API
- Semantic Kernel with Agents
- Logic Apps RAG
- PII handling
- Gemini
[!TIP] Kindly use the feedback discussion so that we can continuously improve with your experiences, suggestions, ideas or lab requests.
π Getting Started
Prerequisites
- Python 3.12 or later version installed
- VS Code installed with the Jupyter notebook extension enabled
- Python environment with the requirements.txt or run
pip install -r requirements.txtin your terminal - An Azure Subscription with Contributor + RBAC Administrator or Owner roles
- Azure CLI installed and Signed into your Azure subscription
Quickstart
- Clone this repo and configure your local machine with the prerequisites. Or just create a GitHub Codespace and run it on the browser or in VS Code.
- Navigate through the available labs and select one that best suits your needs. For starters we recommend the token rate limiting.
- Open the notebook and run the provided steps.
- Tailor the experiment according to your requirements. If you wish to contribute to our collective work, we would appreciate your submission of a pull request.
[!NOTE] πͺ² Please feel free to open a new issue if you find something that should be fixed or enhanced.
β΅ Roll-out to production
We recommend the guidelines and best practices from the AI Hub Gateway Landing Zone to implement a central AI API gateway to empower various line-of-business units in an organization to leverage Azure AI services.
π¨ Supporting Tools
- AI-Gateway Mock server is designed to mimic the behavior and responses of the OpenAI API, thereby creating an efficient simulation environment suitable for testing and development purposes on the integration with Azure API Management and other use cases. The app.py can be customized to tailor the Mock server to specific use cases.
- Tracing - Invoke OpenAI API with trace enabled and returns the tracing information.
- Streaming - Invoke OpenAI API with stream enabled and returns response in chunks.
ποΈ Well-Architected Framework
The Azure Well-Architected Framework is a design framework that can improve the quality of a workload. The following table maps labs with the Well-Architected Framework pillars to set you up for success through architectural experimentation.
| Lab | Security | Reliability | Performance | Operations | Costs |
|---|---|---|---|---|---|
| Request forwarding | β | ||||
| Backend circuit breaking | β | β | |||
| Backend pool load balancing | β | β | β | ||
| Advanced load balancing | β | β | β | ||
| Response streaming | β | β | |||
| Vector searching | β | β | β | ||
| Built-in logging | β | β | β | β | β |
| SLM self-hosting | β | β |
[!TIP] Check the Azure Well-Architected Framework perspective on Azure OpenAI Service for aditional guidance.
π Show and tell
[!TIP] Install the VS Code Reveal extension, open AI-GATEWAY.md and click on 'slides' at the botton to present the AI Gateway without leaving VS Code. Or just open the AI-GATEWAY.pptx for a plain old PowerPoint experience.
π₯ Other resources
Numerous reference architectures, best practices and starter kits are available on this topic. Please refer to the resources provided if you need comprehensive solutions or a landing zone to initiate your project. We suggest leveraging the AI-Gateway labs to discover additional capabilities that can be integrated into the reference architectures.
- GenAI Gateway Guide
- Azure OpenAIΒ +Β APIM Sample
- AI+API better together: Benefits & Best Practices using APIs for AI workloads
- Designing and implementing a gateway solution with Azure OpenAI resources
- Azure OpenAI Using PTUs/TPMs With API Management - Using the Scaling Special Sauce
- Manage Azure OpenAI using APIM
- Setting up Azure OpenAI as a central capability with Azure API Management
- Introduction to Building AI Apps
We believe that there may be valuable content that we are currently unaware of. We would greatly appreciate any suggestions or recommendations to enhance this list.
π WW GBB initiative
Disclaimer
[!IMPORTANT] This software is provided for demonstration purposes only. It is not intended to be relied upon for any purpose. The creators of this software make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the software or the information, products, services, or related graphics contained in the software for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Recommended Servers
Crypto Price & Market Analysis MCP Server
A Model Context Protocol (MCP) server that provides comprehensive cryptocurrency analysis using the CoinCap API. This server offers real-time price data, market analysis, and historical trends through an easy-to-use interface.
MCP PubMed Search
Server to search PubMed (PubMed is a free, online database that allows users to search for biomedical and life sciences literature). I have created on a day MCP came out but was on vacation, I saw someone post similar server in your DB, but figured to post mine.
dbt Semantic Layer MCP Server
A server that enables querying the dbt Semantic Layer through natural language conversations with Claude Desktop and other AI assistants, allowing users to discover metrics, create queries, analyze data, and visualize results.
mixpanel
Connect to your Mixpanel data. Query events, retention, and funnel data from Mixpanel analytics.
Sequential Thinking MCP Server
This server facilitates structured problem-solving by breaking down complex issues into sequential steps, supporting revisions, and enabling multiple solution paths through full MCP integration.
Nefino MCP Server
Provides large language models with access to news and information about renewable energy projects in Germany, allowing filtering by location, topic (solar, wind, hydrogen), and date range.
Vectorize
Vectorize MCP server for advanced retrieval, Private Deep Research, Anything-to-Markdown file extraction and text chunking.
Mathematica Documentation MCP server
A server that provides access to Mathematica documentation through FastMCP, enabling users to retrieve function documentation and list package symbols from Wolfram Mathematica.
kb-mcp-server
An MCP server aimed to be portable, local, easy and convenient to support semantic/graph based retrieval of txtai "all in one" embeddings database. Any txtai embeddings db in tar.gz form can be loaded
Research MCP Server
The server functions as an MCP server to interact with Notion for retrieving and creating survey data, integrating with the Claude Desktop Client for conducting and reviewing surveys.