API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

How can we improve Azure API Management?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Integrate WebHooks

    managing webhooks under api management will get us more control around who is allowed to do what: http://blogs.msdn.com/b/webdev/archive/2015/09/04/introducing-microsoft-asp-net-webhooks-preview.aspx

    554 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      11 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →

      Hi all – we could really use more information on the use cases you would like us to deliver with this feature. To quote Darrel’s post below:

      Are you looking for some kind of UI in the portal to enable developers to subscribe to webhooks exposed by APIs?
      Or are you looking for the additional security provided API Management to limit what events a user can subscribe to?
      Do you want to correlate the API Management subscription ID with registered webhooks?
      Any information you can give about the scenarios you would like help with would be great.

      Many thanks

    • OpenAPI v3 support in Azure API Management

      The OpenAPI Specification [https://github.com/OAI/OpenAPI-Specification] (formerly known as Swagger) defines a standard, programming language-agnostic interface description for REST APIs. Azure API Management currently supports OpenAPI versions 1.2 and 2.0. We are in the process of adding support for the recently released version 3 of the specification in both JSON and YAML formats. Our work is based on the OpenAPI.NET SDK [https://github.com/Microsoft/OpenAPI.NET] open source project.

      484 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        started  ·  21 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
      • Socket (full-duplex) support in addition to HTTP

        Having the ability to regulate and monitor HTTP services with API Management is great. Wouldn't it also make sense to offer the same for web sockets (or SignalR hubs, etc.) so we can let devs hookup into stream of events (live-data) instead of polling with REST calls?

        461 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          12 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
        • OData Import

          Support import of API definitions and metadata from OData $metadata.

          167 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            11 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
          • Multiple URL Template for a operation

            Having multiple URL Templates for a operation will make it easy to configure the optional parameters.

            44 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
            • Mark api/operations as obsolete/deprecated

              Our api is updating frequently. Some operations and even whole api could be deprecated.
              We can't mark api/operations as deprecated. Now, only modify description could help us but it's not enough. Because nobody really read the description from start to end. And we can't highlight information in it.
              Please- give as a button "Mark api/operation as deprecated" + textbox for description why it happened and what other method should be used now(maybe with checking that new operations is available).
              Also highlight information about api/operation is deprecated in a description or somewhere else for a current consumers.
              And in the final-…

              42 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
              • Import mandatory query parameters as query rather than in the URL template

                When an API is imported into API-M using Swagger, mandatory query parameters are imported into the URL template rather than as query parameters.

                The effect of this is when a parameter is missing API-M returns a 404. The correct behaviour should be to return a 400 Bad Request with a validation error, or pass the request to the back-end API to return an appropriate error.

                I suggest adding an option to import mandatory query parameters from Swagger as query parameters.

                41 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  under review  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                • different endpoint for an operation based on product

                  Would be nice to have the option to define a different endpoint to different products. This will allow to define a 'test' and 'live' products that works with different environments. While at the same time the developers keys, examples, etc are all in one place.

                  38 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    planned  ·  1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                  • Do not deploy echo-api when deploying via the SDK or ARM template.

                    If I create a new Microsoft.ApiManagement/service resource and I do not have any Microsoft.ApiManagement/service/apis defined I would not expect a "example api" to be included.

                    The SDK and ARM templates are for people to automate their deployments, adding a API to show someone how to use the APIM service on ALL new deployments does not make sense in a scripted environment.

                    If when creating a new APIM from the web portal causes it to add a extra api to show the usage of APIM, that is fine, I world totally understand that behavior. But adding un-asked for apis during a…

                    24 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      under review  ·  2 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                    • SOAP import WSDL with external XSD

                      All our SOAP services files use external XSD files that are imported into the WSDL. To import these in API Management, we need to merge the files into one big WSDL.

                      It would be nice if we could import the WSDL and the imported XSD files without the need to create a "merged" WSDL

                      23 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        planned  ·  3 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                      • Customize error schema messages

                        Is there a way to control message error schema in Azure APIM? .. we don't want expose two kind of message errors .. we would like to return always the same structure.

