API Management
Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.
-
Support for HTTP/2 for APIM connecting to backend services
HTTP/2 is supported for APIM client side facing communications, it will be great to support HTTP/2 also for backend side facing communications so that the entire request chain can be HTTP/2 enabled.
99 votesThank you for the feedback! We added this suggestion to the backlog and will update the item when we prioritize it for implementation.
-
Add Self-hosted API Management gateway to Basic and Standard pricing tiers
Please consider adding the self hosted API Management gateways to the basic and standard tiers. At a minimum at least three instances for HA purposes.
The argument for this is that you will drive up the adoption of Azure APIM and generate considerable Azure consumption through the take up.
Alternatively please consider a per gateway pricing option to cover any additional overheads.
89 votes -
Block HTTP and/or force HTTPS
Is there a way to disable the HTTP listener on the APIM service so that no responses occur for any requests to port 80.
We'd like to see a feature where we can disable the listener at port 80, or configure that listener to automatically force a redirect to HTTPS and port 443.
37 votesFor now you can use policy a policy at the global scope to check protocol and return a redirect if it’s http.
-
Support backendTlsVersion logging
As multiple organizations and teams start enforcing TLS 1.2, it's always better to have this log to understand the TLS versions used by backend APIs. This will help teams strategize push for TLS 1.2 and make informed decisions.
32 votes -
Remove standardized Azure URL from Swagger / WSDL file
We are using custom domains in our Azure API Management instances. Unfortunately when uploading a Swagger file, APIM automatically adds the standardized URL. Here's an example:
"x-servers": [
{
"url": "<a rel="nofollow noreferrer" href="https://gateway.api.qas.custom.com"">https://gateway.api.qas.custom.com"</a>;
},
{
"url": "<a rel="nofollow noreferrer" href="https://azurestandardname-northeurope-01.regional.azure-api.net"">https://azurestandardname-northeurope-01.regional.azure-api.net"</a>;
}This keeps confusing our customers when they download the description through the Dev Portal.
Please add an option to prevent the standard URL from being added to the API descriptiion (Swagger and WSDL)
26 votes -
fix erroneous catching of protocol violation errors
When an API (wrongly) return a response body and a "204 No content" return code, a "500 protocol violation error" should be raised by APIM instance.
In fact it is the case, but the protocol violation error is raised as a response on the call folowing the erroneous "204" API, not the erroneous API itself. The error is raised only the following call (whatever API it is) that is implemented on the same backend of the "204" API AND if the folowing call is made in the same HTTP session (I mean during the http "keep alive" timeout).
This bug…13 votesThank you for the feedback! We added this suggestion to the backlog and will update the item when we prioritize it for implementation.
-
Add support for Validation policies to the Self-hosted API Management gateway
At this moment this gateway logs this:
[37m[Info] 2021-04-15T02:58:56.020 [PolicyParsingScheduled], message: key: scope: Tenant, id: tenant, revision: 6, source: PolicyMapBuilder[0m
[33m[Warn] 2021-04-15T02:58:56.026 [PolicyParsingUnknownPolicy], message: Policy validate-content from Tenant configuration with Id tenant is removed from config.
, source: PolicyConfigurationParser[0m
[37m[Info] 2021-04-15T02:58:56.028 [PolicyParsingSucceeded], message: key: scope: Tenant, id: tenant, revision: 6, source: PolicyMapBuilder[0mIn the documentation its not mentioned that Validation policies are not supported by self hosted gateways:
https://docs.microsoft.com/en-us/azure/api-management/self-hosted-gateway-overview
12 votes -
Allow Server Side Events (SSE) to be consumed by client as text/event-stream and not as application/json
We created a microservice using Spring WebFlux (will produce Server Side Events) to expose an API that will publish data as an event stream which is consumed by the client as EventSource. However, the Azure API Gateway is preventing the data to be consumed as text/event-stream.
A similar concern is seen here: https://community.apigee.com/questions/61225/apigee-to-create-a-reactive-rest-api-for-continuou.html
12 votes -
MTOM support
I got a use case to set up interface with SAP ARIBA which is requesting MTOM support . based on the documentation I got I saw the following MTOM - Services using MTOM may work. Official support is not offered at this time.. it was in September 2017 . it should be great to support this feature as ARIBA is becoming a main player in Marketplace area.
