Unlock the Future of API Compliance with AI and Azure API Center

Learn how to transform your API compliance process using Azure API Center, Logic Apps, GitHub, and cutting-edge AI technologies. Learn how an innovative approach analyzes API design governance, generates insightful compliance reports, and seamlessly informs developers with actionable feedback. Stay ahead of the curve and ensure your APIs meet the highest standards with automated, AI-powered solutions.

API compliance is essential to ensure that the APIs designed and built by an organization adhere to established rules, standards, and guidelines defined by the organization, as well as industry best practices that developers must adhere to when developing APIs. Additionally, reviewing APIs, manually identifying gaps in design guidelines, and integrating compliance with existing ecosystems is time-consuming, impacting developer productivity.

This article shows you how to use the analytics capabilities and Integration Services in Azure API Center to transform and improve your API compliance process, how to use Azure OpenAI to generate insightful compliance reports, and how to provide actionable feedback to developers to ensure that their APIs adhere to your organization’s API guidelines and industry best practices.

This solution will achieve the following goals:

• Improved developer productivity: Leveraging AI-driven insights, developers spend less time manually reviewing APIs and can focus on critical tasks with real-time, actionable feedback on API design gaps.
• Automating API Compliance: Integrating Azure API Center with Azure OpenAI provides a solution that enables automated analytics to ensure APIs adhere to organizational design standards and best practices.
• Seamless integration: This solution integrates with GitHub and Azure services to automate workflows, streamline compliance review processes, and create an efficient feedback loop for developers.

Azure API Center provides powerful API analytics to ensure that your APIs adhere to design standards through API analytics, which analyzes your API definitions and reports on compliance. Analytics reports are in JSON format and can be retrieved via the API Center data location endpoint.

Leveraging Azure OpenAI with analytics from API Center can help you improve compliance by providing developers with actionable feedback and explanations. Azure OpenAI can convert JSON analytics reports into easily understandable output, including summaries, number of errors/warnings, and remediation steps. Rapid engineering technology. In our solution, we provide the “system message” to the AOAI model as shown below, and then we get the “Summary of Findings” and “High-level Fix Guide” through the analysis report, which can be used in the issue, task, or any reporting platform. We can customize the system message as per your needs and know what information you are looking for. In our solution, we used the GPT4 model, and the output may vary depending on the model used and the system message.

You can also combine this with Azure Integration Service (Logic Apps Standard and Event Grid) to automate and integrate with existing source control and feedback systems (such as GitHub).

important: Ensure that your AI solutions follow the Responsible AI Principles to promote fairness, transparency, and accountability, protect users, and build trust in technology. For more information, see: Responsible AI Practices for Azure OpenAI Models.

How components work together

The solution diagram below shows how all Azure services work together to improve API compliance, innovate, and generate intelligent insights.

1. API Submissions and API Center Analytics: When a new API definition is registered/updated, it is submitted to Azure API Center where analytics is run. This solution uses: Microsoft Management API Analysis.
   Azure API Center acts as a central hub for managing and analyzing API definitions. It enforces API linting rules based on your organization’s defined standards to ensure consistency and compliance. API Center analyzes your APIs and generates detailed reports that identify compliance or design gaps.
2. Event Trigger: Event Grid captures the analytics event “Microsoft.ApiCenter.AnalysisResultsUpdated” and triggers a Logic Apps workflow. Event Grid detects and responds to changes in API definitions stored in Azure API Center. It triggers an event whenever a new API analytics report is generated. This event is captured by Logic Apps and starts an automated workflow.
3. Orchestration with Logic Apps Standard: Logic Apps retrieves analytics reports from API Center and sends them to Azure OpenAI to use built-in capabilities to generate intelligent insights. Azure OpenAI Connector. Logic Apps orchestrates the entire workflow by triggering from the event grid, retrieving API analytics reports from API Center, sending them to Azure OpenAI for intelligent processing, and creating GitHub issues with insights and recommendations.
4. AI-driven insights using Azure OpenAI: Azure OpenAI services play a key role in transforming JSON-formatted analytics data into meaningful insights. It takes API analytics reports from Logic Apps and uses advanced language models to generate easily understandable output, including summaries, error/warning counts, and remediation guidance for developers.
5. Create a GitHub issue: When a compliance report is generated, Logic Apps creates an issue in your GitHub repository. This issue contains the translated analysis results from Azure OpenAI, along with advanced remediation suggestions and any necessary guidance for developers, as outlined below. By integrating with GitHub, your team can collaborate to resolve compliance issues directly from your existing development workflow.

