API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Socket (full-duplex) support in addition to HTTP

    Having the ability to regulate and monitor HTTP services with API Management is great. Wouldn't it also make sense to offer the same for web sockets (or SignalR hubs, etc.) so we can let devs hookup into stream of events (live-data) instead of polling with REST calls?

    1,087 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    29 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  2. GraphQL introspective support within API Management

    Like swagger documents which describe REST endpoints, we would like to surface graphql queries and mutable schemas and types through the Developer portal.

    1,042 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  18 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support VNET for Basic Tier of APIM

    Our APIs are deployed to Service Fabric cluster in a VNET. If we want to expose our APIs through APIM, we have to use the Premium Tier of APIM since that's the only tier where VNET support is included.

    Premium Tier of APIM has bunch of other features like AD authentication, Multi-region support, 4000 reqs/sec etc., which we don't need and don't care.

    Why are all those features clubbed together and provided as an all or nothing solution?

    Basic Tier fits our use case perfectly, if only we can deploy it in a VNET.

    Service Fabric integration with APIM is…

    837 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  45 comments  ·  Pricing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add monetization ability of API

    It is a common practice for API service developers to link the resource counts or product plans to pricing. The preference is for either integration ability to 3rd party services (ex. Braintree) or direct implementation so API developers can collect payment for services.

    741 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  26 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  5. Integrate WebHooks

    managing webhooks under api management will get us more control around who is allowed to do what: http://blogs.msdn.com/b/webdev/archive/2015/09/04/introducing-microsoft-asp-net-webhooks-preview.aspx

    669 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →

    Hi all – we could really use more information on the use cases you would like us to deliver with this feature. To quote Darrel’s post below:

    Are you looking for some kind of UI in the portal to enable developers to subscribe to webhooks exposed by APIs?
    Or are you looking for the additional security provided API Management to limit what events a user can subscribe to?
    Do you want to correlate the API Management subscription ID with registered webhooks?
    Any information you can give about the scenarios you would like help with would be great.

    Many thanks

  6. Support for Let's Encrypt

    Allow publishers to easily use Let's Encrypt with the API management. https://letsencrypt.org/

    601 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Integration with Azure KeyVault

    Currently, we store sensitive information in API Portal - Properties and use them as {{key}}

    Provide integration of Azure KeyVault so that sensitive information can be stored in Azure KeyVault and allow using it inside API methods or policies like {{vault:key}}

    By this feature, we will be able to centralize all the keys in the Azure KeyVault and use Properties only for non-sensitive information.

    566 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  13 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  8. Schema validation in APIM

    When an actual request comes, we need to validate the schema of the request and while sending back the respose, the schema should be validated. Similar to validate feature of API connect (IBM).

    http://www.ibm.com/support/knowledgecenter/SSFS6T/com.ibm.apic.toolkit.doc/rapimrefootb_policyschemaval.html

    516 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  15 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  9. API / Operation visibility

    Make possible to manage the visibility not only at product level but also at API level (and even maybe at operation level)

    473 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  20 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  10. VPN/ExpressRoute support in Standard Tier

    If you must charge more for VPN make it a paid for add-on for Standard tier.

    Using the standard tier is already tough to justify for our low volume business case. Unfortunately the backend servers are in a private network so we need the ExpressRoute functionality.

    API Management was justified based on it also being the authentication gateway and firewall between the Internet and our internal APIs. The business case doesn't work if we still need to manage Internet facing reverse proxy servers or pay for Premium.

    395 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  15 comments  ·  Pricing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support gRPC in Azure API Manager

    Please add support for gRPC to Azure API Manager.
    I would like to expose gRPC services to clients.
    It would also be great if we can have REST services for clients that call backend gRPC services.

    388 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Use Azure Key Vault-managed client certificates in Azure API Management

    A while ago we enabled the use of Azure Key Vault-managed SSL certificates for custom domain names in API Management. We are working to expand this feature to certificates used for mutual certificate authentication between the gateway and a backend.

    361 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  8 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  13. Circuit Breaker policy

    It would be nice to have a policy that implements the Circuit Breaker pattern (https://msdn.microsoft.com/en-us/library/dn589784.aspx)

    263 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  4 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  14. More flexible subscriptions in Azure API Management

    Present model for providing access to APIs is based on product subscriptions owned by a user. Each subscription includes a few properties and a pair of API keys. We are working on expanding this model to allow subscriptions and keys to be owned by a group of users or not be associated with any users at all. This will allow customers the flexibility of creating an ad-hoc set of key or having keys shared by a team of users without worrying about their ownership when members leave or are added to the team.

    252 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    started  ·  17 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  15. OData Import

    Support import of API definitions and metadata from OData $metadata.

    245 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    13 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  16. On-board commands to Azure CLI 2.0

    See:
    https://github.com/Azure/azure-cli/issues/3614

    There is customer demand for this service to be support in Azure CLI 2.0 in order to develop cross-platform automation solutions.

    214 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. apim should allow more than 260 characters for URL path segments

    API definitions which have an ID as one path segment can have path segments which are larger than 260 characters (which is a windows limitation). Unfortunately this limitation is also part of the apim service and can be inceased by the product team on request. Why not setting it to a larger value as default or let me set an option like (windows compatible path length) when creating the instance?

    This problem is very critical if you face it because the apim service itself will block the request and you cannot handle/modify/forward the request to something else which can handle…

    213 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Developer portal users to be able to input Client ID and Client Secret to generate OAuth2 token

    OAuth2.0 - Update to the developer portal UI so that portal users can enter their own ClientId and Client Secret to generate token.

    227 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Code re-use in API policies using of custom functions or expressions

    I find myself regularly copying and pasting generic code functions across policies. It would be great if there was a policy where you add custom code functions or expressions to call in other policies. Maybe in the base policy or a new "custom expressions" policy.

    For example, I have generic code for policies fronting SOAP services that determines date timezones before converting dates to UTC. This code is duplicated across various APIs.

    Another example is a piece of code I add to each policy for error handling and recording to the event hub via logger.

    201 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  4 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  20. Mark api/operations as obsolete/deprecated

    Our api is updating frequently. Some operations and even whole api could be deprecated.
    We can't mark api/operations as deprecated. Now, only modify description could help us but it's not enough. Because nobody really read the description from start to end. And we can't highlight information in it.
    Please- give as a button "Mark api/operation as deprecated" + textbox for description why it happened and what other method should be used now(maybe with checking that new operations is available).
    Also highlight information about api/operation is deprecated in a description or somewhere else for a current consumers.
    And in the final-…

    199 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 30 31
  • Don't see your idea?

Feedback and Knowledge Base