API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow conditional cors policy in the <inbound> policy section rather than restricting it to use only once in the <inbound> section.

    Allow conditional cors policy in the <inbound> policy section rather than restricting it to use only once in the <inbound> section. The desire state is in the attachment.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  2. [Developer portal] bring back Issues feature

    Would be nice to reintroduce the 'Issues' feature from the legacy portal into the new developer portal.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  3. Implement Availability Zone Redundancy in a Single Region

    Working with Microsoft Support and investigating to the best of our ability, it seems like a given APIM resource is not availability zone redundant in a given region, even if scaled out to 2 units. (I'm not sure if the consumption plan is different.)

    It would be good to have an availability zone redundant option to meet AZ redundancy goals in a single region, without having to scale up to Premium (which is much more expensive) and then scale out to another region.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Remove or extend "Maximum number of CA certificates per service instance"

    Currently there is a hard limit of 10 Certificate Authorities for the API Management Service. We need at least 50 Certificate Authorities / Intermediates for our customer.

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Suport dynamic policy

    for example, in CORS policy, it's better to add allowed-origins dynamically by retrieve values from a named value.

    Another example is in JWT validation. In the required claims, it will be great if I can add claims from the named values. So when there're more claims, I just need modify the named value without changing the policies.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  6. Disallow or show warning when filling in duplicate OperationId

    When adding a new operation in Azure Api Management, you can type in the "name". In the backend this is the operationId.
    However if you type in an already exisiting operationId it will overwrite that operation (and merge certain features, like tags).
    It would be nice to disallow this, or to show a warning that this will overwrite an existing operation.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  7. Developer portal - ability to preview with the content management system without publishing out.

    within the content management system for the developer portal, i want the ability to preview what the site will look like prior to publishing

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  8. Update REST API Location Field

    Update location field value to match other Azure services. APIM REST API returns format "East US" other services return "eastus".

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  9. Documentation - Fully-featured Application Gateway with API Management documentation

    The documentation at https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-integrate-internal-vnet-appgateway is hard to follow, as it demonstrates an approach using only PowerShell and lacks a detailed explaination of why configuration settings are made. It would be helpful to users if the documenation also showed screenshots of configuation using the Azure Portal. A video walkthrough would also be helpful (as there are many steps involved and a video may be easier to undertand).

    The blog post at https://medium.com/azure-architects/azure-api-management-and-application-gateway-integration-a31fde80f3db provides additional information to help clarify why and how configuration settings are made. The related GitHub sample is also clear as more descriptive variable names are used. It would…

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  10. API User Management - Enable change of API user names and email addresses

    Subscriptions for API products or single APIs are hard linked to the email address of the user. If the email address or name is changing (renaming of company a.s.o) we have to create new users with new subscriptions. For any kind of API integration it is not reasonable to our partners why they are getting new credentials and subscriptions.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  11. az commands for adding custom domain in apim

    az commands for adding custom domain in apim

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  12. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  13. 'Create from App Service' to figure out the host / backend from AppService

    When 'Create from App Service', APIM should be able to figure out the host / backend based on AppService's domain name.

    Currently, APIM requires the swagger file to include the 'host' and would fail the import if the value is not included.

    "The OpenAPI specification should contain 'host' value"

    The host value is often unavailable for programmatically generated swagger file. And, site owner would have to manually modify the generated swagger file.

    It is tedious and bad user experience. Please consider implement the feature.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  14. Update documentation of required ports

    Please update the list of outbound security policies to include the following: TCP, 443, VirtualNetwork -> AzureCloud - because it is needed for logging

    https://docs.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet#-common-network-configuration-issues

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Control backup size of API Management

    User uses backup of APIM.
    Some properties of APIM are modified many times, so backup size is increased.

    Support said "backup size is contained update operation data."
    But there is no documents which describe it.
    For example this document describe backup. But it doesn't describe "backup file contains update operation data".
    Could you add more description about backup file size?

    https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-disaster-recovery-backup-restore#calling-the-backup-and-restore-operations

    And Could you add any method to check details of backup file.
    (For example, portal or command line tool or REST API etc)

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  16. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  17. API Management Apply Virtual Network Configuration Azure FrontEnd UI Bug

    Hi,

    When updating the API Management instance virtual network configuration through REST API/Azure Portal and then applying the virtual network configuration through REST API/Azure Portal, even after the service takes 15-45 minutes to update and then again 15-45 minutes for applying VNET configuration, when navigating to the Azure Portal i can still see pending VNET configuration as the "Apply VNET Configuration" button is not disabled. Even though when checking the Activity log the service was updated successfully and apply configuration was also successfully completed.

    If possible can we add a feature to check when the last Network configuration update was…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  18. Update Resource Navigation Links in VNET Subnet to point to connected API Management instance

    Hi,

    Currently when a VNET Subnet is associated to API Management instance through virtual network configuration, a resource navigation link is created inside that Subnet and we cannot use that subnet for any other Resources.

    In case of a subnet with /29 CIDR, only one API management instance can be created and while enforcing virtual network configuration, there is no way to tell which subnet is linked to which API Management instance which becomes a blocker.

    An Example scenario:
    A subnet is associated to APIM in external configuration, when changing it to Internal Mode as part of compliance, we will…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  19. disable obsolete versions of API. How to define a strategy

    As we move forward in building API lot of obsolete functionality needs to be disabled and allow application teams to use the latest version of API. How to achieve removing old API versions and keeping only last 3 versions. Identify teams using older API and notify them of support related risk

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow hostnames without certificates for self-hosted gateways

    In a self-host gateway deployment I don't always need a publicly verifiable TLS certificate. I'd like to be able to allow additional hostnames, IP addresses, or even localhost as listening endpoints without having to specify a certificate.

    Right now this makes it quite difficult to test the self-host gateway. I've wound up adding a hosts entry to shoehorn my publish APIM DNS name to my local gateway IP so I can test connectivity over http but this is far less than ideal.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base