Transforming Prescription Benefit Facilitator (PBF) with Azure API Management

Organization

Our client, a family and pharmacist-owned Prescription Benefit Facilitator (PBF), is dedicated to redefining the prescription benefits industry. Their mission is to deliver an innovative, clinically focused model that not only improves health outcomes but also enhances service delivery through transparency. They offer a pass-through arrangement that aligns with customer objectives, curbing unnecessary drug utilization, ensuring optimal health results, and guaranteeing cost savings.

Challenge

As part of an extensive digital transformation strategy, our client embarked on a multi-phase project aimed at modernizing their IT infrastructure. This included the implementation of a robust API Management solution on the Azure cloud to facilitate the secure and scalable delivery of services while aligning with both current and future business requirements. Additionally, they sought to integrate Azure Active Directory (AD) for identity and access management, ensuring secure, streamlined authentication and authorization processes across their ecosystem.

The challenge was compounded by the lack of internal expertise in cloud architecture and API management, necessitating the engagement of a trusted technology partner. Furthermore, our client required a solution that could support high availability and resilience, in line with their stringent business continuity objectives, ensuring uninterrupted service delivery.

Technical Solution

XTIVIA partnered with the Prescription Benefit Facilitator (PBF) to design and implement a sophisticated cloud-native API management solution using Azure API Management (APIM), integrated with Azure Active Directory (Azure AD) for seamless authentication and authorization. The architecture was meticulously crafted to ensure the highest levels of security, scalability, and flexibility, addressing both current and future needs.

Key components of the solution include:

• Separate APIM Solutions for External and Internal Users: XTIVIA deployed distinct API Management (APIM) solutions for external and internal users across multiple environments. This segmentation allowed for fine-grained control over API access and security policies. Internal APIM was deployed in internal mode, enhancing security by restricting access and allowing only authorized internal users to interact with the APIs.
• Secure Developer Portals: Customized Developer Portals were implemented for both internal and external API Gateways across all environments. These portals provide a streamlined and secure interface for developers, with tailored access for both internal teams and external partners, facilitating seamless API consumption and integration.
• Azure AD B2C Integration for External Users: For external customer sign-in, Azure AD B2C was implemented, enabling external users to authenticate using their social media accounts such as Facebook, Google, and others. This identity management solution enhances user experience while maintaining stringent security protocols.
• OAuth 2.0 Authorization: The solution incorporated robust OAuth 2.0 authorization flows, including Authorization Code and Client Credentials Grant Types, ensuring secure and flexible authorization mechanisms for both internal and external users.
• API Registration and Security: All existing APIs were registered with Azure AD and secured through the Azure API Gateway, ensuring that only authorized users and systems could access sensitive data and services. This approach enforces a secure and consistent authentication model across the entire ecosystem.
• Integration with Third-Party Application Gateway: To further enhance security, the External APIM was integrated with a third-party Application Gateway, providing an additional layer of protection for APIs exposed to external consumers.
• Custom Domain Configuration: Custom domains were configured for Azure AD, as well as for both internal and external API Gateways across multiple environments. This ensured that all communications, whether internal or external, were secure, branded appropriately, and aligned with the organization’s domain naming conventions.
• APIM Portals Integrated with Azure AD: To streamline user authentication, the APIM Portals were fully integrated with Azure Active Directory, ensuring single sign-on (SSO) capabilities for both internal and external users, improving the overall user experience and security.
• High Availability and Multi-Region Deployment: To support high availability and disaster recovery, the APIM solutions were deployed in multiple Azure regions. This ensures that services remain operational even in the event of a region failure, supporting a robust business continuity plan.
• API Policies and Product Configuration: XTIVIA implemented API policies and API products that define access rules, throttling, and monitoring for each API endpoint. These policies were configured to invoke backend Java services hosted in on-premise environments, ensuring seamless integration between cloud-based APIs and on-premise infrastructure.

This comprehensive Azure API Management solution, integrated with Azure AD and secured with best-in-class practices, provides a scalable, high-availability, and secure API ecosystem that supports the Prescription Benefit Facilitator’s business and IT needs.

Business Result

The deployment of the Azure API Management (APIM) solution integrated with Azure Active Directory (Azure AD) and multi-region high availability has delivered significant benefits to the Prescription Benefit Facilitator (PBF):

• High Availability & Disaster Recovery: Multi-region APIM deployment ensures seamless fail-over, supporting PBF’s business continuity and minimizing service disruptions.
• Enhanced Security & Access Control: The integration of OAuth 2.0 and Azure AD B2C enables secure, flexible authentication for internal and external users, while APIs are securely registered with Azure AD and protected by Azure API Gateway.
• Custom Developer Portals: Tailored portals for both internal teams and external partners enhance collaboration and API consumption.
• Unified Identity Management: Azure AD and B2C streamline identity management and access for both internal and external users.
• Third-Party Integration: Integration with an external Application Gateway adds an additional layer of security for exposed APIs.
• API Policies & Scalability: Fine-tuned API policies, backend integration, and scalable resources ensure security, performance, and cost-efficiency.

The solution supports PBF’s digital transformation, providing a secure, scalable, and high-availability API ecosystem for growth and operational efficiency.

KEYWORDS
Azure API Management (APIM), Azure Active Directory (Azure AD), Azure AD B2C, OAuth 2.0, High Availability, Disaster Recovery, API Security, Cloud-native Solutions, Microservices, API Gateway, Developer Portals, Third-Party Integration, Identity and Access Management (IAM), Custom Domains, API Policies and Products

SOFTWARE
Azure API Management (APIM), Azure Active Directory (Azure AD), Azure AD B2C, OAuth 2.0, Azure Traffic Manager

HARDWARE
Azure

XTIVIA needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime, read our Privacy Policy here.