API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Reader roles should not be able to see subscription keys

    Currently, users assigned the "Reader" or "Monitoring Reader" role are able to reveal subscription keys in the API Management portal. As is the case with other Azure products, secrets should not be accessible to members of these roles.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Blue/Green Deployments using Versions

    I was trying to implement Blue / Green deployments, which APIM doesn't really seem to support out of the box.

    What we were planning to do was to (ab)use the versioning to create a "Green" and a "Blue" version of the API. We were going to use revisions to do our actual versioning since our versioning requirements are relatively simple.


    I set up the versioning scheme to be Header Based, and I was using a "X-Colour" header to redirect to the correct version. This way, Testing could override the header for canary testing.

    My global policy looked something like this:

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  3. Disable the Developer portal

    Could you please provide a feature to disable the Developer portal (a feature to hide the login page) for users who do not use the developer portal.
    -The feature to disable the Developer portal
    -The feature to restrict access to Developer portal by IP address
    etc.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  4. A process for manually approving new users

    Today, you have the possibility to force a manual process for approving a user access to a product. However, if you need to enable simple username-password you have no possibility to have a manual process for approving a user access to the portal.

    It would be good for a user to see all products and APIs available in the portal, being able to browse and discover APIs. This means that anyone can create a user and browse APIs, basically spying on a company thru the names of APIs and products.

    The other way is to hide all APIs behind Products…

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Customize 'New subscription requested notification'

    The current 'new subscription requested notification' messages can't be modified in the 'Notification templates'. The current messages sent to APIM admins include the following:

    "Dear member of the [API Team],
    It is our pleasure to let you know that your API has another potential subscriber! [AccountName] submitted a subscription request to the API product [ProductName] on [RequestedDateTime].
    Please accept or decline the request by going to the [ProductName] page on the administrative portal located here [DevPortal link].
    Thank you,
    [API Team]
    [Dev Portal URI]"

    A more useful feature for admins is the ability to approve/reject the request either directly from…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    triaged  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Limit call rate by key in the Consumption tier

    The rate-limit-by-key policy prevents API usage spikes on a per key basis by limiting the call rate to a specified number per a specified time period. This is really important feature of api managament and it's not available in Consumption tier.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  7. Use Azure Key Vault-managed client certificates in Azure API Management

    A while ago we enabled the use of Azure Key Vault-managed SSL certificates for custom domain names in API Management. We are working to expand this feature to certificates used for mutual certificate authentication between the gateway and a backend.

    234 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  4 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support VNET for Basic Tier of APIM

    Our APIs are deployed to Service Fabric cluster in a VNET. If we want to expose our APIs through APIM, we have to use the Premium Tier of APIM since that's the only tier where VNET support is included.

    Premium Tier of APIM has bunch of other features like AD authentication, Multi-region support, 4000 reqs/sec etc., which we don't need and don't care.

    Why are all those features clubbed together and provided as an all or nothing solution?

    Basic Tier fits our use case perfectly, if only we can deploy it in a VNET.

    Service Fabric integration with APIM is…

    287 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  22 comments  ·  Pricing  ·  Flag idea as inappropriate…  ·  Admin →
  9. On-board commands to Azure CLI 2.0

    See:
    https://github.com/Azure/azure-cli/issues/3614

    There is customer demand for this service to be support in Azure CLI 2.0 in order to develop cross-platform automation solutions.

    198 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. More flexible subscriptions in Azure API Management

    Present model for providing access to APIs is based on product subscriptions owned by a user. Each subscription includes a few properties and a pair of API keys. We are working on expanding this model to allow subscriptions and keys to be owned by a group of users or not be associated with any users at all. This will allow customers the flexibility of creating an ad-hoc set of key or having keys shared by a team of users without worrying about their ownership when members leave or are added to the team.

    172 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    started  ·  15 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  11. Automatically create new revision on swagger definition change

    It wold be very nice if through a CI/CD pipeline there was an option to have an ARM template or CLI flag that could check the API Swagger definitions, or just automatically re-import them and create a revision of them if different. This would make the CI/CD Pipeline much more simple as you wont need the special tools to extract this, then update the git repo, etc.

    Ideally the pipeline would change to ->

    Publish API changes
    Publish APIM Artifacts
    Azure CLI to update APIM with flag to update schema if swagger uri is specified.
    etc... Considering I don't really…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Describe what a member is and must have

    Describe what restrictions are put on members. Must member be users with accounts in some local active directory? Are members just strings so any name can be entered?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow to filter/select operations when adding a new API from a OpenAPI spec

    Currently, if you need to create/update an API from an OpenAPI spec with only a small subset of the whole list of operations supported by your backend, you will need to edit the generated spec to remove all the operations/types not required which is boring and error prone, or import all of them and remove all the undesired ones one-by-one, which makes our lives sad and miserable..
    A simple UI which allows to filter/select the specific operations we need to import/update would be awesome!!

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  14. Enable the use of SSH protocol for authentication to APIM Git repos

    Current: Interacting with our APIM git repos requires the use of username/password credentials, with the password being generated on the "Access credentials" section of APIM on Portal. This password is valid for 30 days, max: https://docs.microsoft.com/en-us/azure/api-management/api-management-configuration-repository-git#to-clone-the-repository-to-your-local-machine

    Desired: Allow users to upload public ssh keys to the APIM tenant, so that users, remote servers, and services can connect to the repo using the SSH protocol. Github currently allows this: https://help.github.com/en/articles/about-ssh

    This is especially important for our CLI configuration. We have our APIM git repo loaded as a submodule for our project, as we have integration tests that compare our backend controllers…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  15. Having the ability to

    Having the ability to see which ciphers are active within the APIM. At the moment you can disable 3DES in the Portal and 9 other ciphers using a PATCH/PUT command but you cannot see which ciphers are actually active anywhere.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. Make User Email Address Validation in the Azure Portal match RFC specifications.

    I was not exhaustive in testing, but the case I found was that the domain portion of the email address could not have a leading capital letter. Such an email address meets RFC specifications. It would be good if the validation was updated to allow for all valid email addresses.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. List and operation all the products for the Groups(Administrators, Developers, etc)

    We are able to find out which groups the product belongs to in product blade, However, if we could find the products in Groups blade and operation(add, remove) in batch, it's will be much better. sorting is also needed for Groups blade if product is integreted.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  18. Log custom traces to Application Insights

    Provide a policy to log custom traces to Azure Application Insights, similar to the log-to-eventhub policy.

    109 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  4 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow non-premium tier API managers to have multiple proxy custom domains

    We're trying to develop some API's and in order to host them through an API manager and have the endpoints resolve to the proxy domain we have to set up API managers for every single API, unless we use the premium tier. But the premium tier is SO much more expensive than the developer tier it just isn't cost effective to do that.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Pricing  ·  Flag idea as inappropriate…  ·  Admin →

    APIs in Api Management are identified by their name. Let’s say the names of the the two APIs are “api1” and “api2” respectively and the default host name of the API Management instance is “constoso.azure-api.net”. Both APIs would share the same host name and would be addressed as follows:

    api1: constoso.azure-api.net/api1
    api2: constoso.azure-api.net/api2

    Please explain why are you compelled to have individual host names for your APIs?

  20. Soap to Rest - Better error details

    Give better error description when the import process from WSDL to REST fails.
    At present time the error is quite generic and only give us the last xml node processed with success, leaving us to a painful try and error approach to why the import did not work.
    It would be nice to have more detail about the error, for instance the line number in the WSDL, the type of error detected (recursion,etc).

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base