API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Programmatically Import Azure Function into APIM

    I've created an Azure DevOps release pipeline to update APIM API by importing a swagger file via PowerShell. The swagger file was exported from APIM Dev instance, and the release pipeline imports it into QA APIM instance. However, backend is wrong, and there are missing keys that prevent QA APIM API from calling QA Az Function API.

    It all works if I manually import the QA Az Func API into QA APIM API via APIM UI... and keys are automagically generated for Az Func & APIM.

    So I need a way to setup DevOps release pipeline to deploy a QA…

    42 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  2. Use DDoS Protection Standard with VNET integrated API Management gateway

    We would like to use DDoS Protection Standard for our VNET integrated API Management Service. A possible solution could be to have self-signed public ip's for the public endpoint.

    P.S. We cannot put a Application Gateway v2 in front of API gateway because of the requirement of Client Certificate Authentication.

    42 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Visual Studio Integration for Policy Editing and Testing

    The policy editor in the publisher portal is terrible. A VS plugin that would allow intelisense, code completion, syntax checking and policy debugging would be extremely helpful

    41 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  4. Email notifications per API or Product

    Today, email notifications for a new registration or sub request are send to one or more email addresses. However, the configured email recipients get a notification for all APIs and all Products.

    We're having different back office people handling the workflow requests of different API Products, so it would be much easier that they would only get notifications for their API products.

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  5. different endpoint for an operation based on product

    Would be nice to have the option to define a different endpoint to different products. This will allow to define a 'test' and 'live' products that works with different environments. While at the same time the developers keys, examples, etc are all in one place.

    38 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  6. Ability to assign public static IP address to public endpoint

    When the API consumer is adding firewall rules, the changes to public IP address causes maintenance churn. There are some instances where the API management is used under test and qa controlled by devops and the endpoint address changes every time the resource is recreated. Requesting the ability for API management to be treated like any other resource in the devops process.

    38 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  7. Improved mutual certificate authentication for front-end / public endpoint

    The current method of verifying client certificates is by hard-coding the certificate thumbprint into a conditional in the policy.

    A better solution would be to be able to match the incoming thumbprint to ALL thumbprints in the uploaded SSL key stores. As described in the last paragraph here:
    https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates-for-clients

    However, currently only the private certificates are exposed in the context variable (context.Deployment.Certificates) rendering the aforementioned code non-working.

    38 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  8. Define policies in JSON

    I am not a big fan of XML so having an option to define policies using JSON would make it much easier to apply a policy and understand what exactly is going on.

    37 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  9. Policy based on tags

    Allow applying tags to operations / apis / products and then applying policies to tags.

    The publisher would then be able to create a group of operations and apply a policy to all of them instead of having to group them in different products or apply the same policy to multiple operations. Tag policies should apply either before or after the product / api / operation level.

    Example use case would be an API that has several operations that some can be cached and some that cannot. The tag could be applied to the operations that could be cached and…

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support for multi-tenant user login delegation

    In a multi-tenant scenario, there is no option to delegate user login to multiple urls, the delegation section allows only one url.

    It would be great if it would allow one delegation endpoint per custom developer portal domain.

    36 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  11. Client certificate authentication in developer console

    If the front-end takes mutual certs, the console cannot provide a way for developers to test API.

    35 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support webhooks for notifications

    All API Management notifications are currently done via email.
    It would be great to add webhooks as a potential destination so we can automate certain process with services like Logic Apps.

    34 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  13. Increase password strength for basic user accounts

    Basic user accounts can be created via;
    1. Admin portal (minimum password length=6)
    2. Self registration page (minimum password length=8).
    No other rule applies i.e. very poor password strength.

    When possible, we definitely use AAD.
    For cases where we can not use AAD the Azure PaaS Developer Support Team has recommended us to use Facebook, Google, Microsoft or Twitter accounts...

    Please, provide UI page where Admin can design password policy by choosing;
    - Minimum password length. [Default=8?].
    - English upper case letters (e.g., A, B, C, ...Z). [Checkbox True|False].
    - English lower case letters (e.g., a, b, c, ...z). [Checkbox…

    33 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    need-feedback  ·  0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Expose API Management Events

    Expose events from API Management.

    Example would be, a user registers. Currently we get an email. It would be nice if it was an event we could subscribe to (WebHook or API Call or Service Bus message.. etc) so that we could use the user registration as the start of a workflow.
    Another example would be if a user requests a Product, having an event we could leverage things like PowerApp/Flow/Logic App to start an approval process or setup their development environment.

    Simple Event list that would have the most value:
    -User Created
    -User Requested Subscription
    -Issue Created

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  6 comments  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  15. SOAP import WSDL with external XSD

    All our SOAP services files use external XSD files that are imported into the WSDL. To import these in API Management, we need to merge the files into one big WSDL.

    It would be nice if we could import the WSDL and the imported XSD files without the need to create a "merged" WSDL

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  3 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  16. Support building multipart/form-data in Policy Expressions for legacy apis

    Ability to build multipart/form-data requests from an originating non-multipart request. Ideally, the json-to-xml converter would also be able to be used. Use case is legacy API for querying that accepts xml files submitted via multipart POST. Would like to expose as standard json service (no multipart)-or at least standard non-multipart xml service. Presumably adding multipart support would involve some additions to the available Policies.

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  17. Send an email to a user once their subscription has been activated

    When a developer subscribes to a product that requires activation, they're not currently notified when their subscription is approved.

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  18. Set custom domain name for the new Developer Portal

    When running API Management in Internal vNet mode it is not possible to access the Developer Portal over <your-api-management-instance-name>.developer.azure-api.net since it's not publicly accessible. We need to be able to set a custom domain name on the new portal, can you please add the new portal to the list of endpoints available for custom domain names.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add missing Issues features

    The Issues section of API Management seems really lacking. To just name a few of the current shortcomings:

    - Inability to edit/delete a comment (I hope no one every makes typos)
    - Inability to delete a resolved issue.
    - Inability to search issues.
    - Inability to tag issues.
    - Inability to control the view of issues (order by date, status, etc)

    The API Management has many great features, but unfortunately Issues isn't one of them, and is an important part of our API management strategy

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  20. Origin API oauth support

    Ability to create an API in Azure API Management that will OAuth to the origin api. I don't want my users to oauth, the Azure API key is enough security for that. I just want my Azure API to access the origin API through OAuth.

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base