API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Display Name Not Unique

    I'm not sure why the operation's display name needs to be unique but if it does then it should include the operation verb in the uniqueness check.

    Having these two operations:

    POST \users
    GET \users

    Should not cause an error that the Display Name is not unique. Both of the operations should be allowed to be named "\users".

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  2. Basic Support for WS-Addressing

    The current support for SOAP-based services is good enough for some scenarios. However, one that I see missing that would make integrating WCF-based services easier would be to support basic WS-Addressing.

    In particular, if the API is implemented in WCF using WSHttpBinding with only transport security, it will be exactly the same as a regular BasicHttpBinding-based service with SOAP 1.2, except it will also require the WS-Addressing <To> and <Action> headers.

    For now, we've managed to make it work in SOAP-to-REST scenarios by manually inserting the WS-Addressing headers into the set-body template, but this can be very annoying for complex…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  3. OData URIs case insensitive

    OData URIs are managed in a case sensitive way, we have an operation with this URL /api/Companies({id}) and the only way we can invoke it is using the resource name in lowercase: /api/companies('424324')

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  4. Enable Swagger CollectionFormat = multi

    It does not appear that the swagger parameters with collectionformat = multi works in the test view. The list of options should be visible in a select list (at least) but allowing users to select multiple items would be best.

    example openapi:

    parameters: [
    {
    name: "status",
    in: "query",
    description: "Status values that need to be considered for filter",
    required: true,
    type: "array",
    items: {
    type: "string",
    enum: [
    "available",
    "pending",
    "sold"
    ],
    default: "available"
    },
    collectionFormat: "multi"
    }
    ],

    See the pet store example:
    http://petstore.swagger.io/v2/swagger.json
    /pet/findbystatus example.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support multiple APIs in Swagger import

    When importing a swagger file (created using SwashBuckle Nuget for WebAPI) with multiple APIs I get an error saying unable to Parse. Here's what my server currently returns:
    {"swaggerVersion":"1.2","apiVersion":"1.0","apis":[{"path":"/BookingApiController"},{"path":"/CourseController"},{"path":"/QueryApiController"},{"path":"/ReservationController"},{"path":"/ReviewApiController"},{"path":"/SearchController"},{"path":"/UserApiController"}]}

    then it should go through each of those to get the actual methods. I assume this is proper Swagger (I'm using SwashBuckle NuGet to generate these from my WebApi project). But the Import API function doesn't seem to handle this format. It works if I paste in just one of the controllers, but then I only get that part of the API.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  6. 'Create from App Service' to figure out the host / backend from AppService

    When 'Create from App Service', APIM should be able to figure out the host / backend based on AppService's domain name.

    Currently, APIM requires the swagger file to include the 'host' and would fail the import if the value is not included.

    "The OpenAPI specification should contain 'host' value"

    The host value is often unavailable for programmatically generated swagger file. And, site owner would have to manually modify the generated swagger file.

    It is tedious and bad user experience. Please consider implement the feature.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support all of the fields in OpenAPI spec for Info object

    Need to support all of the fields in Info object specifically TOS and License (https://swagger.io/specification/#infoObject)

    Today:

    "info": {
    "version": "1.0.0",
    "title": "API",
    "termsOfService": "https://.../terms-and-conditions",
    "license": {

      &quot;name&quot;: &quot;Microsoft&quot;,
    
    &quot;url&quot;: &quot;<a rel="nofollow noreferrer" href="https://.../terms-and-conditions&quot">https://.../terms-and-conditions&quot</a>;

    }
    }

    This is then shown in the Developer Portal as:

    "info": {
    "title": "Test",

    &quot;version&quot;: &quot;1.0&quot;
    

    }

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  8. Richer import for azure functions

    At the moment when importing an azure function limited metadata about the operation is captured in to the swagger.

    It would be useful if the import process could interrogate the use of attributes such as ProducesResponseType, Produces, Consumes etc.. to correctly generate the operation definition with models, content types etc..

