Microsoft Azure API Management · Arazzo Workflow

Azure API Management Provision Certificate for Backend

Version 1.0.0

Upload a certificate, create a backend that uses it for mutual TLS, then read the backend.

1 workflow 1 source API 1 provider
View Spec View on GitHub A2AAI GatewayAPI CenterAPI GatewayAPI ManagementEnterpriseMCPMicrosoft AzureArazzoWorkflows

Provider

microsoft-azure-api-management

Workflows

provision-certificate-backend
Upload a certificate and bind a backend to it.
Uploads a certificate, creates a backend that references it, then reads the backend to confirm.
3 steps inputs: backendId, certificateId, data, password, resourceGroupName, serviceName, subscriptionId, url outputs: backendResourceId, certificateResourceId
1
uploadCertificate
Certificate_CreateOrUpdate
Upload or update the certificate used for backend authentication.
2
createBackend
Backend_CreateOrUpdate
Create the backend that references the certificate for mutual TLS authentication.
3
getBackend
Backend_Get
Read the backend back to confirm the certificate binding.

Source API Descriptions

openapi
azureApiManagementApi https://raw.githubusercontent.com/api-evangelist/microsoft-azure-api-management/refs/heads/main/openapi/microsoft-azure-api-management-rest-api-openapi.yaml

Arazzo Workflow Specification

microsoft-azure-api-management-provision-certificate-backend-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Azure API Management Provision Certificate for Backend
  summary: Upload a certificate, create a backend that uses it for mutual TLS, then read the backend.
  description: >-
    Secures a backend connection with a client certificate. The workflow uploads
    or updates a certificate, creates a backend that references the certificate
    thumbprint for mutual TLS authentication, then reads the backend back to
    confirm the wiring. Every step spells out its request inline so the flow can
    be read and executed without opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: azureApiManagementApi
  url: ../openapi/microsoft-azure-api-management-rest-api-openapi.yaml
  type: openapi
workflows:
- workflowId: provision-certificate-backend
  summary: Upload a certificate and bind a backend to it.
  description: >-
    Uploads a certificate, creates a backend that references it, then reads the
    backend to confirm.
  inputs:
    type: object
    required:
    - subscriptionId
    - resourceGroupName
    - serviceName
    - certificateId
    - backendId
    - url
    properties:
      subscriptionId:
        type: string
        description: The Azure subscription identifier.
      resourceGroupName:
        type: string
        description: The resource group containing the service.
      serviceName:
        type: string
        description: The API Management service name.
      certificateId:
        type: string
        description: The certificate identifier to create.
      data:
        type: string
        description: The Base64-encoded certificate (PFX) data.
      password:
        type: string
        description: The certificate password.
      backendId:
        type: string
        description: The backend identifier to create.
      url:
        type: string
        description: The backend service URL.
  steps:
  - stepId: uploadCertificate
    description: >-
      Upload or update the certificate used for backend authentication.
    operationId: Certificate_CreateOrUpdate
    parameters:
    - name: subscriptionId
      in: path
      value: $inputs.subscriptionId
    - name: resourceGroupName
      in: path
      value: $inputs.resourceGroupName
    - name: serviceName
      in: path
      value: $inputs.serviceName
    - name: certificateId
      in: path
      value: $inputs.certificateId
    requestBody:
      contentType: application/json
      payload:
        properties:
          data: $inputs.data
          password: $inputs.password
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      certificateResourceId: $response.body#/id
  - stepId: createBackend
    description: >-
      Create the backend that references the certificate for mutual TLS
      authentication.
    operationId: Backend_CreateOrUpdate
    parameters:
    - name: subscriptionId
      in: path
      value: $inputs.subscriptionId
    - name: resourceGroupName
      in: path
      value: $inputs.resourceGroupName
    - name: serviceName
      in: path
      value: $inputs.serviceName
    - name: backendId
      in: path
      value: $inputs.backendId
    requestBody:
      contentType: application/json
      payload:
        properties:
          url: $inputs.url
          protocol: http
          credentials:
            certificateIds:
            - $steps.uploadCertificate.outputs.certificateResourceId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      backendResourceId: $response.body#/id
  - stepId: getBackend
    description: >-
      Read the backend back to confirm the certificate binding.
    operationId: Backend_Get
    parameters:
    - name: subscriptionId
      in: path
      value: $inputs.subscriptionId
    - name: resourceGroupName
      in: path
      value: $inputs.resourceGroupName
    - name: serviceName
      in: path
      value: $inputs.serviceName
    - name: backendId
      in: path
      value: $inputs.backendId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      backendResourceId: $response.body#/id
  outputs:
    certificateResourceId: $steps.uploadCertificate.outputs.certificateResourceId
    backendResourceId: $steps.createBackend.outputs.backendResourceId