API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enhance transformation policies to support formats such as csv, xlsx, etc.

    It is common to be requested to export data from the API queries to a format that can be shared and easy readable by other non-tech people. So i would say it would be good to be able to enhance the transformation policies to transform from JSON to CSV or XLS/XLSX. Or at least provide an option to export results to these formats on the API Management querying experience.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add a "Subscription Required" checkbox during APIM API creation.

    Currently when creating an APIM service in Azure and adding a new API, there is no option to remove the "Subscription Required" parameter until after the API's creation. After creation this can be managed under the API's settings, however it would be very beneficial to be able to access this during creation.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    triaged  ·  0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Increase password strength for basic user accounts

    Basic user accounts can be created via;
    1. Admin portal (minimum password length=6)
    2. Self registration page (minimum password length=8).
    No other rule applies i.e. very poor password strength.

    When possible, we definitely use AAD.
    For cases where we can not use AAD the Azure PaaS Developer Support Team has recommended us to use Facebook, Google, Microsoft or Twitter accounts...

    Please, provide UI page where Admin can design password policy by choosing;
    - Minimum password length. [Default=8?].
    - English upper case letters (e.g., A, B, C, ...Z). [Checkbox True|False].
    - English lower case letters (e.g., a, b, c, ...z). [Checkbox…

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    need-feedback  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Search by keywords across all APIs in a APIM instance

    It would be great if we can search for a particular keyword across all operations in all APIs of a particular APIM instance in a subscription.
    Say, I would like to search if a particular operation is called within the other operations of the APIM instance, I should be able to search based on a keyword that lists out all the instances where this is referenced.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  5. More detailed metrics for Azure API Management service.

    Currently the 'Capacity' metric for the Azure API Management service only supports an aggregation type of of 'Average'.
    WIth the ability to calculate the capacity to a percentage, it would be very beneficial to have an alternate metric or second aggregation type for 'Maximum' for the capacity metric to show at a glance what remaining availability is.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add support for custom user attributes

    It would be nice to add support for extending the user attributes beyond the basics in place now of name, email, etc. In cases where the user is associated to a downstream (back-end) entity that is identified differently from any of the existing fields, there isn't a way to do this without corrupting the "Notes" fields. It would be nice if Administrators can extend the user schema to contain custom attributes that can be fetched from within policies.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  7. multipart form-data

    you post that it's not supported. any timeframe on gaining support for this or why is it not supported already?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. add the feature for enable/disable API temporarily

    We can't enable/disable API temporarily easily just from the portal or any other way. please help to add this new feature if possible.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  9. Pull API URL Suffix from basepath as default value while allowing user to change it

    Pull API URL Suffix from basepath as default value while allowing user to change it

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Mark API URL Suffix as mandatory (red asterisk) after an empty value is accepted for one API

    Mark API URL Suffix as mandatory (red asterisk) after an empty value is accepted for one API.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add a "go to on-error" policy

    The policy should transition control flow to the "on-error" section and be customizable with error details.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  12. We would like to have OWASP security features as part of API Management rather than using API gateway/WAF.

    We would like to have OWASP security features as part of API Management rather than using API gateway/WAF.

    49 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    triaged  ·  2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. APIManagement ServiceTag

    There should be a APIManagement ServiceTag which will allow traffic from/to all ApiManagement services deployed in the Region. So that when the Public VIP of a particular service changes, it will still be within the range of the ServiceTag and allowed by firewall.

    The current APIManagement ServiceTag only covers the IP of Resource Provider (APIManagement management)

    https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#service-tags

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Block HTTP and/or force HTTPS

    Is there a way to disable the HTTP listener on the APIM service so that no responses occur for any requests to port 80.

    We'd like to see a feature where we can disable the listener at port 80, or configure that listener to automatically force a redirect to HTTPS and port 443.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  15. Subscriptions with an expiration timespan

    Allow subscriptions to have a lifetime, and specify an expiration date. We are looking into monetization of our API's and one of the issues we are facing is that we would like to revoke access to an API based on the billing model (e.g. 3 month license).

    To minimize the custom implementation for monetization, we would like to be able to specify an expiration date.

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Lifecycle  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow mock response headers

    In the API Management, UI, we can define mock response headers but they are not being applied to the mock response.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow the creation of custom API templates with predefined policies

    Allow custom templates to be created, and made available for selection via the API creation page (see attached), with predefined policies. This will improve the user experience where the requirement is to have several API's based on the same boiler plate policies. Product policies could be used but require all API's to be assigned to the same product which does not give flexibility in restricting access to the API's

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  18. Block IP's after N incorrect subscription keys

    Currently, subscription key validation takes place before policies take effect. This limits being able to manage subscription key access via policies.

    It is not currently possible to develop a policy that would block an IP or IPs after too many invalid subscription keys. In an environment where a rate limit policy would not otherwise be appropriate, this could potentially allow APIM to be flooded with a bunch of requests with invalid keys.

    To be able to enforce this at the moment requires some sort of relay middleware, or building out manual subscriptions (not via APIM's) and enforcing those via policy.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  19. Getting in ARM template apis operations based on fuction app automatically

    It is possible to specify the operations you want to add in the template programmatically. But there is a problem if you want to the api instance automatically update when the new function is added. Would be nice if operations would go directly from app without the need of aading them manually in the template.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support for user-assigned managed identity

    At the moment it is not possible to deploy an APIM all-in-one with Keyvault references due to how the current MSI integration works. This would be resolved if APIM supported user-assigned managed identities as this would allow Keyvault permissions to be set up prior to APIM being deployed.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base