We have a backend that kind of does REST APIs but cannot handle simple Bearer tokens for authorization and cannot produce the full set of HTTP error codes (the platform just doesn't allow, for example HTTP 501 to be returned programmatically). There is no Swagger for the API.

The thought was to use Microsoft API Management Services as a proxy of sorts. It would handle the Bearer token upfront, and then just proxy / wildcard the requests/responses to the backend. The hard part is that it needs to parse the return response, and if there is something like "{ errorCode: 501 }" property in the JSON, it needs to return HTTP 501 instead of the regular payload.

Does anyone have any experience in setting this up? It seems like the basic policy processing won't cut it, and so function apps and logic apps seem to be the ticket. We want to keep this facade layer as thin as possible. Microsoft APIM is the only platform we're allowed to consider at this time.

I have an amazon server that I use to host my email and my simple website. I'm considering setting a vpn up on it, but I'm not sure if it's worth it. Would my data be as secure as with 3rd party vpns? Would Amazon see my traffic? It seems like if I go this route, anything that I do could be traced back to me, because the see the ip of my server and than ask amazon who owns it.