Get the answers to common questions about Azure API Management.
When a feature is in preview, it means that we're actively seeking feedback on how the feature is working for you. A feature in preview is functionally complete, but it's possible that we'll make a breaking change in response to customer feedback. We recommend that you don't depend on a feature that is in preview in your production environment.
Subscribe to update announcements published in these locations:
You have several options to secure the connection between the API Management gateway and your backend services, including:
- Use subscription key authentication. On its own, a subscription key isn't a strong form of authentication, but is often used along with another method.
- Use TLS mutual authentication as described in How to secure back-end services by using client certificate authentication in Azure API Management.
- Use IP filtering on your back-end service. In all tiers of API Management except the Consumption tier, the IP address of the gateway remains constant. For more information, see IP addresses of Azure API Management.
- Connect your API Management instance to an Azure virtual network.
You have several options, including:
- Use the backup and restore functionality in API Management.
- Create your own backup and restore feature by using the API Management REST API to save and restore the entities from the service instance that you want.
- Download the service configuration by using Git, and then upload it to a new instance.
Yes. To learn how, see Move resources to a new resource group or subscription.
Yes, you can manage API Management programmatically by using a variety of tools, including:
- The API Management REST API
- Azure client SDKs for .NET, JavaScript, Java, and other languages
- Azure PowerShell and Azure CLI
- Azure Resource Manager and Bicep templates. See example quickstart templates.
- Terraform
The Administrators group is an immutable system group that includes Azure subscription administrators. You can't add a user to this group. For more information, see How to create and use groups to manage developer accounts in Azure API Management.
If the policy that you want to add appears greyed or shaded in the policy editor, be sure that you are in the correct scope for the policy. Each policy statement is designed for use in specific scopes and policy sections. To review the policy sections and scopes for a policy, see the policy's Usage section in the policy reference.
To set up multiple environments, for example, a test environment and a production environment, in a single API, you have two options. You can:
- Host different APIs on the same API Management instance.
- Host the same APIs on different instances.
API Management supports REST APIs as well as passthrough to SOAP, WebSocket, and GraphQL APIs. API Management also supports synthetic GraphQL APIs.
API Management also integrates with Azure compute offerings commonly used for building and hosting APIs on Azure, including Functions, Logic Apps, and Web Apps.
See API import restrictions and known issues for OpenAPI (Swagger), WSDL, and WADL formats.
API Management uses the performance traffic routing method (lowest latency) in deployments to multiple geographic locations. For more information, see Deploy an Azure API Management instance to multiple Azure regions.
Yes.
The minimum subnet size needed to deploy API Management is /29. Learn more about using API Management in virtual networks.
While API Management doesn't include a WAF component, deploying a WAF upstream (in front) of the API Management instance is recommended. For example, use Azure Application Gateway.
For information, see API gateway in API Management and the Self-hosted gateway overview.
Historically and by convention a URL ending with a trailing slash is treated as a directory, for example https://contoso.com/sample/
whereas the same URL without the trailing slash https://contoso.com/sample
would indicate a file. This isn't mandated; some systems consider those two URLs unique, others consider them the same. API Management doesn’t make a distinction, thus a single operation resource
will accept either resource
or resource/
. However, the distinction may matter to the backend host. Some web servers will automatically redirect a URL not ending with a trailing slash, to the same URL ending in a trailing slash. As API Management is the client to the backend (server), an automatic redirect isn't always desirable. If needed, create a Rewrite URL policy to ensure a trailing slash is always added to the outbound backend call.
No, you can't change the name (or ID) of an API in Azure API Management after you create it. However, you can change the display name.
When you clone an API, the new instance is created with a system-generated value for the name, which you can't change. To specify a name for the API, manually create a new API and import the API definition. For more information, see Import an API.