API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. hostname

    Allow deployment of hostnameConfigurations as it's own resource. Currently in an ARM template I cannot set up a keyvault reference for the certificate without granting the managed identity of the APIM access to the keyvault. I've deployed the Microsoft.ApiManagement/service without hostnameConfiguration, granted the identity access to the keyvault then redeployed the entire Microsoft.ApiManagement/service just to add hostname configuration.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Static IP assignment to API Management Service

    Kubernetes upgrade at times require removal of APIM subnet. After upgrade, APIM IP changes and this requires a change in Cname entry of DNS Server. All these activities increase the downtime window and we really need a feature which help us to assign Static IP to API Management Service

    Error:
    "code": "InUseSubnetCannotBeDeleted",
    "message": "Subnet ***-gateway-subnet is in use by /subscriptions/-X/providers/Microsoft.ApiManagement/service?vnetResourceGuid=X\X\api-version=2016-07-07 and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet."
    }

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Log http request with policy execution

    By current design, application insight collect requests log after the policy execution.

    For example, request table can't record x-user-ids values correctly in the request table, but it can record in the dependencies table.

    but for some cases, the request hit the cache, there will be no request record in dependencies table.

    <set-header name="x-user-ids" exists-action="override">

            &lt;value&gt;@(context.Subscription.Name)&lt;/value&gt;
    
    &lt;/set-header&gt;

    Is it possible to adjust it, make to collect the APIM request log to requests table after policy execution?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  4. API managment test UI gives a misleading error message when invoking long-running backend api calls that takes more than 1 min.

    API managment testing UI throws "Could not complete your request. Please try again" while testing with Post man returns OK.

    Two options:
    1. Make it clear why it stops and what alternatives developers have in the error message. For example, it may says that you may try to run Postman to run your long-running api call.


    1. Provide the option in testing UI to override the default and allows the developer to run long-running api calls.

    Attached is the screenshot I captured.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  5. Enterprise participation encouraged

    During creation process inhibit creation of duplicate company API Pub and Sub instances. Suggest duplicates to get access to the company API Pub Sub instance.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  6. Fix the UX and show appropriate errors (Highlight that the API Display Name and ID should both be Unique)

    The UX shown is very confusing as below it shows NAME already exists (and it does not highlight the error) which as per us is the 2nd field (which is internally treated as an ID). However from our analysis we have come to understand that the ‘Display name’ needs to be unique too.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Dapr integration

    Hello,

    The set-backend-service (dapr) policy works fine when invoking a service that sits in the same namespace than the API gateway. In native Dapr, it is possible to invoke a service from another namespace (than the caller) using this convention:

    http://localhost:3500/v1.0/invoke/service.namespace/method/method

    However, the app-id attribute of the APIM policy does not allow to specify "service.namespace". It returns the following error:

    Error in element 'set-backend-service' on line 16, column 10: dapr app id can only contain alphanumeric characters and dashes with no dashes at the beginning or end.

    Would it be possible to take this into account?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  8. When Deploying APIM to a Non-dedicated Subnet, No Error Message on Azure Portal

    Hi Experts,

    Our customer has concerns when using Azure API Management with virtual networks.

    If we deploy the APIM to a non-dedicated subnet, the deployment will fail, however, there is no warning or error message during the whole process.

    Can we add the error message on Azure Portal or add a validation step before updating the configuration?

    Thank you very much.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  9. Method needed to expire MSI cached credentials

    I am testing using my API Management's MSI to connect to my backend WebApp (API) using the policy <authentication-managed-identity .. /> and I can connect simply and easily.

    I now want to prove it works red/green so to speak, so I:
    - grant permission, post request, expect success.
    - Then remove permission, post request, expect fail.

    Problem is the token appears to have a 24 hour expiry on it by default.

    This is slowing me down considerably (as you can imagine).

    But also there are security situations where you want to refresh, due to adding/revoking permissions.

