API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

How can we improve Azure API Management?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add monetization ability of API

    It is a common practice for API service developers to link the resource counts or product plans to pricing. The preference is for either integration ability to 3rd party services (ex. Braintree) or direct implementation so API developers can collect payment for services.

    580 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      planned  ·  22 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
    • Use Azure Key Vault-managed client certificates in Azure API Management

      A while ago we enabled the use of Azure Key Vault-managed SSL certificates for custom domain names in API Management. We are working to expand this feature to certificates used for mutual certificate authentication between the gateway and a backend.

      129 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        planned  ·  2 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
      • More flexible subscriptions in Azure API Management

        Present model for providing access to APIs is based on product subscriptions owned by a user. Each subscription includes a few properties and a pair of API keys. We are working on expanding this model to allow subscriptions and keys to be owned by a group of users or not be associated with any users at all. This will allow customers the flexibility of creating an ad-hoc set of key or having keys shared by a team of users without worrying about their ownership when members leave or are added to the team.

        129 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          started  ·  10 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
        • Purge cache from external system

          To control caching time of API-returned items aggressively and issue a command to purge cache when from external system that is aware when items are refreshed. Refresh cycle is not periodic, and can vary.

          111 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            5 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
          • APIM Hybrid connection manager support for accessing on premise web services

            Accessing onPremise web services in APIM is very inconvenient and requires either complex vnet/vpn setup, use of extra products like AAD application gateway or custom coding of API apps combined with a hybrid connection.

            It is not even possible to use logic apps as codeless bridge since LAs are also unable to access on premise web services.

            The option of installing an on premise version of the gateway is also only on a future roadmap and handles a wider use case that just accessing on premise services.

            Request is to support using the hybrid connection manager in the APIM backend…

            64 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              under review  ·  2 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
            • Service Health Available API

              It's great that subscription level Incident and notifications are flowing into the management portal when I sign in. What about providing the same info in the API so I can integrate it into my own operational systems?

              45 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                3 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
              • Query Log Analytics metrics data using APIs

                The Monitor API does not return time-series data for Log Analytics Metrics.

                Steps to reproduce.

                1. Go to https://docs.microsoft.com/en-us/rest/api/monitor/metrics/list and click "Try it.
                2. Enter a resource ID for a Microsoft.OperationalInsights (Log Analytics) that contains a Platform Heartbeat metric.
                3. Enter "metricnames" and "Heartbeat", be sure to click "+" after
                4. Click Run

                The Timeseries collection is empty.

                When I run a query like the following through analytics I do see data:

                // See the last heartbeat for each computer in the last hour
                Heartbeat
                | where TimeGenerated > ago(1h)
                | summarize
                latest_heartbeat = max(TimeGenerated), // time of the most…

                28 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                • Deploy APIM in Azure Emulator to allow for local testing of configurations

                  Add APIM to the Azure emulator to allow testing of routing and policies.

                  28 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    under review  ·  0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                  • Ability to manage Subscription Keys for a Group of users

                    Allow the assignment of a subscription key that applies to a group of users. The idea is to create one shared subscription key that is tied to the group so as members of the group swap in/out they can use that key.

                    Think of a large company of developers, rather than creating a shared login the group of developers could be put into the group and then have access to that applications subscription keys.

                    The idea is really to treat the key as an entity that isn't a person but needs to be managed by several people, like give this…

                    24 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                    • Allow setting a "Reply-to" field on all emails

                      A user should be able to contact the API support by replying to the emails she receives.

                      Emails from the API Management are sent from a 'noreply' address (<apimgmt-noreply@mail.windowsazure.com>). Administrators should have the option to configure a "Reply-To" email address.

                      24 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                      • Add missing Issues features

                        The Issues section of API Management seems really lacking. To just name a few of the current shortcomings:

                        - Inability to edit/delete a comment (I hope no one every makes typos)
                        - Inability to delete a resolved issue.
                        - Inability to search issues.
                        - Inability to tag issues.
                        - Inability to control the view of issues (order by date, status, etc)

                        The API Management has many great features, but unfortunately Issues isn't one of them, and is an important part of our API management strategy

                        23 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          7 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                        • Email notifications per API or Product

                          Today, email notifications for a new registration or sub request are send to one or more email addresses. However, the configured email recipients get a notification for all APIs and all Products.

                          We're having different back office people handling the workflow requests of different API Products, so it would be much easier that they would only get notifications for their API products.

                          21 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            2 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                          • Provide Rich Text Editor in API/Operation Descriptions

                            For the API and Operation description (or any other that supports HTML, e.g. response descriptions) fields, instead of having to input HTML, a basic WYSIWYG editor would be nice so simple things like bold/emphasis/underline/lists/etc... can be created easily by people not strong in HTML and then having to save/view to test what it may look like.

                            16 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                            • Ability to delegate security on Content pages

                              We like to provide additional information to our authorized users in a more secure manner.
                              Anonymous guests shouldn't be able to see any and all Content that has been created.

                              15 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                under review  ·  1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                              • Confirm User Actions before making Routing Unavailable

                                An admin user accidentally clicked on a button in our primary prod API Mangement Service

                                API Mangement Service -> Virtual Network -> Apply network configuration

                                The user mistakenly pressed/released the mouse button while hovering over the WebUI/Component. The 'API Mangement Service' then stopped routing all traffic for just over 3 minutes of time (Effectively preventing traffic from being routed to/from clients). I confirmed this issue in a non-prod environment later.

                                Is it possible to have dialog introduced that will confirm user action when this button is pressed? I think it is an accident prone UI feature. To allow this one…

                                14 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  under review  ·  0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                                • Ability to turn off notifications, not just edit templates

                                  We need the ability to turn off notifications through the workflow. We are setting up accounts for clients and don't want most of the notifications that come out. We are having to enter fake email addresses just to prevent the notifications.

                                  13 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    under review  ·  1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Add ARM support for deployment of the operations, etc.

                                    Support to deploy all the configuration via ARM what now possible is via GIT.

                                    13 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      under review  ·  2 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Allow user to manage API when primary location is down

                                      When a new API Management Service is created, we need to choose an Azure location (say, Australia Southeast).

                                      Afterwards, we can scale the API Management Services to a second Azure location (say, Australia East).

                                      When Australia Southeast region has an outage, API can still be accessed via Australia East region. However, we cannot "manage" (e.g. add a new API or update API backend URL) the API Management Service during the "primary location" (Australia Southeast in the example) outage.

                                      It will be great if user can still manage the API Management Service when the "primary location" is down.

                                      13 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Allow tagging/categorization of APIs, operations, policies

                                        Either a single hierarchical category field or use flat tags where multiple can be applied to the same resource.

                                        12 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          planned  ·  3 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                                        • allow adding new dynamic attributes to email notification/templates

                                          Provide us with the ability to define our own attributes (today you allow on notification template 3 attributes: email, organization name and originating email). if you allow us to set up our own attributes we would be able to prepare the emails in a more sophisticated way. we will only have to amend the instance attributes and all of the emails will work for us.

                                          11 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            under review  ·  2 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5
                                          • Don't see your idea?

                                          API Management

                                          Feedback and Knowledge Base