API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

How can we improve Azure API Management?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. import swagger problem with enum

    BUG?: While trying to import an existing API (in the developer portal) using the Import option I pointed it to the swagger endpoint <url>/swagger/docs/V1.00 and could not import. The issue was that we have defined several enums op type int that have different "labels" with the same int value which ends up as

    category":{"format":"int32","enum":[0,0,1,2,3,255,255],"type":"integer"}

    in the json file and leads to an error:

    Parsing error(s): Non-unique array item at index 1. Path 'definitions.EntryStatusCode.properties.category.enum[1]', line 1, position 49142.

    Although C# does not mind we have two 0 values one als "None" and one labels "Default" but the swagger import does.

    I'm…

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
    • Diagnostic logs

      UI EXPERIENCE: I configured diagnostic logs and in the portal it shows a list of logs but the size looks wierd. (see screenshot) I sontantly mistake the size to mean 13221 KB (ie 13MB) but in fact these logs are just 13 KB. My point is the decimal separator (.) and the use of 3 decimals looks wierd and confusing. Why do I need a filesize in 3 decimals

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
      • problem adding users to products preview azure portal

        I am unable to add users to product in the Azure Portal with the Products PREVIEW feature. Selecting a product, and then Subscriptions does show a list of users setting the checkbox and saving ends-up with a notification item that never stops stating "Subscribing user 'undefined' to product 'ProductName'" it looks like the user is not transfered as a paremeter correctly

        1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
        • Increase invitation Timeout

          Hi Team,
          Can we increase the invitation expiration time from 48 hours to 72 hours or longer?
          When we send out invitations on Fridays, most of them are missed, and we have to resend them on Monday again.
          Please take this use case into account.

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
          • Show all my APIs on Developer portal

            Lets say am user a@xyz.com at 2 or more API sites like api-A.contoso.com, api-B.contoso.com, api-C.contoso.com. I have to be registered at each site separately (with a user id and password) and managed individually. This becomes hard if we maintain a test APIM replica for each of those api-ABC sites (mentioned above). If APIM offers a mechanisms for the admins to mark other friendly domains, where user identities can be shared across. On the other side for the developers, the developer portal can offer one landing page for all APIs that they have subscribed (in the above case api-A.contoso.com, api-B.contoso.com, api-C.contoso.com)…

            1 vote
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
            • Capability to create a Logical container to group API's and APIM product with an assignable scope for RBAC.

              We host multiple web apis for different audience and want to provide them full access to APIM (for targetted APIs and APIM product) so that they could update and introduce new API's in the centrally hosted APIM. If we have logical group with its own security scope then we just need to add API and product resource in that logical group and grant permission to that scope using RBAC custom role. That will allow user to customize API and products without conflicting with APIs.

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
              • I would like Localization support for the developer portal

                When I create a API developer portal from API management service, I would like to localize to a specific language other than english.

                6 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
                • Add support for evaluating jsonpath expressions against request bodies within a policy and conditionally invoking an external request

                  I'd like the ability to use a jsonpath expression to query a json request body and send the results to an external endpoint for validation. This is intended to implement a form of request spoofing prevention

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
                  • List users in a group

                    I would like to be able to see the users assigned to a specific group in my API Management publisher portal.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
                    • View logging of onderlying APIM virtual machines for our Ops

                      Idea is that our Ops can see the logging of the underlying VM's that serve APIM. If this is visible, Ops know e.g. that an update is going on as a reason for a temporary outage. It means that we can better decide when it's time to take action and when it's allowed to just monitor the actions taken by Microsoft.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
                      • Ability to update Expired Invite messaging

                        Hi Team,
                        Can you please add support to customize the language/message in "Invalid invitation token" page?
                        We want to use a more user friendly message in our APIM instance, instead of the default one.

                        FYI:
                        Invalid invitation token
                        Please note that confirmation links are valid for only 48 hours. If you are still within this timeframe, please make sure your link is correct. If your link has expired, then please repeat the action you're trying to confirm.

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                        • Improved mutual certificate authentication for front-end / public endpoint

                          The current method of verifying client certificates is by hard-coding the certificate thumbprint into a conditional in the policy.

