API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Configure notifications programmatically

    We are populating and configuring our APIs using the REST API ( https://msdn.microsoft.com/en-us/library/azure/dn776326.aspx ), but there are a few settings that cannot be done programmatically and must be done by clicking into the portal.

    One of these settings is for the email notifications that are sent upon subscription requests, new subscriptions, etc. ( https://azure.microsoft.com/en-us/documentation/articles/api-management-howto-configure-notifications/#publisher-notifications ). We would like to be able to configure these programmatically, either via the REST API or some other way.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support for token bucket - enable burst quota

    The current quota/call rate limit is +1 per call. In practice this means we create SKUs based on the maximum expected spike rather than average usage. By supporting a token bucket model (https://en.wikipedia.org/wiki/Token_bucket) we could define a SKU more aligned with our actual usage.

    For example: on average we have 50 calls per second, but need to be able to spike to 250 calls per second.

    Today we'd create a 250 calls per second throttle policy for this key/product which is not optimal.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  3. Swagger/WADL custom schema extensions for definition downloads

    We would like Swagger and WDL definitions downloaded from our Dev Portal to include a copyright notice. We could put text in the operation definition, but we'd rather have something formally in the swagger definition, preferably that was always present without relying on colleagues to place text in a form they fill out when adding new operations.

    For the Swagger, I could use the Info Object: http://swagger.io/specification/#infoObject

    and then have an x- extension always show up for each existing and future operation.

    For WADL, a custom namespace for extension.

    Most importantly, we need a way to inject something custom into…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  4. Create apim vendor extension for swagger to import rewriteURL.

    If APIM could import a swagger with an x-msapim-rewriteurl extension key on the operation, I could then provide something like and OData endpoint for GET /MyResource({Id}) as GET /MyResource/{Id}

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow Specifying Scope for Properties

    It's great that there's properties that can then be referenced within policies without hard coding them in. It should provide added flexibility when the properties are maintained in one place. However, as it currently stands, all of the properties are global which makes them inherently hard-coded anyway.

    Being able to specify the scope of a property in the publisher portal should provide even more flexibility.


    Global Scoped Properties: As the properties currently are. I can as an admin go into the publisher portal and specify a global property value.

    User Scoped Properties: A user could set the value in their…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add "Remember Me" feature to OAuth Resource Owner Password grant type in the Developer Portal

    Add a "remember me" checkbox to the OAuth Resource Owner Password grant type so that it reuses the access token for other "Try It" attempts for any other API operations instead of requiring the username/password for every operation.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  7. throttling alert for api/product

    We are looking for possiblities to trigger an alert when throttling policy gets affective to the client for an api or product.

    currently there is out of the box alert based on the quota!

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  8. Ignore scheme differences in <redirect-content-urls />

    By default APIM matches on the scheme when using this policy. It would be nice to have an optional flag on this policy to ignore the scheme when redirecting backend URLs to the proxy.

    Via the backend, we may build a URL as "http://mybackend...&quot; - when this is surfaced via the api we'd want it redirected to the APIM proxy as "https://api.mycompany...". Currently, APIM won't fixup this response because the scheme on the link emitted from the backend doesn't match the scheme on the backend API base URL.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  9. Documentation Per Group/Product/Policy

    Provide a way to specify the API documentation if a specific product is being used or based on the policy that applies to the API.

    If behavior changes based on a product, policy, or group this would let users affected by those changes to see the documentation associated to them instead of saying if you are XYZ then this will be required/returned.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add support for dynamic quota

    to aggregating quota limit from different product SKUs.

    for example, if user plans to budget 150,000 calls per month he can buy SKU1 with 100,000 and SKU2 with 50,000 calls and the aggregate is calculated for this subscriber and enforced by APIM. this way we just create a few SKUs and allow users to mix and match based on their requirements.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →

    Under current model SKU1 and SKU2 would be 2 different products with two separate subscriptions and keys. So this is not a trivial change but we understand the scenario and will keep it in mind.

