API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. assign Internal IP to APIM

    We have an APIM with an InternalVnet configuration.

    Currently we are testing Disaster Recovery Solutions and one pain point is the automatic assigned internal IP address.

    Each time we redeploy the APIM to test the DRS we need to create a change for the DNS and have more dependencies than needed to recover our solution

    Please make the Internal IP adjustable to enable fixed values assigned by us

    87 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Self-hosted API Management gateway

    To expand support for hybrid use cases and enable more efficient on-premises-to-on-premises call patterns for internal-only and internal/external APIs, we will provide an option for customers to self-host a containerized version of the API Management gateway component (fully equivalent to the gateway in the cloud, not a “micro-gateway”) on-premises or other environment e.g. other public clouds. Self-hosted gateway will require and will be managed from a cloud-based Azure API Management instance.

    974 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    started  ·  34 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add Self-hosted API Management gateway to Basic and Standard pricing tiers

    Please consider adding the self hosted API Management gateways to the basic and standard tiers. At a minimum at least three instances for HA purposes.

    The argument for this is that you will drive up the adoption of Azure APIM and generate considerable Azure consumption through the take up.

    Alternatively please consider a per gateway pricing option to cover any additional overheads.

    84 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow longer URLs and Query parameters

    Currently URLs in the Consumption Tier are limited to a length of 4096 bytes with a maximum length for query parameters of 2048 bytes (source: https://github.com/MicrosoftDocs/azure-docs/blob/master/includes/api-management-service-limits.md). As there is no maximum size defined in the URL standard, the API Management shouldn't constrain the length of URLs and Query Params either (or should have a much higher limit which does not restrict realistic use cases). This would e.g. allow the transmission of data-URLs, Authentication information in the Query Parameter or signed URLs.

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  5. Export variables reporting throttling information from rate-limit policy

    There are ongoing RFC to give clients the capability to throttle calls rate to avoid hitting the capping imposed by rate-limit policies.

    A possible way to implement this is to return in the response header 4 variables containing:


    • The current limit set by the policy

    • Amount of remaining calls before hitting the limit

    • Number of seconds to wait before getting the limit reset to the maximum

    • Number of seconds to wait before retrying (only when calls are blocked)

    119 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow developers to upload API Management code samples

    We have started using new developer portal and realized there is no way to add new language samples and edit existing templates. Could you please add a feature to add new language templates and update existing items.

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  7. Ability to Secure New Developer Portal Pages

    In the new developer portal there is no way to secure pages from being viewed. If i want to add supplementary api documentation pages in the portal I cannot specify to only allow that page to show when the user is logged in. The only real security in the portal is that apis and products won't show based on whether the user is logged in.

    The only capability present is to hide them in the navigation menu. So if I add a page at /apis/project/order. I can place it in the menu and say whether it will show up there,…

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  8. API Management more control with mail sending

    Currently there are very few options to set, when it comes to mailing about API Management events (new subscriptions, new developers, etc.).
    It would be great, if following could be included for e-mail configuration (some of these things help avoid e-mail being recognized as spam by some spam filters, as in our case):
    - optionally removing "on behalf of" when sending e-mail
    - including text/plain representation in sent e-mails (besides default text/html)
    - using SendGrid as a e-mail sender (as in other Azure services)
    - using custom reply address (instead of "on behalf of")

    Any maybe some other things that…

    59 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  9. Support renewal of certificates for API Management custom domain endpoint through ./well-known

    This applies to API Management instances with custom domain configured:
    https://docs.microsoft.com/bs-latn-ba/azure/api-management/configure-custom-domain

    We would like to use automatic renewal of the SSL certificate for the endpoint, but there currently is no acceptable method to support the proof of ownership required the certificate renewal provider of Azure: GoDaddy.

    Domain verification through DNS TXT record is not possible as it needs to be on root level of azure-api.net (which is owned by Microsoft and not the customer)

    HTML web page method is not possible as not possible to publish a page to .well-known/pki-validation/godaddy.html on the API Management endpoint.

