API Apps

How can we improve Microsoft Azure API Apps?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Make OData a first class citizen.

    Apparently OData (Microsoft's flagship REST data protocol) isn't fully supported.

    More info:

    https://social.msdn.microsoft.com/Forums/azure/en-US/7363e392-86d8-4b60-99fd-af98e128ab06/whats-the-odata-story?forum=AzureAPIApps

    quote
    "If you can manually create Swagger 2.0 metadata to describe your REST API, it will work perfectly."
    /quote

    Assuming it's true that swagger can't do OData, I would think that fact alone would've precluded swagger as an option.

    Additionally, whatever the reason swagger cannot create metadata for a WebAPI OData project should have been addressed before launch.

    Regardless, please fix this.

    182 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • Add ability to use API Key authentication

      It would be nice to be able to protect API apps with a set of API Keys instead of requiring a user to manually log in. This would be especially helpful for backend APIs that don't require user authorization or are accessed primarily by other servers.

      167 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        8 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
      • Access to a populated User.Identity

        It would be very valueable to have Access to a "populated" User.Identity in the Controllers. Most of the the time, at least in my apps, my Apis will present user specific Content. Having a populated User.Identity would help alot.

        59 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Flag idea as inappropriate…  ·  Admin →

          Hello!

          At the moment our recommended method for checking the identity of the current user is to check several attributes added to incoming requests. This is to allow your application to go completely in and out of memory on lower priced tiers without “always-on.” Check out the tutorial below for the header names.
          https://docs.microsoft.com/en-us/azure/app-service-api/app-service-api-authentication

          We would like to have language specific auth functionality like this in the future. I am placing this item in “unplanned” to be used in future planning sessions.

          thanks for your feedback!
          Alex
          Azure App Service Team

        • API Apps with AllowAnonymous

          Have a mix of authentication levels for different endpoints in the underlying Web API?

          API App to have access level of 'Public (authenticated)' but one of the endpoints needs to be accessible as an anonymous user. Previously I would have just applied the AllowAnonymous attribute on the method, but the gateway still intercepts and returns an unauthenticated response.

          Would be great to mark a specific method as allowing anonymous and the default behaviour to respect the gateway authentication level.

          23 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →

            Thank you for your feedback!

            Right now the workaround is to set your authentication/authorization option to enabled, but set the action for unauthenticated requests to “allow.” Then manually redirect unauthenticated requests to the secured endpoints to the authorization flow at /.auth/login/done.
            https://docs.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-how-to-configure-active-directory-authentication#optional-configure-a-native-client-application

            We would like to add more robust support for multiple auth levels in the future. I am placing this item in “unplanned” to be used in future planning sessions.

            Thanks!
            Alex
            Azure App Service Team

          • Certificate Authentication

            From what I can see clients can only authenticate to API apps interactively. This, like others said, makes automated authentication difficult. It would be great to support certificate authentication, much like the Azure Management API does, i.e. https://msdn.microsoft.com/en-us/library/azure/ee460782.aspx#bk_cert

            20 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →

              Thank you for your feedback!

              For the time being you can use service principle auth to programmatically authenticate with an API if you are using AAD auth. https://docs.microsoft.com/en-us/azure/app-service-api/app-service-api-dotnet-service-principal-auth

              We would like to add general cert auth to App Service authentication/authorization in the future. I am placing this item in “unplanned” to be used in future planning sessions.

              Thanks!
              Alex
              Azure App Service Team

            • Support generating custom Web API from Swagger document

              Support generating custom Web API from Swagger document from Visual Studio

              9 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  Flag idea as inappropriate…  ·  Admin →

                Thank you for your feedback!

                We would like to add support for generating server code from a swagger definition. I am placing this item in “unplanned” to be used in future planning sessions.

                Please feel free to update this thread if you find any open source packages that work for you. We found the swagger server stub generator was a good tool if you find yourself generating a lot of new servers. https://github.com/swagger-api/swagger-codegen/wiki/Server-stub-generator-HOWTO

                Thanks
                Alex
                Azure App Service Team

              • Add support for HTTP method and HTTP header in "URL ping" web tests

                Lots of our API requires authorization, in these cases we need to add HTTP header to the request.

                We've had a problem with app service not accepting PUT and DELETE requests multiple times (the requests were canceled before they reached our code = they were not logged in Application Insights for example) and we want to have a test that lets us know when this happens again.

                In both cases, URL ping test would be enough we could specify HTTP method & HTTP header. It does not make sense to use multi step web tests for this & pay for…

                3 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                • Don't see your idea?

                API Apps

                Feedback and Knowledge Base