  11. Open up more of the Orchard CMS features

    Not being able to create a custom pages for the "generated" ones; e.g. apis, products and applications, is extremely limiting.

    Having more Orchard CMS features available might solve a lot of the customization issues we have.

    Unfortunately, it is so limiting that we are seriously considering a different solution for publishing our APIs. It is a shame that the lack of CMS features for customizing the look and feel can be the deal breaker.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback. We are working on a feature that will allow customers to customize generated pages. It should be out soon. We will announce it on http://aka.ms/apimdocs page. If you get a chance to review it please let us know if it fulfills your needs.

  12. Enhance Json Serialization support in Policy Expressions for Legacy Backend APIs

    Provide access to JsonConverter types, e.g. JavaScriptDateTimeConverter so that a JObject can be formatted as needed for a legacy system.

    Currently, if a Json object needs to be translated to a different format for a DateTime property it is not easily possible to convert the APIM body JObject to what the backend service expected for Json serialization.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  13. Enable entry of multiple examples for a given operation

    The portal only permits one example of a 200 OK response. I worked around this limitation by creating a larger JSON object consisting of an array of examples one property of which is the actual response.

    E.g.,

    [

    {
    
    &quot;Example&quot;: 1,
    &quot;Description&quot;: &quot;No filters are applied. Consequently, there are more than 25 results&quot;,
    &quot;RequestUrl&quot;: &quot;<a rel="nofollow noreferrer" href="https://apis.conmetwheelends.com/aftermarket/v2/details/summary/~/~&quot;">https://apis.conmetwheelends.com/aftermarket/v2/details/summary/~/~&quot;</a>,
    &quot;Response&quot;: {
    &quot;Status&quot;: &quot;TOO_MANY_RESULTS&quot;,
    &quot;Message&quot;: &quot;Indicates that the request was successful (it was a valid). However, the response returned too many results. This may occur if the request is under-constrained based on current data. Please apply additional filters to further constrain the
    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  14. Search for Operation in API not available in Azure API Management developer portal

    Search for Operation in API not available in Azure API Management developer portal

    Search for Operation in API not available in Azure API Management developer portal

    Where as with Administrator portal same search feature available for operation search

    The problem is when we provide link to customers, they are not able to search based on some specific word. They need to scroll till they find the specific operation.

    This is not user friendly.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  15. Communicate unavailability of backend services

    Hi all,

    It will be great that Azure will manage the unavailability in backend services. It es, Health Management.

    When my backend service is unavailble (for some reason) It will be great Azure communicates it in some way, with the administrator, for example?

    I will be a good idea to send SNMP traps when any backend service is unavailable, for instance.

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  16. Improve the policy viewer

    APIM supports full screen editing of policies, which is nice, but the policy viewer modal (visible when clicking "View effective policy for the selected scope") could be improved with full screen support.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  17. Can we have anything built into APIM to ping backend or Alert when there are sporadic errors connecting to backend?

    Can we have anything built into APIM to ping backend or Alert when there are sporadic errors connecting to backend?

    This way i will either know when the backend is not reachable or when there are other issues connecting to the backend..

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Keep serving expired cached content if web service is unavailable

    If caching is enabled and the underlying web service is unavailable, the API service should keep serving expired content. This allows the underlying web service to be temporarily unavailable without the API breaking.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  19. Handle Signing requests

    Add a feature to manage customer keys, customer secret and signing validation of the requests.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. Store OAuth Token in SQL Server ( or somewhere else )

    There should be storage of oAuth token attched with API portal. It can have with Email address / Subscription Key of requester as ID.

    abc@abc.com / Subscription key as "Key" and OAuth Token as "Value".
    Now if someone requests backend call with specific ID / Email it attach oAuth token in header.

    This is very classic problem for any OAuth based backend services. That we need to handle is separately in other database.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Miao Jiang responded

    Thanks for the feedback. I’d like to hear more regarding how do you think the feature will work? How/Who should be responsible of getting the token and storing the key/value pair? How to handle token refresh etc. Thanks!

  • Don't see your idea?

Feedback and Knowledge Base