Return status code 405 instead of 404 when wrong method is used
Defining an API involves creating the resources and the allowed methods for each resource. When invoking the operation (accessing the resource) with a wrong HTTP method (for example, PUT instead of GET), the API Management service returns a 404 Resource Not Found instead of a 405 Method Not Allowed. Passing an OWASP test implies to return the correct code (https://www.owasp.org/index.php/REST_Security_Cheat_Sheet#HTTP_Return_Code).
Is it possible to return this code with API Management right now? Will it be included in future releases
Good point, Carlos. We optimized route matching for efficiency which unfortunately prevented us from returning 405. Given sufficient support for this suggestion, we will try to address it in the future.
Anurag Maheshwari commented
Is the above limitation still exists? I'm still getting 404 Resource Not Found instead of a 405 Method Not Allowed.