API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Pre-populate Azure AD accounts to users with ARM template should act the same as the manual process

    I am pre-populating the users with Azure AD accounts with the following ARM template snippet using a VSTS CI-CD pipeline.

    {
    "apiVersion": "2018-06-01-preview",
    "type": "Microsoft.ApiManagement/service/users",
    "name": "[concat(parameters('serviceName'), '/', 'apim-dev')]",
    "properties": {
    "state": "active",
    "note": "Application account for the SIAM application",
    "email": "apim-dev@contoso.onmicrosoft.com",
    "firstName": "Dev",
    "lastName": "User",
    "identities": [
    {
    "provider": "Aad",
    "id": "12ca3158-2a1b-4a00-87dc-454ebaa5d238"
    }
    ]
    }
    }

    When I run this template the user is added with authentication type Azure AD and Basic. I only want Azure AD as authentication type which should be the same behavior as if the user is sigin-in for the first time into…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Improve terminology (subscription, key)

    It's confusing that, for example, the rate-limit and quota policies have variations that are "by subscription" or "by key", when a "key" is also a crucial part of the subscription, but unrelated to the keys or values you can use to limit use.
    Subscription itself is also a confusing term vs the Azure subscription.
    I might suggest "registration" or "access key" for the APIM subscription, and the policies that limit by a "key" might just be called "by value" instead.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add support for configuring SSL settings of APIM instance using Git repo or Powershell

    We're trying to automate our deployment of APIM using the APIM git repositories. However, APIM currently doesn't support configuration for SSL settings of an APIM instance either using a git repository or Azure PowerShell cmdlets. We would like to have that support so that we can manage APIM completely through the git repository and powershell instead of having to change things in the Portal.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Save data when testing API

    It would be awesome and saves time if API Management saves data history that is being used to test API

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    triaged  ·  0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  5. Configure notifications programmatically

    We are populating and configuring our APIs using the REST API ( https://msdn.microsoft.com/en-us/library/azure/dn776326.aspx ), but there are a few settings that cannot be done programmatically and must be done by clicking into the portal.

    One of these settings is for the email notifications that are sent upon subscription requests, new subscriptions, etc. ( https://azure.microsoft.com/en-us/documentation/articles/api-management-howto-configure-notifications/#publisher-notifications ). We would like to be able to configure these programmatically, either via the REST API or some other way.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  6. Use wildcard url in backend entity

    Could you support wildcard in the url of backend entity?

    Take following backend for example, we would like to use https://*.contoso.com/ instead of https://abc.contoso.com/.

    {
    "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/backends/proxybackend",
    "type": "Microsoft.ApiManagement/service/backends",
    "name": "proxybackend",
    "properties": {
    "description": "description5308",
    "url": "https://abc.contoso.com/",
    "protocol": "http",
    "credentials": {},
    "header": {},
    "authorization": {
    "scheme": "Basic",
    "parameter": "opensesma"
    }
    },
    "proxy": {},
    "tls": {
    "validateCertificateChain": false,
    "validateCertificateName": false
    }
    }
    }

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enhance Json Serialization support in Policy Expressions for Legacy Backend APIs

    Provide access to JsonConverter types, e.g. JavaScriptDateTimeConverter so that a JObject can be formatted as needed for a legacy system.

    Currently, if a Json object needs to be translated to a different format for a DateTime property it is not easily possible to convert the APIM body JObject to what the backend service expected for Json serialization.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  8. Display OpenAPI 3.0 callbacks in Developer Portal

    The operations page does not display details of "Callbacks" section included in Open API 3.0:
    https://swagger.io/docs/specification/callbacks/

    Please could any callbacks defined against an operation be displayed in the new developer portal, in a similar way to Swagger UI

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  9. When clicking "load more" in API operation list, it should load more (add to the list) and not replace the currently visible operations

    When clicking "load more" in API operation list in the Azure management portal, it should load more (add to the list) and not replace the currently visible operations. Lets say you have 25 operations for the selected API, and the first 20 are displayed by default and there is a "load more" button at the bottom of the operation list. and you click it. Currently, it removes the first 20 and only shows the last 5. If you want to see the first 20 again, you have to then click and select a different API and then go back to…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  10. Optin/Optout on features & validations

    Often times I see that new validations are being rolled out by APIm team (recent one was from last week's May 11th release) where they rolled out a validation check to force uniqueness on API path (excluding parameters) which broke our builds when our release build is enroute to prod deploy. This also gives the power back to the consumers on when to opt in or opt out of any features you are releasing with future deployments .