Thanks11 votes -
Add "display name" properties of API & operations in Log Analytics"
Add "display names" properties (of APIs and operations) in Azure Diagnostics log entries. It would permit to make dashboards with a more signifiants labels rather than Ids that were chosed at creation (and that can't be changed after).
10 votes -
change machine hosts file
we publish a set of API exposed through internal services on AKS. Instead of using internal IP Address it would be great to use a sort of hosts file or point API management to a custom dns server so I can publish APIs with hostname and not the IP address.
9 votesSince you mentioned internal IPs, I assume API Management is deployed into the cluster’s VNET. If so, you should be able to use DNS associated with the VNET. Please elaborate on your use case.
-
Blue/Green Deployments using Versions
I was trying to implement Blue / Green deployments, which APIM doesn't really seem to support out of the box.
What we were planning to do was to (ab)use the versioning to create a "Green" and a "Blue" version of the API. We were going to use revisions to do our actual versioning since our versioning requirements are relatively simple.
I set up the versioning scheme to be Header Based, and I was using a "X-Colour" header to redirect to the correct version. This way, Testing could override the header for canary testing.
My global policy looked something like this:
…
8 votes -
Append new operations to an existing API with Az Powershell
In Azure API Management, I'm looking at the possibility of appending new operations to an existing API revision.
I can do it in Azure portal as shown in the attachment.
I don't see this flexibility (choosing between update and append) available in the powershell command that imports API https://docs.microsoft.com/en-us/powershell/module/az.apimanagement/import-azapimanagementapi?view=azps-4.7.0
7 votes -
Show APIM outbound IP in consumption tier
Azure App Service shows outbound IP addresses in the Azure portal under properties blade. Since APIM at consumption SKU is hosted in Azure App Service, we can list out outbound IP addresses in consumption tier as well, which be feasible as we just need to call API in app service side.
6 votes -
Missing of test to check the configuration with Application Gateway
This documentation is very good. However, I feeling missing of a test set cast to valid the configuration with Application Gateway.
3 votesWould be great to get some details to this idea. Thanks!
-
Improve APIM --> Function integration
store the function name that was imported and what end point operations where checked when imported. Then when a new version of the API is created, you can change the function name (would refresh end point operations), and then add/remove (if needed) operations by checkbox. Finally, if a new version of a function is uploaded, an event would fire off to rebuild all the API interfaces that have operations are pointing to it (like when importing) so it can keep in sync with the back end.
3 votes -
Automate selection of API's for Self-hosted Gateway
We would like to automate the selection of API's for a given APIM Gateway, to avoid manual steps when adding a new API to the APIM that should be included in the Gateway.
1 vote -
By adding documentation for REST Interface , Multi Client and self signed Certificate authentication
Documentation for REST Interface is very confusing as;
1) ARM specific operations and urls are mixed together with APIM service instance specific endpoints and operations.
2) PUT operations are titled as "Create or Update" operation while PATCH operation are marked as "Update" operation. This is confusing and costed us an outage; "Update" operation should be named as "Partial update" or "PATCH" operation in title. example:
https://docs.microsoft.com/en-us/rest/api/apimanagement/2019-12-01/apimanagementservice/createorupdateUsually,
POST operation is create operation
PUT is update
PATCH is partial update3) also the documentation should explain all the possible values of property attribute like
"virtualNetworkType": "None". //in documentation
"virtualNetworkType": "External" //not…1 vote -
Allow hostnames without certificates for self-hosted gateways
In a self-host gateway deployment I don't always need a publicly verifiable TLS certificate. I'd like to be able to allow additional hostnames, IP addresses, or even localhost as listening endpoints without having to specify a certificate.
Right now this makes it quite difficult to test the self-host gateway. I've wound up adding a hosts entry to shoehorn my publish APIM DNS name to my local gateway IP so I can test connectivity over http but this is far less than ideal.
1 vote -
Support for importing OpenApi spec file greater than 4MB in size
API import using File upload method does not work for files greater than 4MB in size. I don't find this limitation in any of the Azure documents but I see only in the Portal as shown in the attachment.
We have OpenApi spec files of size greater than 4MB and not able to use the file-based import method.
This request is to support API import of files greater than size 4MB.
1 vote
- Don't see your idea?