API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. A process for manually approving new users

    Today, you have the possibility to force a manual process for approving a user access to a product. However, if you need to enable simple username-password you have no possibility to have a manual process for approving a user access to the portal.

    It would be good for a user to see all products and APIs available in the portal, being able to browse and discover APIs. This means that anyone can create a user and browse APIs, basically spying on a company thru the names of APIs and products.

    The other way is to hide all APIs behind Products…

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Reader roles should not be able to see subscription keys

    Currently, users assigned the "Reader" or "Monitoring Reader" role are able to reveal subscription keys in the API Management portal. As is the case with other Azure products, secrets should not be accessible to members of these roles.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Blue/Green Deployments using Versions

    I was trying to implement Blue / Green deployments, which APIM doesn't really seem to support out of the box.

    What we were planning to do was to (ab)use the versioning to create a "Green" and a "Blue" version of the API. We were going to use revisions to do our actual versioning since our versioning requirements are relatively simple.

    I set up the versioning scheme to be Header Based, and I was using a "X-Colour" header to redirect to the correct version. This way, Testing could override the header for canary testing.

    My global policy looked something like this:

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  4. Path transformations on import

    At the moment, it seems that the endpoint URL's that apim exposes are always exactly the same as what the backend is exposing (except for the URL suffix that can be appended to the base url of course)

    However, we would like to transform those url's so that what apim exposes is not exactly the same as what our backend exposes.

    Example: the backend exposes url's such as:
    - /company/orders
    - /company/order/<id>
    - /company/order/<id>/confirmation
    - ...

    We would like the strip the 'company' part of the urls, so that the public facing api (exposed by apim) looks like this:
    -…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  5. [New Developer Portal] : RBAC for content

    We are able to do RBAC for API by using product subscriptions but there is no RBAC for content , a user has access to all the documentation on the portal.
    We want the access to documentation to also be governed by the role.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  6. Use Azure Key Vault-managed client certificates in Azure API Management

    A while ago we enabled the use of Azure Key Vault-managed SSL certificates for custom domain names in API Management. We are working to expand this feature to certificates used for mutual certificate authentication between the gateway and a backend.

    280 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  7 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add protections around "Current Revision"

    Currently: When we load APIM in Azure Portal and navigate to an API, the CURRENT Revision for that API is loaded by default. If a user forgets to switch to a non-CURRENT revision and makes edits, they will have changed the live API, potentially harming consumers of the API.

    Desired: Allow some way to protect against these accidental changes to the CURRENT revision. Here are two possible solutions:


    • Make it possible to specify which revision is loaded by default when the APIM instance is loaded in Azure Portal


    • Lock the CURRENT revision such that changes are impossible unless a user…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Lifecycle  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow asymmetric key validation with validate-jwt policy

    Currently Validate-JWT policy does not support asymmetric key validation.
    The JWT token is encrypted for various reasons with asymmetric key specially in case of B2B scenarios.

    We need a way to specify the IssuerSigningKey to validate-jwt policy.

    https://devblogs.microsoft.com/aspnet/jwt-validation-and-authorization-in-asp-net-core/

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add a "Subscription Required" checkbox during APIM API creation.

    Currently when creating an APIM service in Azure and adding a new API, there is no option to remove the "Subscription Required" parameter until after the API's creation. After creation this can be managed under the API's settings, however it would be very beneficial to be able to access this during creation.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    triaged  ·  0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow free trail to create service principal

    When creating a service principal I get
    command used : az ad sp create-for-rbac
    Directory permission is needed for the current user to register the application. For how to configure, please refer 'https://docs.microsoft.com/azure/azure-resource-manager/resource-group-create-service-principal-portal'. Original error: Insufficient privileges to complete the operation.
    I'm on a free trail, and I need the service principal details to allow for automation (using terraform)

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  11. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  12. APIM integration with AKS

    A seamless integration of APIM with the AKS Cluster. The process now in place seems complicated and needs to go through trial/error to get it done.
    Moreover the APIM fails to recognize the swagger definition as the APIs exposed via AKS load-balancer is internal. Azure DevOps though creates the APIM service but fails to map it to the AKS ILB.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  13. Enable the use of SSH protocol for authentication to APIM Git repos

    Current: Interacting with our APIM git repos requires the use of username/password credentials, with the password being generated on the "Access credentials" section of APIM on Portal. This password is valid for 30 days, max: https://docs.microsoft.com/en-us/azure/api-management/api-management-configuration-repository-git#to-clone-the-repository-to-your-local-machine

    Desired: Allow users to upload public ssh keys to the APIM tenant, so that users, remote servers, and services can connect to the repo using the SSH protocol. Github currently allows this: https://help.github.com/en/articles/about-ssh

    This is especially important for our CLI configuration. We have our APIM git repo loaded as a submodule for our project, as we have integration tests that compare our backend controllers…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Block HTTP and/or force HTTPS

    Is there a way to disable the HTTP listener on the APIM service so that no responses occur for any requests to port 80.

    We'd like to see a feature where we can disable the listener at port 80, or configure that listener to automatically force a redirect to HTTPS and port 443.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  15. Control developer template data

    Currently we cannot control developer portal template data. Because of that we cannot customize as much as we would like the developer portal.

    If we could have access to all, or most of the data, in a single template we could build richer pages. Also the data itself could be better organized.

    What I am aiming for, is something like:
    {
    apis: [

    {
    
    properties: ...,
    operations: [
    {
    properties: ...
    }
    ]

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. More flexible subscriptions in Azure API Management

    Present model for providing access to APIs is based on product subscriptions owned by a user. Each subscription includes a few properties and a pair of API keys. We are working on expanding this model to allow subscriptions and keys to be owned by a group of users or not be associated with any users at all. This will allow customers the flexibility of creating an ad-hoc set of key or having keys shared by a team of users without worrying about their ownership when members leave or are added to the team.

    202 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    started  ·  15 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow non-premium tier API managers to have multiple proxy custom domains

    We're trying to develop some API's and in order to host them through an API manager and have the endpoints resolve to the proxy domain we have to set up API managers for every single API, unless we use the premium tier. But the premium tier is SO much more expensive than the developer tier it just isn't cost effective to do that.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Pricing  ·  Flag idea as inappropriate…  ·  Admin →

    APIs in Api Management are identified by their name. Let’s say the names of the the two APIs are “api1” and “api2” respectively and the default host name of the API Management instance is “constoso.azure-api.net”. Both APIs would share the same host name and would be addressed as follows:

    api1: constoso.azure-api.net/api1
    api2: constoso.azure-api.net/api2

    Please explain why are you compelled to have individual host names for your APIs?

  18. On-board commands to Azure CLI 2.0

    See:
    https://github.com/Azure/azure-cli/issues/3614

    There is customer demand for this service to be support in Azure CLI 2.0 in order to develop cross-platform automation solutions.

    211 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Make it possible to call a long-running backend API which need more than 4 minutes to return

    Hi team,

    We have some legacy backend APIs which need around 10 minutes to return. Yet, the APIM SLB has a defalut timeout for 4 minutes, which is not changeable from the user side even if I set forward-request timeout to be 15 minutes via Policy, I have never got a response from the APIM. The 4 minutes limit can be avoided by a keep live logic. Could you please implement this while calling a backend API and make sure the timeout can meet the value set in the Policy.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  20. Integrating Deployment Slot Hosted App Service to API Management

    In Azure, there are deployment slots within API App service as we have created it for Test, Stage, Preproduction, and Production. But in APIM, we couldn't select a specific deployment slot through hosted app service to Add APIs. Finally, we used Open API Specification.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base