Release - API Management service: December, 2022

A regular Azure API Management service update was started on December 8, 2022. This release will continue to roll out through January 2023.

New features, fixes, and improvements

1. The log-to-eventhub policy now supports securing connections to Azure Event Hub with managed identity.
2. We fixed an issue, where the GraphQL in API Management will no longer fail when an introspection query is added to the synthetic GraphQL resolver policy.
3. We fixed an issue, where saving some policy fragments in Consumption tier services was failing.
4. We fixed an issue, where modifying a policy using client SDKs or PowerShell was failing with a 406 Not Acceptable response. The issue was caused by the management API's failure to handle PUT requests with the wildcard (*/*) Accept header.

Developer portal releases

1. 2.22.0

Release - API Management service: October, 2022

A regular Azure API Management service update was started on October 31, 2022. It may take several weeks for your API Management service to receive the update.

Feature retirements

1. Support for Azure API Management self-hosted gateway version 0 and version 1 ends 1 October 2023.

New features, fixes, and improvements

1. You can now easily validate Azure Active Directory tokens on incoming requests with the new validate-azure-ad-token policy. Learn more in the documentation or blog post.
2. We fixed an issue, where API Management didn't allow clients to open new WebSocket connections even though they didn't exceed the connections limit.
3. API Management updates are now rolled out to one Availability Zone at a time. Previously, updates were rolled out to multiple Availability Zones, reducing the service capacity by up to 50%.
4. You can now use cors and caching policies (cache-store and cache-lookup) inside policy fragments. Previously the cors policy inside policy fragments didn't correctly apply CORS configuration to the API; caching policies couldn't be configured due to an error.
5. API Management scale-out attempts that fail due to insufficient subnet capacity are now properly logged in Activity Logs.
6. XML schema validation with validate-content policy no longer results in validation errors for elements with type "anyType".
7. The execution time of the send-one-way-request policy is no longer included in the backendTime metric in the diagnostic logs, since it's an asynchronous, non-blocking operation. Previously, it was included in the backendTime metric but excluded from the totalTime metric.

Developer portal releases

1. 2.21.0
2. 2.20.0
3. 2.19.1

Self-hosted gateway container image releases

1. 2.1.6
2. 2.1.5

Self-hosted gateway Helm chart releases

1. 1.5.1
2. 1.5.0

API Management service: September, 2022

A regular Azure API Management service update was started on September 7, 2022. It may take several weeks for your API Management service to receive the update.

Highlights

1. Custom widget support in managed developer portal is now generally available.
2. Expanded support for Azure Policy definitions for Azure API Management is now generally available.
3. Support for OAuth 2.0 authorization code flow using PKCE for developer portal user sign-in and sign-up is now generally available.

New features, fixes, and improvements

1. The new allow-additional-properties attribute of the validate-content policy lets you implement a runtime override of the additionalProperties value configured in the JSON schemas - for example, to always prevent requests or responses with undefined schema properties, regardless of the JSON configuration. Documentation will be released soon in the validate-content policy reference.
2. Account confirmation links in the account registration email notifications sent to developer portal users no longer include user ID and identity in the URL.
3. We fixed an issue, where request and response validation policies would skip the on-error policy section if multiple validations failed.
4. Azure API Management no longer depends on the SMTP endpoints for sending email notifications and those endpoints can now be removed from the VNet configuration for allowed network traffic.
5. We optimized performance of synthetic GraphQL APIs resolving multiple fields from the same endpoint.
6. We fixed an issue, where using the developer portal test console configured with authorization code grant flow and OpenID Connect resulted in an error.
7. We fixed an issue, where several properties in the "APIs - List By Service" management API response weren't propagated with values. The contract now follows the documented schema.
8. We fixed an issue where an invalid request to create an API Schema could result in an 500 Internal Server Error response. API Management now returns 400 Bad Request in such cases.
9. We fixed an issue, where an unsuccessful management operation on a policy fragment could result in failure of future management operations on that policy fragment.
10. We fixed an issue, where built-in git repository export could fail.

