API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Url Helper Policy Expressions for Route Building

    As a developer I want to include hypermedia links to other operations in the same and other API sets so that I have easy navigation for clients between APIs.

    Today, these link url paths must be hard coded based on what is know. To provide flexibility while developing APIs and to ensure routes are actually valid, provide a url helper method to generate these routes.

    Example:

    context.RouteFor("API-ID", "Version", "Operation-ID", new {param1=1,param2="hello"})

    Today:

    <set-body>{
    return JObject.FromObject(new {

    _links = new[] {
    
    new { href = $&quot;/api/operation?query={context.Request.MatchedParameters.GetValueOrDefault(&quot;query&quot;, string.Empty)&amp;api-version=2018-10-31&quot;, rel = &quot;other-api&quot;, type = &quot;GET&quot; }
    }

    }
    }</set-body>

    With a helper:

    <set-body>{ …

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  2. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support System.Net.WebUtility in policies

    I have APIs that are returning json with properties that have html-encoded values, returning html encoded string in json isn't needed as the original service was based on xml and didn't use the CDATA tag. To be able to properly compose this API usage of an HtmlDecode function is needed which is readily available in System.Net.WebUtility

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  4. Same logic apps name but in different resource group problem

    When setting up backend resource to logic apps, when we have two logic apps with same name but in different resource group and if we choose the second logic app, it links to first one. This is very annoying because the logic app is always getting selected from top in the list.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  5. Regenerating user keys needs a confirmation

    Regenerating a key is the option right next to show/hide keys. It is extremely easy to click the wrong button because the page shifts, and there is no confirmation before the key is regenerating. This could bring down entire sites.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Mock SOAP response

    Hello,

    there is a pity that APIM does not allow to easy mock SOAP based APIs. I mean that I will not use 'manually' policy set-body and edition via policy editor but use only GUI and eg. click on button/link and APIM generate set-body alone.

    It will help me a lot (a large set of modules and right now think about migration behind api gateway) ... and I think it is very usefull for all universe soap-based guys :).

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  7. API Portal to properly process HTTP response content

    The API Web Portal should try to process the HTTP response accordingly to the declared MIME type, it might it be as an uui encoded attachment or embedded in the body.

    In case of doubt it shall NOT process the response at all.
    In our APIs the XML response has weird CR/LF scattered around added by the Portal itself.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  8. Custom Headers Missing In Azure Portal Operation Test

    Recently, about a month ago, I was working on some policies for some of my API Operations and noticed when I went to test them in the Azure portal that my custom headers and defaults were missing. It seems there has been a change made that requires you to manually add the headers and select the default value in order to test the API >Operation. I have over 45 APIs with 100s of operations. I have headers defined with default values so that I can quickly open the API Operation and test the operation without having to set it up.…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow creating network traces for API Management instances

    It should be possible to create a packet capture containing all traffic to/from API Management

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow to use Subscription key OR other authentication method on API

    Currently if you chose to use subscription key as authentication method even if you add Oauth it will always require the subscription key. We have scenarios where we need to be able to use either one of these, need to allow OR option in policy definition currently it is always AND.

    Also since all subscription keys are user bound and not "application bound" long term use in an production system this may be problematic.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Open Id Connect - add required scopes in Developer Portal

    Currently it is not possible to add required scopes (or any additional URL or body parameters) to authorize requests.
    I think it is possible for OAuth0 integration.
    It might be worthwhile to add such possibility.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  12. Use valid xml to configure policies.

    In your examples one can find lines like this one:

    &lt;set-variable name=&quot;isMobile&quot; value=&quot;@(context.Request.Headers[&quot;User-Agent&quot;].Contains(&quot;iPad&quot;) || context.Request.Headers[&quot;User-Agent&quot;].Contains(&quot;iPhone&quot;))&quot; /&gt;

    If you try to validate this xml, you will find out that those double quotes inside of the value attribute are not allowed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  13. Caching OPTIONS response should be for url rather than dependent on parameters/headers.

    we need facility in policies for caching response of OPTIONS method type. So that browser does not send OPTIONS calls. Also caching should be done on url only and not different sessionid/reuqest headers/parameters.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  14. Confirm User Actions before making Routing Unavailable

    An admin user accidentally clicked on a button in our primary prod API Mangement Service

    API Mangement Service -&gt; Virtual Network -&gt; Apply network configuration
    

    The user mistakenly pressed/released the mouse button while hovering over the WebUI/Component. The 'API Mangement Service' then stopped routing all traffic for just over 3 minutes of time (Effectively preventing traffic from being routed to/from clients). I confirmed this issue in a non-prod environment later.

    Is it possible to have dialog introduced that will confirm user action when this button is pressed? I think it is an accident prone UI feature. To allow this one…

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  15. Out-of-the-box support for triggering Azure Data Factory pipelines

    Out-of-the-box support for triggering Azure Data Factory pipelines that works similar to the current Azure Functions & Logic Apps experience.

    This would allow you to expose internal data processes without having to use the Azure Management REST API which enforces AD which is not required in every scenario.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  16. Pre-populate Azure AD accounts to users with ARM template should act the same as the manual process

    I am pre-populating the users with Azure AD accounts with the following ARM template snippet using a VSTS CI-CD pipeline.

    {

    &quot;apiVersion&quot;: &quot;2018-06-01-preview&quot;,
    
    &quot;type&quot;: &quot;Microsoft.ApiManagement/service/users&quot;,
    &quot;name&quot;: &quot;[concat(parameters(&#39;serviceName&#39;), &#39;/&#39;, &#39;apim-dev&#39;)]&quot;,
    &quot;properties&quot;: {
    &quot;state&quot;: &quot;active&quot;,
    &quot;note&quot;: &quot;Application account for the SIAM application&quot;,
    &quot;email&quot;: &quot;<a rel="nofollow noreferrer" href="mailto:apim-dev@contoso.onmicrosoft.com">apim-dev@contoso.onmicrosoft.com</a>&quot;,
    &quot;firstName&quot;: &quot;Dev&quot;,
    &quot;lastName&quot;: &quot;User&quot;,
    &quot;identities&quot;: [
    {
    &quot;provider&quot;: &quot;Aad&quot;,
    &quot;id&quot;: &quot;12ca3158-2a1b-4a00-87dc-454ebaa5d238&quot;
    }
    ]
    }

    }

    When I run this template the user is added with authentication type Azure AD and Basic. I only want Azure AD as authentication type which should be the same behavior as if the user is sigin-in for the first time…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. Policies in YAML

    YAML is fairly popular and easier to produce than XML, having support for YAML in policies would lower the policy sizes by reducing amount of text required to define a policy. It would also align with OpenAPI v3 specs in YAML.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sorting API by "API URL Suffix"

    Hi,
    It will be really interesting to a kind of a tree view that shows us all the api url suffix and the api in it
    e.g:

    /
    /clients/

     &gt;API Name 
    
    &gt;&gt; List of operations

    /employees/

     &gt;API Name 
    
    &gt;&gt; List of operations

    Regards

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  19. Import Private API's

    You cannot currently import API's from a private URL on a virtual network.

    It appears to be a requirement that to import an API it must be on a public URL

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  20. Can you add System.Security.Cryptography.X509Certificates into whitelist. So it can be used to verify certificates.

    System.Security.Cryptography.X509Certificates is required to verify if a certificate is revoked or not and also validate the certificate chain.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base