API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow multi-region deployment at Standard Tier

    Standard Tier currently does not allow for multi-region deployment. Premium transaction levels are so much higher and more costly, when there may only be need for a very small deployment in some geos, but need to be co-located with services already deployed to those geos. Allow for more flexibility in the deployment model, so a user can tune what they need in each different Geo (Premium in US, Standard in EU, Basic/Dev in AU).

    121 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  5 comments  ·  Pricing  ·  Flag idea as inappropriate…  ·  Admin →
  2. APIM Hybrid connection manager support for accessing on premise web services

    Accessing onPremise web services in APIM is very inconvenient and requires either complex vnet/vpn setup, use of extra products like AAD application gateway or custom coding of API apps combined with a hybrid connection.

    It is not even possible to use logic apps as codeless bridge since LAs are also unable to access on premise web services.

    The option of installing an on premise version of the gateway is also only on a future roadmap and handles a wider use case that just accessing on premise services.

    Request is to support using the hybrid connection manager in the APIM backend…

    117 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  4 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  3. Log custom traces to Application Insights

    Provide a policy to log custom traces to Azure Application Insights, similar to the log-to-eventhub policy.

    109 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  4 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  4. Controlling Signup button functionality

    Currently there is no support to disable Signup functionality. If we disable Identities, it disables the Login also.

    There must be a way to achieve this. Refer below link for more details:

    https://social.msdn.microsoft.com/Forums/azure/en-US/3b8c8c60-0e26-4d7f-9a6f-2f2bc6b84bf2/how-to-disable-signup-button-functionality-on-developer-portal?forum=azureapimgmt

    93 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support Swagger Documentation - Object representation with nested $ref issue

    Hi,

    There is an issue regarding Swagger file for complex objects which are using nested $ref, according to the program team, it's not supported yet by API Management although it works well in Swagger UI.

    This is for me a big issue as we can't manage documentation manually in case our object definition evolve. Furthermore, even if we put manually a json object example in APIM Publisher portal, we can't define the object model associated to it.

    Could you please make Swagger documentation work with nested $ref in APIM?

    Thanks.

    93 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Mark api/operations as obsolete/deprecated

    Our api is updating frequently. Some operations and even whole api could be deprecated.
    We can't mark api/operations as deprecated. Now, only modify description could help us but it's not enough. Because nobody really read the description from start to end. And we can't highlight information in it.
    Please- give as a button "Mark api/operation as deprecated" + textbox for description why it happened and what other method should be used now(maybe with checking that new operations is available).
    Also highlight information about api/operation is deprecated in a description or somewhere else for a current consumers.
    And in the final-…

    90 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  7. Export variables reporting throttling information from rate-limit policy

    There are ongoing RFC to give clients the capability to throttle calls rate to avoid hitting the capping imposed by rate-limit policies.

    A possible way to implement this is to return in the response header 4 variables containing:

    - The current limit set by the policy
    - Amount of remaining calls before hitting the limit
    - Number of seconds to wait before getting the limit reset to the maximum
    - Number of seconds to wait before retrying (only when calls are blocked)

    88 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  8. OAuth 2.0 implementation support/Securing APIs using OAuth

    A major bonus when using an API management system should be that it helps you secure your backend APIs using standard techniques. Other API management systems (such as Kong, see https://getkong.org/plugins/oauth2-authentication/) have support for this, where the APIm acts as a Bearer token store and validates the tokens for you.

    Obviously, this will only work for the Client Credentials and possibly also Resource Owner Password Flows, as the others require additional UI, but still this would be a very nice add-on, which enables you to leverage OAuth for backends which are actually OAuth-agnostic.

