API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. XSS Protection on Developer Portal

    During *********** testing, it was found that certain screens in the developer portal are vulnerable to XSS.

    eg IE, Firefox or Edge, if you browse to the change user details page, from the profile screen, you can enter

    bob"onfocus="alert(1)"autofocus="@example.com for a email
    or
    Bob"onfocus="alert(2) as the first name
    or
    the Builder"onfocus="alert(3) as the last name.

    After you press Update profile, while the information isn't sent to the DB, the popups occur when you click on any of the fields.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Provide programmatic examples for Azure API for FHIR server side authorization - you only describe how to create a confidential client

    There is no example for how to use the confidential client credentials to integrate with the Azure API for FHIR, only Postman using it's built in authentication flow; which is not helpful because that is not how a server side application behaves. Just provide curl statements for the auth flow.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  3. Fix unusable slowness for moderately sized SOAP pass through APIs

    Also posted here:
    https://social.msdn.microsoft.com/Forums/en-US/974a3b37-32bc-4544-bd55-c6bd3c3b4cc9/why-does-azure-apim-developer-portal-hang-for-moderately-sized-soap-pass-through-apis?forum=azureapimgmt&prof=required

    I've created a SOAP pass through API using a WSDL from Workday, which contains about 20 or so operations. The generated request samples produced by APIM upon import I suppose are somewhat large. However when I go to the developer portal and click on one of these APIs to test it the portal hangs, sometimes indefinitely. It appears as thought size of the API (number of operations and size of the XML request examples?) causes some strange performance issue. It really makes this product unusable for me at the moment, which is unfortunate.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  4. A powershell script to enable application insights logs per API

    When an API is imported, it is possible to do so via powershell and apply several settings to that API. However, I would like to see that the settings regarding logging to application insights could also be managed via a powershell cmd.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Provide options to show all APIs in Azure Portal

    Azure portal does show a limited list of APIs (100). It allows to search but would be nice if you can show how many APis exist, how many are loaded in the screen and an option to load the next 100 APIs.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  6. De-couple Subscriptions from Products & Issues pages

    1) Products are visible on the Products page only when the require subscription is set to true
    2) Users can post their issues only when they are subscribed to a product

    Our use case has custom subscriptions and we would like our users to try out a product before actually subscribing to them. We would also like them to post issues prior to subscribing. So these restrictions prevent us from using the Products/Issues pages. Ability to override this default APIM behavior would be beneficial.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support OpenID Connect Hybrid Flow

    Currently only Implicit and Authorization Code flows are supported by the OpenID Connect provider in Azure APIM. The Implicit flow is being deprecated as vulnerable and a lot of applications are using Hybrid Flow (code id_token).

    Can you please add support for this flow?

    http://docs.identityserver.io/en/latest/topics/grant_types.html#hybrid

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add AD Rules to Users and Groups Management

    When new users authenticate in the Developer portal they are automatically added to the system group - Developers. But for product visibility purposes, we have additional user defined groups: Internal and External (I'm sure there are other use cases, that's just ours). We move those users who authenticate by AD into the Internal group and those who don't into External. This is a manual process. If we could add an 'AD like' rule to the Developers group memberships on add that automatically (based on authentication method and(or) other criteria) add the new users to a custom group then we wouldn't…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add API endpoint to detach all tags from an API

    We've got a CICD pipeline to deploy/update APIs using the API Management API. Currently we can only add tags as replacing tags would require querying for all API tags and then call DELETE for each tag.

    Please add an operation to support this:

    DELETE https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}/tags

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  10. fix erroneous catching of protocol violation errors

    When an API (wrongly) return a response body and a "204 No content" return code, a "500 protocol violation error" should be raised by APIM instance.
    In fact it is the case, but the protocol violation error is raised as a response on the call folowing the erroneous "204" API, not the erroneous API itself. The error is raised only the following call (whatever API it is) that is implemented on the same backend of the "204" API AND if the folowing call is made in the same HTTP session (I mean during the http "keep alive" timeout).
    This bug…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  11. Consumption tier of Azure API Management

    You can now choose the new Consumption tier (in select regions) when you are creating a new API Management instance. Consumption tier, a variant of API Management designed and implemented around serverless principles is a more organic fit for applications built using serverless technologies. See https://aka.ms/apimconsumptionblog for detailed information about this new tier, it's features and limits.

    For the general availability release we plan to add the following capabilities:

    - Custom hostnames
    - Client certificate authentication
    - Azure Monitor metrics
    - Automated upgrade to other tiers
    - .NET SDK and PowerShell support
    - Faster activation
    - Additional public regions

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    started  ·  1 comment  ·  Pricing  ·  Flag idea as inappropriate…  ·  Admin →
  12. Importing WSDL with multiple ports/interfaces

    I have WSDL which contains multiple ports/interfaces. However, in custom connector management wizard reads action only from the first interface. I have a workaround to edit WSDL manually by removing all other interfaces except the one.

    The wizard should recognize all interfaces in WSDL and all Actions by Interface hierarchy.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  13. Custom domain support for Consumption tier

    Currently custom domains & SSL is only supported in the other 4 tiers.

    Is there a way to setup a custom domain for an APIM created in Consumption tier?

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  14. GraphQL introspective support within API Management

    Like swagger documents which describe REST endpoints, we would like to surface graphql queries and mutable schemas and types through the Developer portal.

    393 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  7 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  15. Get user subscription keys programmatically

    It would be nice if as a developer I would be able to get my subscriptions keys (primary key and secondary key) programmatically. By programmatically I mean, for example, authenticate to a REST endpoint with my username and password developer portal, and then with another REST endpoint get only my keys. (similar to the management rest API but, without the ability to view or modify other users' information nor perform administrator tasks)

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  16. Fix the UX and show appropriate errors (Highlight that the API Display Name and ID should both be Unique)

    The UX shown is very confusing as below it shows NAME already exists (and it does not highlight the error) which as per us is the 2nd field (which is internally treated as an ID). However from our analysis we have come to understand that the ‘Display name’ needs to be unique too.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. REST APIs through APIM backed by internal oData services

    We would like to provide REST APIs through APIM backed by internal oData services. The REST APIs will provide a subset of what the oData services provide. We would like to do this with no or minimal coding and we don't believe that this is possible today. We are requesting subsetting an oData service and lightweight transformations.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Support application/x-www-form-urlencoded parameters representation

    x-www-form-urlencoded parameters are currently not displayed at the developer portal. therefore the developer wont know what is expected of him to send.

    Current workaround is adding it to "sample" in the apim.
    But this is not scaling as it is a manual fix that needs to happen each time a developer uploads an openapi spec containing body parameters of this type.

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  19. PowerShell Support to Create/Import an API from a Logic App

    Currently there is no PowerShell Automation Support to Create / Import a Logic App similar to functionality for deploying an App Service API App.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Lifecycle  ·  Flag idea as inappropriate…  ·  Admin →
  20. Improve terminology (subscription, key)

    It's confusing that, for example, the rate-limit and quota policies have variations that are "by subscription" or "by key", when a "key" is also a crucial part of the subscription, but unrelated to the keys or values you can use to limit use.
    Subscription itself is also a confusing term vs the Azure subscription.
    I might suggest "registration" or "access key" for the APIM subscription, and the policies that limit by a "key" might just be called "by value" instead.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base