API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. ARM API Management: Create versioned API with swagger

    Hi, If create a new api NOT providing information regarding a swagger file , the API is correctly created as versioned.
    If, in the arm below, I remove serviceUrl and add contentFormat and contentValue
    the API is not created as versioned.

    If I create the API without swagger (so it's created as versioned) and then I rerun the arm template providing the swagger the api remain versioned and the swagger is updated.

    {
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
    "location": {
    "type": "string",
    "defaultValue": "[resourceGroup().location]",
    "metadata": {
    "description": "Location for all resources."
    }
    }
    },
    "variables": {
    "apiManagementServiceName":…

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  2. Windows Authentication for Backends

    Windows Authentication for Backends

    It would be great to be able to impersonate Windows Credentials using API Mgmt for backend authentication?

    We use this code similar to this in other cases currently:
    client.ClientCredentials.Windows.ClientCredential = new NetworkCredential(xx.Identity, xx.Password, xx.Domain);

    relating to the doco:
    https://msdn.microsoft.com/en-us/library/system.servicemodel.security.windowsclientcredential.clientcredential%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support Basic Authentication in Front-end API

    We are currently consuming our APIs via various clients, including Microsoft Excel and various integration tools. These tools do NOT support the current front-end API authentication methods.
    One solution is to enable Basic Auth support in the front-end API.
    The existing username and subscription key could be used as the credentials, but the API Management would accept them in the standard base64-encoded Authorization header.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Return status code 405 instead of 404 when wrong method is used

    Defining an API involves creating the resources and the allowed methods for each resource. When invoking the operation (accessing the resource) with a wrong HTTP method (for example, PUT instead of GET), the API Management service returns a 404 Resource Not Found instead of a 405 Method Not Allowed. Passing an OWASP test implies to return the correct code (https://www.owasp.org/index.php/REST_Security_Cheat_Sheet#HTTP_Return_Code).

    Is it possible to return this code with API Management right now? Will it be included in future releases

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow to filter/select operations when adding a new API from a OpenAPI spec

    Currently, if you need to create/update an API from an OpenAPI spec with only a small subset of the whole list of operations supported by your backend, you will need to edit the generated spec to remove all the operations/types not required which is boring and error prone, or import all of them and remove all the undesired ones one-by-one, which makes our lives sad and miserable..
    A simple UI which allows to filter/select the specific operations we need to import/update would be awesome!!

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  6. 25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Please provide support for ACS tokens in backend services

    If it would be possible to configure outbound connections with an ACS token, this would give instant support for BizTalk Services bridges and for WebHttpRelayBinding endpoints. Having this would really enable hybrid scenarios as from the start and that would be awesome.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  8. Register app with Azure AD through developer portal

    Given that there are already integrations with Azure AD, it would be developer friendly if you could register and manage your apps with Azure AD through the developer console.

    That way you would need just one portal to deal with things like client ids, secrets etc

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  9. Remove standardized Azure URL from Swagger / WSDL file

    We are using custom domains in our Azure API Management instances. Unfortunately when uploading a Swagger file, APIM automatically adds the standardized URL. Here's an example:

    "x-servers": [
    {
    "url": "https://gateway.api.qas.custom.com"
    },
    {
    "url": "https://azurestandardname-northeurope-01.regional.azure-api.net"
    }

    This keeps confusing our customers when they download the description through the Dev Portal.

    Please add an option to prevent the standard URL from being added to the API descriptiion (Swagger and WSDL)

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  3 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support expressions in calls attribute of rate-limit[-by-key] and quota[-by-key] policy of APIM

    If the quota value can be an expression and dynamic, then it will much easier to implement dynamic quota in a single product. I want to set a per-subscription quota without create separate products for each of the subscription. Sometimes, we have requirement to increase quota for just a single subscription which force us to create a new product just for that particular user. Another case is that we want to provide capability to allow users to customize the quota value for ip/client-id throttling.

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    need-feedback  ·  6 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  11. API change log with notifications

    Automatically provide a change log per API & operation when changes are made to the API (including full replacement via Swagger). Also have the ability to send developers with subscriptions to products linked to an API an e-mail with change notifications on time-scale they choose (daily, weekly) or when pushed by admin.

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  12. apim should allow more than 260 characters for URL path segments

    API definitions which have an ID as one path segment can have path segments which are larger than 260 characters (which is a windows limitation). Unfortunately this limitation is also part of the apim service and can be inceased by the product team on request. Why not setting it to a larger value as default or let me set an option like (windows compatible path length) when creating the instance?

    This problem is very critical if you face it because the apim service itself will block the request and you cannot handle/modify/forward the request to something else which can handle…

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support for multiple APIM Custom domains without paying extra $700 for Premium Tier

    Right now if we wanted multiple custom domains on APIM we need to upgrade to Premium because Developer, Basic, Standard doesn't support this. This becomes very pricey for a simple feature.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  14. A process for manually approving new users

    Today, you have the possibility to force a manual process for approving a user access to a product. However, if you need to enable simple username-password you have no possibility to have a manual process for approving a user access to the portal.

    It would be good for a user to see all products and APIs available in the portal, being able to browse and discover APIs. This means that anyone can create a user and browse APIs, basically spying on a company thru the names of APIs and products.

    The other way is to hide all APIs behind Products…

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. De-couple Subscriptions from Products & Issues pages

    1) Products are visible on the Products page only when the require subscription is set to true
    2) Users can post their issues only when they are subscribed to a product

    Our use case has custom subscriptions and we would like our users to try out a product before actually subscribing to them. We would also like them to post issues prior to subscribing. So these restrictions prevent us from using the Products/Issues pages. Ability to override this default APIM behavior would be beneficial.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow the creation of custom API templates with predefined policies

    Allow custom templates to be created, and made available for selection via the API creation page (see attached), with predefined policies. This will improve the user experience where the requirement is to have several API's based on the same boiler plate policies. Product policies could be used but require all API's to be assigned to the same product which does not give flexibility in restricting access to the API's

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  17. Azure BizTalk Services Support

    Would live to sit API Management in front of Azure BizTalk Services. Essentially being able to expose a MABS Bridge as an API and have the API Manager manage interactions between mobile clients and BizTalk Services.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  3 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  18. Customize error schema messages

    Is there a way to control message error schema in Azure APIM? .. we don't want expose two kind of message errors .. we would like to return always the same structure.

    In our case, we use a diagnostics object to return message errors in our internal API:

    {"$diagnosis": [{"$severity": "error","$sdataCode":"errorCode","$message": "errorMessage","$source": "urlSource"}]}

    However, if we overflow the rate limit policy, Azure APIM returns an object like this:

    {"statusCode": 429,"message": "Rate limit is exceeded. Try again in 52 seconds."}

    We would like to return in this case something like this:

    {"$diagnosis": [{"$severity": "error","$sdataCode":"429","$message": "Rate limit is exceeded. Try again in…

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  19. Import and append api's to an existing api through arm deployments

    In the azure portal it is possible to append multiple backends behind one logical api endpoint. I want to have the same functionality via ARM. Every repo uses the apim devops resource kit to get the swashbuckle generated openapi spec and generates based on this the ARM that registers the API in APIM. Currenlty when you have 2 ARM templates that target an api with the same ID this api is replaced. It should be possible to append and postfix the operations in case of conflicts. So basically the same as the azure portal does but this time via arm…

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  20. Ability to turn off notifications, not just edit templates

    We need the ability to turn off notifications through the workflow. We are setting up accounts for clients and don't want most of the notifications that come out. We are having to enter fake email addresses just to prevent the notifications.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base