API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Can you add System.Security.Cryptography.X509Certificates into whitelist. So it can be used to verify certificates.

    System.Security.Cryptography.X509Certificates is required to verify if a certificate is revoked or not and also validate the certificate chain.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow control over publisher notifications

    There currently is no control over publisher notifications. Developer notification functionality could be replicated for publisher notifications. A small example is in Organization Name, this can be changed for developer notifications but not for publisher notifications.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. add ability to mark a header or parameter value as private

    We have additional credentials that are configured to be passed as additional headers. It would be nice to be able to mark these as "private" in the configuration so in the "try it" page the values that are typed in are handled like the subscription key and they appear as dots when typed. Right now when we're doing a screen share demonstration, people watching the demonstration have full view of the username and password being entered. Sure, we can go through special means to have dummy accounts or dummy systems, or change the credentials as soon as the demo is…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    need-feedback  ·  0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure AD B2C Sign in and Sign up button in Developer portal

    Azure AD B2C Sign in and sign up buttons should be added in the portal so that we can use it anywhere such as in custom pages or menubar of the developer portal.
    Currently, Azure AD B2C sign in button is only available for in-built Sign in page.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  5. Policy tag directory

    Have a comprehensive directory that has all of the tags that can be used in the policy XML.

    An example is have documentation of the <when> tag regarding which tags can be nested within and which attributes it accepts.

    I seem to be unable to find any resource that has detailed documentation on these multi-use tags.

    Thank you

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  6. Base an API revision off a git branch

    This may be possible I'm not sure but it would be useful if you could add a revision to an API or the entire API management and have it based of a branch in the git repository. This would allow a side by side API based on your staged changes and allow you to test in a blue/green scenario. Once the API is tested if you could make it public.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  7. By adding documentation for REST Interface , Multi Client and self signed Certificate authentication

    Documentation for REST Interface is very confusing as;
    1) ARM specific operations and urls are mixed together with APIM service instance specific endpoints and operations.
    2) PUT operations are titled as "Create or Update" operation while PATCH operation are marked as "Update" operation. This is confusing and costed us an outage; "Update" operation should be named as "Partial update" or "PATCH" operation in title. example:
    https://docs.microsoft.com/en-us/rest/api/apimanagement/2019-12-01/apimanagementservice/createorupdate

    Usually,
    POST operation is create operation
    PUT is update
    PATCH is partial update

    3) also the documentation should explain all the possible values of property attribute like
    "virtualNetworkType": "None". //in documentation
    "virtualNetworkType": "External" //not…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  8. Fix the terminology

    Our team just spent a whole day looking for ways to update Named Values programatically. In the end we found the way to do it with management APIs. The reason it was so hard to find, because it's not called Named Values in the management API, it is called properties. Now this is confusing, because the GUI for APIM also has a section named properties that has nothing to do with named values.
    It would help a lot if your GUI and management API would use the same terminology.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  9. Ability to reset developer portal style.

    Add the ability to reset developer portal style to default style.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  10. Unique Business Model Benefits of Colocation AWS Direct Connect Available at Cloud Dedicated Interconnect Available at

    Unique Business Model
    Benefits of Colocation
    AWS Direct Connect Available at
    Cloud Dedicated Interconnect Available at
    Colocation
    Interconnection Services
    Telco Access
    Multi-Level Security
    Remote Technical SupportTIA-942 Rated 4 Fault Tolerance
    True Carrier Neutrality
    Uptime Institute Tier IV Fault Tolerance
    Extensive Business, Technical, & Operational ExperienceSECURITY & ACCESS
    Multi-level physical and electronic security
    24/7 security personnel patrols throughout the facility
    Multi-level physical identification checks before entry
    Controlled access to facility and colocation rooms through electronic access control system.
    Full digital IP camera coverage around the site with 24/7 continuous recording for 60 days.
    Controlled Access environment through strict access procedures
    CAI1-Specifications-SECURITY-min …

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Fix: Autogenerated "name" in new operation doesn't strip invalid characters

    add this as displayname:

    /path/routePath/{parameter}

    This gets auto-generated as name

    path-routepath-{parameter}

    But that auto-generated name is invalid because of the brackets. The auto-generation process already changes slashes to dashes, so why not also make it strip out invalid characters?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  12. Use valid xml to configure policies.

    In your examples one can find lines like this one:

    &lt;set-variable name=&quot;isMobile&quot; value=&quot;@(context.Request.Headers[&quot;User-Agent&quot;].Contains(&quot;iPad&quot;) || context.Request.Headers[&quot;User-Agent&quot;].Contains(&quot;iPhone&quot;))&quot; /&gt;

    If you try to validate this xml, you will find out that those double quotes inside of the value attribute are not allowed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add support for evaluating jsonpath expressions against request bodies within a policy and conditionally invoking an external request

    I'd like the ability to use a jsonpath expression to query a json request body and send the results to an external endpoint for validation. This is intended to implement a form of request spoofing prevention

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  14. Provide a callback or REST API to check if changes made through management operations have been picked by Proxy

    Posting on behalf of customer:

    Per current API Management design/implementation, management operations are async and Proxy could take few sec to a minute to pickup the changes made through management APIs.
    The delay is indeterministic as there're multiple factors which could impact the time for Proxy to pickup the changes like Number of proxies involved, load on the proxy when control plane operations were made.

    As there's no deterministic way currently to confirm when Proxy has picked up the changes, we're not able to confirm if API is ready to take handle workload relying on changes.

    So, we request to…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  15. Provide a configurable timeout for password reset link in API Management

    Currently, when resetting a users password in the Azure API Management portal, the email link expires after ~30 mins.

    Ideally, the timeout value should be configurable as we have processes that require a longer period. Customer in other countries are often not immediately available to follow the link.

    Provide a configurable timeout for password reset link in API Management.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  16. Automate selection of API's for Self-hosted Gateway

    We would like to automate the selection of API's for a given APIM Gateway, to avoid manual steps when adding a new API to the APIM that should be included in the Gateway.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  17. Use valid xml to configure policies.

    In your examples one can find lines like this one:

    &lt;set-variable name=&quot;isMobile&quot; value=&quot;@(context.Request.Headers[&quot;User-Agent&quot;].Contains(&quot;iPad&quot;) || context.Request.Headers[&quot;User-Agent&quot;].Contains(&quot;iPhone&quot;))&quot; /&gt;

    If you try to validate this xml, you will find out that those double quotes inside of the value attribute are not allowed.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  18. Subscription key

    Hey, how about making it simple and clear on how to get a subscription key for using an API. I finally gave up on using Azure due to this.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow import only changes for existing Azure Functions API

    Partners should be able to only import changes when importing APIs into a project that already has Azure Functions APIs.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  20. Ability to store secrets in named values so they cannot be retrieved by contributors

    Currently Secrets can be stored in APIM named values, however a contributor can click on the secret in the portal and retrieve its contents, while this makes sense in some cases, where we are storing secrets like service principal keys the behaviour exhibited in the rest of Azure (i.e. you can copy the secret once at creation but after that point is is never available again).

    This is a particular issue for us, as we have different teams contributing to individual API's in APIM, as it stands any user who is an APIM contributor for any API can uncover the…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base