API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

How can we improve Azure API Management?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Deploy API management on-site

    We expost a number of developer API endpoints that are controlled via various API keys and products. We are looking to bring the functionality fully in-house and API management looks to fit the bill. Thus far it looks like there is only AZURE cloud... self-hosted would be ideal.

    583 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  15 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
    • Add monetization ability of API

      It is a common practice for API service developers to link the resource counts or product plans to pricing. The preference is for either integration ability to 3rd party services (ex. Braintree) or direct implementation so API developers can collect payment for services.

      567 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        planned  ·  22 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
      • Integrate WebHooks

        managing webhooks under api management will get us more control around who is allowed to do what: http://blogs.msdn.com/b/webdev/archive/2015/09/04/introducing-microsoft-asp-net-webhooks-preview.aspx

        537 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          10 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →

          Hi all – we could really use more information on the use cases you would like us to deliver with this feature. To quote Darrel’s post below:

          Are you looking for some kind of UI in the portal to enable developers to subscribe to webhooks exposed by APIs?
          Or are you looking for the additional security provided API Management to limit what events a user can subscribe to?
          Do you want to correlate the API Management subscription ID with registered webhooks?
          Any information you can give about the scenarios you would like help with would be great.

          Many thanks

        • Socket (full-duplex) support in addition to HTTP

          Having the ability to regulate and monitor HTTP services with API Management is great. Wouldn't it also make sense to offer the same for web sockets (or SignalR hubs, etc.) so we can let devs hookup into stream of events (live-data) instead of polling with REST calls?

          412 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            11 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
          • OpenAPI v3 support in Azure API Management

            The OpenAPI Specification [https://github.com/OAI/OpenAPI-Specification] (formerly known as Swagger) defines a standard, programming language-agnostic interface description for REST APIs. Azure API Management currently supports OpenAPI versions 1.2 and 2.0. We are in the process of adding support for the recently released version 3 of the specification in both JSON and YAML formats. Our work is based on the OpenAPI.NET SDK [https://github.com/Microsoft/OpenAPI.NET] open source project.

            365 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              started  ·  16 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
            • API DevOps with Azure API Management

              Customers commonly use separate Azure API Management service instances for various environments, e.g., production, staging, QA. These environments are usually shared by multiple development teams, each responsible for a subset of APIs. We are working on a set of guidance, samples, and open source tools that will enable customers to automate API deployment to shared environments by multiple teams without interfering with each other.

              266 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                started  ·  9 comments  ·  Lifecycle  ·  Flag idea as inappropriate…  ·  Admin →
              • Support for Let's Encrypt

                Allow publishers to easily use Let's Encrypt with the API management. https://letsencrypt.org/

                256 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                • Integration with Azure KeyVault

                  Currently, we store sensitive information in API Portal - Properties and use them as {{key}}

                  Provide integration of Azure KeyVault so that sensitive information can be stored in Azure KeyVault and allow using it inside API methods or policies like {{vault:key}}

                  By this feature, we will be able to centralize all the keys in the Azure KeyVault and use Properties only for non-sensitive information.

                  250 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    7 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
                  • API / Operation visibility

                    Make possible to manage the visibility not only at product level but also at API level (and even maybe at operation level)

                    232 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      under review  ·  10 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
                    • VPN/ExpressRoute support in Standard Tier

                      If you must charge more for VPN make it a paid for add-on for Standard tier.

                      Using the standard tier is already tough to justify for our low volume business case. Unfortunately the backend servers are in a private network so we need the ExpressRoute functionality.

                      API Management was justified based on it also being the authentication gateway and firewall between the Internet and our internal APIs. The business case doesn't work if we still need to manage Internet facing reverse proxy servers or pay for Premium.

                      218 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        under review  ·  11 comments  ·  Pricing  ·  Flag idea as inappropriate…  ·  Admin →
                      • Plan should be charged on usage not reserved instances

                        We was planning to create an API for our system and learning about Azure API Management, We liked the product, the only obstacle to decide if we'll use it or a VirtualMachine or WebRole was the price.
                        it's too much expensive for startups.

                        Today I received an anouncement from Amazon API Gateway and their plans are very attractive, they charge based on api usage not over reserved capacity. I think you should review your pricing policies to attract more customers.

                        The cloud appeal is the 'pay as you go', and your plans are a big limitation for most startups.

                        178 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          6 comments  ·  Pricing  ·  Flag idea as inappropriate…  ·  Admin →
                        • OData Import

                          Support import of API definitions and metadata from OData $metadata.

                          167 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            started  ·  11 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                          • Ability to import and export CMS[CONTENT MANGAMENT SYSTEM] for developer portal

                            Right now there is no way , to import or export customized CMS FROM environment to environment. It would be good if there is way to deploy the customized CMS from dev to prod or ST.

                            159 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              under review  ·  10 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
                            • Schema validation in APIM

                              When an actual request comes, we need to validate the schema of the request and while sending back the respose, the schema should be validated. Similar to validate feature of API connect (IBM).

                              http://www.ibm.com/support/knowledgecenter/SSFS6T/com.ibm.apic.toolkit.doc/rapim_ref_ootb_policyschemaval.html

                              147 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                under review  ·  3 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
                              • More flexible subscriptions in Azure API Management

                                Present model for providing access to APIs is based on product subscriptions owned by a user. Each subscription includes a few properties and a pair of API keys. We are working on expanding this model to allow subscriptions and keys to be owned by a group of users or not be associated with any users at all. This will allow customers the flexibility of creating an ad-hoc set of key or having keys shared by a team of users without worrying about their ownership when members leave or are added to the team.

                                123 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  started  ·  9 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                                • Restrict Portal Access by IP Address

                                  In some cases, Management Portal and Developer Portal should not be published into the Internet so that anonymous abusive users cannot attack the Portal, such as DDoS.
                                  If we can set a rule with IP address filtering like a firewall service, it would be very helpful to protect our API Management service.

                                  116 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    under review  ·  5 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Purge cache from external system

                                    To control caching time of API-returned items aggressively and issue a command to purge cache when from external system that is aware when items are refreshed. Refresh cycle is not periodic, and can vary.

                                    109 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      5 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Use Azure Key Vault-managed client certificates in Azure API Management

                                      A while ago we enabled the use of Azure Key Vault-managed SSL certificates for custom domain names in API Management. We are working to expand this feature to certificates used for mutual certificate authentication between the gateway and a backend.

                                      108 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        started  ·  2 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Circuit Breaker policy

                                        It would be nice to have a policy that implements the Circuit Breaker pattern (https://msdn.microsoft.com/en-us/library/dn589784.aspx)

                                        106 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          under review  ·  2 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
                                        • API keys to be owned by AAD group as opposed to user

                                          Instead of have a subscription be tied to a user, have it be tied to a (AAD) group. This is useful when a team is sharing the keys.

                                          103 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            under review  ·  4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 17 18
                                          • Don't see your idea?

                                          API Management

                                          Feedback and Knowledge Base