API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Policy tag directory

    Have a comprehensive directory that has all of the tags that can be used in the policy XML.

    An example is have documentation of the <when> tag regarding which tags can be nested within and which attributes it accepts.

    I seem to be unable to find any resource that has detailed documentation on these multi-use tags.

    Thank you

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  2. Import mandatory query parameters as query rather than in the URL template

    When an API is imported into API-M using Swagger, mandatory query parameters are imported into the URL template rather than as query parameters.

    The effect of this is when a parameter is missing API-M returns a 404. The correct behaviour should be to return a 400 Bad Request with a validation error, or pass the request to the back-end API to return an appropriate error.

    I suggest adding an option to import mandatory query parameters from Swagger as query parameters.

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  4. Automated backup for APIM

    Provide automated and manual backup feature something similar to what we have in Azure Web Apps (
    https://docs.microsoft.com/en-us/azure/app-service/web-sites-backup#configure-automated-backups ).

    77 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  9 comments  ·  Lifecycle  ·  Flag idea as inappropriate…  ·  Admin →
  5. Ability to read certificate stored under secrets in APIM

    Ability to read certificates stored under secrets in APIM is required. If Certificate is created using App Service Certificate, certificate is getting stored under secrets. APIM in ability to read certificate under secrets of Key vault is becoming bottleneck for us.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Display details of YAML importing error

    Importing YAML file, the message "Internal Server Error" is displayed if there is an invalid error response definition as following.

    responses:
    '200':
    description: Successfully updated a user
    content:
    application/json:
    schema:
    $ref: '#/components/schemas/User'
    '400':
    $ref: '#/components/schemas/User' # <-- it has to be set Error Response compornent

    It's useful to display if the details of error, not only "Internal Server error", for troubleshooting.

    Regards,

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  7. Integrating Deployment Slot Hosted App Service to API Management

    In Azure, there are deployment slots within API App service as we have created it for Test, Stage, Preproduction, and Production. But in APIM, we couldn't select a specific deployment slot through hosted app service to Add APIs. Finally, we used Open API Specification.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  8. Extend billing API to consider fair use of reservations

    My company uses a mix of reserved instances and pay-as-you go instances. I want a convenient way to evaluate how much it cost in a given month to operate a virtual machine. This convenient way should fairly distribute reserved instance usage among eligible machines.

    Details:

    With pay-as-you-go instances, you can pull monthly data that shows how much an instance cost to operate this month. The costs are a direct function of the delivered value. With reserved instances, you pay in advance and you may (or may not) use the reservation over the course of the years. Value stream (usage) and…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  9. Provide means to restrict TLS cipher suites or means to access cipher suite information

    Provide (1) means to restrict TLS cipher suites that are used in TLS communication between Azure API Management and API callers or (2) means for developers to access detailed information about the cipher suite used in the TLS connection from within API implementations.

    Background:

    We are investigating whether Azure API Management can be used for Financial-grade API (https://openid.net/wg/fapi/).

    Financial-grade API, also known as FAPI, is a set of standard specifications that are built on top of OAuth 2.0 and OpenID Connect. UK Open Banking (https://www.openbanking.org.uk/) has officially adopted FAPI and built Open Banking Profile (OBP) on…

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Stuggeling to find the latest supported ARM API Version and Parameter

    I find it quite hard to figure out what API Versions are available for a certain resource and what options/parameters every Version offers.
    This makes it quite hard to find Schema Changes between each API Version and to find out if new features have been added to the Resource Definition.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  11. Policy to remove header

    Cannot remove below headers with "Consumption (Preview)" price tier:
    X-Powered-By
    X-AspNet-Version
    Set-Cookie

    Below is the detail step I replicate the issue:
    I'm trying to remove some headers in the response but they are still there.

    I did follow http://www.ithero.nl/post/2018/03/31/Using-policies-in-API-Management-to-remove-response-headers-from-the-backend-Web-API-that-leak-information.aspx

    to remove 'Set-Cookie' and 'X-Powered-By' by adding these lines to policy:
    <set-header name='X-Powered-By' exists-action='delete' />
    <set-header name='Set-Cookie' exists-action='delete' />
    but it's no hope.

    Currenty I still got these info in the headers:
    Cache-Control →private
    Transfer-Encoding →chunked
    Content-Type →text/plain; charset=utf-8
    Content-Encoding →gzip
    Vary →Accept-Encoding
    Server →Kestrel
    X-AspNet-Version →4.0.30319
    X-Powered-By →ASP.NET
    Date →Thu, 18 Apr 2019 05:01:14 GMT

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  12. REST API SDK (Java et al)

    I might be missing it but I don't see a client SDK for the API Management REST API. Personally I want a Java version, but I'm sure others would want something different.

    I'm doing things like delegating signup and need to do integrations like calling the create user API. Would be nice to have some of this pre-built.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  13. elaborate the documentation for the API Management subscription

    Could you please elaborate the documentation for the subscription

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow backend call details in "context" interface

    It would be very usefull to have access to backend call details via a new context "backend" interface so we could have access to "status code", backend url, call duration...
    In fact all that could be usefull to analyse "backend calls" in outbound policies.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  15. Ability to use certificate as secret for OAuth 2.o

    OAuth 2.0 configuration has only option to provide secret. There is no option to provide certificate as secret. This is limiting our ability to use as our client id support only certificate secrete.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. When clicking "load more" in API operation list, it should load more (add to the list) and not replace the currently visible operations

    When clicking "load more" in API operation list in the Azure management portal, it should load more (add to the list) and not replace the currently visible operations. Lets say you have 25 operations for the selected API, and the first 20 are displayed by default and there is a "load more" button at the bottom of the operation list. and you click it. Currently, it removes the first 20 and only shows the last 5. If you want to see the first 20 again, you have to then click and select a different API and then go back to…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add comment to policies

    Before the possibility of form based editing for Allowed IP addresses in the API management policies, We could put comments in the code body.

    With every IP address we whitelist we also like to keep track from who that IP address is. Before we did that with comments. Currently commenting in the policies body is no longer possible. all comments placed here will be deleted once you save it.

    Commenting is only possible in the header.

    It would be useful to have an extra field next to the policy. This field can be used as a comment field.

    When entering…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  18. RM or AZ powershell support for uploading a 3.0 open api specification to Azure api management

    I would like to see the option to add a 3.0 open api specification via a powershell cmd. The cmds, as of now, do not support 3.0 format.

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  19. Authorize latest DNS domains to create accounts on the developer portal

    Customer with "original" email addresses ( for example .garden, .paris, .fish... ) cannot create an account on the developer portal using the "Username and password" identity provider.

    They have an "Invalid email" error even though the email address exists.

    Would it be possible to authorize all the existing domains listed here for example : https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains

    Thanks

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  20. 2nd Import and Append of swagge docs loses definitions

    When I import XY swagger (Open Api 2) into Api Manager, the model definitions are there and all looks great. Now i am to import a different AB swagger (different api), it imports, but loses model definitions in the process, big issue if we want to use NSwag or generators

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base