API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add support for "virtual" creation of API's based of existing Operations

    Context


    • It's normal in big companies that API surfaces are very large with a massive number of operations


    • It's frequent that there is a need to pick and choose some operations only to give access to a partner or department


    -It's common that Swagger definitions are generated by engines for all the API surface


    • Most of the times a small team is managing a big API that as grown throw years of developing with few resources to spend on API management or custom tailor of swagger files

    Proposal


    • Add the option for creating Virtual API by pick and choosing Operations…

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow same API URL suffix across different APIs and API products

    We are facing the problem that we have multiple microservices developed by multiple teams which have independent delivery pipelines to publish their APIs.

    Dependent on the service functionality certain APIs shall only be usable/visible for specific uder groups. Hence, we have to publish them in different API products.

    In general, we want to design the overall API surface across API products in a REST-ful way with a consistent terminology.

    Currently this is not possible because we are facing conflicts between APIs and API products when the REST-ful notion would suggest functionality to be exposed under the same API URL suffix…

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow longer URLs and Query parameters

    Currently URLs in the Consumption Tier are limited to a length of 4096 bytes with a maximum length for query parameters of 2048 bytes (source: https://github.com/MicrosoftDocs/azure-docs/blob/master/includes/api-management-service-limits.md). As there is no maximum size defined in the URL standard, the API Management shouldn't constrain the length of URLs and Query Params either (or should have a much higher limit which does not restrict realistic use cases). This would e.g. allow the transmission of data-URLs, Authentication information in the Query Parameter or signed URLs.

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  4. API Details page does not display correctly when importing OpenAPI operations with long "summary" values

    If you import an OpenAPI file, the first 300 characters of an API operation's "summary" value (if one exists) gets mapped into the Display Name of an API operation in APIM.

    Typically the summary is a long value. The API Details page for the API displays incorrectly as a result. The Display Name does not wrap and a scroll bar appears on screen.

    In addition, the Display Name is displayed three times on the API Details page: on the left hand menu that contains the operations, the operation title and the operation description.

    My suggestion is to map the "summary"…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  5. When subscription key headers change, the corresponding error messages should change

    In the subscription section of API settings, if 'Subscription Required' is checked off, APIM allows developers to change the default 'Header Name' from 'Subscription Key' to whatever they want. For one of my APIs, I changed it to 'Authorization', and changed the default 'Query parameter name' to 'authorization'

    When we send a request with an invalid subscription key (through the Authorization header), we get a 401 response with the following message body:

    {
    'statusCode': 401,
    'message': 'Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription.'
    }

    Our customers do not know…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  6. POST "Comments- Add" Api issue on this api

    When we are using this Api, its returning status code as "Ok" and i am able to see the response with Comments Added, but i am not able to see those comments in workitem at AZDO. Can you suggest, why this happening? and what is the cause for it?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  7. 'Create from App Service' to figure out the host / backend from AppService

    When 'Create from App Service', APIM should be able to figure out the host / backend based on AppService's domain name.

    Currently, APIM requires the swagger file to include the 'host' and would fail the import if the value is not included.

    "The OpenAPI specification should contain 'host' value"

    The host value is often unavailable for programmatically generated swagger file. And, site owner would have to manually modify the generated swagger file.

    It is tedious and bad user experience. Please consider implement the feature.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure Functions API import fails after setting IP restrictions on the Function

    The feature to import from Azure Functions to APIM does not work when Azure Functions has a firewall. Adding the APIM outgoing ip address to the list of allowed addresses still does not allow the import to work. Azure Functions and APIM should be able to seamlessly integrate together. Currently, we are not able to use IP restrictions.


    1. Create Azure Function

    2. Add IP Restriction and deny all traffic except for incoming traffic from APIM endpoint

    3. Try to import Azure Function endpoints to APIM

    4. The UI throws an error when actually trying to import

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  9. New error code MethodNotAllowed

    At this moment if the URL does not exists or if the URL exists but it is invoked with a non supported method, the error code returned is "OperationNotAllowed" with status code 404. The APIM should handle this situation in a better way by returning the error code "MethodNotAllowed" and the status code 405 just in case of the operation is being invoked with a non supported method.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  10. OData URIs case insensitive

    OData URIs are managed in a case sensitive way, we have an operation with this URL /api/Companies({id}) and the only way we can invoke it is using the resource name in lowercase: /api/companies('424324')

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  11. Tags not importing when defined in x-ms-paths

    I have an API where I have paths with the same path, but a parameter on one of the paths differentiates them.

