Tutorial: Create and publish a product

Article
09/18/2024

APPLIES TO: All API Management tiers

In Azure API Management, a product contains one or more APIs, a usage quota, and the terms of use. After a product is published, developers can subscribe to the product and begin to use the product's APIs.

In this tutorial, you learn how to:

Create and publish a product
Add an API to the product
Access product APIs

API Management products in portal

Prerequisites

Learn the Azure API Management terminology.
Complete the following quickstart: Create an Azure API Management instance.
Also, complete the following tutorial: Import and publish your first API.

Sign in to the Azure portal, and navigate to your API Management instance.
In the left navigation pane, select Products > + Add.

In the Add product window, enter values described in the following table to create your product.

Add product window

Name	Description
Display name	The name as you want it to be shown in the developer portal.
Description	Provide information about the product such as its purpose, the APIs it provides access to, and other details.
State	Select Published if you want to publish the product to the developer portal. Before the APIs in a product can be discovered by developers, the product must be published. By default, new products are unpublished.
Requires subscription	Select if a user is required to subscribe to use the product (the product is protected) and a subscription key must be used to access the product's APIs. If a subscription isn't required (the product is open), a subscription key isn't required to access the product's APIs. See Access to product APIs later in this article.
Requires approval	Select if you want an administrator to review and accept or reject subscription attempts to this product. If not selected, subscription attempts are auto-approved.
Subscription count limit	Optionally limit the count of multiple simultaneous subscriptions.
Legal terms	You can include the terms of use for the product which subscribers must accept in order to use the product.
APIs	Select one or more APIs. You can also add APIs after creating the product. For more information, see Add APIs to a product later in this article. If the product is open (doesn't require a subscription), you can only add an API that isn't associated with another open product.

Select Create to create your new product.

Caution

Use care when configuring a product that doesn't require a subscription. This configuration may be overly permissive and may make the product's APIs more vulnerable to certain API security threats.

To begin using Azure CLI:

You can use the local Azure CLI.

If you prefer, install the Azure CLI to run CLI reference commands.
Local Azure CLI, see how to install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
- Sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.
- When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.
- Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.

To create a product, run the az apim product create command:

az apim product create --resource-group apim-hello-word-resource-group \
    --product-name "Contoso product" --product-id contoso-product \
    --service-name apim-hello-world --subscription-required true \
    --state published --description "This is a test."

You can specify various values for your product:

Parameter	Description
`--product-name`	The name as you want it to be shown in the developer portal.
`--description`	Provide information about the product such as its purpose, the APIs it provides access to, and other details.
`--state`	Select published if you want to publish the product to the developer portal. Before the APIs in a product can be discovered by developers, the product must be published. By default, new products are unpublished.
`--subscription-required`	Select if a user is required to subscribe to use the product (the product is protected) or a subscription isn't required (the product is open). See Access to product APIs later in this article.
`--approval-required`	Select if you want an administrator to review and accept or reject subscription attempts to this product. If not selected, subscription attempts are auto-approved.
`--subscriptions-limit`	Optionally, limit the count of multiple simultaneous subscriptions.
`--legal-terms`	You can include the terms of use for the product, which subscribers must accept to use the product.

Caution

Use care when configuring a product that doesn't require a subscription. This configuration may be overly permissive and may make the product's APIs more vulnerable to certain API security threats.

To see your current products, use the az apim product list command:

az apim product list --resource-group apim-hello-word-resource-group \
    --service-name apim-hello-world --output table

You can delete a product by using the az apim product delete command:

az apim product delete --product-id contoso-product \
    --resource-group apim-hello-word-resource-group \
    --service-name apim-hello-world --delete-subscriptions true

Add more configurations

Continue configuring the product after saving it. In your API Management instance, select the product from the Products window. Add or update:

Item	Description
Settings	Product metadata and state
APIs	APIs associated with the product
Policies	Policies applied to product APIs
Access control	Product visibility for developers or guests
Subscriptions	Product subscribers

Add APIs to a product

Products are associations of one or more APIs. You can include many APIs and offer them to developers through the developer portal. During the product creation, you can add one or more existing APIs. You can also add APIs to the product later, either from the Products Settings page or while creating an API.

Add an API to an existing product

Portal
Azure CLI

In the left navigation of your API Management instance, select Products.
Select a product, and then select APIs.
Select + Add API.
Select one or more APIs, and then Select.

Add an API to an existing product

To see your managed APIs, use the az apim api list command:

az apim api list --resource-group apim-hello-word-resource-group \
    --service-name apim-hello-world --output table

To add an API to your product, run the az apim product api add command:

az apim product api add --resource-group apim-hello-word-resource-group \
    --api-id demo-conference-api --product-id contoso-product \
    --service-name apim-hello-world

Verify the addition by using the az apim product api list command:

az apim product api list --resource-group apim-hello-word-resource-group \
    --product-id contoso-product --service-name apim-hello-world --output table

You can remove an API from a product by using the az apim product api delete command:

az apim product api delete --resource-group apim-hello-word-resource-group \
    --api-id demo-conference-api --product-id contoso-product \
    --service-name apim-hello-world

Access to product APIs

After you publish a product, developers can access the APIs. Depending on how the product is configured, they may need to subscribe to the product for access.

Protected product - Developers must first subscribe to a protected product to get access to the product's APIs. When they subscribe, they get a subscription key that can access any API in that product. If you created the API Management instance, you are an administrator already, so you are subscribed to every product by default. For more information, see Subscriptions in Azure API Management.

When a client makes an API request with a valid product subscription key, API Management processes the request and permits access in the context of the product. Policies and access control rules configured for the product can be applied.

Tip

You can create or update a user's subscription to a product with custom subscription keys through a REST API or PowerShell command.
Open product - Developers can access an open product's APIs without a subscription key. However, you can configure other mechanisms to secure client access to the APIs, including OAuth 2.0, client certificates, and restricting caller IP addresses.

Note

Open products aren't listed in the developer portal for developers to learn about or subscribe to. They're visible only to the Administrators group. You'll need to use another mechanism to inform developers about APIs that can be accessed without a subscription key.

When a client makes an API request without a subscription key:
- API Management checks whether the API is associated with an open product. An API can be associated with at most one open product.
- If the open product exists, it then processes the request in the context of that open product. Policies and access control rules configured for the open product can be applied.

For more information, see How API Management handles requests with or without subscription keys.

Next steps

In this tutorial, you learned how to:

Create and publish a product
Add an API to the product
Access product APIs

Advance to the next tutorial:

Create blank API and mock API responses

Tutorial: Create and publish a product

Prerequisites

Create and publish a product

Add more configurations

Add APIs to a product

Add an API to an existing product

Access to product APIs

Next steps

Additional resources