API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Self-hosted API Management gateway

    To expand support for hybrid use cases and enable more efficient on-premises-to-on-premises call patterns for internal-only and internal/external APIs, we will provide an option for customers to self-host a containerized version of the API Management gateway component (fully equivalent to the gateway in the cloud, not a “micro-gateway”) on-premises or other environment e.g. other public clouds. Self-hosted gateway will require and will be managed from a cloud-based Azure API Management instance.

    928 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    started  ·  31 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  2. Export variables reporting throttling information from rate-limit policy

    There are ongoing RFC to give clients the capability to throttle calls rate to avoid hitting the capping imposed by rate-limit policies.

    A possible way to implement this is to return in the response header 4 variables containing:


    • The current limit set by the policy

    • Amount of remaining calls before hitting the limit

    • Number of seconds to wait before getting the limit reset to the maximum

    • Number of seconds to wait before retrying (only when calls are blocked)

    111 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  3. API Management more control with mail sending

    Currently there are very few options to set, when it comes to mailing about API Management events (new subscriptions, new developers, etc.).
    It would be great, if following could be included for e-mail configuration (some of these things help avoid e-mail being recognized as spam by some spam filters, as in our case):
    - optionally removing "on behalf of" when sending e-mail
    - including text/plain representation in sent e-mails (besides default text/html)
    - using SendGrid as a e-mail sender (as in other Azure services)
    - using custom reply address (instead of "on behalf of")

    Any maybe some other things that…

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Ability to Secure New Developer Portal Pages

    In the new developer portal there is no way to secure pages from being viewed. If i want to add supplementary api documentation pages in the portal I cannot specify to only allow that page to show when the user is logged in. The only real security in the portal is that apis and products won't show based on whether the user is logged in.

    The only capability present is to hide them in the navigation menu. So if I add a page at /apis/project/order. I can place it in the menu and say whether it will show up there,…

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support backendTlsVersion logging

    As multiple organizations and teams start enforcing TLS 1.2, it's always better to have this log to understand the TLS versions used by backend APIs. This will help teams strategize push for TLS 1.2 and make informed decisions.

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  6. Remove or extend "Maximum number of CA certificates per service instance"

    Currently there is a hard limit of 10 Certificate Authorities for the API Management Service. We need at least 50 Certificate Authorities / Intermediates for our customer.

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support gRPC in Azure API Manager

    Please add support for gRPC to Azure API Manager.
    I would like to expose gRPC services to clients.
    It would also be great if we can have REST services for clients that call backend gRPC services.

    140 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add policy to prevent brute force attacks in the API Management Consumption Tier

    Currently in Consumption Tier, there is no way to prevent abuse of unauthenticated endpoints. This allows attackers to be able to keep hitting these endpoints with random inputs until they succeed.

    Examples of such endpoints could be account activation, registration, password reset where an attacker can keep calling these endpoints with random values, since there is no throttling or check of any kind per API method to limit calls from the same IP in a given time frame.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add Developer Portal to Consumption Tier

    Please add the developer portal to the consumption tier.

    It's currently very confusing in the management portal as to what is supported and what isn't when using the consumption tier. For instance, it is possible to publish products, or define definition's for responses, yet this seems to only be for publishing in the developer portal.

    This article: https://docs.microsoft.com/en-us/azure/azure-functions/functions-openapi-definition comes close to explaining how to set up at least an OpenAPI definition - but it dosen't appear possible to link multiple existing Azure functions to an existing API Management gateway.

    Is the developer portal feature (in all other tiers) going to…

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add support for ionic scheme in CORS policy

    Today CORS policy in APIM only allows http, https or file scheme in allowed-origins.
    https://docs.microsoft.com/en-us/azure/api-management/api-management-cross-domain-policies#CORS

    Ionic webview plugin serves application from ionic:// or custom scheme. None of http, https or file is valid in ionic webview.
    https://github.com/ionic-team/cordova-plugin-ionic-webview

    Please add support for inoic scheme. Thank you.

