Update changelog for March 2026 release#68
Conversation
Added detailed changelog for March 2026 release, including highlights, breaking changes, new features, improvements, and bug fixes related to AI Gateway, Gateway & Backend, Platform & Security, and Developer Portal.
|
|
||
| * **AI Gateway enhancements** - Added support for v1 OpenAI API, [A2A (Agent2Agent) communication](https://techcommunity.microsoft.com/blog/IntegrationsonAzureBlog/preview-govern-secure-and-observe-a2a-apis-with-azure-api-management/4469800), deployment-level token limits, and improved logging with agent provider tracking. Enhanced content safety and token management capabilities. Improved MCP server integration with increased tools limit, bug fixes for POST body delivery and SSE event handling, enhanced telemetry, and CORS support for MCP Inspector | ||
| * **Security updates** - Addressed critical vulnerabilities in self-hosted gateway including CVE-2025-55248 and CVE-2025-55315 | ||
| * **Platform improvements** - Key Vault References support in Credential Manager, Premium v2 SKU general availability, and distributed request tracing |
There was a problem hiding this comment.
We need to check with Nima - I don't think "distributed request tracing" is live yet
| * [Added A2A (Agent2Agent) communication support, enabling multi-agent workflows](https://techcommunity.microsoft.com/blog/IntegrationsonAzureBlog/preview-govern-secure-and-observe-a2a-apis-with-azure-api-management/4469800). | ||
| * Deployment-level token limits can now be configured for better cost control. | ||
| * Token quota period in llm-token-limit policy can now be specified using policy expressions. | ||
| * Now sending User-Agent header when retrieving OIDC configuration in the JWT validation policy for better observability. |
There was a problem hiding this comment.
This is a general capability, don't think this is in GenAI gateway already
| * Enabled use of the rewrite-uri policy when forwarding requests to backend services, allowing more flexible request transformation and routing scenarios. | ||
| * Added option to expedite stream processing by flushing every chunk of payload for improved real-time performance for model APIs. | ||
| * Request and response logging now includes content type and length across all SKU. | ||
| * Now when you configure a backend entity in API Management, you can access backend properties in policies by using the context.Backend. |
There was a problem hiding this comment.
| * Now when you configure a backend entity in API Management, you can access backend properties in policies by using the context.Backend. | |
| * Now when you configure a backend entity in API Management, you can access backend properties in policies by using the [context.Backend](https://learn.microsoft.com/azure/api-management/api-management-policy-expressions#ref-context-backend). |
There was a problem hiding this comment.
Great to see context.Backend now, but - after having looked at the properties it exposes - I'm wondering what meaningful information inside of a policy this provides. It may be helpful to add just a bit more context here as to the value this addition provides.
In the future, I would love to see context.Response.Backend provide information. Does the outbound policy section provide more information as to what backend the request may have been serviced by? That's meaningful for tracing.
There was a problem hiding this comment.
Let's not discuss product features and if they align expectations here but I do understand.
@akamenev Maybe we can add link to https://learn.microsoft.com/en-us/shows/azure-friday/building-environmental-aware-api-platforms-w-api-management at the end which shows this? for example ending in ([Azure Friday demo](https://learn.microsoft.com/en-us/shows/azure-friday/building-environmental-aware-api-platforms-w-api-management)) as well as the section for environmental capabilities?
There was a problem hiding this comment.
To your question, @simonkurtz-MSFT, yes you can include this in tracing or decision making:
<set-header name="X-Backend-Id" exists-action="override">
<value>@(context.Backend?.Id ?? "n/a")</value>
</set-header>
<set-header name="X-Backend-Type" exists-action="override">
<value>@(context.Backend?.Type ?? "n/a")</value>
</set-header>
<set-header name="X-Backend-AzureRegion" exists-action="override">
<value>@(context.Backend?.AzureRegion ?? "n/a")</value>
</set-header>Next release, so not this one, will also give you this:
<set-header name="X-Backend-SustainabilityInfo" exists-action="override">
<value>@(context.Backend?.SustainabilityInfo?.CurrentCarbonIntensity.ToString() ?? "n\a")</value>
</set-header>This is set before even calling the backend, hence it is not under .Response
If it's LB-based, it will not give the resolved on but only LB. This is being considered for future improvement.
Updated API Management service changelog with enhancements, security updates, and bug fixes.
3 participants
Added detailed changelog for March 2026 release, including highlights, breaking changes, new features, improvements, and bug fixes related to AI Gateway, Gateway & Backend, Platform & Security, and Developer Portal.