API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow customization of Password Complexity for simple sign-on on the Developer Portal

    Essentially the idea would be to allow a field in the XML for the developer portal simple sign-in or sign-on sections to allow for custom password strength requirements, instead of the current option which is just 8 characters. For instance, you could specify using at least one Capital letter and custom length such as 12 characters.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  2. report byOperation

    Ability to load API Management Analytics Reports i.e. Operations in Log Analytics workspace. Currently, I am not seeing a convenient way to do that. I found that current Portal rendering can timeout if requesting 90 days.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Analytics of API Management should include statistics from Self-hosted API Management gateway also

    Analytics of API Management currently does not include the statistics from Self-hosted API Management Gateway.

    This will be a key feature to understand the usage of the self-hosted gateways.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  4. Show method of operation on the developer portal Report page for consistency and readability.

    Method name is already included in the API Details page which makes it super easy to distinguish with what operation and method combination you are working with.

    I would like to see this included for the reports page since the way it is now is difficult to read (unreadable even) because you cannot distinguish a GET from a POST.

    Example:
    I have a endpoint named Enquiries.
    One with GET and one with POST.
    So I go to the reports page to see how fast the average response time is. There is no way to distinguish the two.

    See screenshot.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add "Subscription count limit" feature for subscriptions without a user

    Right now, the "Subscription count limit" under Product -> Settings applies to the number of subscriptions without a user too. This should not be the case, the number of subscriptions you can create from the Azure Portal, without being assigned to a user, should not be limited to the "Subscription count limit". I understand that this limitation is by design and that currently, this limit applies to a user/product combination. However, subscriptions that have a "null" username should be exempt from this limit. I would suggest having a separate configurable limit here for non-user subscriptions or configuring this number to…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  6. Create product tags on portal

    Tags are able to be added to a variety of API Management resources including service, apis, operations, and products. Tags can be added via ARM, REST, or the Azure portal for each of these resources. For products, tags can only be added via ARM or REST and users are unable to add them via the Azure portal.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  7. Documentation for API Management clone feature

    There doesn't seem to be documentation which describes the functionality of the Clone operation for API Management within the Azure Portal. A user is forced to experiment with the feature. It would improve user experience if there was either in-portal help, or official Microsoft documentation which describes the Clone operation.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  8. Name of sign in OAuth buttons on developer portal

    The ability to change the name of the sign in OAuth buttons on the developer portal. Instead of "Azure Active Directory" the possibility to write "Company account sign in" for example.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  9. 'Create from App Service' to figure out the host / backend from AppService

    When 'Create from App Service', APIM should be able to figure out the host / backend based on AppService's domain name.

    Currently, APIM requires the swagger file to include the 'host' and would fail the import if the value is not included.

    "The OpenAPI specification should contain 'host' value"

    The host value is often unavailable for programmatically generated swagger file. And, site owner would have to manually modify the generated swagger file.

    It is tedious and bad user experience. Please consider implement the feature.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  10. client cert with public key

    We have a scenario that we would like to use Azure APIM to replace another vendors API GW in use today. However, there is a serious flaw in APIM that prevents us to do so. Many of our web services (this is healthcare so a bit more old school) are secured by client cert auth. If the public cert isn't in our API GW store and authorized for the web service then the authentication/authorization is rejected.

    Azure APIM currently (as far as I can tell) only allows certs with private keys to be loaded for validation using the cert store…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  11. Deploy policy as xml file

    If we keep policies as XML (instead of allowing policy definition in JSON for instance) can we deploy the policy as a separate XML file so we don't have to have escaped XML within JSON templates? This is similar to B2C IEF custom policies which are uploaded as XML files.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add policy to prevent brute force attacks in the API Management Consumption Tier

    Currently in Consumption Tier, there is no way to prevent abuse of unauthenticated endpoints. This allows attackers to be able to keep hitting these endpoints with random inputs until they succeed.

