Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. JsonConvert support for XmlNode

    Add support for Newtonsoft.Json.JsonConvert.SerializeXmlNode and Newtonsoft.Json.JsonConvert.DeserializeXNode.

    APIM is used a lot to send back and forth JSON and XML. There are scenarios where front-end format is different than back-end. I know that Lquid templates can be used but there is no option to create generic template like JsonConvert.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  2. Status to know if the cache-lookup was hit or a miss

    I am looking for a way to understand if a result was served from the cache (so was a hit!) or not (was a miss). More like a simple boolean status flag. I am currently using the internal cache. Looking to change the body response based on that flag.

    I see that the APIM-Trace actually tells you whether it was a hit or a miss; so i believe data is there but i dont see how i can get it within the policy itself to conditionalize the response body changes.

    I think that would be a great addition to the…

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  3. Set proxy configuration for “send-request” policy

    I can found “Set HTTP proxy” policy. And I tried this policy on APIM. But this HTTP proxy setting effected only <forward-request>. All requests by <send-request> were not bypassed via proxy.

    Set HTTP proxy
    https://docs.microsoft.com/en-us/azure/api-management/api-management-advanced-policies#SetHttpProxy

    I hope to add new proxy configuration for “send-request” policy

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  4. Reduce min renewal-period in qouta/call rate policy from 3600 second to 60

    In our application we have 3 products:
    bigcompany
    smallcompany
    freelancer

    We know that freelancer can't make more that 20 actions per minute. It's physical limitation. If we can define that was 50-70 actions per minute for us it means that freelancer is not alone and he is cheating. We want limit such type of behaviour, but quota less than 3600 second is not valid .

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add break policy to immediately skip to backend or outbound policy start or end

    Because the policies are largely executed sequential and making a hierarchy of <choose> makes it quite unreadable, it would be nice to have a <break> statement to skip the rest of an inbound policy and continue with either the backend or the outbound policy, or in the outbound policy skip to the end.

    Thus: <break target="backend|outbound|end"/> to abort the policy and go to either the backend, start of the outbound or end of the outbound policy.

    This makes it a lot easier to handle errors and let the outbound policy return them including all default headers from the global outbound…

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  6. New policy: "update-context-variables" to add multiple context variables at once

    We should have a new policy: "update-context-variables" whose policy expression allows us to directly update the IReadOnlyDictionary<string, object> context.Variables, such that we can add multiple variables in a single policy expression.

    Use case:
    I have an application that receives a requests with json in the body, validates the shape of the json and its various fields, before passing that json forward to an eventhub service.

    My policy XML is overly verbose, because I have to iterate through that json multiple times to in multiple set-variable policies. I would like a single policy that would allow me to iterate through that…

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  7. <cache-lookup-value/> on a miss does not set variable.

    According to documentation if <cache-lookup-value/> results in a cache miss and default-value is omitted it should add variable with null value.

    Currently policy is not adding variable with null value.

    Change functionality or documentation.

    Documentation issue: https://github.com/MicrosoftDocs/azure-docs/issues/75289

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  8. validate-client-certificate policy should not be limited to only 10 identities

    When using the validate-client-certificate policy in APIM, I get an error when adding more than 10 identity elements to the identities.
    The documentation doesn't mention such limitations:
    https://docs.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies#validate-client-certificate

    Is there another way to do this?

    My Policy looks like this

    <policies>
    <inbound>
    <base />
    <validate-client-certificate validate-revocation="true" validate-trust="true" validate-not-before="true" validate-not-after="true" ignore-error="false">
    <identities>
    <identity common-name="common_name1" />
    <identity common-name="common_name2" />
    <identity common-name="common_name3" />
    <identity common-name="common_name4" />
    <identity common-name="common_name5" />
    <identity common-name="common_name6" />
    <identity common-name="common_name7" />
    <identity common-name="common_name8" />
    <identity common-name="common_name9" />
    <identity common-name="common_name10" />
    <identity common-name="common_name11" />
    </identities>
    </validate-client-certificate>
    </inbound>
    <backend>
    <base />
    </backend>
    <outbound>
    <base />
    </outbound>
    <on-error>
    <base />
    </on-error>
    </policies>

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  9. validate-content truncates milliseconds from the body or variable.

