API Management

Microsoft Azure API Management is a turnkey solution for publishing APIs to external and internal consumers. Quickly create consistent and modern API gateways for existing backend services hosted anywhere, secure and protect them from abuse and overuse, and gain insights into usage and health. Plus, automate and scale developer onboarding to help get your API program up and running in no time.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow to filter/select operations when adding a new API from a OpenAPI spec

    Currently, if you need to create/update an API from an OpenAPI spec with only a small subset of the whole list of operations supported by your backend, you will need to edit the generated spec to remove all the operations/types not required which is boring and error prone, or import all of them and remove all the undesired ones one-by-one, which makes our lives sad and miserable..
    A simple UI which allows to filter/select the specific operations we need to import/update would be awesome!!

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  2. 25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Please provide support for ACS tokens in backend services

    If it would be possible to configure outbound connections with an ACS token, this would give instant support for BizTalk Services bridges and for WebHttpRelayBinding endpoints. Having this would really enable hybrid scenarios as from the start and that would be awesome.

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support building multipart/form-data in Policy Expressions for legacy apis

    Ability to build multipart/form-data requests from an originating non-multipart request. Ideally, the json-to-xml converter would also be able to be used. Use case is legacy API for querying that accepts xml files submitted via multipart POST. Would like to expose as standard json service (no multipart)-or at least standard non-multipart xml service. Presumably adding multipart support would involve some additions to the available Policies.

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  5. Return status code 405 instead of 404 when wrong method is used

    Defining an API involves creating the resources and the allowed methods for each resource. When invoking the operation (accessing the resource) with a wrong HTTP method (for example, PUT instead of GET), the API Management service returns a 404 Resource Not Found instead of a 405 Method Not Allowed. Passing an OWASP test implies to return the correct code (https://www.owasp.org/index.php/REST_Security_Cheat_Sheet#HTTP_Return_Code).

    Is it possible to return this code with API Management right now? Will it be included in future releases

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow setting a "Reply-to" field on all emails

    A user should be able to contact the API support by replying to the emails she receives.

    Emails from the API Management are sent from a 'noreply' address (<apimgmt-noreply@mail.windowsazure.com>). Administrators should have the option to configure a "Reply-To" email address.

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  7. Remove standardized Azure URL from Swagger / WSDL file

    We are using custom domains in our Azure API Management instances. Unfortunately when uploading a Swagger file, APIM automatically adds the standardized URL. Here's an example:

    "x-servers": [
    {
    "url": "https://gateway.api.qas.custom.com&quot;
    },
    {
    "url": "https://azurestandardname-northeurope-01.regional.azure-api.net&quot;
    }

    This keeps confusing our customers when they download the description through the Dev Portal.

    Please add an option to prevent the standard URL from being added to the API descriptiion (Swagger and WSDL)

    24 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Gateway  ·  Flag idea as inappropriate…  ·  Admin →
  8. Register app with Azure AD through developer portal

    Given that there are already integrations with Azure AD, it would be developer friendly if you could register and manage your apps with Azure AD through the developer console.

    That way you would need just one portal to deal with things like client ids, secrets etc

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  1 comment  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  9. Set FROM address for e-mail notifications

    Right now e-mail notifications are sent with a from header "Windows Azure API Management". Allow users to change the e-mail address placed in the FROM header to match their company addressing.

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  3 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support expressions in calls attribute of rate-limit[-by-key] and quota[-by-key] policy of APIM

    If the quota value can be an expression and dynamic, then it will much easier to implement dynamic quota in a single product. I want to set a per-subscription quota without create separate products for each of the subscription. Sometimes, we have requirement to increase quota for just a single subscription which force us to create a new product just for that particular user. Another case is that we want to provide capability to allow users to customize the quota value for ip/client-id throttling.

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    need-feedback  ·  6 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  11. apim should allow more than 260 characters for URL path segments

    API definitions which have an ID as one path segment can have path segments which are larger than 260 characters (which is a windows limitation). Unfortunately this limitation is also part of the apim service and can be inceased by the product team on request. Why not setting it to a larger value as default or let me set an option like (windows compatible path length) when creating the instance?