                          A better solution would be to be able to match the incoming thumbprint to ALL thumbprints in the uploaded SSL key stores. As described in the last paragraph here:
                          https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates-for-clients

                          However, currently only the private certificates are exposed in the context variable (context.Deployment.Certificates) rendering the aforementioned code non-working.

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                          • Possibility to Update WSDL

                            I have defined some SOAP endpoints. If I import a new version of the WSDL, my settings and operation specific policies are gone. I would like the possibility to update the WSDL while retaining my settings.

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                            • Log x-forwarded-for header in API Management Gateway log

                              If API Management is fronted by a WAF or Proxy the IP logged in the API Management Gateway log is not the original IP.

                              WAF's like the Application Gateway Web Application Firewall do add an x-forwarded-for header however the current API Management Gateway log does not include it.

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                              • APIM Hybrid connection manager support for accessing on premise web services

                                Accessing onPremise web services in APIM is very inconvenient and requires either complex vnet/vpn setup, use of extra products like AAD application gateway or custom coding of API apps combined with a hybrid connection.

                                It is not even possible to use logic apps as codeless bridge since LAs are also unable to access on premise web services.

                                The option of installing an on premise version of the gateway is also only on a future roadmap and handles a wider use case that just accessing on premise services.

                                Request is to support using the hybrid connection manager in the APIM backend…

                                5 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                                • bug: when converting a frontend GET to a backend POST the query parameters are not accessible in the policies

                                  When converting a frontend GET to a backend POST the defined query parameters are not accessible in the policies (eg. in <set-body>) using context.Request.Url.Query.GetValueOrDefault(). There is a workaround using URL template parameters, which are accessible using context.Request.MatchedParameters()

                                  4 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Bug?: Testing via Developer Portal results in 502 error on some backend data due to missing Accept-Encoding header

                                    Testing via the Developer Portal with certain backend sometimes returns:

                                    502 - Web server received an invalid response while acting as a gateway or proxy server.

                                    I am flagging this as a potential bug because the API works fine when testing from Azure Portal and other REST clients. Comparing traces it appears that the call from the Developer Portal include a lot fewer headers that the Azure Portal.

                                    Including the "Accept-Encoding" header resolves the issue and can be worked around by adding the following policy.

                                    <set-header name="Accept-Encoding" exists-action="skip">
                                    <value>gzip,deflate,sdch,br</value>
                                    </set-header>

                                    The backend in my case is node-red running as an…

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
                                    • AAD integration for all Teirs

                                      Just because we want a good API interface does not mean we are doing the next Facebook. APIM at Standard level would be, by far, the most expensive component of my entire end to end IoT data platform and includes far more bandwidth than I will likely require. But now you expect me to pay over 4 times as much just to integrate AD for a handful of users?

                                      I will either keep to Developer tier or if that is not sufficient the internal developers can use personal Microsoft accounts. On the bright side, it does eliminate a tie in…

                                      4 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Pricing  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Changes to Custom Domain implementation

                                        Support for Custom Domain appears to have changed how they are implemented.

                                        Previously the Developer Portal displayed only the Custom Domain (if/when specified in 'Azure Portal > API Management Service > Custom Domains and SSL' settings).

                                        Now the Developer Portal always displays the "*.azure-api.net" domain - and only provides the specified Custom Domain as drop-down menu option during 'Try It' operations.

                                        Feel this makes the use of Custom Domains redundant.
                                        (as Developer Portal users are only made aware of the Custom Domain IF they use the 'Try It' pages/functionality - which many may not view/access and therefore be completely unaware…

                                        16 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Allow creation of additional RBAC roles to delegate permissions individual Products or API's

                                          Implement some kind of RBAC model in which you can assign permissions to individual users or groups to only manage specific APIs, Products or Policies. We want to enable individual teams to manage their own Products and APIs (on a single APIM instance) without giving them the permissions to view or change settings on the Products and APIs of other teams.

                                          We do not want to spin up and manage APIM instances that are dedicated for a specific team.

                                          15 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 11 12
                                          • Don't see your idea?

                                          Feedback and Knowledge Base