API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Use NamedValues within C# expression

    In the existing implementaiton it is not possible to directly access data from NamedValue table within C# policy expressions, for ex: a code like "var x = {{dataStoredInNamedValue}}" will not work. The only way to access the namedValue it appears is to use XML Policy templates, for ex: '<set-variable value="{{some-value}}"/>'. So to use the data stored in namedValue, it should be first fetched using <set-variable/> and later this variable need to be accessed in C# expression, this is roundabout, and there should be a direct way to access these values.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add indicator for which item is used

    When working with the new DevPortal checking which images are used in a certain widget comes in handy, when having many images uploaded

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow conditional cors policy in the <inbound> policy section rather than restricting it to use only once in the <inbound> section.

    Allow conditional cors policy in the <inbound> policy section rather than restricting it to use only once in the <inbound> section. The desire state is in the attachment.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow longer URLs and Query parameters

    Currently URLs in the Consumption Tier are limited to a length of 4096 bytes with a maximum length for query parameters of 2048 bytes (source: https://github.com/MicrosoftDocs/azure-docs/blob/master/includes/api-management-service-limits.md). As there is no maximum size defined in the URL standard, the API Management shouldn't constrain the length of URLs and Query Params either (or should have a much higher limit which does not restrict realistic use cases). This would e.g. allow the transmission of data-URLs, Authentication information in the Query Parameter or signed URLs.

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support renewal of certificates for API Management custom domain endpoint through ./well-known

    This applies to API Management instances with custom domain configured:
    https://docs.microsoft.com/bs-latn-ba/azure/api-management/configure-custom-domain

    We would like to use automatic renewal of the SSL certificate for the endpoint, but there currently is no acceptable method to support the proof of ownership required the certificate renewal provider of Azure: GoDaddy.

    Domain verification through DNS TXT record is not possible as it needs to be on root level of azure-api.net (which is owned by Microsoft and not the customer)

    HTML web page method is not possible as not possible to publish a page to .well-known/pki-validation/godaddy.html on the API Management endpoint.

    Email verification is a poor…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. assign Internal IP to APIM

    We have an APIM with an InternalVnet configuration.

    Currently we are testing Disaster Recovery Solutions and one pain point is the automatic assigned internal IP address.

    Each time we redeploy the APIM to test the DRS we need to create a change for the DNS and have more dependencies than needed to recover our solution

    Please make the Internal IP adjustable to enable fixed values assigned by us

    87 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add API Management VNET Support to BASIC and STANDARD Tier

    Currently, VNET Support is available for only DEVELOPER and PREMIUM tier on API Management.
    But DEVELOPER is for non-production use cases. And PREMIUM is very expensive(the cost of PREMIUM is about 20 times higher than BASIC!)
    I hope that Virtual Network Option will be available at more lower cost.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  8. cors

    Currently if default CORS policy is used in , outbound policy is not executed. This doesn't allow to attach HSTS headers to the response from OPTIONS method call. That forces us to implement custom CORS policy in order to comply with our security requirement. Would be nice to have the design changed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  9. API Details page does not display correctly when importing OpenAPI operations with long "summary" values

    If you import an OpenAPI file, the first 300 characters of an API operation's "summary" value (if one exists) gets mapped into the Display Name of an API operation in APIM.

    Typically the summary is a long value. The API Details page for the API displays incorrectly as a result. The Display Name does not wrap and a scroll bar appears on screen.

    In addition, the Display Name is displayed three times on the API Details page: on the left hand menu that contains the operations, the operation title and the operation description.

    My suggestion is to map the "summary"…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  10. User administration through event

    Today there is no good way to get a signal that a User has signed up on the Developer Portal. It would be good to be able to set an alert on this type of event to be able to react and assign the new user to othe right groups as soon as possible.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support deep links to DevPortal pages even if redirect to signin page is activated

    We plan to provide more information in the DevPortal such as articles in wiki style. It shall be possible to share knowledge effectively with colleagues by sending a deep link to a dedicated page (article) or API details page that are relevant in a dedicated context.
    The deep link should work even when the redirect setting to the sign-in page has been activated!

