API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. [New Developer Portal] : Feedback widget

    We want our partner (external users) to be able send feedback to us . At minimum we want to capture if it is positive/negative , description. It would be amazing if we can get information on the issues they are facing by having something similar to this https://www.npmjs.com/package/ng-feedback

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  2. [New Developer Portal] : RBAC for content

    We are able to do RBAC for API by using product subscriptions but there is no RBAC for content , a user has access to all the documentation on the portal.
    We want the access to documentation to also be governed by the role.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  3. A process for manually approving new users

    Today, you have the possibility to force a manual process for approving a user access to a product. However, if you need to enable simple username-password you have no possibility to have a manual process for approving a user access to the portal.

    It would be good for a user to see all products and APIs available in the portal, being able to browse and discover APIs. This means that anyone can create a user and browse APIs, basically spying on a company thru the names of APIs and products.

    The other way is to hide all APIs behind Products…

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add protections around "Current Revision"

    Currently: When we load APIM in Azure Portal and navigate to an API, the CURRENT Revision for that API is loaded by default. If a user forgets to switch to a non-CURRENT revision and makes edits, they will have changed the live API, potentially harming consumers of the API.

    Desired: Allow some way to protect against these accidental changes to the CURRENT revision. Here are two possible solutions:


    • Make it possible to specify which revision is loaded by default when the APIM instance is loaded in Azure Portal


    • Lock the CURRENT revision such that changes are impossible unless a user…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Lifecycle  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow asymmetric key validation with validate-jwt policy

    Currently Validate-JWT policy does not support asymmetric key validation.
    The JWT token is encrypted for various reasons with asymmetric key specially in case of B2B scenarios.

    We need a way to specify the IssuerSigningKey to validate-jwt policy.

    https://devblogs.microsoft.com/aspnet/jwt-validation-and-authorization-in-asp-net-core/

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  6. Use Azure Key Vault-managed client certificates in Azure API Management

    A while ago we enabled the use of Azure Key Vault-managed SSL certificates for custom domain names in API Management. We are working to expand this feature to certificates used for mutual certificate authentication between the gateway and a backend.

    263 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  6 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  7. Custom Domain certificate at no cost. Same as App Service

    Please also implement possibility to use free certificate who is auto renewed. Same function as is possible in App Service now:

    https://azure.microsoft.com/en-us/updates/secure-your-custom-domains-at-no-cost-with-app-service-managed-certificates-preview/

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow free trail to create service principal

    When creating a service principal I get
    command used : az ad sp create-for-rbac
    Directory permission is needed for the current user to register the application. For how to configure, please refer 'https://docs.microsoft.com/azure/azure-resource-manager/resource-group-create-service-principal-portal'. Original error: Insufficient privileges to complete the operation.
    I'm on a free trail, and I need the service principal details to allow for automation (using terraform)

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  9. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  10. APIM integration with AKS

    A seamless integration of APIM with the AKS Cluster. The process now in place seems complicated and needs to go through trial/error to get it done.
    Moreover the APIM fails to recognize the swagger definition as the APIs exposed via AKS load-balancer is internal. Azure DevOps though creates the APIM service but fails to map it to the AKS ILB.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  11. Display OpenAPI 3.0 callbacks in Developer Portal

    The operations page does not display details of "Callbacks" section included in Open API 3.0:
    https://swagger.io/docs/specification/callbacks/

    Please could any callbacks defined against an operation be displayed in the new developer portal, in a similar way to Swagger UI

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  12. Block HTTP and/or force HTTPS

    Is there a way to disable the HTTP listener on the APIM service so that no responses occur for any requests to port 80.

    We'd like to see a feature where we can disable the listener at port 80, or configure that listener to automatically force a redirect to HTTPS and port 443.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  13. Control developer template data

    Currently we cannot control developer portal template data. Because of that we cannot customize as much as we would like the developer portal.

    If we could have access to all, or most of the data, in a single template we could build richer pages. Also the data itself could be better organized.

    What I am aiming for, is something like:
    {
    apis: [

    {
    
    properties: ...,
    operations: [
    {
    properties: ...
    }
    ]

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. More flexible subscriptions in Azure API Management

    Present model for providing access to APIs is based on product subscriptions owned by a user. Each subscription includes a few properties and a pair of API keys. We are working on expanding this model to allow subscriptions and keys to be owned by a group of users or not be associated with any users at all. This will allow customers the flexibility of creating an ad-hoc set of key or having keys shared by a team of users without worrying about their ownership when members leave or are added to the team.

    196 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    started  ·  15 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  15. On-board commands to Azure CLI 2.0

    See:
    https://github.com/Azure/azure-cli/issues/3614

    There is customer demand for this service to be support in Azure CLI 2.0 in order to develop cross-platform automation solutions.

    208 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. multipart form-data

    you post that it's not supported. any timeframe on gaining support for this or why is it not supported already?

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow non-premium tier API managers to have multiple proxy custom domains

    We're trying to develop some API's and in order to host them through an API manager and have the endpoints resolve to the proxy domain we have to set up API managers for every single API, unless we use the premium tier. But the premium tier is SO much more expensive than the developer tier it just isn't cost effective to do that.

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Pricing  ·  Flag idea as inappropriate…  ·  Admin →

    APIs in Api Management are identified by their name. Let’s say the names of the the two APIs are “api1” and “api2” respectively and the default host name of the API Management instance is “constoso.azure-api.net”. Both APIs would share the same host name and would be addressed as follows:

    api1: constoso.azure-api.net/api1
    api2: constoso.azure-api.net/api2

    Please explain why are you compelled to have individual host names for your APIs?

  18. Log custom traces to Application Insights

    Provide a policy to log custom traces to Azure Application Insights, similar to the log-to-eventhub policy.

    120 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  4 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  19. We would like to have OWASP security features as part of API Management rather than using API gateway/WAF.

    We would like to have OWASP security features as part of API Management rather than using API gateway/WAF.

    83 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    triaged  ·  3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  20. Describe what a member is and must have

    Describe what restrictions are put on members. Must member be users with accounts in some local active directory? Are members just strings so any name can be entered?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base