API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Ability to assign public static IP address to public endpoint

    When the API consumer is adding firewall rules, the changes to public IP address causes maintenance churn. There are some instances where the API management is used under test and qa controlled by devops and the endpoint address changes every time the resource is recreated. Requesting the ability for API management to be treated like any other resource in the devops process.

    38 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  2. Use wildcard url in backend entity

    Could you support wildcard in the url of backend entity?

    Take following backend for example, we would like to use https://*.contoso.com/ instead of https://abc.contoso.com/.

    {
    "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/backends/proxybackend",
    "type": "Microsoft.ApiManagement/service/backends",
    "name": "proxybackend",
    "properties": {

    "description": "description5308",
    
    &quot;url&quot;: &quot;<a rel="nofollow noreferrer" href="https://abc.contoso.com/&quot;">https://abc.contoso.com/&quot;</a>,
    &quot;protocol&quot;: &quot;http&quot;,
    &quot;credentials&quot;: {},
    &quot;header&quot;: {},
    &quot;authorization&quot;: {
    &quot;scheme&quot;: &quot;Basic&quot;,
    &quot;parameter&quot;: &quot;opensesma&quot;
    }
    },
    &quot;proxy&quot;: {},
    &quot;tls&quot;: {
    &quot;validateCertificateChain&quot;: false,
    &quot;validateCertificateName&quot;: false
    }

    }
    }

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Reset password captcha breaks when the placeholder contains a single quote

    In javascript console I get:

    Bindings value: { hipUrl: .... placeholder: 'Immettere l'immagine CAPTCHA qui' } -> Message: Unexpected identifier

    as the placeholder is not escaped and contains a single quote.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow SOAP services with complex WSDL to be manually built

    My organization has a large number of legacy SOAP services that have large complex WSDL based on external XSDs. Currently the APIM product is not able to manage the service operations given the complexity. Allow for the type structures to be manually created so that the management tools can function.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  5. Provide API Management in the German Cloud

    German companies are starting to deploy their workloads in the Cloud but in the German one and many of our clients ask about the availability of the API Management in this region. Actually is a very important service for them.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  6. Conditional OAUTH prompt

    Conditional Authorization - There are situations where OAUTH prompt to be conditional based. For eg, in a money transfer scenario, if the transfer is < some amount, no authorization is required. In this case, can we add a feature in the developer portal / security to prompt OAuth based on some business rule, when a user hits try it button in developer portal

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  7. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  8. Ability to route/exclude requests form APIM, based on url, due to bandwidth cost

    We have a few API methods that transfer ~50TB of bandwidth monthly, need to be able to exclude these from API Management, based on path/query of the request url. The host name on the request must stay the same so DNS routing is not an option. Currently this makes API Managment not feasible for us because of the added bandwidth cost.

    I understand that APIM decrypts the SSL request before any routing, so processing still occurs, but perhaps there is some room to optimize for specific bandwidth intensive requests?

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  9. API Management Swagger Definition does not give model details.

    I have imported swagger definiton file into APIM Publisher portal. It shows different actions but there is no info about navigation property from an entity which is specified in the Entity Framework model. I would want to publish that information on developer portal as well. See the attached picture.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  10. Enable WS-Security for SOAP backends

    In a REST to SOAP scenario where the backend demands the SOAP message to be signed using a certificate, it would be great if there were policies that could generate the whole message based on the contents of the body. Right now one can build the SOAP XML message using a liquid template but then the task of generating the security headers is hard (and I really don't know how to generate them). For example:

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/&quot; xmlns:web="http://webservices.myweb.com">
    <soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd&quot; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    ......<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary&quot; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3&quot; wsu:Id="X509-123456">generated_token</wsse:BinarySecurityToken>

      &lt;ds:Signature Id=&quot;SIG-65D54B60823432DD6615040826919135&quot;
    71 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  11. Hiding operations in developer portal

    This is a duplicate but the original suggestion was closed as Completed.

    I would like to hide operations in the developer portal but still expose them through the proxy.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  12. BUG: Uri for appID is required to be a Url in the management console (instead of any Uri)

    An API has an appID. According to the label over the field this is an URI but the user interface does not allow us to put anything else but an url. We use a custom uri scheme to identify all of our applications and it would be really nice if we can continue to use this. The custom scheme we use is intended to end the confusion on our integrators of when to use a url and when to use an ID.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support AAD JWT token validation more directly using AAD metadata

    There is currently a way to validate JWT tokens in the policies. This is great. However, it could be done better in the case the JWT tokens are issued by AAD. In that case one would like to give the tenant ID of AAD and the Application ID that is assigned to the API. This way the policy would automatically extract the valid certificate from AAD metadata (something like https://login.microsoftonline.com/38cda3b4-71fa-4748-a48e-e50ef1ebfe00/federationmetadata/2007-06/federationmetadata.xml).

    That would prevent us from having to do this manually each time the global AAD certificate changes (next one is before mar 2019). It would be more in the…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  14. Adding AAD Application authentication policy

    Add a policy for Axure AD Application Authentication, to make it easy to protect the backend API Apps with requirement of Azure AD authentication.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  15. Enterprise participation encouraged

    During creation process inhibit creation of duplicate company API Pub and Sub instances. Suggest duplicates to get access to the company API Pub Sub instance.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  16. Split Azure API Manager into two main products

    Split Azure API Manager into two main products

    The Publish and Subscribe should be Enterprise wide while the SOA aspect can be deployed independently by department or application.

    . Enterprise capable Publish and Subscribe
    
    . Operational SOA layer for Relay and workflow

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  17. Ability to Change Developer's Name and Email

    Hi,
    It seems that once you have created a Developer (or they have signed up), it is not possible for an admin/publisher user to modify the user's email address, first name or last name.
    The user can change this themselves via Developer Portal, but no way for admin to do anything.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  18. allow group

    Allow restricting groups to specific operations vs per api. Maybe a policy editor entry?

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow CORS headers for Management API

    In order to invoke Management REST API endpoint (like ***.management.azure-api.net/apis?api-version=vvv) from browser's JS code, CORS headers should be enabled there. Moreover, full Management REST API endpoint configuration (thru Azure portal) is very welcomed addition.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  20. Integration with azure data catalog and event hubs - enable swagger definitions to be inherited by data stores and pipelines

    Integration with azure data catalog and event hubs - enable swagger definitions to be inherited by data stores and pipelines

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base