Azure API Management

Inside scoop from the API Management team

Release notes – July 19, 2016

We update the Azure API Management service on a regular basis, bringing you fixes and new features each time we do so. Up until now, we’ve been fairly quiet about telling everyone about what is included each time we do so – but we are going to be sharing that information now with you on this blog.

What happens when we do a release?

As each Azure API Management customer has their own service that we manage, a new release requires that we upgrade each one. Normally, this process will be seamless and service will go uninterrupted (customers using our Developer Tier may notice a small amount of downtime). Rolling the release out across every customer service normally takes around a week – so if we say a release is on it’s way out, it could take up to a week to get to your service.

Notable in this release

We have some new features and a number of stability fixes:

  • Mutual certificates for clients: In this release we give you the ability to do this using policies – here’s how the policy looks:
    <choose>
    <when condition="@( context.Request.Certificate != null && context.Request.Certificate.Thumbprint == "well-known-thumbprint” )" >
    </when>
    </choose>
  • Wildcard API endpoints: You can now use wildcard URLS for your API Endpoint Domain. To set this up, browse to the classic Azure portal, select your service and browse to configuration. You will need to ensure you have uploaded a wildcard domain SSL certificate also if you are using HTTPS.Here's where you can add wildcard URLs.
  • We reduced the database timeout on backup/restore to 30 minutes to ensure fast failure and to prevent scenarios where a restore appears to take a very long time.
  • We added a fix to ensure we stop request processing if a client disconnects – particularly useful for longer-running calls.
  • We now are case-insensitive when comparing subscription ids passed to the APIM REST API – preventing the request failing if the casing in the subscription is different.
  • Entities created through our management API cannot now include the characters #, &, +, :, <, > or ?  in their names. This fix tightens security by preventing potentially dangerous characters.

Let us know what you think!