API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Limit call rate by key in the Consumption tier

    The rate-limit-by-key policy prevents API usage spikes on a per key basis by limiting the call rate to a specified number per a specified time period. This is really important feature of api managament and it's not available in Consumption tier.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  2. Name of sign in OAuth buttons on developer portal

    The ability to change the name of the sign in OAuth buttons on the developer portal. Instead of "Azure Active Directory" the possibility to write "Company account sign in" for example.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  3. Remove standardized Azure URL from Swagger / WSDL file

    We are using custom domains in our Azure API Management instances. Unfortunately when uploading a Swagger file, APIM automatically adds the standardized URL. Here's an example:

    "x-servers": [
    
    {
    &quot;url&quot;: &quot;<a rel="nofollow noreferrer" href="https://gateway.api.qas.custom.com&quot">https://gateway.api.qas.custom.com&quot</a>;
    },
    {
    &quot;url&quot;: &quot;<a rel="nofollow noreferrer" href="https://azurestandardname-northeurope-01.regional.azure-api.net&quot">https://azurestandardname-northeurope-01.regional.azure-api.net&quot</a>;
    }

    This keeps confusing our customers when they download the description through the Dev Portal.

    Please add an option to prevent the standard URL from being added to the API descriptiion (Swagger and WSDL)

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  3 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  4. client cert with public key

    We have a scenario that we would like to use Azure APIM to replace another vendors API GW in use today. However, there is a serious flaw in APIM that prevents us to do so. Many of our web services (this is healthcare so a bit more old school) are secured by client cert auth. If the public cert isn't in our API GW store and authorized for the web service then the authentication/authorization is rejected.

    Azure APIM currently (as far as I can tell) only allows certs with private keys to be loaded for validation using the cert store…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support VNET for Basic Tier of APIM

    Our APIs are deployed to Service Fabric cluster in a VNET. If we want to expose our APIs through APIM, we have to use the Premium Tier of APIM since that's the only tier where VNET support is included.

    Premium Tier of APIM has bunch of other features like AD authentication, Multi-region support, 4000 reqs/sec etc., which we don't need and don't care.

    Why are all those features clubbed together and provided as an all or nothing solution?

    Basic Tier fits our use case perfectly, if only we can deploy it in a VNET.

    Service Fabric integration with APIM is…

    486 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  34 comments  ·  Pricing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Deploy policy as xml file

    If we keep policies as XML (instead of allowing policy definition in JSON for instance) can we deploy the policy as a separate XML file so we don't have to have escaped XML within JSON templates? This is similar to B2C IEF custom policies which are uploaded as XML files.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  7. Automatically create new revision on swagger definition change

    It wold be very nice if through a CI/CD pipeline there was an option to have an ARM template or CLI flag that could check the API Swagger definitions, or just automatically re-import them and create a revision of them if different. This would make the CI/CD Pipeline much more simple as you wont need the special tools to extract this, then update the git repo, etc.

    Ideally the pipeline would change to ->

    Publish API changes
    Publish APIM Artifacts
    Azure CLI to update APIM with flag to update schema if swagger uri is specified.
    etc... Considering I don't really…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support Array Parameters

    Current: There's no way to designate a query parameter as an "array" parameter (which indicates more than one instance of that parameter may appear in the query string)

    Desired: Add an option to designate a query parameter to be an array parameter, such that when the API is serialized into an OpenAPI format, its status of an array parameter is captured. (See "schema vs content" on this page to see how array parameters are represented in OpenAPI: https://swagger.io/docs/specification/describing-parameters/)

    This is important for us because our APIM API needs to map to our backend API Controllers, which define some parameters…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  9. Custom Domain certificate at no cost. Same as App Service

    Please also implement possibility to use free certificate who is auto renewed. Same function as is possible in App Service now:

    https://azure.microsoft.com/en-us/updates/secure-your-custom-domains-at-no-cost-with-app-service-managed-certificates-preview/

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Display OpenAPI 3.0 callbacks in Developer Portal

    The operations page does not display details of "Callbacks" section included in Open API 3.0:
    https://swagger.io/docs/specification/callbacks/

    Please could any callbacks defined against an operation be displayed in the new developer portal, in a similar way to Swagger UI

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  11. Manage Backends with Azure Portal

    There doesn't seem to be a way to manage Backends with the Azure Portal. You must import a Function App to get the function app as a backend (or ARM Template and create the backend), but there's no way to manually hook up a Backend. There's also no way to clean out old backends.

