Azure Aigateway
Configure Azure API Management as an AI gateway with policies, .NET SDK patterns, and production-ready auth for model and MCP traffic
Install
npx skills add https://github.com/microsoft/azure-skills --skill azure-aigatewayWhat is this skill?
- Azure.ResourceManager.ApiManagement quick start
- WaitUntil and idempotent CreateOrUpdate guidance
- AI gateway triggers: caching, safety, load balancing
Adoption & trust: 373k installs on skills.sh; 1.2k GitHub stars; 2/3 security scanners passed (skills.sh audits).
Recommended Skills
Entra App Registrationmicrosoft/azure-skills
Lark Openapi Explorerlarksuite/cli
Supabasesupabase/agent-skills
Firebase Auth Basicsfirebase/agent-skills
Firebase Data Connectfirebase/agent-skills
Convex Quickstartget-convex/agent-skills
Journey fit
Primary fit
Gateway and API surface setup happens while wiring backends and external AI or agent endpoints into the product. APIM policies, products, and backends are integration-layer concerns between clients, models, and services.
Common Questions / FAQ
Is Azure Aigateway safe to install?
skills.sh reports 2 of 3 security scanners passed. Review the Security Audits panel on this page before installing in production.
SKILL.md
READMESKILL.md - Azure Aigateway
# API Management — .NET SDK Quick Reference > Condensed from **azure-mgmt-apimanagement-dotnet**. Full patterns (service > creation, APIs, products, policies, users, gateways, backends) > in the **azure-mgmt-apimanagement-dotnet** plugin skill if installed. ## Install dotnet add package Azure.ResourceManager.ApiManagement dotnet add package Azure.Identity ## Quick Start > **Auth:** `DefaultAzureCredential` is for local development. See [auth-best-practices.md](../auth-best-practices.md) for production patterns. ```csharp using Azure.ResourceManager; using Azure.Identity; var armClient = new ArmClient(new DefaultAzureCredential()); ``` ## Best Practices - Use `WaitUntil.Completed` for operations that must finish before proceeding - Use `WaitUntil.Started` for long operations like service creation (30+ min) - Use DefaultAzureCredential for **local development only**. In production, use ManagedIdentityCredential — see [auth-best-practices.md](../auth-best-practices.md) - Handle `RequestFailedException` for ARM API errors - Use `CreateOrUpdateAsync` for idempotent operations - Navigate hierarchy via `Get*` methods (e.g., `service.GetApis()`) - Policy format — use XML format for policies; JSON is also supported - Service creation — Developer SKU is fastest for testing (~15-30 min) --- name: azure-aigateway description: "Configure Azure API Management as an AI Gateway for AI models, MCP tools, and agents. WHEN: semantic caching, token limit, content safety, load balancing, AI model governance, MCP rate limiting, jailbreak detection, add Azure OpenAI backend, add AI Foundry model, test AI gateway, LLM policies, configure AI backend, token metrics, AI cost control, convert API to MCP, import OpenAPI to gateway." license: MIT metadata: author: Microsoft version: "3.1.1" compatibility: Requires Azure CLI (az) for configuration and testing --- # Azure AI Gateway Configure Azure API Management (APIM) as an AI Gateway for governing AI models, MCP tools, and agents. > **To deploy APIM**, use the **azure-prepare** skill. See [APIM deployment guide](https://learn.microsoft.com/azure/api-management/get-started-create-service-instance). ## When to Use This Skill | Category | Triggers | |----------|----------| | **Model Governance** | "semantic caching", "token limits", "load balance AI", "track token usage" | | **Tool Governance** | "rate limit MCP", "protect my tools", "configure my tool", "convert API to MCP" | | **Agent Governance** | "content safety", "jailbreak detection", "filter harmful content" | | **Configuration** | "add Azure OpenAI backend", "configure my model", "add AI Foundry model" | | **Testing** | "test AI gateway", "call OpenAI through gateway" | --- ## Quick Reference | Policy | Purpose | Details | |--------|---------|---------| | `azure-openai-token-limit` | Cost control | [Model Policies](references/policies.md#token-rate-limiting) | | `azure-openai-semantic-cache-lookup/store` | 60-80% cost savings | [Model Policies](references/policies.md#semantic-caching) | | `azure-openai-emit-token-metric` | Observability | [Model Policies](references/policies.md#token-metrics) | | `llm-content-safety` | Safety & compliance | [Agent Policies](references/policies.md#content-safety) | | `rate-limit-by-key` | MCP/tool protection | [Tool Policies](references/policies.md#request-rate-limiting) | --- ## Get Gateway Details ```bash # Get gateway URL az apim show --name <apim-name> --resource-group <rg> --query "gatewayUrl" -o tsv # List backends (AI models) az apim backend list --service-name <apim-name> --resource-group <rg> \ --query "[].{id:name, url:url}" -o table # Get subscription key az apim subscription keys list \ --service-name <apim-name> --resource-group <rg> --subscription-id <sub-id> ``` --- ## Test AI Endpoint ```bash GATEWAY_URL=$(az apim show --name <apim-name> --resource-group <rg> --query "gatewayUrl" -o tsv) curl -X POST "${GATEWAY_URL}/openai/deployments/<deployment>/chat/completions?api-v