Azure API Management Challenges: Finding the Right Path

Hey cloud architects! 👋

Following up on yesterday’s post about our document processing system, I wanted to share some interesting challenges we’ve encountered with Azure API Management (APIM) and the solutions we’re exploring.

The Challenge

While implementing our document processing system, we’ve hit a limitation with Azure API Management: it struggles with payloads larger than 100kB. This presents an interesting architectural decision point for our system.

Attempted Solutions

There’s actually a policy-based approach in APIM that supposedly handles larger payloads:

<validate-content unspecified-content-type-action="ignore" max-size="4194304" />

However, this solution comes with its own set of challenges:

  • The policy doesn’t seem to work reliably in practice
  • It adds another layer of complexity to our APIM policies
  • When combined with CORS handling, the policies become increasingly complex
  • Policy maintenance becomes a significant overhead

Current Workaround

As a temporary measure, we’ve implemented a simple file size limit of 100kB. While this gets us moving, it’s clearly not the long-term solution we need for handling larger documents effectively.

The Path Forward

I’m exploring a more robust approach:

  • Moving files to Azure Storage Account
  • Maintaining only references in local IndexDB
  • Preserving user privacy by avoiding direct user-file associations
  • Bypassing APIM size limitations entirely

While we could technically increase APIM’s limit to 4MB through a support ticket, I’m leaning towards the Storage Account solution as it provides better scalability and architectural cleanliness. This would also help us avoid the complexity trap of managing intricate APIM policies.

Deep Dive into APIM

Mastering Azure API Management book cover

If you’re interested in mastering Azure API Management and want to learn more about handling these kinds of challenges (and many others), check out my book “Mastering Azure API Management”. It covers everything from basic setup to advanced scenarios, including detailed discussions about policies, security, and architectural best practices.

Stay tuned as we continue to evolve our document processing architecture!

~ Sven