API Management
Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.
-
Url Helper Policy Expressions for Route Building
As a developer I want to include hypermedia links to other operations in the same and other API sets so that I have easy navigation for clients between APIs.
Today, these link url paths must be hard coded based on what is know. To provide flexibility while developing APIs and to ensure routes are actually valid, provide a url helper method to generate these routes.
Example:
context.RouteFor("API-ID", "Version", "Operation-ID", new {param1=1,param2="hello"})
Today:
<set-body>{
return JObject.FromObject(new {_links = new[] {
new { href = $"/api/operation?query={context.Request.MatchedParameters.GetValueOrDefault("query", string.Empty)&api-version=2018-10-31", rel = "other-api", type = "GET" }
}}
}</set-body>With a helper:
<set-body>{ …
1 vote -
1 vote
-
Support System.Net.WebUtility in policies
I have APIs that are returning json with properties that have html-encoded values, returning html encoded string in json isn't needed as the original service was based on xml and didn't use the CDATA tag. To be able to properly compose this API usage of an HtmlDecode function is needed which is readily available in System.Net.WebUtility
1 vote -
Same logic apps name but in different resource group problem
When setting up backend resource to logic apps, when we have two logic apps with same name but in different resource group and if we choose the second logic app, it links to first one. This is very annoying because the logic app is always getting selected from top in the list.
1 vote -
Regenerating user keys needs a confirmation
Regenerating a key is the option right next to show/hide keys. It is extremely easy to click the wrong button because the page shifts, and there is no confirmation before the key is regenerating. This could bring down entire sites.
1 vote -
Mock SOAP response
Hello,
there is a pity that APIM does not allow to easy mock SOAP based APIs. I mean that I will not use 'manually' policy set-body and edition via policy editor but use only GUI and eg. click on button/link and APIM generate set-body alone.
It will help me a lot (a large set of modules and right now think about migration behind api gateway) ... and I think it is very usefull for all universe soap-based guys :).
3 votes -
API Portal to properly process HTTP response content
The API Web Portal should try to process the HTTP response accordingly to the declared MIME type, it might it be as an uui encoded attachment or embedded in the body.
In case of doubt it shall NOT process the response at all.
In our APIs the XML response has weird CR/LF scattered around added by the Portal itself.3 votes -
Custom Headers Missing In Azure Portal Operation Test
Recently, about a month ago, I was working on some policies for some of my API Operations and noticed when I went to test them in the Azure portal that my custom headers and defaults were missing. It seems there has been a change made that requires you to manually add the headers and select the default value in order to test the API >Operation. I have over 45 APIs with 100s of operations. I have headers defined with default values so that I can quickly open the API Operation and test the operation without having to set it up.…
1 vote -
Allow creating network traces for API Management instances
It should be possible to create a packet capture containing all traffic to/from API Management
3 votesThanks for the feedback. Could you please provide more details on the scenario?
-
Allow to use Subscription key OR other authentication method on API
Currently if you chose to use subscription key as authentication method even if you add Oauth it will always require the subscription key. We have scenarios where we need to be able to use either one of these, need to allow OR option in policy definition currently it is always AND.
Also since all subscription keys are user bound and not "application bound" long term use in an production system this may be problematic.
6 votes -
Open Id Connect - add required scopes in Developer Portal
Currently it is not possible to add required scopes (or any additional URL or body parameters) to authorize requests.
I think it is possible for OAuth0 integration.
It might be worthwhile to add such possibility.1 voteThanks for the feedback. Could you please provide more details on the scenario?
-
Use valid xml to configure policies.
In your examples one can find lines like this one:
<set-variable name="isMobile" value="@(context.Request.Headers["User-Agent"].Contains("iPad") || context.Request.Headers["User-Agent"].Contains("iPhone"))" />If you try to validate this xml, you will find out that those double quotes inside of the value attribute are not allowed.
1 vote -
Caching OPTIONS response should be for url rather than dependent on parameters/headers.
we need facility in policies for caching response of OPTIONS method type. So that browser does not send OPTIONS calls. Also caching should be done on url only and not different sessionid/reuqest headers/parameters.
1 vote -
Confirm User Actions before making Routing Unavailable
An admin user accidentally clicked on a button in our primary prod API Mangement Service
API Mangement Service -> Virtual Network -> Apply network configurationThe user mistakenly pressed/released the mouse button while hovering over the WebUI/Component. The 'API Mangement Service' then stopped routing all traffic for just over 3 minutes of time (Effectively preventing traffic from being routed to/from clients). I confirmed this issue in a non-prod environment later.
Is it possible to have dialog introduced that will confirm user action when this button is pressed? I think it is an accident prone UI feature. To allow this one…
14 votes -
Out-of-the-box support for triggering Azure Data Factory pipelines
Out-of-the-box support for triggering Azure Data Factory pipelines that works similar to the current Azure Functions & Logic Apps experience.
This would allow you to expose internal data processes without having to use the Azure Management REST API which enforces AD which is not required in every scenario.
6 votes -
Pre-populate Azure AD accounts to users with ARM template should act the same as the manual process
I am pre-populating the users with Azure AD accounts with the following ARM template snippet using a VSTS CI-CD pipeline.
{
"apiVersion": "2018-06-01-preview",
"type": "Microsoft.ApiManagement/service/users",
"name": "[concat(parameters('serviceName'), '/', 'apim-dev')]",
"properties": {
"state": "active",
"note": "Application account for the SIAM application",
"email": "<a rel="nofollow noreferrer" href="mailto:apim-dev@contoso.onmicrosoft.com">apim-dev@contoso.onmicrosoft.com</a>",
"firstName": "Dev",
"lastName": "User",
"identities": [
{
"provider": "Aad",
"id": "12ca3158-2a1b-4a00-87dc-454ebaa5d238"
}
]
}}
When I run this template the user is added with authentication type Azure AD and Basic. I only want Azure AD as authentication type which should be the same behavior as if the user is sigin-in for the first time…
1 vote -
Policies in YAML
YAML is fairly popular and easier to produce than XML, having support for YAML in policies would lower the policy sizes by reducing amount of text required to define a policy. It would also align with OpenAPI v3 specs in YAML.
7 votes -
Sorting API by "API URL Suffix"
Hi,
It will be really interesting to a kind of a tree view that shows us all the api url suffix and the api in it
e.g:/
/clients/>API Name
>> List of operations/employees/
>API Name
>> List of operationsRegards
4 votesHi, can you please provide more details on your scenario?
-
Import Private API's
You cannot currently import API's from a private URL on a virtual network.
It appears to be a requirement that to import an API it must be on a public URL
7 votes -
Can you add System.Security.Cryptography.X509Certificates into whitelist. So it can be used to verify certificates.
System.Security.Cryptography.X509Certificates is required to verify if a certificate is revoked or not and also validate the certificate chain.
1 voteHi Mohamed! You can validate a client certificate using context.Request.Certificate.Verify() which will check both its validity a revocation list. Does this address your scenario?
- Don't see your idea?