                        In our case, we use a diagnostics object to return message errors in our internal API:

                        {"$diagnosis": [{"$severity": "error","$sdataCode":"errorCode","$message": "errorMessage","$source": "urlSource"}]}

                        However, if we overflow the rate limit policy, Azure APIM returns an object like this:

                        {"statusCode": 429,"message": "Rate limit is exceeded. Try again in 52 seconds."}

                        We would like to return in this case something like this:

                        {"$diagnosis": [{"$severity": "error","$sdataCode":"429","$message": "Rate limit is exceeded. Try again in…

                        19 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                        • Display Name Not Unique

                          I'm not sure why the operation's display name needs to be unique but if it does then it should include the operation verb in the uniqueness check.

                          Having these two operations:

                          POST \users
                          GET \users

                          Should not cause an error that the Display Name is not unique. Both of the operations should be allowed to be named "\users".

                          16 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            planned  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                          • Importing swagger into API Management modifies the original swagger content...

                            When importing the swagger document for an API the import process modifies the content which when output drives warnings in a swagger editor. Some items that appear to change, summary attribute becomes description attribute, consumes is dropped, a response type Object with type of array is redefined as a $ref and rename ObjectArray. It would be good to have the option to maintain the original definition and structure rather than modifying

                            13 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              under review  ·  1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                            • Support multiple APIs in Swagger import

                              When importing a swagger file (created using SwashBuckle Nuget for WebAPI) with multiple APIs I get an error saying unable to Parse. Here's what my server currently returns:
                              {"swaggerVersion":"1.2","apiVersion":"1.0","apis":[{"path":"/BookingApiController"},{"path":"/CourseController"},{"path":"/QueryApiController"},{"path":"/ReservationController"},{"path":"/ReviewApiController"},{"path":"/SearchController"},{"path":"/UserApiController"}]}

                              then it should go through each of those to get the actual methods. I assume this is proper Swagger (I'm using SwashBuckle NuGet to generate these from my WebApi project). But the Import API function doesn't seem to handle this format. It works if I paste in just one of the controllers, but then I only get that part of the API.

                              11 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                              • Support all of the fields in OpenAPI spec for Info object

                                Need to support all of the fields in Info object specifically TOS and License (https://swagger.io/specification/#infoObject)

                                Today:

                                "info": {
                                "version": "1.0.0",
                                "title": "API",
                                "termsOfService": "https://.../terms-and-conditions",
                                "license": {
                                "name": "Microsoft",
                                "url": "https://.../terms-and-conditions"
                                }
                                }

                                This is then shown in the Developer Portal as:

                                "info": {
                                "title": "Test",
                                "version": "1.0"
                                }

                                10 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  under review  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                                • Hiding operations in developer portal

                                  This is a duplicate but the original suggestion was closed as Completed.

                                  I would like to hide operations in the developer portal but still expose them through the proxy.

                                  10 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    3 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Improved mutual certificate authentication for front-end / public endpoint

                                    The current method of verifying client certificates is by hard-coding the certificate thumbprint into a conditional in the policy.

                                    A better solution would be to be able to match the incoming thumbprint to ALL thumbprints in the uploaded SSL key stores. As described in the last paragraph here:
                                    https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates-for-clients

                                    However, currently only the private certificates are exposed in the context variable (context.Deployment.Certificates) rendering the aforementioned code non-working.

                                    10 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      under review  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Support for parameters in API prefix

                                      Let's say I have root like api.com/trees/{tree-name}. I'd like to have an ability to create Branches API with api.com/trees/{tree-name}/branches/. The only option right now is to keep tree-name in a query.

                                      8 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                                        under review  ·  Josh Twist responded

                                        Hi Dmitry, thanks for providing this feedback. Can you help me understand why you’d like this additional feature? Be great to understand why this would improve the product for you.

                                      • Support for OpenAPI extensions for generated specifications

                                        Customer would like to add a number of custom attributes to their swagger, but it needs to happen for all generated swagger out of APIM.

                                        7 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          under review  ·  1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Import Private API's

                                          You cannot currently import API's from a private URL on a virtual network.

                                          It appears to be a requirement that to import an API it must be on a public URL

                                          7 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            under review  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1
                                          • Don't see your idea?

                                          API Management

                                          Feedback and Knowledge Base