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  12. Publish and group APIs according to resource path.

    To better understand the relation of the resources, it would be nice to be able to publish the APIs according to resource path rather then operation.

    Could also be nice to be able to group them according to resource path in API Management as well.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  13. Logic App backends in ARM Templates able to be selected like in Portal

    When setting up an APIM API and a backend in the portal, we are able to select a Logic App using an experience to find the logic app and the sub-resource. Then a radio button for Azure Logic App resource is selected with the name of the logic app and sub-resource. However, in an ARM template, this is impossible. Setting up the backend to point to the resourceId of the logic and deploying defaults this backend policy to HTTP and does not work unless fixed manually in the portal. Here is the snippet of the ARM template:

        {
    
    &quot;type&quot;: &quot;Microsoft.ApiManagement/service/backends&quot;,
    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  14. Remove TLS_RSA_WITH_AES_256_GCM_SHA384 from available TLS 1.2 ciphers

    Api Management is REQUIRING a WEAK CIPHER be enabled: TLSRSAWITHAES256GCMSHA384

    The documentation to remove ciphers excludes TLSRSAWITHAES256GCMSHA384 with no mention as to WHY: https://docs.microsoft.com/en-us/rest/api/apimanagement/2019-01-01/apimanagementservice/update#request-body

    Further, running command specifying this cipher as False is having no change on the API management gateway:

    Name: TLSRSAWITHAES256GCMSHA384
    Value: False

    SSLLABS is identifying cipher suites using TLS_RSA as weak: https://discussions.qualys.com/thread/17971-tlsrsawithaes256cbcsha-comes-to-be-weak-cipher

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow developers to upload API Management code samples

    We have started using new developer portal and realized there is no way to add new language samples and edit existing templates. Could you please add a feature to add new language templates and update existing items.

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  16. Distributed Tracing - W3C Trace Context Policy

    Add a policy that implements the W3C Trace Context specification. This means that if a request that arrives at APIM without a w3c trace context, APIM will create it and send it to the backend. If a request arrives with a w3c trace context already created, APIM will append its information to the context.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  17. GatewayUrl in Azure Portal UI and REST Api differ

    We have decided to go all in when it comes to ARM Templating, and our goal is to depend on as few parameters as possible and instead retrieve as may information from the system settings as possible.

    While creating ARM Templates for Api Management I discovered that what i did see on my Azure Portal in Api Management Service in the Gateway Url property was not the value to be found when retrieving it using my ARM Template. Trying to figure out what happens i did a REST Api lookup and to my big surprise GatewayUrl via REST Api and…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  18. Automatically provision AD app registration for an API Management instance

    When we expose APIs through API Management, we often want to secure them using JWT validation. For fine-grained control, we would want to validate claims in the JWT to verify that the caller is allowed access to that particular API. Setting up and keeping in sync the app registration to allow this is tedious for the directory administrator particularly when the development environment is highly active.

    I suggest that you enable a way to automatically provision and keep in sync an app registration in the AD tenant whose app roles mirror the APIs offered in the API Management instance

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. When subscription key headers change, the corresponding error messages should change

    In the subscription section of API settings, if 'Subscription Required' is checked off, APIM allows developers to change the default 'Header Name' from 'Subscription Key' to whatever they want. For one of my APIs, I changed it to 'Authorization', and changed the default 'Query parameter name' to 'authorization'

    When we send a request with an invalid subscription key (through the Authorization header), we get a 401 response with the following message body:

    {
    'statusCode': 401,
    'message': 'Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription.'
    }

    Our customers do not know…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add Self-hosted API Management gateway to Basic and Standard pricing tiers

    Please consider adding the self hosted API Management gateways to the basic and standard tiers. At a minimum at least three instances for HA purposes.

    The argument for this is that you will drive up the adoption of Azure APIM and generate considerable Azure consumption through the take up.

    Alternatively please consider a per gateway pricing option to cover any additional overheads.

    84 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 25 26
  • Don't see your idea?

Feedback and Knowledge Base