Azure API Management

Inside scoop from the API Management team

Release notes – September 18, 2017

On Tuesday, September 18, 2017, we began to deploy a regular service update. We upgrade production services in batches, and it takes about a week for the update to complete.

Below is the list of new features, improvements, and bug fixes in this release.

New functionality

  • We launched a public preview of API Management in China. The service is functionally equivalent to public regions with the exception AAD B2C and Azure Monitor integration.
  • We updated developer portal sign up and password reset pages with a friendlier and more intelligent captcha, also used by Microsoft Account,, and other Microsoft online properties.
  • Now you can use non-trusted certificates for custom domain names and backends by uploading intermediate and root certificates.  The feature is supported via Azure Resource Manager templates and API. Powershell support is on the way. Here is an API example:
    /subscriptions/subscriptionId/resourceGroups/resourceGroupName/providers/Microsoft.ApiManagement/service/serviceName?api-version=2017-03-01 HTTP/1.1
    Content-Type: application/json
    "properties": {
    "certificates": [
    "encodedCertificate" : "Base 64 encoded Certificate",
    "certificatePassword": "Password of Certificate",
    "storeName": "Root"
    "encodedCertificate" : "Base 64 encoded Certificate",
    "certificatePassword": "Password of Certificate",
    "storeName": "CertificateAuthority"

Updates and fixes

  • We made a few updates to the Azure Portal management experience:
    • Calculate effective policy button was added to the Policy Editor page.
    • User authorization configuration (OAuth 2.0, OpenID Connect) was added to the API Settings page.
    • Product selector was added to all of the Add API popups.
  • We fixed a regression where the Default Site Culture setting on the Developer Portal Settings page was not correctly applied.
  • Attachments on the Developer Portal’s Issues page now work again.
  • We added support for delimited, multi-valued claims (e.g. "claim": "foo, bar") to the validate JWT policy