API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Making people API managers

    The method described here, which seems to be the only way, to make people API managers do not work:
    https://azure.microsoft.com/en-us/documentation/articles/api-management-faq/#how-do-i-add-a-user-to-the-administrators-group

    The developers might have tested the applications with accounts that are already admin on the subscription, and found it working.
    What needs to happen is, ideally to be able manage users, both developers and admin, in the API portal - not in Azure Portal which it doesn it work, anyways.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  2. Ability to specify notification email proxy

    We use an external API to generate, style and send all our systems' emails. To replicate those email templates in APIM requires a copy/paste in several different template fields. It would be great to specify some endpoint that we can POST/GET to send the APIM email values to a service. We can model the service endpoints to match whatever APIM sends.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add Support for Properties in the OAuth Servers

    Add support for Properties (e.g. {{TokenEndpoint}}) for the OAuth server endpoints.

    Currently, the UI and the actual server do not function when you update (via REST API) the OAuth server to have a tokenEndpoint = '{{TokenEndpoint}}' as the value. The REST API accepts the value but then the actual server cannot acquire a token.

    This is needed to support clone/merge/pull promotion of the config from one environment to another, e.g. from dev instance to prod instance.

    Currently the only option is to exclude that file during merge as they must have unique environment values.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Lifecycle  ·  Flag idea as inappropriate…  ·  Admin →
  4. Security: OCSP Stapling support

    When using OCSP stapling, the web server will send its certificate combined with a signed proof from the OCSP responder about its certificate status.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add AzureAD users

    Allow the admin to add users from AzureAD so they can be configured before the user actually logs in.

    With having to wait for the user to login, then the admin to configure them with appropriate groups within APIM (not AzureAD groups) this increases the time before the user can actually make use of APIM depending on how long it takes the user to get around to logging in and the admin to add them to the right groups.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. Automation of subscription request

    After an account is created and verified, the user has to go back to the developer page, click on products and then subscribe for the product.

    We hope that the subscription request can be automated, that when an account is generated, a subscription request is automatically generated for the account.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  7. Provide a GUI for editing subscription key parameter names

    Currently, APIM supports the ability to rename (on a per-API basis) the subscription key header/query parameter. This functionality is only available via the REST API, and we’ve made use of this feature to rename the parameter so that it more closely aligns with our company’s brand.

    While using the REST API is reasonable, it would be more convenient to surface these fields in the UI, perhaps on the API page Settings tab or even better as an instance-level setting to serve as the default for any new APIs.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow API Management to respond during backend upgrades

    Create a new management API endpoint that allows an API to be marked with the states as "being upgraded" and "in production". When an API is marked as "being upgraded" it should return a 503 status with a retry-after header instead of passing the request through.

    This would allow client applications that know how to do retries be uninterrupted by backend upgrades.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Lifecycle  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow the creation of new Templates

    As an administrator I would like to be able to create a new page template and use it in the custom page content. Also it would be extremely useful to allow the administrator to use an existing template on a custom content page.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  10. Display Name Not Unique

    I'm not sure why the operation's display name needs to be unique but if it does then it should include the operation verb in the uniqueness check.

    Having these two operations:

    POST \users
    GET \users

    Should not cause an error that the Display Name is not unique. Both of the operations should be allowed to be named "\users".

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  11. Ability to delegate security on Content pages

    We like to provide additional information to our authorized users in a more secure manner.
    Anonymous guests shouldn't be able to see any and all Content that has been created.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  12. Notify portal admins of new features

    Sometimes portal customizations (e.g. custom templates) can override new features (e.g. API definition download links). To remedy this portal it was suggested that portal admins be notified within the portal. Better yet, each time there is a new release, show an error-style line informing the user that there was a new release. Allow this line to be closed manually.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  13. Configure notifications programmatically

    We are populating and configuring our APIs using the REST API ( https://msdn.microsoft.com/en-us/library/azure/dn776326.aspx ), but there are a few settings that cannot be done programmatically and must be done by clicking into the portal.

    One of these settings is for the email notifications that are sent upon subscription requests, new subscriptions, etc. ( https://azure.microsoft.com/en-us/documentation/articles/api-management-howto-configure-notifications/#publisher-notifications ). We would like to be able to configure these programmatically, either via the REST API or some other way.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  14. Support for token bucket - enable burst quota

    The current quota/call rate limit is +1 per call. In practice this means we create SKUs based on the maximum expected spike rather than average usage. By supporting a token bucket model (https://en.wikipedia.org/wiki/Token_bucket) we could define a SKU more aligned with our actual usage.

    For example: on average we have 50 calls per second, but need to be able to spike to 250 calls per second.

    Today we'd create a 250 calls per second throttle policy for this key/product which is not optimal.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  15. Swagger/WADL custom schema extensions for definition downloads

    We would like Swagger and WDL definitions downloaded from our Dev Portal to include a copyright notice. We could put text in the operation definition, but we'd rather have something formally in the swagger definition, preferably that was always present without relying on colleagues to place text in a form they fill out when adding new operations.

    For the Swagger, I could use the Info Object: http://swagger.io/specification/#infoObject

    and then have an x- extension always show up for each existing and future operation.

    For WADL, a custom namespace for extension.

    Most importantly, we need a way to inject something custom into…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  16. Create apim vendor extension for swagger to import rewriteURL.

    If APIM could import a swagger with an x-msapim-rewriteurl extension key on the operation, I could then provide something like and OData endpoint for GET /MyResource({Id}) as GET /MyResource/{Id}

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow Specifying Scope for Properties

    It's great that there's properties that can then be referenced within policies without hard coding them in. It should provide added flexibility when the properties are maintained in one place. However, as it currently stands, all of the properties are global which makes them inherently hard-coded anyway.

    Being able to specify the scope of a property in the publisher portal should provide even more flexibility.


    Global Scoped Properties: As the properties currently are. I can as an admin go into the publisher portal and specify a global property value.

    User Scoped Properties: A user could set the value in their…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add "Remember Me" feature to OAuth Resource Owner Password grant type in the Developer Portal

    Add a "remember me" checkbox to the OAuth Resource Owner Password grant type so that it reuses the access token for other "Try It" attempts for any other API operations instead of requiring the username/password for every operation.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  19. throttling alert for api/product

    We are looking for possiblities to trigger an alert when throttling policy gets affective to the client for an api or product.

    currently there is out of the box alert based on the quota!

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  20. Ignore scheme differences in <redirect-content-urls />

    By default APIM matches on the scheme when using this policy. It would be nice to have an optional flag on this policy to ignore the scheme when redirecting backend URLs to the proxy.

    Via the backend, we may build a URL as "http://mybackend...&quot; - when this is surfaced via the api we'd want it redirected to the APIM proxy as "https://api.mycompany...". Currently, APIM won't fixup this response because the scheme on the link emitted from the backend doesn't match the scheme on the backend API base URL.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base