API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Retry Policy to allow Event Forwarding to Event Hub

    Provide the ability to allow the Retry Policy to call the log-to-eventhub policy. Currently today, when retries are attempted in the back end, we lose perspective of when this occurs and how often. When we lose perspective to how often retries occur, we lose perspective to possible issues in our environment.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  2. Keep serving expired cached content if web service is unavailable

    If caching is enabled and the underlying web service is unavailable, the API service should keep serving expired content. This allows the underlying web service to be temporarily unavailable without the API breaking.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  3. New policy: "update-context-variables" to add multiple context variables at once

    We should have a new policy: "update-context-variables" whose policy expression allows us to directly update the IReadOnlyDictionary<string, object> context.Variables, such that we can add multiple variables in a single policy expression.

    Use case:
    I have an application that receives a requests with json in the body, validates the shape of the json and its various fields, before passing that json forward to an eventhub service.

    My policy XML is overly verbose, because I have to iterate through that json multiple times to in multiple set-variable policies. I would like a single policy that would allow me to iterate through that…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  4. Use NamedValues within C# expression

    In the existing implementaiton it is not possible to directly access data from NamedValue table within C# policy expressions, for ex: a code like "var x = {{dataStoredInNamedValue}}" will not work. The only way to access the namedValue it appears is to use XML Policy templates, for ex: '<set-variable value="{{some-value}}"/>'. So to use the data stored in namedValue, it should be first fetched using <set-variable/> and later this variable need to be accessed in C# expression, this is roundabout, and there should be a direct way to access these values.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  5. CORS headers

    When CORS policy is configured all responses should return CORS headers. Currently if a 4xx response is returned, headers are not returned.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  6. Set proxy configuration for “send-request” policy

    I can found “Set HTTP proxy” policy. And I tried this policy on APIM. But this HTTP proxy setting effected only <forward-request>. All requests by <send-request> were not bypassed via proxy.

    Set HTTP proxy
    https://docs.microsoft.com/en-us/azure/api-management/api-management-advanced-policies#SetHttpProxy

    I hope to add new proxy configuration for “send-request” policy

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  7. Provide built in policies to authenticate Azure Rest APIs.

    It is very complicate to make use of any Azure REST APIs since the authentication headers are complex to create.

    Useful cases would be :

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow System.Linq.IGrouping within expressions

    The GroupBy operator is a pretty common LINQ operator incredibly useful in doing transformations of data.
    It would be tremendous if this was available within policy expressions.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  9. client cert with public key

    We have a scenario that we would like to use Azure APIM to replace another vendors API GW in use today. However, there is a serious flaw in APIM that prevents us to do so. Many of our web services (this is healthcare so a bit more old school) are secured by client cert auth. If the public cert isn't in our API GW store and authorized for the web service then the authentication/authorization is rejected.

    Azure APIM currently (as far as I can tell) only allows certs with private keys to be loaded for validation using the cert store…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  10. Provide the API Management in the Azure Germany Cloud

    I would great if this product would become available in the Azure Germany Cloud anytime soon.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  11. Reduce min renewal-period in qouta/call rate policy from 3600 second to 60

    In our application we have 3 products:
    bigcompany
    smallcompany
    freelancer

    We know that freelancer can't make more that 20 actions per minute. It's physical limitation. If we can define that was 50-70 actions per minute for us it means that freelancer is not alone and he is cheating. We want limit such type of behaviour, but quota less than 3600 second is not valid .

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  12. API Mgmt. policy management PowerShell module

    The policies should be definable and manageable thru PowerShell. There should be a separate module for Azure API Mgmt. Policy Mgmt. An IT Pro shouldn't have to learn XML to manage these policies.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support for conversion to SWIFT messaging proticol and vice versa

    Customers in the banking industry are asking for this..

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  14. Support AAD JWT token validation more directly using AAD metadata

    There is currently a way to validate JWT tokens in the policies. This is great. However, it could be done better in the case the JWT tokens are issued by AAD. In that case one would like to give the tenant ID of AAD and the Application ID that is assigned to the API. This way the policy would automatically extract the valid certificate from AAD metadata (something like https://login.microsoftonline.com/38cda3b4-71fa-4748-a48e-e50ef1ebfe00/federationmetadata/2007-06/federationmetadata.xml).

    That would prevent us from having to do this manually each time the global AAD certificate changes (next one is before mar 2019). It would be more in the…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  15. Policy aliases required

    We require some policy aliases:


    1. Resource: Microsoft.DataMigration
      Aliases:
      sourceConnectionInfo.type
      sourceConnectionInfo.encryptConnection


    2. Resource: Microsoft.ApiManagement
      Aliases:
      tenantAccess.enabled
      identity
      securityProtocolsTls


    3. Resource: Microsoft.Web
      Aliases:
      kind
      identity


    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow asymmetric key validation with validate-jwt policy

    Currently Validate-JWT policy does not support asymmetric key validation.
    The JWT token is encrypted for various reasons with asymmetric key specially in case of B2B scenarios.

    We need a way to specify the IssuerSigningKey to validate-jwt policy.

    https://devblogs.microsoft.com/aspnet/jwt-validation-and-authorization-in-asp-net-core/

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow backend call details in "context" interface

    It would be very usefull to have access to backend call details via a new context "backend" interface so we could have access to "status code", backend url, call duration...
    In fact all that could be usefull to analyse "backend calls" in outbound policies.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  18. Caching OPTIONS response should be for url rather than dependent on parameters/headers.

    we need facility in policies for caching response of OPTIONS method type. So that browser does not send OPTIONS calls. Also caching should be done on url only and not different sessionid/reuqest headers/parameters.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  19. Deploy policy as xml file

    If we keep policies as XML (instead of allowing policy definition in JSON for instance) can we deploy the policy as a separate XML file so we don't have to have escaped XML within JSON templates? This is similar to B2C IEF custom policies which are uploaded as XML files.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  20. XSD for polices

    Is there a published XSD version for polices syntax ?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base