We have a backend that kind of does REST APIs but cannot handle simple Bearer tokens for authorization and cannot produce the full set of HTTP error codes (the platform just doesn't allow, for example HTTP 501 to be returned programmatically). There is no Swagger for the API.

The thought was to use Microsoft API Management Services as a proxy of sorts. It would handle the Bearer token upfront, and then just proxy / wildcard the requests/responses to the backend. The hard part is that it needs to parse the return response, and if there is something like "{ errorCode: 501 }" property in the JSON, it needs to return HTTP 501 instead of the regular payload.

Does anyone have any experience in setting this up? It seems like the basic policy processing won't cut it, and so function apps and logic apps seem to be the ticket. We want to keep this facade layer as thin as possible. Microsoft APIM is the only platform we're allowed to consider at this time.