Building a Serverless Expense Tracker API on Azure

Freeman MadudiliFreeman Madudili
3 min read

Table of contents

Introduction

In this guide, I’ll walk you through building a secure, serverless API for tracking expenses on Azure. Using Azure Functions for serverless computing, Cosmos DB for scalable data storage, and Azure Key Vault for secure secret management, this project highlights the power of cloud-native solutions. This high-level guide includes links to more detailed posts that cover each stage of the process, from local development to deployment and security.

1. Project Overview

A brief introduction to the project goals:

  • Building a serverless API that can handle multiple requests and scale as needed.

  • Storing expense data in a Cosmos DB with partitioning by username, which improves performance and scalability.

  • Securing sensitive data using Azure Key Vault and Managed Identity.

2. Architecture Diagram

3. Setting Up and Developing Locally

Overview: To start, let’s set up and test the API locally.

  1. Creating the Azure Function Project
    Follow this guide to create a function app using the Azure Functions Core Tools locally. Refer to Develop a Simple Expense Tracker API Locally Using Azure Functions for a step-by-step guide.

  2. Connecting to Cosmos DB Locally
    In the local settings, add your Cosmos DB connection string to local.settings.json. This allows you to test the connection and store expenses locally before deploying.

  3. Implementing the AddExpense and GetExpenses Functions

    • AddExpense Function: Handles incoming expense data, validates it, and stores it in Cosmos DB.

    • GetExpenses Function: Retrieves all expenses from Cosmos DB for a given user.

For the full function code and explanation, refer to Develop a Simple Expense Tracker API Locally Using Azure Functions.

4. Deploying the Expense Tracker API Using Azure CLI

Overview: Once the API works locally, the next step is deploying it to Azure.

  1. Creating and Setting Up Resources with Azure CLI

    • Use Azure CLI to create a resource group, storage account, and function app on Azure.

  2. Deploying the Function Code
    Package and deploy the function to Azure using CLI commands. This ensures that all resources and the function code are set up for cloud execution. For details, refer to Deploying a Function App Using Azure CLI.

5. Securing Secrets with Azure Key Vault and Managed Identity

Overview: Security is crucial when deploying to production. Use Azure Key Vault and Managed Identity to protect sensitive information like the Cosmos DB connection string.

  1. Storing Secrets in Azure Key Vault
    Store sensitive information in Key Vault for enhanced security. Using Key Vault offers fine-grained access control and centralized management of secrets.

  2. Setting Up Managed Identity for the Function App
    Enable Managed Identity on the Function App to allow it to securely access Key Vault without embedding credentials in the code.

  3. Configuring App Settings to Reference Key Vault
    Modify the Function App settings to retrieve the Cosmos DB connection string from Key Vault, allowing the app to access it securely.

    For more details on securing your function app, refer to Storing Secrets in Azure Key Vault and Accessing with Managed Identity.

6. Testing the Deployed Function App

After deploying and securing the API, test the endpoints:

  • Use Postman or curl to send requests to the AddExpense and GetExpenses endpoints.

  • Verify that data is correctly saved to Cosmos DB and retrieved when requested.

7. Cleaning Up Resources

When finished testing, delete the Azure resource group to avoid any additional charges.

az group delete --name <ResourceGroupName> --yes --no-wait

Conclusion

In this guide, I’ve outlined the core steps to building and deploying a secure serverless API using Azure Functions, Cosmos DB, and Azure Key Vault. This project demonstrates the power of Azure’s cloud-native tools and the flexibility of serverless architectures for modern applications. With the resources and step-by-step guides provided, you should have a strong foundation to build similar serverless solutions and expand this API further.

0
Subscribe to my newsletter

Read articles from Freeman Madudili directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Azure FunctionsCosmosDBAzure Managed IdentitiesAzure Key Vault

Written by

Freeman Madudili
Freeman Madudili