API Management
Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.
-
Self-hosted API Management gateway
To expand support for hybrid use cases and enable more efficient on-premises-to-on-premises call patterns for internal-only and internal/external APIs, we will provide an option for customers to self-host a containerized version of the API Management gateway component (fully equivalent to the gateway in the cloud, not a “micro-gateway”) on-premises or other environment e.g. other public clouds. Self-hosted gateway will require and will be managed from a cloud-based Azure API Management instance.
910 votes -
Support for HTTP/2 for APIM connecting to backend services
HTTP/2 is supported for APIM client side facing communications, it will be great to support HTTP/2 also for backend side facing communications so that the entire request chain can be HTTP/2 enabled.
45 votesThank you for the feedback! We added this suggestion to the backlog and will update the item when we prioritize it for implementation.
-
Support backendTlsVersion logging
As multiple organizations and teams start enforcing TLS 1.2, it's always better to have this log to understand the TLS versions used by backend APIs. This will help teams strategize push for TLS 1.2 and make informed decisions.
30 votes -
Remove standardized Azure URL from Swagger / WSDL file
We are using custom domains in our Azure API Management instances. Unfortunately when uploading a Swagger file, APIM automatically adds the standardized URL. Here's an example:
"x-servers": [
{
"url": "<a rel="nofollow noreferrer" href="https://gateway.api.qas.custom.com"">https://gateway.api.qas.custom.com"</a>;
},
{
"url": "<a rel="nofollow noreferrer" href="https://azurestandardname-northeurope-01.regional.azure-api.net"">https://azurestandardname-northeurope-01.regional.azure-api.net"</a>;
}This keeps confusing our customers when they download the description through the Dev Portal.
Please add an option to prevent the standard URL from being added to the API descriptiion (Swagger and WSDL)
24 votes -
Block HTTP and/or force HTTPS
Is there a way to disable the HTTP listener on the APIM service so that no responses occur for any requests to port 80.
We'd like to see a feature where we can disable the listener at port 80, or configure that listener to automatically force a redirect to HTTPS and port 443.
10 votesFor now you can use policy a policy at the global scope to check protocol and return a redirect if it’s http.
-
MTOM support
I got a use case to set up interface with SAP ARIBA which is requesting MTOM support . based on the documentation I got I saw the following MTOM - Services using MTOM may work. Official support is not offered at this time.. it was in September 2017 . it should be great to support this feature as ARIBA is becoming a main player in Marketplace area.
Thanks10 votes -
change machine hosts file
we publish a set of API exposed through internal services on AKS. Instead of using internal IP Address it would be great to use a sort of hosts file or point API management to a custom dns server so I can publish APIs with hostname and not the IP address.
9 votesSince you mentioned internal IPs, I assume API Management is deployed into the cluster’s VNET. If so, you should be able to use DNS associated with the VNET. Please elaborate on your use case.
-
Blue/Green Deployments using Versions
I was trying to implement Blue / Green deployments, which APIM doesn't really seem to support out of the box.
What we were planning to do was to (ab)use the versioning to create a "Green" and a "Blue" version of the API. We were going to use revisions to do our actual versioning since our versioning requirements are relatively simple.
I set up the versioning scheme to be Header Based, and I was using a "X-Colour" header to redirect to the correct version. This way, Testing could override the header for canary testing.
My global policy looked something like this:
…
8 votes -
Add "display name" properties of API & operations in Log Analytics"
Add "display names" properties (of APIs and operations) in Azure Diagnostics log entries. It would permit to make dashboards with a more signifiants labels rather than Ids that were chosed at creation (and that can't be changed after).
7 votes -
fix erroneous catching of protocol violation errors
When an API (wrongly) return a response body and a "204 No content" return code, a "500 protocol violation error" should be raised by APIM instance.
In fact it is the case, but the protocol violation error is raised as a response on the call folowing the erroneous "204" API, not the erroneous API itself. The error is raised only the following call (whatever API it is) that is implemented on the same backend of the "204" API AND if the folowing call is made in the same HTTP session (I mean during the http "keep alive" timeout).
This bug…6 votesThank you for the feedback! We added this suggestion to the backlog and will update the item when we prioritize it for implementation.
-
Missing of test to check the configuration with Application Gateway
This documentation is very good. However, I feeling missing of a test set cast to valid the configuration with Application Gateway.
3 votesWould be great to get some details to this idea. Thanks!
-
Improve APIM --> Function integration
store the function name that was imported and what end point operations where checked when imported. Then when a new version of the API is created, you can change the function name (would refresh end point operations), and then add/remove (if needed) operations by checkbox. Finally, if a new version of a function is uploaded, an event would fire off to rebuild all the API interfaces that have operations are pointing to it (like when importing) so it can keep in sync with the back end.
3 votes -
Allow Server Side Events (SSE) to be consumed by client as text/event-stream and not as application/json
We created a microservice using Spring WebFlux (will produce Server Side Events) to expose an API that will publish data as an event stream which is consumed by the client as EventSource. However, the Azure API Gateway is preventing the data to be consumed as text/event-stream.
A similar concern is seen here: https://community.apigee.com/questions/61225/apigee-to-create-a-reactive-rest-api-for-continuou.html
1 vote
- Don't see your idea?