Developer portal releases

1. 2.19.0
2. 2.18.2

Self-hosted gateway container image releases

1. 2.1.4

Self-hosted gateway Helm chart releases

1. 1.4.1

DevOps Resource Kit releases

1. 1.0.0 (general availability)
2. 1.0.0-beta.11
3. 1.0.0-beta.10
4. 1.0.0-beta.9
5. 1.0.0-beta.8

Release - API Management service: July, 2022

A regular Azure API Management service update was started on July 20, 2022. It may take several weeks for your API Management service to receive the update.

New features, fixes, and improvements

1. We optimized the loading time of API schemas for management plane (including Azure portal) and developer portal operations.
2. We increased the maximum length of each URL path segment from 520 to 1024 characters.
3. We fixed an issue, where API Management allowed creation of multiple API versions with empty identifiers within one API version set.
4. We fixed an issue, where API Management deserialized C-style hex strings in exported OpenAPI files as hex values.
5. We fixed an issue, where API Management failed to export OpenAPI definitions if referenced schemas didn't have the typename property defined.
6. The set-body policy now supports xsi-nil attribute with two values ("blank" and "null") for controlling how elements marked with xsi:nil="true" are represented in XML payloads. If the value is set to blank, API Management uses the prior behavior, where nil is represented as an empty string. If the value is set to null, nil is represented with a null value.
7. You can now monitor inbound connectivity to the API Management control plane in the "Network status" tab of the "Network" page in the Azure portal interface for your API Management service.
8. Authorizations now support Salesforce, ServiceNow, Twitter, Stripe, and Zendesk identity providers.
9. Authorizations now support PKCE authorization flow in the generic OAuth2 identity provider.
10. Improvements to the GraphQL support:
    1. API Management now supports GraphQL requests with the content type application/graphql. Previously, such requests resulted in a 400 Bad request error.
    2. GraphQL resolvers can now be configured in policy fragments for reuse in the backend policy section.
    3. We fixed an issue, where creating a new GraphQL API using the property format: graphql-format resulted in failures in execution of the management API operations or ARM templates. This property worked only for existing GraphQL APIs.
    4. We fixed an issue, where accessing context.Request in a synthetic GraphQL API's set-graphql-resolver policy would overwrite the context.Request value.
    5. We fixed an issue, where parsing of lists with scalar values resulted in runtime errors.

Developer portal releases

1. 2.18.1
2. 2.18.0

Self-hosted gateway container image releases

1. 2.1.3
2. 2.1.2
3. 2.1.1
4. 2.0.4

Browse the recently added release notes for older images:

1. 2.1.0
2. 2.0.3
3. 2.0.2
4. 2.0.1
5. 2.0.0

Self-hosted gateway Helm chart releases

1. 1.4.0
2. 1.3.1
3. 1.3.0

DevOps Resource Kit releases

1. 1.0.0-beta.8
2. 1.0.0-beta.7

Release - API Management service: June, 2022

A regular Azure API Management service update was started on June 20, 2022. It may take several weeks for your API Management service to receive the update.

Highlights

1. GraphQL passthrough support is now generally available
2. Synthetic GraphQL is now in public preview
3. Authorizations are now in public preview
4. Self-hosted gateway v2 is now generally available
5. Reusable policy fragments are now generally available
6. Developer portal's support for Content Security Policy and self-hosted portal CORS configuration are now generally available
7. Learn how to prevent or mitigate OWASP API Security Top 10 threats in Azure API Management

New features, fixes, and improvements

1. Email notifications now have valid SPF and DKIM signatures. Previously, the generated DKIM signatures were invalid.
2. System.Net.IpAddress and System.Enum namespaces are now allowed in policy expressions.
3. Scale-up operations will now fail faster if there isn't enough space in a virtual network subnet to accommodate additional API Management service units. The error will be included in the Activity Logs.
4. We fixed an issue, where scale-up operations could get stuck for multiple days in stv1 deployments. As a precaution against other potential problems with the stv1 architecture, we recommend migrating services to the stv2 architecture. Learn more about the migration process.
5. We fixed an issue, where WebSocket connections couldn't be established for requests with multiple Connection headers.
6. Management API SAS token can no longer be generated with an expiration date set in the past.
7. "Dapr" is now a reserved backend entity ID.