    So could we have…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Update operation on APIM should check for existence and perform update instead of overriding

    I tried to add new headers to one of the existing API Operations using Rest API. However, what I found out is whenever, I complete the request, the headers are getting updated but all other details in API operation are getting removed like API requests and responses or query params. I tried the same using Powershell Az module also and found the same behavior.

    The same is the behavior with every other APIM rest api. It will always override the information.

    Instead of overriding, updating the information while preserving the existing info would help.

    API I used:
    PATCH https://management.azure.com/subscriptions/<subId>/resourceGroups/<RG>/providers/Microsoft.ApiManagement/service/<APIMName>/apis/<API…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  11. stop forced display of Request Headers

    Hello.
    When adding the "CONTENT TYPE" of Request Body's Representations in the publisher portal, Request Headers is forcibly displayed as "Content-Type (optional)" on the developer portal, so it is in a state that it can not be deleted or edited.
    I want you to stop forced display of Request Headers or make it editable.
    Thank you.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  12. return-response policy

    The <return-response> policy enforces the order of any contained policies. They must be in the following order <set-status>,<set-header>,<set-body>.
    This means you cannot perform xml->json or json to xml mapping using a liquid map. This is because liquid uses the incoming Content-Type header to establish incoming message type. But we are forced to set the Content-Type to the outgoing message type before calling <set-body> and liquid cannot parse the incoming message.
    This only occurs in the <return-response> policy. In the <outgoing> policy there is no order restriction on contained policies.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support System.Net.WebUtility in policies

    I have APIs that are returning json with properties that have html-encoded values, returning html encoded string in json isn't needed as the original service was based on xml and didn't use the CDATA tag. To be able to properly compose this API usage of an HtmlDecode function is needed which is readily available in System.Net.WebUtility

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  14. Git password generation should be URL encoded

    As it stands today, you have to URL encode the password before it can be used within Git. Note ampersand in partial password shown below.

    Partial Password -- 586ea4e36ccc210085030004&2017

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  15. Enhance transformation policies to support formats such as csv, xlsx, etc.

    It is common to be requested to export data from the API queries to a format that can be shared and easy readable by other non-tech people. So i would say it would be good to be able to enhance the transformation policies to transform from JSON to CSV or XLS/XLSX. Or at least provide an option to export results to these formats on the API Management querying experience.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  16. Open Id Connect - add required scopes in Developer Portal

    Currently it is not possible to add required scopes (or any additional URL or body parameters) to authorize requests.
    I think it is possible for OAuth0 integration.
    It might be worthwhile to add such possibility.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  17. Append new operations to an existing API with Az Powershell

    In Azure API Management, I'm looking at the possibility of appending new operations to an existing API revision.

    I can do it in Azure portal as shown in the attachment.

    I don't see this flexibility (choosing between update and append) available in the powershell command that imports API https://docs.microsoft.com/en-us/powershell/module/az.apimanagement/import-azapimanagementapi?view=azps-4.7.0

    Reference: https://docs.microsoft.com/en-us/answers/questions/123037/append-new-operations-to-an-existing-api-with-az-p.html

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  18. Encrypt request / response payload in ApplicationInsights

    As of now, Azure APIM dosent have capability to encrypt payload and disply it in ApplicationInsights (all data is in plain text).

    Need to have policy to encrypt full payload or part of it so that sensitive / personal data is not exposed.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Ignore scheme differences in <redirect-content-urls />

    By default APIM matches on the scheme when using this policy. It would be nice to have an optional flag on this policy to ignore the scheme when redirecting backend URLs to the proxy.

    Via the backend, we may build a URL as "http://mybackend...&quot; - when this is surfaced via the api we'd want it redirected to the APIM proxy as "https://api.mycompany...". Currently, APIM won't fixup this response because the scheme on the link emitted from the backend doesn't match the scheme on the backend API base URL.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  20. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base