API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. GatewayUrl in Azure Portal UI and REST Api differ

    We have decided to go all in when it comes to ARM Templating, and our goal is to depend on as few parameters as possible and instead retrieve as may information from the system settings as possible.

    While creating ARM Templates for Api Management I discovered that what i did see on my Azure Portal in Api Management Service in the Gateway Url property was not the value to be found when retrieving it using my ARM Template. Trying to figure out what happens i did a REST Api lookup and to my big surprise GatewayUrl via REST Api and…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  2. Use DDoS Protection Standard with VNET integrated API Management gateway

    We would like to use DDoS Protection Standard for our VNET integrated API Management Service. A possible solution could be to have self-signed public ip's for the public endpoint.

    P.S. We cannot put a Application Gateway v2 in front of API gateway because of the requirement of Client Certificate Authentication.

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. New Portal - Ability to expand 'object' and 'object[]' to see nested fields

    With the currently developer portal when you're viewing an API endpoint, you are only seeing the parent fields, so if something is nested or an array, you're only seeing the top level. See the attached screenshot.
    We would like to be able to expand the object or array to see the fields contained within as well.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support for HTTP/2 for APIM connecting to backend services

    HTTP/2 is supported for APIM client side facing communications, it will be great to support HTTP/2 also for backend side facing communications so that the entire request chain can be HTTP/2 enabled.

    63 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  5. ci/cd integration with Azure DevOps

    API management really needs some better integration with Azure DevOps and Github and support for CI/CD pipelines. Right now the only source control built into the platform is via a private git repo that is built into the API mgmt instance. This works for small scale development. For something larger scale like within enterprises this becomes difficult as development teams may not have access to the azure portal or there are multiple teams working on different APIs. I have seen some demonstrations about alternatively managing via ARM templates via a custom set of tools, but it should really be something…

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Lifecycle  ·  Flag idea as inappropriate…  ·  Admin →
  6. API Management Analytics blade sorting ability


    1. Allow the Analytics Blade to be able to sort a column. The grid currently cannot be sorted by clicking on a column.

    2. Add a search box to search through the data in the grid.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  7. Display the given name of styles during editing

    Example Header names: Heading 1 renamed to FooBar.
    When creating a new Text widget with a Heading the Style is still displayed as Heading 1 instead of FooBar. For working in a team it is necessary to use the internal style guides for a clear design. It would facilitate communicating in a group if those were the Names of the Style.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  8. Copy/Clone whole pages

    Create a feature to copy whole pages to easily recreate content and edit only small Parts.
    Currently only available by adding each section to the library (if it's working) or create an own template.
    But adding a feature e.g. to add a whole page to the library, would facilitate the process of recreating pages.
    The current possibility of creating a template or adding everything to the library is for some use cases (e.g. Wiki/Documentation pages) not flexible enough.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  9. cors

    Currently if default CORS policy is used in , outbound policy is not executed. This doesn't allow to attach HSTS headers to the response from OPTIONS method call. That forces us to implement custom CORS policy in order to comply with our security requirement. Would be nice to have the design changed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  10. API Details page does not display correctly when importing OpenAPI operations with long "summary" values

    If you import an OpenAPI file, the first 300 characters of an API operation's "summary" value (if one exists) gets mapped into the Display Name of an API operation in APIM.

    Typically the summary is a long value. The API Details page for the API displays incorrectly as a result. The Display Name does not wrap and a scroll bar appears on screen.

    In addition, the Display Name is displayed three times on the API Details page: on the left hand menu that contains the operations, the operation title and the operation description.

    My suggestion is to map the "summary"…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  11. User administration through event

    Today there is no good way to get a signal that a User has signed up on the Developer Portal. It would be good to be able to set an alert on this type of event to be able to react and assign the new user to othe right groups as soon as possible.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  12. [New Developer Portal] : Content Repository

    As the content on the developer portal is actively added and updated it would be great to have repository of content .

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  13. [New Developer Portal] : Widget to add HTML tables and list

    Our documentation contains lot of tables and list and since the new developer portal doesn’t have this functionality it block us from content migration.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  14. Support deep links to DevPortal pages even if redirect to signin page is activated

    We plan to provide more information in the DevPortal such as articles in wiki style. It shall be possible to share knowledge effectively with colleagues by sending a deep link to a dedicated page (article) or API details page that are relevant in a dedicated context.
    The deep link should work even when the redirect setting to the sign-in page has been activated!

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  15. Publish and group APIs according to resource path.

    To better understand the relation of the resources, it would be nice to be able to publish the APIs according to resource path rather then operation.

    Could also be nice to be able to group them according to resource path in API Management as well.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  16. Remove TLS_RSA_WITH_AES_256_GCM_SHA384 from available TLS 1.2 ciphers

    Api Management is REQUIRING a WEAK CIPHER be enabled: TLSRSAWITHAES256GCMSHA384

    The documentation to remove ciphers excludes TLSRSAWITHAES256GCMSHA384 with no mention as to WHY: https://docs.microsoft.com/en-us/rest/api/apimanagement/2019-01-01/apimanagementservice/update#request-body

    Further, running command specifying this cipher as False is having no change on the API management gateway:

    Name: TLSRSAWITHAES256GCMSHA384
    Value: False

    SSLLABS is identifying cipher suites using TLS_RSA as weak: https://discussions.qualys.com/thread/17971-tlsrsawithaes256cbcsha-comes-to-be-weak-cipher

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. Full-text search that covers all web pages of the DevPortal

    To enable all users/visitors of the DevPortal to search for key terms, the DevPortal shall
    - provide a google-like full-text search function that searches in all pages of the DevPortal including the meta data for each page
    - For each page, meta data can be entered (e.g. synonyms) to improve the search results
    - provide a web widget with a customizable search field that can be easily added on pages and layouts/templates on any place.
    - offer options on how to display the search results, e.g., on the same page, in a new window, or in a new browser tab…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  18. OData URIs case insensitive

    OData URIs are managed in a case sensitive way, we have an operation with this URL /api/Companies({id}) and the only way we can invoke it is using the resource name in lowercase: /api/companies('424324')

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow customization of Password Complexity for simple sign-on on the Developer Portal

    Essentially the idea would be to allow a field in the XML for the developer portal simple sign-in or sign-on sections to allow for custom password strength requirements, instead of the current option which is just 8 characters. For instance, you could specify using at least one Capital letter and custom length such as 12 characters.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  20. Show method of operation on the developer portal Report page for consistency and readability.

    Method name is already included in the API Details page which makes it super easy to distinguish with what operation and method combination you are working with.

    I would like to see this included for the reports page since the way it is now is difficult to read (unreadable even) because you cannot distinguish a GET from a POST.

    Example:
    I have a endpoint named Enquiries.
    One with GET and one with POST.
    So I go to the reports page to see how fast the average response time is. There is no way to distinguish the two.

    See screenshot.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base