    Examples of such endpoints could be account activation, registration, password reset where an attacker can keep calling these endpoints with random values, since there is no throttling or check of any kind per API method to limit calls from the same IP in a given time frame.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Documentation - Fully-featured Application Gateway with API Management documentation

    The documentation at https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-integrate-internal-vnet-appgateway is hard to follow, as it demonstrates an approach using only PowerShell and lacks a detailed explaination of why configuration settings are made. It would be helpful to users if the documenation also showed screenshots of configuation using the Azure Portal. A video walkthrough would also be helpful (as there are many steps involved and a video may be easier to undertand).

    The blog post at https://medium.com/azure-architects/azure-api-management-and-application-gateway-integration-a31fde80f3db provides additional information to help clarify why and how configuration settings are made. The related GitHub sample is also clear as more descriptive variable names are used. It would…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure Functions API import fails after setting IP restrictions on the Function

    The feature to import from Azure Functions to APIM does not work when Azure Functions has a firewall. Adding the APIM outgoing ip address to the list of allowed addresses still does not allow the import to work. Azure Functions and APIM should be able to seamlessly integrate together. Currently, we are not able to use IP restrictions.


    1. Create Azure Function

    2. Add IP Restriction and deny all traffic except for incoming traffic from APIM endpoint

    3. Try to import Azure Function endpoints to APIM

    4. The UI throws an error when actually trying to import

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  15. Custom approval for subscription requests based on product ownership

    Currently only admins can approve product subscription requests in APIM. Usually an admin should not be bothered with the approval of subscription requests. Instead this tasks should be handled by an API owner within APIM. The RBAC of APIM should be more precise to have more flexibility for companies needs. It should be possible to define a custom role API Owner and assign the approval process for subscription to this role.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  16. Full-text search that covers all web pages of the DevPortal

    To enable all users/visitors of the DevPortal to search for key terms, the DevPortal shall
    - provide a google-like full-text search function that searches in all pages of the DevPortal including the meta data for each page
    - For each page, meta data can be entered (e.g. synonyms) to improve the search results
    - provide a web widget with a customizable search field that can be easily added on pages and layouts/templates on any place.
    - offer options on how to display the search results, e.g., on the same page, in a new window, or in a new browser tab…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  17. Navigation tree widget for web pages of the DevPortal

    To add more extensive information (on-boarding, x-cutting and conceptual information) to our partners, basic wiki functionalities like a navigation tree is required.

    The navigation tree shall
    - allow an easy navigation between different articles and it should help to easily explore interesting articles or tutorials in a short period of time.
    - be offered as a web widget that can be used on wiki page layouts.
    - reflect which article has been currently opened and therefore provide a breadcrump-like feature.
    - only display titles of articles/pages in the nav-tree widget that are actually available in the content storage.
    - facilitate…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  18. ci/cd integration with Azure DevOps

    API management really needs some better integration with Azure DevOps and Github and support for CI/CD pipelines. Right now the only source control built into the platform is via a private git repo that is built into the API mgmt instance. This works for small scale development. For something larger scale like within enterprises this becomes difficult as development teams may not have access to the azure portal or there are multiple teams working on different APIs. I have seen some demonstrations about alternatively managing via ARM templates via a custom set of tools, but it should really be something…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Lifecycle  ·  Flag idea as inappropriate…  ·  Admin →
  19. New error code MethodNotAllowed

    At this moment if the URL does not exists or if the URL exists but it is invoked with a non supported method, the error code returned is "OperationNotAllowed" with status code 404. The APIM should handle this situation in a better way by returning the error code "MethodNotAllowed" and the status code 405 just in case of the operation is being invoked with a non supported method.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  20. OData URIs case insensitive

    OData URIs are managed in a case sensitive way, we have an operation with this URL /api/Companies({id}) and the only way we can invoke it is using the resource name in lowercase: /api/companies('424324')

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 23 24
  • Don't see your idea?

Feedback and Knowledge Base