Releases: Azure/API-Management
Release - API Management service: December, 2022
A regular Azure API Management service update was started on December 8, 2022. This release will continue to roll out through January 2023.
New features, fixes, and improvements
- The
log-to-eventhub
policy now supports securing connections to Azure Event Hub with managed identity. - We fixed an issue, where the GraphQL in API Management will no longer fail when an introspection query is added to the synthetic GraphQL resolver policy.
- We fixed an issue, where saving some policy fragments in Consumption tier services was failing.
- We fixed an issue, where modifying a policy using client SDKs or PowerShell was failing with a 406 Not Acceptable response. The issue was caused by the management API's failure to handle PUT requests with the wildcard (
*/*
)Accept
header.
Developer portal releases
Release - API Management service: October, 2022
A regular Azure API Management service update was started on October 31, 2022. It may take several weeks for your API Management service to receive the update.
Feature retirements
New features, fixes, and improvements
- You can now easily validate Azure Active Directory tokens on incoming requests with the new
validate-azure-ad-token
policy. Learn more in the documentation or blog post. - We fixed an issue, where API Management didn't allow clients to open new WebSocket connections even though they didn't exceed the connections limit.
- API Management updates are now rolled out to one Availability Zone at a time. Previously, updates were rolled out to multiple Availability Zones, reducing the service capacity by up to 50%.
- You can now use
cors
and caching policies (cache-store
andcache-lookup
) inside policy fragments. Previously thecors
policy inside policy fragments didn't correctly apply CORS configuration to the API; caching policies couldn't be configured due to an error. - API Management scale-out attempts that fail due to insufficient subnet capacity are now properly logged in Activity Logs.
- XML schema validation with
validate-content
policy no longer results in validation errors for elements with type "anyType". - The execution time of the
send-one-way-request
policy is no longer included in thebackendTime
metric in the diagnostic logs, since it's an asynchronous, non-blocking operation. Previously, it was included in thebackendTime
metric but excluded from thetotalTime
metric.
Developer portal releases
Self-hosted gateway container image releases
Self-hosted gateway Helm chart releases
API Management service: September, 2022
A regular Azure API Management service update was started on September 7, 2022. It may take several weeks for your API Management service to receive the update.
Highlights
- Custom widget support in managed developer portal is now generally available.
- Expanded support for Azure Policy definitions for Azure API Management is now generally available.
- Support for OAuth 2.0 authorization code flow using PKCE for developer portal user sign-in and sign-up is now generally available.
New features, fixes, and improvements
- The new
allow-additional-properties
attribute of thevalidate-content
policy lets you implement a runtime override of theadditionalProperties
value configured in the JSON schemas - for example, to always prevent requests or responses with undefined schema properties, regardless of the JSON configuration. Documentation will be released soon in thevalidate-content
policy reference. - Account confirmation links in the account registration email notifications sent to developer portal users no longer include user ID and identity in the URL.
- We fixed an issue, where request and response validation policies would skip the
on-error
policy section if multiple validations failed. - Azure API Management no longer depends on the SMTP endpoints for sending email notifications and those endpoints can now be removed from the VNet configuration for allowed network traffic.
- We optimized performance of synthetic GraphQL APIs resolving multiple fields from the same endpoint.
- We fixed an issue, where using the developer portal test console configured with authorization code grant flow and OpenID Connect resulted in an error.
- We fixed an issue, where several properties in the "APIs - List By Service" management API response weren't propagated with values. The contract now follows the documented schema.
- We fixed an issue where an invalid request to create an API Schema could result in an
500 Internal Server Error
response. API Management now returns400 Bad Request
in such cases. - We fixed an issue, where an unsuccessful management operation on a policy fragment could result in failure of future management operations on that policy fragment.
- We fixed an issue, where built-in git repository export could fail.
Developer portal releases
Self-hosted gateway container image releases
Self-hosted gateway Helm chart releases
DevOps Resource Kit releases
Release - API Management service: July, 2022
A regular Azure API Management service update was started on July 20, 2022. It may take several weeks for your API Management service to receive the update.
New features, fixes, and improvements
- We optimized the loading time of API schemas for management plane (including Azure portal) and developer portal operations.
- We increased the maximum length of each URL path segment from 520 to 1024 characters.
- We fixed an issue, where API Management allowed creation of multiple API versions with empty identifiers within one API version set.
- We fixed an issue, where API Management deserialized C-style hex strings in exported OpenAPI files as hex values.
- We fixed an issue, where API Management failed to export OpenAPI definitions if referenced schemas didn't have the
typename
property defined. - The
set-body
policy now supportsxsi-nil
attribute with two values ("blank"
and"null"
) for controlling how elements marked withxsi:nil="true"
are represented in XML payloads. If the value is set toblank
, API Management uses the prior behavior, where nil is represented as an empty string. If the value is set tonull
, nil is represented with a null value. - You can now monitor inbound connectivity to the API Management control plane in the "Network status" tab of the "Network" page in the Azure portal interface for your API Management service.
