Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support API definition updates as part of Visual Studio builds

    For applications developed in Visual Studio and leveraging Swashbuckle, can we get the ability to update the API definitions in APIm on each build and deploy (CI) rather than having to hand-update APIm each time.

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Lifecycle  ·  Flag idea as inappropriate…  ·  Admin →
  2. Provide UI to manage Loggers

    It would be useful to have UI for managing of loggers

    9 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  3. Define Policy with Product and API and Operation scope

    Currently it is only not possible to define policies for a specific product and API and operation so that the policy is in effect when the 3 (product/API/operation) are in play. This is a common use case.

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  4. Integration with Azure Monitor

    Microsoft recently released Azure Monitor service as a centralized service for monitoring Azure resources and creating alerts based on metrics.

    Currently, I could not find API Management in the list of supported resources. It will be good to have API management supported in Azure Monitor Service.

    12 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  5. Ability to manage Subscription Keys for a Group of users

    Allow the assignment of a subscription key that applies to a group of users. The idea is to create one shared subscription key that is tied to the group so as members of the group swap in/out they can use that key.

    Think of a large company of developers, rather than creating a shared login the group of developers could be put into the group and then have access to that applications subscription keys.

    The idea is really to treat the key as an entity that isn't a person but needs to be managed by several people, like give this…

    74 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  6. Issue and retrieve secrets for signing and validating JWT tokens

    The Mashape Kong product issues secrets for signing JWT keys. Could this be added so API Management could then validate the token without another roundtrip request to a JWT validation service?

    Even if we could store these in cache (by exposing cache via REST) or by adding it as a property that could be reference by the policy would be a good first step. The problem with the latter approach is that I think the {{propertyName}} has to be a string literal and cannot be composed from a variable like {{context.Subscription.Id+"naming-convention"}|}.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Expose a way to modify the APIM idle timeout or tcp keep alive settings

    I have several legacy, long-running, synchronous API operations (10+ mins) that never get a response when I route them through APIM. This is because APIM does not maintain that TCP connection long enough for the backend server to compile the response.

    A quick response is to make them asynchronous, which I would have done from the beginning had I designed and developed this product, but as I said this is a legacy application with many existing clients and to change the architecture of this now is not really feasible.

    I have worked with Todd Foust from Micorsoft support to determine…

    25 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  3 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  8. CORS headers

    When CORS policy is configured all responses should return CORS headers. Currently if a 4xx response is returned, headers are not returned.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  9. Rename subscription key header details (description, value)

    I’ve already modified the header name to ‘api-key’. Now trying to figure out if I can customize APIM template data values for header description and value.

    The challenge is that the existing values still refer to the subscription key as 'subscription key' so the documentation and code samples based on the template data (see attached) become confusing once the subscription key is renamed.

    12 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  10. OAuth/OpenId Security Per Group

    Add the ability to selectively choose which groups can use which OAuth/OpenId server on the developer portal.

    Our use case is mainly around Client Credentials flows where one team (group) of users can use a certain client id and another team (group) can use a different client id.

    Once we can assign multiple OAuth/OpenId servers to an API, we then would be able to have one registered server for each group so they could test the functionality as if the system they are developing was accessing the API.

    Alternatively, the other option would be to allow explicit client id in…

    12 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add support for Reserved IPs

    At present API Management instance VIPs are static for the lifetime of that service instance with some exceptions, for example adding or removing a VNET (see http://aka.ms/apimfaq). Reserved IPs on the other hand are absolutely immutable and transcend service instance lifetime. They have an extra benefit of being used when accessing other Azure resources, e.g. storage, within the same region. See https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-reserved-public-ip/ for more information on Reserved IPs.

    20 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  12. OAuth 2.0 implementation support/Securing APIs using OAuth

    A major bonus when using an API management system should be that it helps you secure your backend APIs using standard techniques. Other API management systems (such as Kong, see https://getkong.org/plugins/oauth2-authentication/) have support for this, where the APIm acts as a Bearer token store and validates the tokens for you.

    Obviously, this will only work for the Client Credentials and possibly also Resource Owner Password Flows, as the others require additional UI, but still this would be a very nice add-on, which enables you to leverage OAuth for backends which are actually OAuth-agnostic.

    Azure APIm would then also need…

    117 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  5 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. API change log with notifications

    Automatically provide a change log per API & operation when changes are made to the API (including full replacement via Swagger). Also have the ability to send developers with subscriptions to products linked to an API an e-mail with change notifications on time-scale they choose (daily, weekly) or when pushed by admin.

    33 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  14. Provide built in policies to authenticate Azure Rest APIs.

    It is very complicate to make use of any Azure REST APIs since the authentication headers are complex to create.

    Useful cases would be :

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow specifying Google Tag Manager container id in Settings

    Currently in the publisher portal you can specify universal analytics id under Settings > Analytics.

    However it is more important to allow specifying Google Tag Manager container id as that will not only allow the inclusion of Google Analytics but also a plethora of other tools. Including A/B-testing, chat, support etc. scripts to the API management pages.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Developers to assign individual keys to their applications

    Right now keys are issued to developers as per product subscriptions. There is no way to identify which applications are using a particular API. It can only show developer usage statistics. Some developers might lose track of their own applications especially if they are internal developers so a mechanism to identify the application using an API based on a key would be great.

    14 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  17. Policy based on tags

    Allow applying tags to operations / apis / products and then applying policies to tags.

    The publisher would then be able to create a group of operations and apply a policy to all of them instead of having to group them in different products or apply the same policy to multiple operations. Tag policies should apply either before or after the product / api / operation level.

    Example use case would be an API that has several operations that some can be cached and some that cannot. The tag could be applied to the operations that could be cached and…

    64 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow tagging/categorization of APIs, operations, policies

    Either a single hierarchical category field or use flat tags where multiple can be applied to the same resource.

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  3 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add ARM support for deployment of the operations, etc.

    Support to deploy all the configuration via ARM what now possible is via GIT.

    15 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow binary request body

    Would be great if one can send binary files through the console.

    7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base