API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Single Swagger file for all APIs

    Support producing/exporting a single Swagger file for all APIs within API management.

    81 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  5 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  2. assign Internal IP to APIM

    We have an APIM with an InternalVnet configuration.

    Currently we are testing Disaster Recovery Solutions and one pain point is the automatic assigned internal IP address.

    Each time we redeploy the APIM to test the DRS we need to create a change for the DNS and have more dependencies than needed to recover our solution

    Please make the Internal IP adjustable to enable fixed values assigned by us

    81 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Automated backup for APIM

    Provide automated and manual backup feature something similar to what we have in Azure Web Apps (
    https://docs.microsoft.com/en-us/azure/app-service/web-sites-backup#configure-automated-backups ).

    80 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  9 comments  ·  Lifecycle  ·  Flag idea as inappropriate…  ·  Admin →
  4. Multiple Environment per Instance

    If you want your users to see the documentation in production, but "Try It" in your staging environment we'd have to deploy a separate APIM instance and manage content in both.

    Below is a brain dump of how I imagine this feature could be used in various aspects of the APIM solution.

    apiminstance.azure-api.net < this would be the primary
    environment.apiminstance.azure-api.net < this would be the environment specific or a custom domain per environment

    There would be no environment.apiminstance.portal.azure-api.net site

    Also if we could set the default environment to use for the Try It button that'd be fantastic.

    Each environment should…

    73 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  6 comments  ·  Lifecycle  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow disabling/stopping of API Management during evaluation to preserve subscription credits

    I am evaluating API Management using Visual Studio Subscription credits. The credits are depleted even when I am not testing API Management and are likely to be exhausted before I have completed evaluation. This is both frustrating and prevents me from completing my evaluation. Other API Management providers such as apigee provide a superior evaluation experience.

    This issue has already been raised before and the answer is not satisfactory
    https://social.msdn.microsoft.com/Forums/en-US/f4522315-fd3b-4129-b758-e74b22d74145/how-can-i-quotdisablequot-but-not-delete-an-api-management-service?forum=azureapimgmt

    73 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Pricing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add reusability mechanism for policies

    Give us some mechanism to create our own <policy-expression> type steps. For example, we need some snippet to be applied to multiple scopes, today we have to copy/paste all of that. It would be great to have some way to encapsulate custom policy expression logic and reuse it across multiple scopes.

    70 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support for HTTP/2 for APIM connecting to backend services

    HTTP/2 is supported for APIM client side facing communications, it will be great to support HTTP/2 also for backend side facing communications so that the entire request chain can be HTTP/2 enabled.

    69 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  8. 68 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  5 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  9. Import mandatory query parameters as query rather than in the URL template

    When an API is imported into API-M using Swagger, mandatory query parameters are imported into the URL template rather than as query parameters.

    The effect of this is when a parameter is missing API-M returns a 404. The correct behaviour should be to return a 400 Bad Request with a validation error, or pass the request to the back-end API to return an appropriate error.

    I suggest adding an option to import mandatory query parameters from Swagger as query parameters.

    68 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  3 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  10. apim should allow more than 260 characters for URL path segments

    API definitions which have an ID as one path segment can have path segments which are larger than 260 characters (which is a windows limitation). Unfortunately this limitation is also part of the apim service and can be inceased by the product team on request. Why not setting it to a larger value as default or let me set an option like (windows compatible path length) when creating the instance?

    This problem is very critical if you face it because the apim service itself will block the request and you cannot handle/modify/forward the request to something else which can handle…

    63 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  11. API Management more control with mail sending

    Currently there are very few options to set, when it comes to mailing about API Management events (new subscriptions, new developers, etc.).
    It would be great, if following could be included for e-mail configuration (some of these things help avoid e-mail being recognized as spam by some spam filters, as in our case):
    - optionally removing "on behalf of" when sending e-mail
    - including text/plain representation in sent e-mails (besides default text/html)
    - using SendGrid as a e-mail sender (as in other Azure services)
    - using custom reply address (instead of "on behalf of")

    Any maybe some other things that…

    62 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add support for key vault stored SSL certificates in API Management service

    Add ability to use SSL certificates bought through Azure and stored in key vault with API Management instance.

    61 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Ability to manage Subscription Keys for a Group of users

    Allow the assignment of a subscription key that applies to a group of users. The idea is to create one shared subscription key that is tied to the group so as members of the group swap in/out they can use that key.

    Think of a large company of developers, rather than creating a shared login the group of developers could be put into the group and then have access to that applications subscription keys.

    The idea is really to treat the key as an entity that isn't a person but needs to be managed by several people, like give this…

    60 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  14. Manual order/grouping of operations

    It'd be great to be able to manually order and/or group operations within an API for easier usage.

    58 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Miao Jiang responded

    Thanks for the feedback. Can you please provide a little more details on how you want this to work? Do you want this feature on developer portal or admin portal or both? Thanks!

  15. http2

    Enable http2 for the API Management

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  0 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  16. AAD integration for all Teirs

    Just because we want a good API interface does not mean we are doing the next Facebook. APIM at Standard level would be, by far, the most expensive component of my entire end to end IoT data platform and includes far more bandwidth than I will likely require. But now you expect me to pay over 4 times as much just to integrate AD for a handful of users?

    I will either keep to Developer tier or if that is not sufficient the internal developers can use personal Microsoft accounts. On the bright side, it does eliminate a tie in…

    56 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  5 comments  ·  Pricing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add Developer Portal to Consumption Tier

    Please add the developer portal to the consumption tier.

    It's currently very confusing in the management portal as to what is supported and what isn't when using the consumption tier. For instance, it is possible to publish products, or define definition's for responses, yet this seems to only be for publishing in the developer portal.

    This article: https://docs.microsoft.com/en-us/azure/azure-functions/functions-openapi-definition comes close to explaining how to set up at least an OpenAPI definition - but it dosen't appear possible to link multiple existing Azure functions to an existing API Management gateway.

    Is the developer portal feature (in all other tiers) going to…

    53 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  18. Use DDoS Protection Standard with VNET integrated API Management gateway

    We would like to use DDoS Protection Standard for our VNET integrated API Management Service. A possible solution could be to have self-signed public ip's for the public endpoint.

    P.S. We cannot put a Application Gateway v2 in front of API gateway because of the requirement of Client Certificate Authentication.

    52 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support better grouping & sorting of products & APIs

    Right now - everything is forced into alphabetical sorting. There are no grouping options. We plan to use this for our entire enterprise, and we expect to end up with hundreds of APIs and dozens of products. A simple "sort order" field will accomplish the sorting issues, may be cumbersome to maintain but we could manage. Not sure how grouping would work, but here is our example:

    Products:
    Business Unit A - Developer
    Business Unit A - Test
    Business Unit A - Production
    Business Unit A - Production Unlimited

    I may like to have a "bucket" named just "Business Unit…

    51 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  20. Developer Portal displays IIS Yellow Page

    https://****.portal.azure-api.net/

    A security team observes that the developer portal application reveals the server information in terms of IIS error page (Yellow Page).

    System should have ability to configure "Default IIS error page".

    Try accesing any developer portal URL by expanding "/C:/test" to actual URL.

    51 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base