    Could we add a new item under API Management below APIs called Backends?

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  12. Azure Functions API import fails after setting IP restrictions on the Function

    The feature to import from Azure Functions to APIM does not work when Azure Functions has a firewall. Adding the APIM outgoing ip address to the list of allowed addresses still does not allow the import to work. Azure Functions and APIM should be able to seamlessly integrate together. Currently, we are not able to use IP restrictions.


    1. Create Azure Function

    2. Add IP Restriction and deny all traffic except for incoming traffic from APIM endpoint

    3. Try to import Azure Function endpoints to APIM

    4. The UI throws an error when actually trying to import

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  13. Tags not importing when defined in x-ms-paths

    I have an API where I have paths with the same path, but a parameter on one of the paths differentiates them.

    APIM allows this, and if you export the data, the second endpoint is under x-ms-paths.

    There are several issues with it, but the main issue is that if you define tags in the section, they are not processed when the file is imported back in.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  14. Required field Validation on API page in Azure developer portal

    Required filed validation should be there on API page in Azure developer portal.

    Issue which I am facing is described below:

    I have published an APIs in the APIM service using a Swagger file, where the required key is set to True for all the request parameters.
    When I test the APIs within APIM, the required field validation works as expected for all the parameters and also shows the validation message.
    However, when I test the same APIs from the APIM Developer Portal, the field validation doesn’t work as expected and the API is called without displaying the validation message…

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  15. New policy: "update-context-variables" to add multiple context variables at once

    We should have a new policy: "update-context-variables" whose policy expression allows us to directly update the IReadOnlyDictionary<string, object> context.Variables, such that we can add multiple variables in a single policy expression.

    Use case:
    I have an application that receives a requests with json in the body, validates the shape of the json and its various fields, before passing that json forward to an eventhub service.

    My policy XML is overly verbose, because I have to iterate through that json multiple times to in multiple set-variable policies. I would like a single policy that would allow me to iterate through that…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  16. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  17. Search by API Key within API Management blade from Subscriptions Tab

    It is currently possible to view all subscriptions and filter by Display Name and Owner.
    It is also possible to view individual keys from show/hide keys

    it would be helpful to be able to paste in a subscription key, and have the list filtered to show the subscription the key belongs to.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  18. A process for manually approving new users

    Today, you have the possibility to force a manual process for approving a user access to a product. However, if you need to enable simple username-password you have no possibility to have a manual process for approving a user access to the portal.

    It would be good for a user to see all products and APIs available in the portal, being able to browse and discover APIs. This means that anyone can create a user and browse APIs, basically spying on a company thru the names of APIs and products.

    The other way is to hide all APIs behind Products…

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Reader roles should not be able to see subscription keys

    Currently, users assigned the "Reader" or "Monitoring Reader" role are able to reveal subscription keys in the API Management portal. As is the case with other Azure products, secrets should not be accessible to members of these roles.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. Blue/Green Deployments using Versions

    I was trying to implement Blue / Green deployments, which APIM doesn't really seem to support out of the box.

    What we were planning to do was to (ab)use the versioning to create a "Green" and a "Blue" version of the API. We were going to use revisions to do our actual versioning since our versioning requirements are relatively simple.

    I set up the versioning scheme to be Header Based, and I was using a "X-Colour" header to redirect to the correct version. This way, Testing could override the header for canary testing.

    My global policy looked something like this:

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base