    Email verification is a poor…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add API Management VNET Support to BASIC and STANDARD Tier

    Currently, VNET Support is available for only DEVELOPER and PREMIUM tier on API Management.
    But DEVELOPER is for non-production use cases. And PREMIUM is very expensive(the cost of PREMIUM is about 20 times higher than BASIC!)
    I hope that Virtual Network Option will be available at more lower cost.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support backendTlsVersion logging

    As multiple organizations and teams start enforcing TLS 1.2, it's always better to have this log to understand the TLS versions used by backend APIs. This will help teams strategize push for TLS 1.2 and make informed decisions.

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  12. Unique Business Model Benefits of Colocation AWS Direct Connect Available at Cloud Dedicated Interconnect Available at

    Unique Business Model
    Benefits of Colocation
    AWS Direct Connect Available at
    Cloud Dedicated Interconnect Available at
    Colocation
    Interconnection Services
    Telco Access
    Multi-Level Security
    Remote Technical SupportTIA-942 Rated 4 Fault Tolerance
    True Carrier Neutrality
    Uptime Institute Tier IV Fault Tolerance
    Extensive Business, Technical, & Operational ExperienceSECURITY & ACCESS
    Multi-level physical and electronic security
    24/7 security personnel patrols throughout the facility
    Multi-level physical identification checks before entry
    Controlled access to facility and colocation rooms through electronic access control system.
    Full digital IP camera coverage around the site with 24/7 continuous recording for 60 days.
    Controlled Access environment through strict access procedures
    CAI1-Specifications-SECURITY-min …

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Logic App backends in ARM Templates able to be selected like in Portal

    When setting up an APIM API and a backend in the portal, we are able to select a Logic App using an experience to find the logic app and the sub-resource. Then a radio button for Azure Logic App resource is selected with the name of the logic app and sub-resource. However, in an ARM template, this is impossible. Setting up the backend to point to the resourceId of the logic and deploying defaults this backend policy to HTTP and does not work unless fixed manually in the portal. Here is the snippet of the ARM template:

        {
    
    "type": "Microsoft.ApiManagement/service/backends",
    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  14. Support gRPC in Azure API Manager

    Please add support for gRPC to Azure API Manager.
    I would like to expose gRPC services to clients.
    It would also be great if we can have REST services for clients that call backend gRPC services.

    207 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add Developer Portal to Consumption Tier

    Please add the developer portal to the consumption tier.

    It's currently very confusing in the management portal as to what is supported and what isn't when using the consumption tier. For instance, it is possible to publish products, or define definition's for responses, yet this seems to only be for publishing in the developer portal.

    This article: https://docs.microsoft.com/en-us/azure/azure-functions/functions-openapi-definition comes close to explaining how to set up at least an OpenAPI definition - but it dosen't appear possible to link multiple existing Azure functions to an existing API Management gateway.

    Is the developer portal feature (in all other tiers) going to…

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  16. Distributed Tracing - W3C Trace Context Policy

    Add a policy that implements the W3C Trace Context specification. This means that if a request that arrives at APIM without a w3c trace context, APIM will create it and send it to the backend. If a request arrives with a w3c trace context already created, APIM will append its information to the context.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add policy to prevent brute force attacks in the API Management Consumption Tier

    Currently in Consumption Tier, there is no way to prevent abuse of unauthenticated endpoints. This allows attackers to be able to keep hitting these endpoints with random inputs until they succeed.

    Examples of such endpoints could be account activation, registration, password reset where an attacker can keep calling these endpoints with random values, since there is no throttling or check of any kind per API method to limit calls from the same IP in a given time frame.

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow conditional cors policy in the <inbound> policy section rather than restricting it to use only once in the <inbound> section.

    Allow conditional cors policy in the <inbound> policy section rather than restricting it to use only once in the <inbound> section. The desire state is in the attachment.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  19. Remove or extend "Maximum number of CA certificates per service instance"

    Currently there is a hard limit of 10 Certificate Authorities for the API Management Service. We need at least 50 Certificate Authorities / Intermediates for our customer.

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add support for ionic scheme in CORS policy

    Today CORS policy in APIM only allows http, https or file scheme in allowed-origins.
    https://docs.microsoft.com/en-us/azure/api-management/api-management-cross-domain-policies#CORS

    Ionic webview plugin serves application from ionic:// or custom scheme. None of http, https or file is valid in ionic webview.
    https://github.com/ionic-team/cordova-plugin-ionic-webview

    Please add support for inoic scheme. Thank you.

    109 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 25 26
  • Don't see your idea?

Feedback and Knowledge Base