API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

How can we improve Azure API Management?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable WS-Security for SOAP backends

    In a REST to SOAP scenario where the backend demands the SOAP message to be signed using a certificate, it would be great if there were policies that could generate the whole message based on the contents of the body. Right now one can build the SOAP XML message using a liquid template but then the task of generating the security headers is hard (and I really don't know how to generate them). For example:

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/&quot; xmlns:web="http://webservices.myweb.com">
    <soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd&quot; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    ......<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary&quot; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3&quot; wsu:Id="X509-123456">generated_token</wsse:BinarySecurityToken>
    <ds:Signature Id="SIG-65D54B60823432DD6615040826919135"…

    29 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →

      Hi Carlos – thanks for your feedback. We need more feedback from users on this feature due to the many complexities of how WS-security is implemented. Would what Carlos describes be helpful for you? Is this preferable to a mutual TLS connection secure the communication?

    • API Management Swagger Definition does not give model details.

      I have imported swagger definiton file into APIM Publisher portal. It shows different actions but there is no info about navigation property from an entity which is specified in the Entity Framework model. I would want to publish that information on developer portal as well. See the attached picture.

      16 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
      • Support expressions in calls attribute of rate-limit[-by-key] and quota[-by-key] policy of APIM

        If the quota value can be an expression and dynamic, then it will much easier to implement dynamic quota in a single product. I want to set a per-subscription quota without create separate products for each of the subscription. Sometimes, we have requirement to increase quota for just a single subscription which force us to create a new product just for that particular user. Another case is that we want to provide capability to allow users to customize the quota value for ip/client-id throttling.

        14 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          need-feedback  ·  3 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
        • Adding AAD Application authentication policy

          Add a policy for Axure AD Application Authentication, to make it easy to protect the backend API Apps with requirement of Azure AD authentication.

          10 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
          • Hiding operations in developer portal

            This is a duplicate but the original suggestion was closed as Completed.

            I would like to hide operations in the developer portal but still expose them through the proxy.

            10 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              3 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
            • Allow CORS headers for Management API

              In order to invoke Management REST API endpoint (like ***.management.azure-api.net/apis?api-version=vvv) from browser's JS code, CORS headers should be enabled there. Moreover, full Management REST API endpoint configuration (thru Azure portal) is very welcomed addition.

              9 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
              • Ability to assign public static IP address to public endpoint

                When the API consumer is adding firewall rules, the changes to public IP address causes maintenance churn. There are some instances where the API management is used under test and qa controlled by devops and the endpoint address changes every time the resource is recreated. Requesting the ability for API management to be treated like any other resource in the devops process.

                7 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
                • Allow SOAP services with complex WSDL to be manually built

                  My organization has a large number of legacy SOAP services that have large complex WSDL based on external XSDs. Currently the APIM product is not able to manage the service operations given the complexity. Allow for the type structures to be manually created so that the management tools can function.

                  6 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
                  • Ability to Change Developer's Name and Email

                    Hi,
                    It seems that once you have created a Developer (or they have signed up), it is not possible for an admin/publisher user to modify the user's email address, first name or last name.
                    The user can change this themselves via Developer Portal, but no way for admin to do anything.

                    6 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                    • Provide API Management in the German Cloud

                      German companies are starting to deploy their workloads in the Cloud but in the German one and many of our clients ask about the availability of the API Management in this region. Actually is a very important service for them.

                      6 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                      • Extend the various schemas

                        Having extensibility built into the user, application and other schemas would be useful for capturing the correct level of data from users

                        6 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          2 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
                        • Sorting API by "API URL Suffix"

                          Hi,
                          It will be really interesting to a kind of a tree view that shows us all the api url suffix and the api in it
                          e.g:

                          /
                          /clients/
                          >API Name
                          >> List of operations
                          /employees/
                          >API Name
                          >> List of operations

                          Regards

                          4 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                          • Groups within Groups

                            There seems to be no way to add groups to groups. This makes granular control of access difficult

                            4 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              need-feedback  ·  2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                            • Search API across entire site

                              It would be very useful to have the search button functionality on entire site. For example, when searching an API by a word to display all related results from all available pages.

                              4 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
                              • allow group

                                Allow restricting groups to specific operations vs per api. Maybe a policy editor entry?

                                4 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
                                • Conditional OAUTH prompt

                                  Conditional Authorization - There are situations where OAUTH prompt to be conditional based. For eg, in a money transfer scenario, if the transfer is < some amount, no authorization is required. In this case, can we add a feature in the developer portal / security to prompt OAuth based on some business rule, when a user hits try it button in developer portal

                                  4 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Ability to route/exclude requests form APIM, based on url, due to bandwidth cost

                                    We have a few API methods that transfer ~50TB of bandwidth monthly, need to be able to exclude these from API Management, based on path/query of the request url. The host name on the request must stay the same so DNS routing is not an option. Currently this makes API Managment not feasible for us because of the added bandwidth cost.

                                    I understand that APIM decrypts the SSL request before any routing, so processing still occurs, but perhaps there is some room to optimize for specific bandwidth intensive requests?

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Issue and retrieve secrets for signing and validating JWT tokens

                                      The Mashape Kong product issues secrets for signing JWT keys. Could this be added so API Management could then validate the token without another roundtrip request to a JWT validation service?

                                      Even if we could store these in cache (by exposing cache via REST) or by adding it as a property that could be reference by the policy would be a good first step. The problem with the latter approach is that I think the {{propertyName}} has to be a string literal and cannot be composed from a variable like {{context.Subscription.Id+"naming-convention"}|}.

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Split Azure API Manager into two main products

                                        Split Azure API Manager into two main products

                                        The Publish and Subscribe should be Enterprise wide while the SOA aspect can be deployed independently by department or application.
                                        . Enterprise capable Publish and Subscribe
                                        . Operational SOA layer for Relay and workflow

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Allow custom identity provider portal account creation/login

                                          This is the same issue as as this 'completed' one: https://feedback.azure.com/forums/248703-api-management/suggestions/5947766-custom-identity-provider-for-the-developer-portal. That is only completed if you can use Azure B2C. We want to use a different identity provider (OAuth 2.0 based) to enable SSO between multiple web applications. We are currently using delegation, but that requires some integration that could go away if we could use a custom identity provider. Since there is already support for other OAuth based providers, it seems like this would be a 'easy win' for the platform.

                                          3 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1
                                          • Don't see your idea?

                                          API Management

                                          Feedback and Knowledge Base