    84 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Disallow or show warning when filling in duplicate OperationId

    When adding a new operation in Azure Api Management, you can type in the "name". In the backend this is the operationId.
    However if you type in an already exisiting operationId it will overwrite that operation (and merge certain features, like tags).
    It would be nice to disallow this, or to show a warning that this will overwrite an existing operation.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support for multi-tenant user login delegation

    In a multi-tenant scenario, there is no option to delegate user login to multiple urls, the delegation section allows only one url.

    It would be great if it would allow one delegation endpoint per custom developer portal domain.

    42 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  13. New Portal - Ability to expand 'object' and 'object[]' to see nested fields

    With the currently developer portal when you're viewing an API endpoint, you are only seeing the parent fields, so if something is nested or an array, you're only seeing the top level. See the attached screenshot.
    We would like to be able to expand the object or array to see the fields contained within as well.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  14. Use DDoS Protection Standard with VNET integrated API Management gateway

    We would like to use DDoS Protection Standard for our VNET integrated API Management Service. A possible solution could be to have self-signed public ip's for the public endpoint.

    P.S. We cannot put a Application Gateway v2 in front of API gateway because of the requirement of Client Certificate Authentication.

    48 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Support for HTTP/2 for APIM connecting to backend services

    HTTP/2 is supported for APIM client side facing communications, it will be great to support HTTP/2 also for backend side facing communications so that the entire request chain can be HTTP/2 enabled.

    51 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  16. Full-text search that covers all web pages of the DevPortal

    To enable all users/visitors of the DevPortal to search for key terms, the DevPortal shall
    - provide a google-like full-text search function that searches in all pages of the DevPortal including the meta data for each page
    - For each page, meta data can be entered (e.g. synonyms) to improve the search results
    - provide a web widget with a customizable search field that can be easily added on pages and layouts/templates on any place.
    - offer options on how to display the search results, e.g., on the same page, in a new window, or in a new browser tab…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  17. ci/cd integration with Azure DevOps

    API management really needs some better integration with Azure DevOps and Github and support for CI/CD pipelines. Right now the only source control built into the platform is via a private git repo that is built into the API mgmt instance. This works for small scale development. For something larger scale like within enterprises this becomes difficult as development teams may not have access to the azure portal or there are multiple teams working on different APIs. I have seen some demonstrations about alternatively managing via ARM templates via a custom set of tools, but it should really be something…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Lifecycle  ·  Flag idea as inappropriate…  ·  Admin →
  18. Show method of operation on the developer portal Report page for consistency and readability.

    Method name is already included in the API Details page which makes it super easy to distinguish with what operation and method combination you are working with.

    I would like to see this included for the reports page since the way it is now is difficult to read (unreadable even) because you cannot distinguish a GET from a POST.

    Example:
    I have a endpoint named Enquiries.
    One with GET and one with POST.
    So I go to the reports page to see how fast the average response time is. There is no way to distinguish the two.

    See screenshot.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support in "produces" section the Accept-Header from OpenAPI specification

    The produces/consumes is MIME type.
    1. The “consumes” specify the format that the API can accept. So “consumes” only affects operations with a request body, such as POST, PUT and PATCH.
    And is sent via “Content-Type” header
    2. The “produces” specify the format that the API can return.
    And I sent via “Accept” header

    Using the “Accept” header the user can select needed API response MIME type (e.g. "text/plain", "application/octet-stream", "/").

    When sending a request with SwaggerUI, We can selecte "application/octet-stream" Response Content Type.
    The request was sent by Swagger UI with the “Accept” header value filled "application/octet-stream".

    51 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add "Subscription count limit" feature for subscriptions without a user

    Right now, the "Subscription count limit" under Product -> Settings applies to the number of subscriptions without a user too. This should not be the case, the number of subscriptions you can create from the Azure Portal, without being assigned to a user, should not be limited to the "Subscription count limit". I understand that this limitation is by design and that currently, this limit applies to a user/product combination. However, subscriptions that have a "null" username should be exempt from this limit. I would suggest having a separate configurable limit here for non-user subscriptions or configuring this number to…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 23 24
  • Don't see your idea?

Feedback and Knowledge Base