API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Show APIM outbound IP in consumption tier

    Azure App Service shows outbound IP addresses in the Azure portal under properties blade. Since APIM at consumption SKU is hosted in Azure App Service, we can list out outbound IP addresses in consumption tier as well, which be feasible as we just need to call API in app service side.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support backendTlsVersion logging

    As multiple organizations and teams start enforcing TLS 1.2, it's always better to have this log to understand the TLS versions used by backend APIs. This will help teams strategize push for TLS 1.2 and make informed decisions.

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  3. Logic App backends in ARM Templates able to be selected like in Portal

    When setting up an APIM API and a backend in the portal, we are able to select a Logic App using an experience to find the logic app and the sub-resource. Then a radio button for Azure Logic App resource is selected with the name of the logic app and sub-resource. However, in an ARM template, this is impossible. Setting up the backend to point to the resourceId of the logic and deploying defaults this backend policy to HTTP and does not work unless fixed manually in the portal. Here is the snippet of the ARM template:

        {
    
    "type": "Microsoft.ApiManagement/service/backends",
    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add ability to switch language in Developer Portal

    Add ability to switch language in Developer Portal.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add support for ionic scheme in CORS policy

    Today CORS policy in APIM only allows http, https or file scheme in allowed-origins.
    https://docs.microsoft.com/en-us/azure/api-management/api-management-cross-domain-policies#CORS

    Ionic webview plugin serves application from ionic:// or custom scheme. None of http, https or file is valid in ionic webview.
    https://github.com/ionic-team/cordova-plugin-ionic-webview

    Please add support for inoic scheme. Thank you.

    143 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Disable option for default developer portal...

    If developer portal can be self-hosted that it can be and this is a really good experience, so default developer portals should be set as disabled.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  7. Distributed Tracing - W3C Trace Context Policy

    Add a policy that implements the W3C Trace Context specification. This means that if a request that arrives at APIM without a w3c trace context, APIM will create it and send it to the backend. If a request arrives with a w3c trace context already created, APIM will append its information to the context.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow developer to only see API they are working on and hide all other API from other developers in API management Service in admin portal

    When a several developer are assigned to APIM service resource group working on different API which can be grouped in to product, only the API that they are working on should be visible to them and not other developer's API in the same instance. Is there a way to hide the other developer's API ?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add policy to prevent brute force attacks in the API Management Consumption Tier

    Currently in Consumption Tier, there is no way to prevent abuse of unauthenticated endpoints. This allows attackers to be able to keep hitting these endpoints with random inputs until they succeed.

    Examples of such endpoints could be account activation, registration, password reset where an attacker can keep calling these endpoints with random values, since there is no throttling or check of any kind per API method to limit calls from the same IP in a given time frame.

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Backup support for Consumption tier

    Please, enable Backup support for Consumption tier. Here is the current situation when trying to backup our consumption instance:

    Backup-AzApiManagement: Operation returned an invalid status code 'BadRequest'
    Activity log:
    Operation name: Backup API Management Service
    Error code: NotSupported
    Message: Operation Microsoft.ApiManagement/service/backup/action on Consumption SKU is not supported.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  11. 5 Rules For API Management

    These five rules are by no means the final say on API management, but they do provide context for the overall market:
    1. Design. Make the APIs accessible to different classes of developers and partners. ...
    2. Documentation. To make APIs accessible, offer documentation and communication tools to make it easy to create and manage the applications built on the API itself. ...
    3. Analytics. ...
    4. Universal Access. ...
    5. Uptime.

    What do you think? What are some other principles to follow when managing APIs?

    https://www.justcerts.com/

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  12. Html design, ability to allow for custom html templates. eg header and footer html, widgets just don't seem to provide the detail we need.

    Current if we build a widget for a header on the page that needs to match our brand, it struggles to go full screen. Would be handy to have skeleton pages without current design. allow for fully custom design.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add Secure Azure AD Application Proxy Support to API Management

    Steps to reproduce

    Expose an on-premise REST API to Azure through Azure AD App Proxy and ensure security is activated for the API endpoint.

    Define/front the API in the API management instance with a validate-jwt policy attached to authenticate callers.

    Result:
    Despite successful authenticating against Azure AD and getting a token, the calls to the API through the developer portal or the azure API test console fail by returning an HTML page which asks the user to sign in again and that js is disabled.

    Looking at fiddler traces shows that the call is indeed being redirected to the App…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. In the Developer Portal, the API List page should not repeat the API for every product

    On the API page, it seems that the new developer portal repeats each API for each product the API is associated with. In my case I have the same API available in three different products. The legacy developer portal only showed one API, whereas the new developer portal repeats the API three times. I believe this is a bug.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  15. Stop APIM from falling out of Internal VNET when making minor changes

    Currently when applying new tags to an API Management Instance or updating a proxy hostname certificate when in Internal mode the APIM instance comes out of the internal VNET.
    Ideally any minor change to an APIM instance that is in Internal mode should stay in Internal mode after the configuration has been applied.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  16. Generate a preview of the notification template.

    Add support to generate a preview of the notification template.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  17. Want API subscriber email request to show what environment they are wanting to subscribe to.

    Prior to April 1, 2020 the potential API subscriber email included the environment of the API service that they are wanting to subscribe to. This is no longer being shown in the emails and we would like this feature back please. Please view attached emails to see what has changed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Want API subscriber email request to show what environment they are wanting to subscribe to.

    Prior to April 1, 2020 the potential API subscriber email included the environment of the API service that they are wanting to subscribe to. This is no longer being shown in the emails and we would like this feature back please. Please view attached emails to see what has changed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow conditional cors policy in the <inbound> policy section rather than restricting it to use only once in the <inbound> section.

    Allow conditional cors policy in the <inbound> policy section rather than restricting it to use only once in the <inbound> section. The desire state is in the attachment.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  20. [Developer portal] bring back Issues feature

    Would be nice to reintroduce the 'Issues' feature from the legacy portal into the new developer portal.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base