    Azure APIm would then also need…

    88 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  5 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. Better pricing structure for API Management

    We currently use 4 instances of APIM for duplicating our environments (Dev/UAT/Pre Prod and Production)

    We went with APIM as a solution for fronting some azure services and some internal services. Due to the VPN access only being available on Premium we are paying for over 32 Millions calls a day when we will barely generate a 1 Million. So we have 4 Premium APIM instances costing us £6000 a month purely for the VPN access. Forcing us to pay for a level we do not require just for a feature of the environment, it would be better if the…

    87 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  Pricing  ·  Flag idea as inappropriate…  ·  Admin →
  10. Code re-use in API policies using of custom functions or expressions

    I find myself regularly copying and pasting generic code functions across policies. It would be great if there was a policy where you add custom code functions or expressions to call in other policies. Maybe in the base policy or a new "custom expressions" policy.

    For example, I have generic code for policies fronting SOAP services that determines date timezones before converting dates to UTC. This code is duplicated across various APIs.

    Another example is a piece of code I add to each policy for error handling and recording to the event hub via logger.

    87 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  3 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  11. Invalidate Cache based on other Operations

    It would be great if a cached operations could be invalidated based on another operation by default.

    Eg

    GET: /products is cached with a long duration and is only invalidated by
    POST: /products

    Another way could be to invalidated based on HTTP verb. Eg invalidate all caches in api when a POST/PUT Api is called

    87 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  12. Ability to Group Subscription Keys

    Currently the subscription keys are issued at the 'Product' level. These products basically map to resource features. It is great that subscription is managed at this granularity but it would be better if the subscriptions can also be managed at higher levels. I may want to use the same subscription key to Axcess multiple products (or bundles) or even go to a higher level of managing APIs at multiple bundles level (or container) with a single key. This way the developers can use the same subscription key across products, bundles or container levels as configured by the publisher of the…

    82 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  13. Automated backup for APIM

    Provide automated and manual backup feature something similar to what we have in Azure Web Apps (
    https://docs.microsoft.com/en-us/azure/app-service/web-sites-backup#configure-automated-backups ).

    77 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  9 comments  ·  Lifecycle  ·  Flag idea as inappropriate…  ·  Admin →
  14. Support/force TLS 1.3

    As the new TLS 1.3 will be released soon, it would be great to support and possibly force TLS 1.3 on all connection on the front and back-end.

    70 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow disabling/stopping of API Management during evaluation to preserve subscription credits

    I am evaluating API Management using Visual Studio Subscription credits. The credits are depleted even when I am not testing API Management and are likely to be exhausted before I have completed evaluation. This is both frustrating and prevents me from completing my evaluation. Other API Management providers such as apigee provide a superior evaluation experience.

    This issue has already been raised before and the answer is not satisfactory
    https://social.msdn.microsoft.com/Forums/en-US/f4522315-fd3b-4129-b758-e74b22d74145/how-can-i-quotdisablequot-but-not-delete-an-api-management-service?forum=azureapimgmt

    69 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Pricing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add reusability mechanism for policies

    Give us some mechanism to create our own <policy-expression> type steps. For example, we need some snippet to be applied to multiple scopes, today we have to copy/paste all of that. It would be great to have some way to encapsulate custom policy expression logic and reuse it across multiple scopes.

    66 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  17. Log x-forwarded-for header in API Management Gateway log

    If API Management is fronted by a WAF or Proxy the IP logged in the API Management Gateway log is not the original IP.

    WAF's like the Application Gateway Web Application Firewall do add an x-forwarded-for header however the current API Management Gateway log does not include it.

    65 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. Single Swagger file for all APIs

    Support producing/exporting a single Swagger file for all APIs within API management.

    64 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  3 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  19. Multiple Environment per Instance

    If you want your users to see the documentation in production, but "Try It" in your staging environment we'd have to deploy a separate APIM instance and manage content in both.

    Below is a brain dump of how I imagine this feature could be used in various aspects of the APIM solution.

    apiminstance.azure-api.net < this would be the primary
    environment.apiminstance.azure-api.net < this would be the environment specific or a custom domain per environment

    There would be no environment.apiminstance.portal.azure-api.net site

    Also if we could set the default environment to use for the Try It button that'd be fantastic.

    Each environment should…

    61 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  4 comments  ·  Lifecycle  ·  Flag idea as inappropriate…  ·  Admin →
  20. 60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  4 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base