Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Provide a configurable timeout for password reset link in API Management

    Currently, when resetting a users password in the Azure API Management portal, the email link expires after ~30 mins.

    Ideally, the timeout value should be configurable as we have processes that require a longer period. Customer in other countries are often not immediately available to follow the link.

    Provide a configurable timeout for password reset link in API Management.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow user to manage API when primary location is down

    When a new API Management Service is created, we need to choose an Azure location (say, Australia Southeast).

    Afterwards, we can scale the API Management Services to a second Azure location (say, Australia East).

    When Australia Southeast region has an outage, API can still be accessed via Australia East region. However, we cannot "manage" (e.g. add a new API or update API backend URL) the API Management Service during the "primary location" (Australia Southeast in the example) outage.

    It will be great if user can still manage the API Management Service when the "primary location" is down.

    13 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  3. Developer Portal displays IIS Yellow Page

    https://****.portal.azure-api.net/

    A security team observes that the developer portal application reveals the server information in terms of IIS error page (Yellow Page).

    System should have ability to configure "Default IIS error page".

    Try accesing any developer portal URL by expanding "/C:/test" to actual URL.

    51 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. API managment test UI gives a misleading error message when invoking long-running backend api calls that takes more than 1 min.

    API managment testing UI throws "Could not complete your request. Please try again" while testing with Post man returns OK.

    Two options:
    1. Make it clear why it stops and what alternatives developers have in the error message. For example, it may says that you may try to run Postman to run your long-running api call.


    1. Provide the option in testing UI to override the default and allows the developer to run long-running api calls.

    Attached is the screenshot I captured.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  5. Request param in Failure logs in application insight

    In Application Insights, we can see logging for failured requests in APIM. We want to see the request parameters in each failed request.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. The duration measure in Diagnostics logs

    We configured API management to send diagnostic log info to App Insights. We found that sometimes the duration reported by APIM are very high (4 minutes) although there is a cache hit and the duration to the backend service is 0.

    We asked Microsoft support about this and they said that it's probably due to the client connectivity or network issue with the client.

    We would like if the duration measure does not include the client time and only the time that the APIM takes to serve the request so we can see how our API is performing.

    Please see…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  7. Fix logging to log analytics and App Insights so it's easier to troubleshoot failed policies

    Currently a http call defined in a policy with a timeout doesn't really give useful log output. App Insights just say failed on timeout - but url is backend url and not url called from inside policy.
    Log Analytics just logs 200 OK requests but marks them as failed, this is partically also because there is no easy way of logging from inside a policy to raise errors and details

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Url Helper Policy Expressions for Route Building

    As a developer I want to include hypermedia links to other operations in the same and other API sets so that I have easy navigation for clients between APIs.

    Today, these link url paths must be hard coded based on what is know. To provide flexibility while developing APIs and to ensure routes are actually valid, provide a url helper method to generate these routes.

    Example:

    context.RouteFor("API-ID", "Version", "Operation-ID", new {param1=1,param2="hello"})

    Today:

    <set-body>{
    return JObject.FromObject(new {

    _links = new[] {
    
    new { href = $&quot;/api/operation?query={context.Request.MatchedParameters.GetValueOrDefault(&quot;query&quot;, string.Empty)&amp;api-version=2018-10-31&quot;, rel = &quot;other-api&quot;, type = &quot;GET&quot; }
    }

    }
    }</set-body>

    With a helper:

    <set-body>{ …

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support System.Net.WebUtility in policies

    I have APIs that are returning json with properties that have html-encoded values, returning html encoded string in json isn't needed as the original service was based on xml and didn't use the CDATA tag. To be able to properly compose this API usage of an HtmlDecode function is needed which is readily available in System.Net.WebUtility

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  11. Same logic apps name but in different resource group problem

    When setting up backend resource to logic apps, when we have two logic apps with same name but in different resource group and if we choose the second logic app, it links to first one. This is very annoying because the logic app is always getting selected from top in the list.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  12. Regenerating user keys needs a confirmation

    Regenerating a key is the option right next to show/hide keys. It is extremely easy to click the wrong button because the page shifts, and there is no confirmation before the key is regenerating. This could bring down entire sites.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Mock SOAP response

    Hello,

    there is a pity that APIM does not allow to easy mock SOAP based APIs. I mean that I will not use 'manually' policy set-body and edition via policy editor but use only GUI and eg. click on button/link and APIM generate set-body alone.

    It will help me a lot (a large set of modules and right now think about migration behind api gateway) ... and I think it is very usefull for all universe soap-based guys :).

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  14. API Portal to properly process HTTP response content

    The API Web Portal should try to process the HTTP response accordingly to the declared MIME type, it might it be as an uui encoded attachment or embedded in the body.

    In case of doubt it shall NOT process the response at all.
    In our APIs the XML response has weird CR/LF scattered around added by the Portal itself.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  15. Custom Headers Missing In Azure Portal Operation Test

    Recently, about a month ago, I was working on some policies for some of my API Operations and noticed when I went to test them in the Azure portal that my custom headers and defaults were missing. It seems there has been a change made that requires you to manually add the headers and select the default value in order to test the API >Operation. I have over 45 APIs with 100s of operations. I have headers defined with default values so that I can quickly open the API Operation and test the operation without having to set it up.…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow creating network traces for API Management instances

    It should be possible to create a packet capture containing all traffic to/from API Management

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow to use Subscription key OR other authentication method on API

    Currently if you chose to use subscription key as authentication method even if you add Oauth it will always require the subscription key. We have scenarios where we need to be able to use either one of these, need to allow OR option in policy definition currently it is always AND.

    Also since all subscription keys are user bound and not "application bound" long term use in an production system this may be problematic.

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. Open Id Connect - add required scopes in Developer Portal

    Currently it is not possible to add required scopes (or any additional URL or body parameters) to authorize requests.
    I think it is possible for OAuth0 integration.
    It might be worthwhile to add such possibility.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  19. Use valid xml to configure policies.

    In your examples one can find lines like this one:

    &lt;set-variable name=&quot;isMobile&quot; value=&quot;@(context.Request.Headers[&quot;User-Agent&quot;].Contains(&quot;iPad&quot;) || context.Request.Headers[&quot;User-Agent&quot;].Contains(&quot;iPhone&quot;))&quot; /&gt;

    If you try to validate this xml, you will find out that those double quotes inside of the value attribute are not allowed.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  20. Caching OPTIONS response should be for url rather than dependent on parameters/headers.

    we need facility in policies for caching response of OPTIONS method type. So that browser does not send OPTIONS calls. Also caching should be done on url only and not different sessionid/reuqest headers/parameters.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base