Developer portal releases

1. 2.17.0

Self-hosted gateway Helm releases

1. 1.2.0

DevOps Resource Kit releases

1. 1.0.0-beta.6
2. 1.0.0-beta.5

Release - API Management service: May, 2022

A regular Azure API Management service update was started on May 10, 2022. It may take several weeks for your API Management service to receive the update.

New features, fixes, and improvements

1. GraphQL support now includes policy-based authorizations, graphql-ws-based subscriptions, and improved developer portal and Azure portal interfaces.
2. Availability zone deployments are now available in the Switzerland North region.
3. You can now access the API Management service name in runtime policies with the new context.Deployment.ServiceId property. The ServiceId property is also included in Application Insights logs.
4. validate-parameters and validate-content policies now support GUID properties defined as format: uuid.
5. Event Hub loggers can now use managed identity authentication. Azure portal interface for configuring this authentication is coming soon.

Changes

1. Values of the server name property in Application Insights live metrics no longer include the .azure-api.net suffix.
2. The value of ServiceName property in API inspector JSON no longer includes the .azure-api.net suffix.

Developer portal releases

1. 2.16.0 - highlights:
   • Improvements to API reference pages and test console.
   • Support for GraphQL subscriptions.
2. 2.15.1 - highlights:
   • Includes a fix for a regression in the API list dropdown widget introduced in version 2.15.0.
3. 2.15.0 - highlights:
   • The authorization server information has been temporarily removed from the API details widget, until a more complete solution is in place.
   • Terms of use are now included in the authentication pages.

Self-hosted gateway Helm releases

1. 1.1.0

DevOps Resource Kit releases

1. 1.0.0-beta.4
2. 1.0.0-beta.3
3. 1.0.0-beta.2

Release - API Management service: March, 2022

A regular Azure API Management service update was started on March 28, 2022. It may take several weeks for your API Management service to receive the update.

Starting with this service release, we will be posting regular release announcements only here, on GitHub, and we will not be posting them on Azure Updates. We will continue to post feature or breaking change announcements on Azure Updates and reference them in regular release notes on GitHub.

Featured

1. SOAP and XML request and response validation is now generally available.
2. Developer portal widget for embedding custom HTML code is now generally available.
3. Azure Private Link support in Azure API Management is now in public preview.
4. Tools for easier import of WSDL APIs and XSD and JSON schemas are now available on GitHub.

Breaking change advisory

1. Review your virtual network configuration - it may be affected by IP address changes in March 2023.

Fixes and improvements

1. To protect services from username enumeration attacks, any attempt to reset user's password now results in a successful response from the API Management service. Previously, API Management returned 404 Not Found if the username didn't exist in the service.
2. Users no longer can subscribe to products that they don't have access to. Previously, product access configuration only restricted retrieval of product details and its APIs and it didn't prevent subscription attempts.
3. If a policy expression contains a loop and takes over five seconds to execute, API Management will now terminate its execution to avoid infinite loops.
4. You can now reference JSON schema resources from another JSON schema resource. The new schema entity is used for request or response validation.
5. Null values are no longer accepted inside the certificateIds array when creating or updating backend entities.
6. Client disconnects from gateway are no longer reported as errors.
7. X-Forwarded-For header logs now include addresses added by the gateway.
8. Severity level is now correctly configured in Application Insights traces. Previously, verbose and information traces were logged to Application Insights with higher severity.
9. GraphQL request processing is now faster and more efficient thanks to a series of optimizations.

Developer portal releases

1. 2.14.0 - highlights:
   • Support for contact, license, and termsOfService OpenAPI properties in the API reference pages.
   • Improvements to GraphQL API reference pages, including the code view.
2. 2.13.0 - highlights:
   • HTML injection widget, which allows you to render custom HTML code in an iframe in your managed or self-hosted developer portal pages.
   • Revised code samples in the test console and a new code sample for Swift.