The architecture of the Intelligent API Compliance solution integrates Azure API Center, Azure Integration Services, Azure OpenAI capabilities, and GitHub for collaboration and reporting. The diagram below shows the components of this architecture that you need to deploy in your subscription.

Key points:

• Azure API Center: Azure API Center with Microsoft-managed API analytics enabled. Reference Enable API Analytics in API Center – Microsoft Management Learn how to enable Microsoft Managed Analysis.
• Logic Apps Standard: Logic Apps Standard requires managed identity to be enabled and have access to API Center.

Follow the steps below to create a workflow. Once you complete the workflow, it should look like this: To test the workflow, click “Tutorial: Registering an API in the API Inventory“.

Steps to create a workflow

1. Create a workflow: Create a new stateful workflow in Logic App Standard.
   

   
   

2. Add an event grid trigger: In the designer, add “When a resource event occurs – Azure Event Grid” and set the following parameters:
   
   

   Parameters	value
   Resource Type	Microsoft.ApiCenter.Service
   application	Select a subscription
   Resource name	Select an API Center resource
   Event Type	Microsoft.ApiCenter.AnalysisResultsUpdated

3. Added “Initialize Variable” task Set the parameters below
   
   

   Parameters	value
   name	varApiDefRes
   category	array
   value (expression)	split(triggerBody()?['subject'],"https://techcommunity.microsoft.com/")

   

4. Add a “Write” action And set the “input” expression parameter as follows:
   

   concat('https://management.azure.com/subscriptions/',variables('varApiDefRes')[2],'/resourceGroups/',variables('varApiDefRes')[4],'/providers/Microsoft.ApiCenter/services/',variables('varApiDefRes')[8],'/workspaces/default/apis/',variables('varApiDefRes')[12],'/versions/',variables('varApiDefRes')[14],'/definitions/',variables('varApiDefRes')[16],'/analysisResults?api-version=2024-03-01')

   
   

5. HTTP Actions: Add an HTTP action that calls the Endpoint API Center to get the analytics report. Set the following parameters:
   
   

   Parameters	value
   Korean	Output of the previous step’s writing task
   method	get
   Authentication Type	Managed ID
   Managed ID	System Assigned Management ID
   audience	https://management.azure.com/

   
   

6. Azure OpenAI Work: To explain more clearly, let’s break it down into two parts. First, add an Azure OpenAI task, set the basic parameters, and then set the “message”.
   1. Add an “Azure OpenAI – Get Chat Completion” task, provide the information needed to create a connection to Azure OpenAI, and set the following parameters. Feel free to change the advanced parameters as needed. This will produce different outputs.
      
      

      Parameters	value
      Distribution identifier	AOAI model deployment name
      Sampling temperature	0.5
      Existence Penalty	0

   2. Now, let’s set up two messages in the same task. One is a message where the system provides instructions and the other is a message for user input. In our case, it will be the output of the analysis report from the previous http task. Add the parameters below in order.
      Chat Role – 1
      
      

      Parameters	value
      Chat Role – 1	system
      Chat Message – 1	The user provides the spectrum JSON results, and the user provides the user with two headings: “Finding Summary” and “High-level Remediation Guidance.” The “Finding Summary” has a table with columns Rule, Severity, and Total Count, each with its own analyzer rule name, severity, and total count, and another section showing the total number of errors and warnings. The “High-level Remediation Guidance” has high-level remediation guidance in bulleted numbers. Output all information in a proper HTML email-friendly format, and avoid using heading tags.

      

      Chat Role – 2

      Chat Role – 2	user
      Chat Message – 2 (Enter expression)	string(body('HTTP'))

      

7. GitHub Actions: Finally, add a GitHub action “Create Issue” and provide the information to create the connection. Set the required parameters and in the parameter body (under Advanced) select “Chat Complete Response” from the previous “Azure OpenAI” action.

conclusion

The combination of Azure API Center, Logic Apps, GitHub, and Azure OpenAI provides a powerful framework for building rigorous compliance reports and automating processes. Leveraging AI-driven insights, this strategy not only increases developer efficiency, but also ensures that APIs adhere to both organizational standards and industry best practices. The seamless integration of these technologies streamlines the compliance review process by providing developers with real-time, actionable feedback. This cutting-edge solution represents a significant advancement in API management, enabling organizations to maintain high levels of quality and compliance within their API ecosystem.