    This could be rich enough to allow enums to be annotated with x-ms-enum, even if it required special APIM attributes to be used.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    need-feedback  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow different publisher teams to edit only their API's

    We have different product teams surfacing API's for their products that we present in our company's APIM instance, however the ability to edit an API (or view the contents of secret variables) in APIM from a permissions standpoint is currently an all or nothing proposition, an extension of RBAC (or similar) to restrict privileged access to individual API's / associated secrets would allow us to delegate responsibility for keeping API's current to the product teams rather than needing to manage the APIM centrally with product teems needing to submit requests for change to the central team.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support for parameters in API prefix

    Let's say I have root like api.com/trees/{tree-name}. I'd like to have an ability to create Branches API with api.com/trees/{tree-name}/branches/. The only option right now is to keep tree-name in a query.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Josh Twist responded

    Hi Dmitry, thanks for providing this feedback. Can you help me understand why you’d like this additional feature? Be great to understand why this would improve the product for you.

  11. Support for OpenAPI extensions for generated specifications

    Customer would like to add a number of custom attributes to their swagger, but it needs to happen for all generated swagger out of APIM.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  12. Import Private API's

    You cannot currently import API's from a private URL on a virtual network.

    It appears to be a requirement that to import an API it must be on a public URL

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow SOAP services with complex WSDL to be manually built

    My organization has a large number of legacy SOAP services that have large complex WSDL based on external XSDs. Currently the APIM product is not able to manage the service operations given the complexity. Allow for the type structures to be manually created so that the management tools can function.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow Api management publisher portal to host/upload root certificate to retrieve swagger document from web apis using self-signed certs

    Allow Api management publisher portal to host/upload root certificate to retrieve swagger document from web apis using self-signed certs.

    At the moment if you want to update the API's from a Web role using self-signed certs, it just fails to retrieve because of CA hierarchy or rather lack of.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  15. Import API to new revision

    Currently you can import a OpenAPI specification to either a new API, replace the existing API or append it to the existing API.
    It'd be useful to be able to create new revision off the newly imported rather then the currently available options.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add support for apiblueprint in Api Management

    I think you should try to support apiblueprint.org format for API management specification beyond WSDL and Swagger.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support swagger resusable parameters

    Support swagger resusable parameters.

    Support the root parameters of OpenAPI Spec.
    Currently import/update and portal schema editor, transforms reused parameters under each operation.

    We have API's that have a heavy use of reuseable parameters, and this bloats the swagger documentation quite alot.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  18. New error code MethodNotAllowed

    At this moment if the URL does not exists or if the URL exists but it is invoked with a non supported method, the error code returned is "OperationNotAllowed" with status code 404. The APIM should handle this situation in a better way by returning the error code "MethodNotAllowed" and the status code 405 just in case of the operation is being invoked with a non supported method.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enable entry of multiple examples for a given operation

    The portal only permits one example of a 200 OK response. I worked around this limitation by creating a larger JSON object consisting of an array of examples one property of which is the actual response.

    E.g.,

    [

    {
    
    &quot;Example&quot;: 1,
    &quot;Description&quot;: &quot;No filters are applied. Consequently, there are more than 25 results&quot;,
    &quot;RequestUrl&quot;: &quot;<a rel="nofollow noreferrer" href="https://apis.conmetwheelends.com/aftermarket/v2/details/summary/~/~&quot;">https://apis.conmetwheelends.com/aftermarket/v2/details/summary/~/~&quot;</a>,
    &quot;Response&quot;: {
    &quot;Status&quot;: &quot;TOO_MANY_RESULTS&quot;,
    &quot;Message&quot;: &quot;Indicates that the request was successful (it was a valid). However, the response returned too many results. This may occur if the request is under-constrained based on current data. Please apply additional filters to further constrain the
    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  20. Choose whether subscription key is taken as a query param, header or both

    Instead of the default where the subscription key is taken as both a query param and a header, allow the API administrator to choose. Also enable them to change the description of the field in the API definition.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base