    APIM allows this, and if you export the data, the second endpoint is under x-ms-paths.

    There are several issues with it, but the main issue is that if you define tags in the section, they are not processed when the file is imported back in.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  12. Disallow or show warning when filling in duplicate OperationId

    When adding a new operation in Azure Api Management, you can type in the "name". In the backend this is the operationId.
    However if you type in an already exisiting operationId it will overwrite that operation (and merge certain features, like tags).
    It would be nice to disallow this, or to show a warning that this will overwrite an existing operation.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  13. Path transformations on import

    At the moment, it seems that the endpoint URL's that apim exposes are always exactly the same as what the backend is exposing (except for the URL suffix that can be appended to the base url of course)

    However, we would like to transform those url's so that what apim exposes is not exactly the same as what our backend exposes.

    Example: the backend exposes url's such as:
    - /company/orders
    - /company/order/<id>
    - /company/order/<id>/confirmation
    - ...

    We would like the strip the 'company' part of the urls, so that the public facing api (exposed by apim) looks like this:
    -…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  14. Support Array Parameters

    Current: There's no way to designate a query parameter as an "array" parameter (which indicates more than one instance of that parameter may appear in the query string)

    Desired: Add an option to designate a query parameter to be an array parameter, such that when the API is serialized into an OpenAPI format, its status of an array parameter is captured. (See "schema vs content" on this page to see how array parameters are represented in OpenAPI: https://swagger.io/docs/specification/describing-parameters/)

    This is important for us because our APIM API needs to map to our backend API Controllers, which define some parameters…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  15. Describe what a member is and must have

    Describe what restrictions are put on members. Must member be users with accounts in some local active directory? Are members just strings so any name can be entered?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  16. Import and append api's to an existing api through arm deployments

    In the azure portal it is possible to append multiple backends behind one logical api endpoint. I want to have the same functionality via ARM. Every repo uses the apim devops resource kit to get the swashbuckle generated openapi spec and generates based on this the ARM that registers the API in APIM. Currenlty when you have 2 ARM templates that target an api with the same ID this api is replaced. It should be possible to append and postfix the operations in case of conflicts. So basically the same as the azure portal does but this time via arm…

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  17. add ability to mark a header or parameter value as private

    We have additional credentials that are configured to be passed as additional headers. It would be nice to be able to mark these as "private" in the configuration so in the "try it" page the values that are typed in are handled like the subscription key and they appear as dots when typed. Right now when we're doing a screen share demonstration, people watching the demonstration have full view of the username and password being entered. Sure, we can go through special means to have dummy accounts or dummy systems, or change the credentials as soon as the demo is…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    need-feedback  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  18. When clicking "load more" in API operation list, it should load more (add to the list) and not replace the currently visible operations

    When clicking "load more" in API operation list in the Azure management portal, it should load more (add to the list) and not replace the currently visible operations. Lets say you have 25 operations for the selected API, and the first 20 are displayed by default and there is a "load more" button at the bottom of the operation list. and you click it. Currently, it removes the first 20 and only shows the last 5. If you want to see the first 20 again, you have to then click and select a different API and then go back to…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  19. 2nd Import and Append of swagge docs loses definitions

    When I import XY swagger (Open Api 2) into Api Manager, the model definitions are there and all looks great. Now i am to import a different AB swagger (different api), it imports, but loses model definitions in the process, big issue if we want to use NSwag or generators

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  20. Consumption Plan DevOps

    Currently consumption plan services are not discoverable via resource explorer this will impact the ability to automate the deployment of apis between API Management instances

    This is important if the consumption plan is to be used a lead into higher level SKUs especially as there is no upgrade option from consumption to higher level skus.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base