    Hi,

    When a body is currently received with a string which represents a datetime everything is working fine but whenever there are milliseconds involved that end with a 0 they are being truncated.

    I've done some digging and it's happening when the body is being parsed as an application/json content-type to validate the content using the policy.

    2021-05-26T12:54:40.180Z changes into 2021-05-26T12:54:40.18Z
    2021-05-26T12:54:40.100Z changes into 2021-05-26T12:54:40.1Z
    and vice versa.

    We have a strict dateformat defined for the whole project and also have validation regexes to make sure all dates are inline.

    I tried a lot of policies, parsing myself but the…

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow more than one policy element in section "backend"

    Unfortunately (bug?) it is not allowed for a <backend/> policy section to contain more than one child (policy) elements. But why? That's an essential part in the overall APIM configuration. Especially since it is needed to f.e. easily avoid information leakage by stripping out HTTP headers with sensible values before redirecting an incoming request to some external (3rd-party) URL.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  11. Keep serving expired cached content if web service is unavailable

    If caching is enabled and the underlying web service is unavailable, the API service should keep serving expired content. This allows the underlying web service to be temporarily unavailable without the API breaking.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  12. API Mgmt. policy management PowerShell module

    The policies should be definable and manageable thru PowerShell. There should be a separate module for Azure API Mgmt. Policy Mgmt. An IT Pro shouldn't have to learn XML to manage these policies.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  13. Provide the API Management in the Azure Germany Cloud

    I would great if this product would become available in the Azure Germany Cloud anytime soon.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  14. Support for multiple CORS policies

    I want to specify CORS policies on global and on Product Level. Globally to allow the API developer portal and on API product level to allow only specific frontends.
    In the end, both, the developer portal and the browser apps shall be able to call the API. Therefore both CORS policies must be applied.

    Currently only 1 CORS policy is applied, the other one is ignored, dependant on where I set the base-Tag on the Product Policy level.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  15. Retry Policy to allow Event Forwarding to Event Hub

    Provide the ability to allow the Retry Policy to call the log-to-eventhub policy. Currently today, when retries are attempted in the back end, we lose perspective of when this occurs and how often. When we lose perspective to how often retries occur, we lose perspective to possible issues in our environment.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow System.Linq.IGrouping within expressions

    The GroupBy operator is a pretty common LINQ operator incredibly useful in doing transformations of data.
    It would be tremendous if this was available within policy expressions.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  17. Provide built in policies to authenticate Azure Rest APIs.

    It is very complicate to make use of any Azure REST APIs since the authentication headers are complex to create.

    Useful cases would be :

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow authentication-basic in the send-request policy

    We often have the case the we need to secure our external calls with basic auth.

    We do something like this:

    <send-request ignore-error="false" timeout="20" response-variable-name="passwordResponse" mode="new">
    <set-url>XXXXXXXXXX</set-url>
    <set-method>POST</set-method>
    <set-header name="Authorization" exists-action="override">
    <value>Basic XXXXX=</value>
    </set-header>
    </send-request>

    What we would need ist something like this:

    <send-request ignore-error="false" timeout="20" response-variable-name="passwordResponse" mode="new">
    <set-url>XXXXXXXXXX</set-url>
    <set-method>POST</set-method>
    <authentication-basic username="username" password="password" />
    </send-request>

    Ofcourse we would extract the password out of our key vault.

    regards
    Stefan

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support something like "Java Callouts" in Apigee

    Provide the ability to write custom policy expressions. Looking for something like https://docs.apigee.com/api-platform/samples/cookbook/how-create-java-callout in Azure API Management. Right now we would have to do this through an Azure function, but it would be helpful if this was provided as a feature.

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support for conversion to SWIFT messaging proticol and vice versa

    Customers in the banking industry are asking for this..

    2 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base