API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add support for ionic scheme in CORS policy

    Today CORS policy in APIM only allows http, https or file scheme in allowed-origins.
    https://docs.microsoft.com/en-us/azure/api-management/api-management-cross-domain-policies#CORS

    Ionic webview plugin serves application from ionic:// or custom scheme. None of http, https or file is valid in ionic webview.
    https://github.com/ionic-team/cordova-plugin-ionic-webview

    Please add support for inoic scheme. Thank you.

    37 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Define policies in JSON

    I am not a big fan of XML so having an option to define policies using JSON would make it much easier to apply a policy and understand what exactly is going on.

    37 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  3. Client certificate authentication in developer console

    If the front-end takes mutual certs, the console cannot provide a way for developers to test API.

    35 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  4. Improved mutual certificate authentication for front-end / public endpoint

    The current method of verifying client certificates is by hard-coding the certificate thumbprint into a conditional in the policy.

    A better solution would be to be able to match the incoming thumbprint to ALL thumbprints in the uploaded SSL key stores. As described in the last paragraph here:
    https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates-for-clients

    However, currently only the private certificates are exposed in the context variable (context.Deployment.Certificates) rendering the aforementioned code non-working.

    35 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support webhooks for notifications

    All API Management notifications are currently done via email.
    It would be great to add webhooks as a potential destination so we can automate certain process with services like Logic Apps.

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  6. Policy based on tags

    Allow applying tags to operations / apis / products and then applying policies to tags.

    The publisher would then be able to create a group of operations and apply a policy to all of them instead of having to group them in different products or apply the same policy to multiple operations. Tag policies should apply either before or after the product / api / operation level.

    Example use case would be an API that has several operations that some can be cached and some that cannot. The tag could be applied to the operations that could be cached and…

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  7. Increase password strength for basic user accounts

    Basic user accounts can be created via;
    1. Admin portal (minimum password length=6)
    2. Self registration page (minimum password length=8).
    No other rule applies i.e. very poor password strength.

    When possible, we definitely use AAD.
    For cases where we can not use AAD the Azure PaaS Developer Support Team has recommended us to use Facebook, Google, Microsoft or Twitter accounts...

    Please, provide UI page where Admin can design password policy by choosing;
    - Minimum password length. [Default=8?].
    - English upper case letters (e.g., A, B, C, ...Z). [Checkbox True|False].
    - English lower case letters (e.g., a, b, c, ...z). [Checkbox…

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    need-feedback  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. We would like to have OWASP security features as part of API Management rather than using API gateway/WAF.

    We would like to have OWASP security features as part of API Management rather than using API gateway/WAF.

    32 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. Support gRPC in Azure API Manager

    Please add support for gRPC to Azure API Manager.
    I would like to expose gRPC services to clients.
    It would also be great if we can have REST services for clients that call backend gRPC services.

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Expose API Management Events

    Expose events from API Management.

    Example would be, a user registers. Currently we get an email. It would be nice if it was an event we could subscribe to (WebHook or API Call or Service Bus message.. etc) so that we could use the user registration as the start of a workflow.
    Another example would be if a user requests a Product, having an event we could leverage things like PowerApp/Flow/Logic App to start an approval process or setup their development environment.

    Simple Event list that would have the most value:
    -User Created
    -User Requested Subscription
    -Issue Created

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  6 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Query Log Analytics metrics data using APIs

    The Monitor API does not return time-series data for Log Analytics Metrics.

    Steps to reproduce.

    1. Go to https://docs.microsoft.com/en-us/rest/api/monitor/metrics/list and click "Try it.
    2. Enter a resource ID for a Microsoft.OperationalInsights (Log Analytics) that contains a Platform Heartbeat metric.
    3. Enter "metricnames" and "Heartbeat", be sure to click "+" after
    4. Click Run

    The Timeseries collection is empty.

    When I run a query like the following through analytics I do see data:

    // See the last heartbeat for each computer in the last hour
    Heartbeat
    | where TimeGenerated > ago(1h)
    | summarize
    latest_heartbeat = max(TimeGenerated), // time of the most…

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  12. Send an email to a user once their subscription has been activated

    When a developer subscribes to a product that requires activation, they're not currently notified when their subscription is approved.

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  13. Programmatically Import Azure Function into APIM

    I've created an Azure DevOps release pipeline to update APIM API by importing a swagger file via PowerShell. The swagger file was exported from APIM Dev instance, and the release pipeline imports it into QA APIM instance. However, backend is wrong, and there are missing keys that prevent QA APIM API from calling QA Az Function API.

    It all works if I manually import the QA Az Func API into QA APIM API via APIM UI... and keys are automagically generated for Az Func & APIM.

    So I need a way to setup DevOps release pipeline to deploy a QA…

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  14. Email notifications per API or Product

    Today, email notifications for a new registration or sub request are send to one or more email addresses. However, the configured email recipients get a notification for all APIs and all Products.

    We're having different back office people handling the workflow requests of different API Products, so it would be much easier that they would only get notifications for their API products.

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add missing Issues features

    The Issues section of API Management seems really lacking. To just name a few of the current shortcomings:

    - Inability to edit/delete a comment (I hope no one every makes typos)
    - Inability to delete a resolved issue.
    - Inability to search issues.
    - Inability to tag issues.
    - Inability to control the view of issues (order by date, status, etc)

    The API Management has many great features, but unfortunately Issues isn't one of them, and is an important part of our API management strategy

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  16. Origin API oauth support

    Ability to create an API in Azure API Management that will OAuth to the origin api. I don't want my users to oauth, the Azure API key is enough security for that. I just want my Azure API to access the origin API through OAuth.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. ARM API Management: Create versioned API with swagger

    Hi, If create a new api NOT providing information regarding a swagger file , the API is correctly created as versioned.
    If, in the arm below, I remove serviceUrl and add contentFormat and contentValue
    the API is not created as versioned.

    If I create the API without swagger (so it's created as versioned) and then I rerun the arm template providing the swagger the api remain versioned and the swagger is updated.

    {
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
    "location": {
    "type": "string",
    "defaultValue": "[resourceGroup().location]",
    "metadata": {
    "description": "Location for all resources."
    }
    }
    },
    "variables": {
    "apiManagementServiceName":…

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  18. SOAP import WSDL with external XSD

    All our SOAP services files use external XSD files that are imported into the WSDL. To import these in API Management, we need to merge the files into one big WSDL.

    It would be nice if we could import the WSDL and the imported XSD files without the need to create a "merged" WSDL

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  3 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  19. Windows Authentication for Backends

    Windows Authentication for Backends

    It would be great to be able to impersonate Windows Credentials using API Mgmt for backend authentication?

    We use this code similar to this in other cases currently:
    client.ClientCredentials.Windows.ClientCredential = new NetworkCredential(xx.Identity, xx.Password, xx.Domain);

    relating to the doco:
    https://msdn.microsoft.com/en-us/library/system.servicemodel.security.windowsclientcredential.clientcredential%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support Basic Authentication in Front-end API

    We are currently consuming our APIs via various clients, including Microsoft Excel and various integration tools. These tools do NOT support the current front-end API authentication methods.
    One solution is to enable Basic Auth support in the front-end API.
    The existing username and subscription key could be used as the credentials, but the API Management would accept them in the standard base64-encoded Authorization header.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base