    This problem is very critical if you face it because the apim service itself will block the request and you cannot handle/modify/forward the request to something else which can handle…

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Service management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support for multiple APIM Custom domains without paying extra $700 for Premium Tier

    Right now if we wanted multiple custom domains on APIM we need to upgrade to Premium because Developer, Basic, Standard doesn't support this. This becomes very pricey for a simple feature.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  API management experience  ·  Flag idea as inappropriate…  ·  Admin →
  13. API change log with notifications

    Automatically provide a change log per API & operation when changes are made to the API (including full replacement via Swagger). Also have the ability to send developers with subscriptions to products linked to an API an e-mail with change notifications on time-scale they choose (daily, weekly) or when pushed by admin.

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  14. De-couple Subscriptions from Products & Issues pages

    1) Products are visible on the Products page only when the require subscription is set to true
    2) Users can post their issues only when they are subscribed to a product

    Our use case has custom subscriptions and we would like our users to try out a product before actually subscribing to them. We would also like them to post issues prior to subscribing. So these restrictions prevent us from using the Products/Issues pages. Ability to override this default APIM behavior would be beneficial.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Azure BizTalk Services Support

    Would live to sit API Management in front of Azure BizTalk Services. Essentially being able to expose a MABS Bridge as an API and have the API Manager manage interactions between mobile clients and BizTalk Services.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  3 comments  ·  Integration  ·  Flag idea as inappropriate…  ·  Admin →
  16. Customize error schema messages

    Is there a way to control message error schema in Azure APIM? .. we don't want expose two kind of message errors .. we would like to return always the same structure.

    In our case, we use a diagnostics object to return message errors in our internal API:

    {"$diagnosis": [{"$severity": "error","$sdataCode":"errorCode","$message": "errorMessage","$source": "urlSource"}]}

    However, if we overflow the rate limit policy, Azure APIM returns an object like this:

    {"statusCode": 429,"message": "Rate limit is exceeded. Try again in 52 seconds."}

    We would like to return in this case something like this:

    {"$diagnosis": [{"$severity": "error","$sdataCode":"429","$message": "Rate limit is exceeded. Try again in…

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  17. Import and append api's to an existing api through arm deployments

    In the azure portal it is possible to append multiple backends behind one logical api endpoint. I want to have the same functionality via ARM. Every repo uses the apim devops resource kit to get the swashbuckle generated openapi spec and generates based on this the ARM that registers the API in APIM. Currenlty when you have 2 ARM templates that target an api with the same ID this api is replaced. It should be possible to append and postfix the operations in case of conflicts. So basically the same as the azure portal does but this time via arm…

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Defining APIs  ·  Flag idea as inappropriate…  ·  Admin →
  18. Set custom domain name for the new Developer Portal

    When running API Management in Internal vNet mode it is not possible to access the Developer Portal over <your-api-management-instance-name>.developer.azure-api.net since it's not publicly accessible. We need to be able to set a custom domain name on the new portal, can you please add the new portal to the list of endpoints available for custom domain names.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Developer portal  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support global redirect for default pages

    Hi Team,
    We have an in-house solution to manage subscriptions on top of products, and we have a customized UI("user-subscriptions" page) for that. We want users to use our own UI to subscribe to APIs so we can track the usage; we don't want them to have access to the default "products" page, because it will have un-tracked subscriptions.

    Can we add support to redirect the built-in pages(for instance "products") to our own pages (like "user-subscriptions")?

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Policies  ·  Flag idea as inappropriate…  ·  Admin →
  20. A process for manually approving new users

    Today, you have the possibility to force a manual process for approving a user access to a product. However, if you need to enable simple username-password you have no possibility to have a manual process for approving a user access to the portal.

    It would be good for a user to see all products and APIs available in the portal, being able to browse and discover APIs. This means that anyone can create a user and browse APIs, basically spying on a company thru the names of APIs and products.

    The other way is to hide all APIs behind Products…

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base