- Authorizations now support Salesforce, ServiceNow, Twitter, Stripe, and Zendesk identity providers.
- Authorizations now support PKCE authorization flow in the generic OAuth2 identity provider.
- Improvements to the GraphQL support:
- API Management now supports GraphQL requests with the content type
application/graphql
. Previously, such requests resulted in a400 Bad request
error. - GraphQL resolvers can now be configured in policy fragments for reuse in the
backend
policy section. - We fixed an issue, where creating a new GraphQL API using the property
format: graphql-format
resulted in failures in execution of the management API operations or ARM templates. This property worked only for existing GraphQL APIs. - We fixed an issue, where accessing
context.Request
in a synthetic GraphQL API'sset-graphql-resolver
policy would overwrite thecontext.Request
value. - We fixed an issue, where parsing of lists with scalar values resulted in runtime errors.
- API Management now supports GraphQL requests with the content type
Developer portal releases
Self-hosted gateway container image releases
Browse the recently added release notes for older images:
Self-hosted gateway Helm chart releases
DevOps Resource Kit releases
Release - API Management service: June, 2022
A regular Azure API Management service update was started on June 20, 2022. It may take several weeks for your API Management service to receive the update.
Highlights
- GraphQL passthrough support is now generally available
- Synthetic GraphQL is now in public preview
- Authorizations are now in public preview
- Self-hosted gateway v2 is now generally available
- Reusable policy fragments are now generally available
- Developer portal's support for Content Security Policy and self-hosted portal CORS configuration are now generally available
- Learn how to prevent or mitigate OWASP API Security Top 10 threats in Azure API Management
New features, fixes, and improvements
- Email notifications now have valid SPF and DKIM signatures. Previously, the generated DKIM signatures were invalid.
System.Net.IpAddress
andSystem.Enum
namespaces are now allowed in policy expressions.- Scale-up operations will now fail faster if there isn't enough space in a virtual network subnet to accommodate additional API Management service units. The error will be included in the Activity Logs.
- We fixed an issue, where scale-up operations could get stuck for multiple days in
stv1
deployments. As a precaution against other potential problems with thestv1
architecture, we recommend migrating services to thestv2
architecture. Learn more about the migration process. - We fixed an issue, where WebSocket connections couldn't be established for requests with multiple
Connection
headers. - Management API SAS token can no longer be generated with an expiration date set in the past.
- "Dapr" is now a reserved backend entity ID.
Developer portal releases
Self-hosted gateway Helm releases
DevOps Resource Kit releases
Release - API Management service: May, 2022
A regular Azure API Management service update was started on May 10, 2022. It may take several weeks for your API Management service to receive the update.
New features, fixes, and improvements
- GraphQL support now includes policy-based authorizations,
graphql-ws
-based subscriptions, and improved developer portal and Azure portal interfaces. - Availability zone deployments are now available in the Switzerland North region.
- You can now access the API Management service name in runtime policies with the new
context.Deployment.ServiceId
property. TheServiceId
property is also included in Application Insights logs. validate-parameters
andvalidate-content
policies now support GUID properties defined asformat: uuid
.- Event Hub loggers can now use managed identity authentication. Azure portal interface for configuring this authentication is coming soon.
Changes
- Values of the
server name
property in Application Insights live metrics no longer include the.azure-api.net
suffix. - The value of
ServiceName
property in API inspector JSON no longer includes the.azure-api.net
suffix.
Developer portal releases
- 2.16.0 - highlights:
- Improvements to API reference pages and test console.
- Support for GraphQL subscriptions.
- 2.15.1 - highlights:
- Includes a fix for a regression in the API list dropdown widget introduced in version 2.15.0.
- 2.15.0 - highlights:
- The authorization server information has been temporarily removed from the API details widget, until a more complete solution is in place.
- Terms of use are now included in the authentication pages.
Self-hosted gateway Helm releases
DevOps Resource Kit releases
Release - API Management service: March, 2022
A regular Azure API Management service update was started on March 28, 2022. It may take several weeks for your API Management service to receive the update.
Starting with this service release, we will be posting regular release announcements only here, on GitHub, and we will not be posting them on Azure Updates. We will continue to post feature or breaking change announcements on Azure Updates and reference them in regular release notes on GitHub.
Featured
- SOAP and XML request and response validation is now generally available.
- Developer portal widget for embedding custom HTML code is now generally available.
- Azure Private Link support in Azure API Management is now in public preview.
- Tools for easier import of WSDL APIs and XSD and JSON schemas are now available on GitHub.
Breaking change advisory
Fixes and improvements
- To protect services from username enumeration attacks, any attempt to reset user's password now results in a successful response from the API Management service. Previously, API Management returned
404 Not Found
if the username didn't exist in the service. - Users no longer can subscribe to products that they don't have access to. Previously, product access configuration only restricted retrieval of product details and its APIs and it didn't prevent subscription attempts.
- If a policy expression contains a loop and takes over five seconds to execute, API Management will now terminate its execution to avoid infinite loops.