DevOps Resource Kit releases

1. 1.0.0-beta.1:
   • Major code refactoring to the Extractor to make it more maintainable and easier to contribute to.
   • Update of the API version used in the Extractor to the latest generally available version (2021-08-01).
   • Other fixes, improvements, and community contributions.

Release - API Management service: January, 2022

A regular Azure API Management service update was started on January 20, 2022, and included the following new features, bug fixes, and other improvements. It may take several weeks for your API Management service to receive the update.

Featured

1. Managed certificate support is now in public preview.

New

1. Published developer portals are now automatically upgraded to new portal releases, without the need to republish the portal manually. Automated upgrades will preserve the latest published content; they won't publish saved but unpublished content.
2. You can now use curly brackets in a SOAP action URL template (for example, /soapAction={wildcard}) to define a wildcard SOAP action, which will match any SOAP request that doesn't have a dedicated action defined in the API. The value inside the curly brackets doesn't affect the execution.
3. Availability zones are now supported in the East Asia region.
4. New .NET SDK for the management API is now available in preview.

Fixed

1. Newly created diagnostic settings will no longer be configured to log request query parameters by default. As part of this change, Diagnostic entity's dataMasking.queryParams properties will be set with the following wildcard configuration { "value": "*", "mode": "Hide"}. The same wildcard configuration can also be applied to dataMasking.headers.
2. Self-hosted gateway now properly handles a certificate change (certificateId) for existing hostnames.
3. Multiple validate-content policies can now be specified in a single policy section.
4. It is now possible to delete a resource group with an stv2-based API Management service in a virtual network. Previously, the deletion could fail due to an unreleased public IP resource. Learn more about stv2 and API Management's infrastructure.
5. ConfigurationChange event is no longer logged in Resource Health for API Management service backups.
6. tracestate header values are no longer truncated after the first key-value pair.
7. An attempt to deploy an stv2 API Management service into a virtual network subnet with an stv1 API Management service will now result in a descriptive error message.

Release - API Management service: October, 2021

A regular Azure API Management service update was started on October 25, 2021, and included the following new features, bug fixes, and other improvements. It may take several weeks for your API Management service to receive the update.

Featured

1. Public preview: GraphQL passthrough support in Azure API Management.
2. General availability: Native support for WebSocket APIs.
3. General availability: API Management and Event Grid Integration.

New

1. You can now import Azure Container App as an API in API Management.
   
2. API Management now supports managed identity authentication for communication with Application Insights. To configure it, specify the identityClientId key in the properties.credentials property of the Logger object and set the value to:
   • systemAssigned for a system-assigned identity, or
   • ID of a user-assigned identity.
3. Support for the multi-dimensional Request metric in Azure Monitor is now generally available.

Fixed

1. We fixed an issue, where the Portal Revision API marked all new developer portal revisions as current, regardless of the isCurrent parameter's value.
2. We fixed an issue, where the specified-parameter-action attribute of the validate-parameters policy was ignored.
3. Scale-outs of API Management services in the single-tenant v2 (stv2) infrastructure no longer affect existing service capacity. Previously, each scale-out forced a restart of the existing nodes. This optimization has already been implemented in services in the stv1 infrastructure and those services aren't affected by the change.
4. All header's schema properties are now preserved when importing an OpenAPI v3 document. Schemas for headers are supported in management API versions 2021-01-01-preview or later.
5. Properties with format: date in OpenAPI documents are no longer converted to a date-time object.
6. Unknown countries are now reported as Unknown in the built-in API reports (Analytics tab in the Azure portal).
7. WebSocket APIs now support backend service URI with the WebSocket schema and a custom port.

Information

1. Services deployed in a virtual network with forced tunneling need to allow an additional dependency for Windows activations. Although this requirement wasn't documented, it is not introduced by the current release.

Release - developer portal: 2.12.1

A new developer portal version has just been released.

If you use the built-in, managed developer portal, your portal will be automatically upgraded within two weeks. Make sure to republish it to upgrade the published portal.

If you self-host the developer portal, you need to merge the source code changes and republish and redeploy your portal manually.

Detailed release notes are available in the developer portal repository.