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    unplanned  ·  0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  11. Try it page not handling optional route parameters

    I have this operation in my API

    "/get/{*path}": {
    "get": {
    "summary": "Get",
    "description": "Gets a single file or a collection of files and folders in a ZIP archive.",
    "operationId": "get",
    "parameters": [
    {
    "name": "path",
    "in": "path",
    "required": true,
    "schema": {
    "type": ""
    }
    },
    {
    "name": "recurse",
    "in": "query",
    "description": "Retrieve files recursively or from the {path} directory only.",
    "schema": {
    "enum": [
    "true",
    "false"
    ],
    "type": "boolean"
    }
    },
    {
    "name": "pattern",
    "in": "query",
    "description": "An expression supporting asterisks as wildcards for filtering results.",
    "schema": {
    "type": "string"
    }
    }
    ],
    "requestBody": {
    "content": {}
    },
    "responses":…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  12. Ability for Product Group Admins to have access to see the Publisher "Analytics" for their APIs/Products

    We require the ability for specific admin users (Product Group Owners) from different groups to get access to see only their APIs/Products analytics via the Azure Portal/Publisher Portal Analytics section.

    Currently the APIM Admin has visibility to all the APIs/Products Analytics (Publisher Portal) and is required to provide reports back to the specific Product owner.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  13. Custom Headers Missing In Azure Portal Operation Test

    Recently, about a month ago, I was working on some policies for some of my API Operations and noticed when I went to test them in the Azure portal that my custom headers and defaults were missing. It seems there has been a change made that requires you to manually add the headers and select the default value in order to test the API >Operation. I have over 45 APIs with 100s of operations. I have headers defined with default values so that I can quickly open the API Operation and test the operation without having to set it up.…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  14. Url Helper Policy Expressions for Route Building

    As a developer I want to include hypermedia links to other operations in the same and other API sets so that I have easy navigation for clients between APIs.

    Today, these link url paths must be hard coded based on what is know. To provide flexibility while developing APIs and to ensure routes are actually valid, provide a url helper method to generate these routes.

    Example:

    context.RouteFor("API-ID", "Version", "Operation-ID", new {param1=1,param2="hello"})

    Today:

    <set-body>{
    return JObject.FromObject(new {
    _links = new[] {
    new { href = $"/api/operation?query={context.Request.MatchedParameters.GetValueOrDefault("query", string.Empty)&api-version=2018-10-31", rel = "other-api", type = "GET" }
    }
    }
    }</set-body>

    With a helper:

    <set-body>{ …

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  15. Support for token bucket - enable burst quota

    The current quota/call rate limit is +1 per call. In practice this means we create SKUs based on the maximum expected spike rather than average usage. By supporting a token bucket model (https://en.wikipedia.org/wiki/Token_bucket) we could define a SKU more aligned with our actual usage.

    For example: on average we have 50 calls per second, but need to be able to spike to 250 calls per second.

    Today we'd create a 250 calls per second throttle policy for this key/product which is not optimal.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  16. Can you add System.Security.Cryptography.X509Certificates into whitelist. So it can be used to verify certificates.

    System.Security.Cryptography.X509Certificates is required to verify if a certificate is revoked or not and also validate the certificate chain.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow control over publisher notifications

    There currently is no control over publisher notifications. Developer notification functionality could be replicated for publisher notifications. A small example is in Organization Name, this can be changed for developer notifications but not for publisher notifications.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. add ability to mark a header or parameter value as private

    We have additional credentials that are configured to be passed as additional headers. It would be nice to be able to mark these as "private" in the configuration so in the "try it" page the values that are typed in are handled like the subscription key and they appear as dots when typed. Right now when we're doing a screen share demonstration, people watching the demonstration have full view of the username and password being entered. Sure, we can go through special means to have dummy accounts or dummy systems, or change the credentials as soon as the demo is…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    need-feedback  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  19. Policy tag directory

    Have a comprehensive directory that has all of the tags that can be used in the policy XML.

    An example is have documentation of the <when> tag regarding which tags can be nested within and which attributes it accepts.

    I seem to be unable to find any resource that has detailed documentation on these multi-use tags.

    Thank you

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  20. Base an API revision off a git branch

    This may be possible I'm not sure but it would be useful if you could add a revision to an API or the entire API management and have it based of a branch in the git repository. This would allow a side by side API based on your staged changes and allow you to test in a blue/green scenario. Once the API is tested if you could make it public.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base