- You can now reference JSON schema resources from another JSON schema resource. The new schema entity is used for request or response validation.
- Null values are no longer accepted inside the
certificateIds
array when creating or updating backend entities. - Client disconnects from gateway are no longer reported as errors.
X-Forwarded-For
header logs now include addresses added by the gateway.- Severity level is now correctly configured in Application Insights traces. Previously,
verbose
andinformation
traces were logged to Application Insights with higher severity. - GraphQL request processing is now faster and more efficient thanks to a series of optimizations.
Developer portal releases
- 2.14.0 - highlights:
- Support for
contact
,license
, andtermsOfService
OpenAPI properties in the API reference pages. - Improvements to GraphQL API reference pages, including the code view.
- Support for
- 2.13.0 - highlights:
- HTML injection widget, which allows you to render custom HTML code in an iframe in your managed or self-hosted developer portal pages.
- Revised code samples in the test console and a new code sample for Swift.
DevOps Resource Kit releases
- 1.0.0-beta.1:
- Major code refactoring to the Extractor to make it more maintainable and easier to contribute to.
- Update of the API version used in the Extractor to the latest generally available version (
2021-08-01
). - Other fixes, improvements, and community contributions.
Release - API Management service: January, 2022
A regular Azure API Management service update was started on January 20, 2022, and included the following new features, bug fixes, and other improvements. It may take several weeks for your API Management service to receive the update.
Featured
New
- Published developer portals are now automatically upgraded to new portal releases, without the need to republish the portal manually. Automated upgrades will preserve the latest published content; they won't publish saved but unpublished content.
- You can now use curly brackets in a SOAP action URL template (for example,
/soapAction={wildcard}
) to define a wildcard SOAP action, which will match any SOAP request that doesn't have a dedicated action defined in the API. The value inside the curly brackets doesn't affect the execution. - Availability zones are now supported in the East Asia region.
- New .NET SDK for the management API is now available in preview.
Fixed
- Newly created diagnostic settings will no longer be configured to log request query parameters by default. As part of this change,
Diagnostic
entity'sdataMasking.queryParams
properties will be set with the following wildcard configuration{ "value": "*", "mode": "Hide"}
. The same wildcard configuration can also be applied todataMasking.headers
. - Self-hosted gateway now properly handles a certificate change (
certificateId
) for existing hostnames. - Multiple
validate-content
policies can now be specified in a single policy section. - It is now possible to delete a resource group with an
stv2
-based API Management service in a virtual network. Previously, the deletion could fail due to an unreleased public IP resource. Learn more aboutstv2
and API Management's infrastructure. ConfigurationChange
event is no longer logged in Resource Health for API Management service backups.tracestate
header values are no longer truncated after the first key-value pair.- An attempt to deploy an
stv2
API Management service into a virtual network subnet with anstv1
API Management service will now result in a descriptive error message.
Release - API Management service: October, 2021
A regular Azure API Management service update was started on October 25, 2021, and included the following new features, bug fixes, and other improvements. It may take several weeks for your API Management service to receive the update.
Featured
- Public preview: GraphQL passthrough support in Azure API Management.
- General availability: Native support for WebSocket APIs.
- General availability: API Management and Event Grid Integration.
New
- You can now import Azure Container App as an API in API Management.
- API Management now supports managed identity authentication for communication with Application Insights. To configure it, specify the
identityClientId
key in theproperties.credentials
property of theLogger
object and set the value to:systemAssigned
for a system-assigned identity, or- ID of a user-assigned identity.
- Support for the multi-dimensional
Request
metric in Azure Monitor is now generally available.
Fixed
- We fixed an issue, where the
Portal Revision
API marked all new developer portal revisions as current, regardless of theisCurrent
parameter's value. - We fixed an issue, where the
specified-parameter-action
attribute of thevalidate-parameters
policy was ignored. - Scale-outs of API Management services in the single-tenant v2 (
stv2
) infrastructure no longer affect existing service capacity. Previously, each scale-out forced a restart of the existing nodes. This optimization has already been implemented in services in thestv1
infrastructure and those services aren't affected by the change. - All header's schema properties are now preserved when importing an OpenAPI v3 document. Schemas for headers are supported in management API versions
2021-01-01-preview
or later. - Properties with
format: date
in OpenAPI documents are no longer converted to a date-time object. - Unknown countries are now reported as
Unknown
in the built-in API reports (Analytics tab in the Azure portal). - WebSocket APIs now support backend service URI with the WebSocket schema and a custom port.
Information
- Services deployed in a virtual network with forced tunneling need to allow an additional dependency for Windows activations. Although this requirement wasn't documented, it is not introduced by the current release.
Release - developer portal: 2.12.1
A new developer portal version has just been released.
If you use the built-in, managed developer portal, your portal will be automatically upgraded within two weeks. Make sure to republish it to upgrade the published portal.
If you self-host the developer portal, you need to merge the source code changes and republish and redeploy your portal manually.
Detailed release notes are available in the developer portal repository.