API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

How can we improve Azure API Management?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. New policy to sign JWT

    We currently have a scenario where we secure the calls to Api Management instances via JWT signed specifically for APIM. Based on some criteria, we are then signing new JWT's, to talk to back end environments. We do not want to secure the actual Api's via certificates, but simply via JWT's signed by Api Manager.

    Currently I am using a secured call to an azure function that signs a Jwt and returns the token back but ideally we would like to have this feature built in.

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
    • Fix API Management Analytics (all request seem to come from source U.S.)

      In the Api Management Analytics page, all request seem to come fromj United Status, which is not the case in reality. Our App Service is deployed in WestEurope, so that must be the source of the requests to this API (also in WestEurope).
      Please fix that issue. Issue has been created as ticket at Microsoft Support [REG:117021415315202]. Answer from Ice Shi:
      "
      After checking with our APIM production team, I got the root cause of why the APIM analytics data shows all come from US.
      Current this data based off an IP to region lookup DB we get from the…

      7 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
      • Ability to upload root and intermediate SSL certificates for backend services

        We are using our own internal Certificate Authority, and use SSL certificates generated from this CA for our backend services. Without uploading the root and intermediate SSL Certificates, we cannot validate the SSL chain. The alternative is to bypass chained validation for the backends, but this brings in other security risks (as we cannot guarantee where the backend SSL certs come from - they could be self signed, as an example).

        2 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
        • 23 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            4 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
          • allow group

            Allow restricting groups to specific operations vs per api. Maybe a policy editor entry?

            4 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
            • Provide API to retrieve developer keys

              I need to get the developer keys through an API to link azure api manager to my own web application

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
              • Azure B2C authentication for Developer Portal

                For the APIs, if we have to provide access to developer portal to end customers' development teams, currently we have to provide Swagger URL for documentation. This trims down some of the functionalities provided inside Developer Portal

                Is there anyway to allow customer's development team to use their Azure B2C accounts to access Developer Portal so that we can do effective user management.

                4 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
                • Allow CORS headers for Management API

                  In order to invoke Management REST API endpoint (like ***.management.azure-api.net/apis?api-version=vvv) from browser's JS code, CORS headers should be enabled there. Moreover, full Management REST API endpoint configuration (thru Azure portal) is very welcomed addition.

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
                  • Allow setting a "Reply-to" field on all emails

                    A user should be able to contact the API support by replying to the emails she receives.

                    Emails from the API Management are sent from a 'noreply' address (<apimgmt-noreply@mail.windowsazure.com>). Administrators should have the option to configure a "Reply-To" email address.

                    6 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                    • Support for Let's Encrypt

                      Allow publishers to easily use Let's Encrypt with the API management. https://letsencrypt.org/

                      17 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                      • Integration with azure data catalog and event hubs - enable swagger definitions to be inherited by data stores and pipelines

                        Integration with azure data catalog and event hubs - enable swagger definitions to be inherited by data stores and pipelines

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
                        • CORS headers

                          When CORS policy is configured all responses should return CORS headers. Currently if a 4xx response is returned, headers are not returned.

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
                          • Developer-facing UX for Basic Auth credentials

                            Today, APIM provides a nice developer-facing UX for acquiring OAuth 2.0 access tokens – specifically, a dropdown is rendered on the Console page with whatever supported grant types have been selected for the Authorization Server associated with the API.

                            But for APIs that use a Basic Authentication security model for user-level authorization, there is no similar developer-facing UX. So this means that developers using the portal have to manually click “Add header”, select “Authorization”, and then specify the base-64 encoded value for their username:password. That works fine, but it’s a little cumbersome.

                            It would be nice if APIM could provide…

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
                            • Expose response headers in API documentation

                              The Swagger/OpenAPI specification has explicit support for defining response headers. The latest version of SwaggerUI also supports the display of these response headers in an operation's documentation. It would be nice if Azure API Management also supported exposure of response headers defined in a swagger.json specification.

                              7 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                              • Display description included in JSON schema

                                It's great that we are able to provide JSON schema for request definitions. As we are using the "description" property in our request schema to give some useful hints regarding each property, it would be nice to have this shown in the developer portal (like it is done in the "Model" view of swagger UI). Currently the descriptions are a bit hidden in the schema definition and not so obvious for the developers.

                                9 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
                                • Working with Policies in Ibiza

                                  Hi all,

                                  here are few recommendations related to user experience when working with policy editor in Ibiza.

                                  1. Click on 'Save' should save but not close policy editor. How about additional Save and Close button?

                                  2. FrontEnd blade of an operation should not be empty. It could show all required parameters for operation. Right now, we have to click Edit and see empty screen. Same issue for policies.
                                  3.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Can we configure policies for certail APIs programatically.

                                    I want to configure policy for rate limiting. Is it possible to do programmatically.

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • microservices scenarios examples

                                      I am trying to use Azure APIM as microservices gateway, however there is little information and examples about same. It is generic use case in latest microservices architectural style.

                                      Can you guys please improve upon documentation,examples and videos on channel 9 relate do the same. Also, there is not much details available about Rest API which is used behind for APIM.

                                      4 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Prepare yourself for Microsoft Azure training

                                        Learn the architecture, services, tools, portals & apps of Microsoft Azure with NetCom Learning as your learning partner. Live & In-person classes with hands-on Labs training. Get trained by MS certified Instructors.For more information Visit: http://bit.ly/2iaxo4E

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Extend the various schemas

                                          Having extensibility built into the user, application and other schemas would be useful for capturing the correct level of data from users

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 8 9
                                          • Don't see your idea?

                                          Feedback and Knowledge Base