Release - API Management service: October 2023

Highlights

• We're excited to announce availability of the Public Preview of our latest Azure API Management pricing tiers: Basic v2 and Standard v2.
• API Management is now Generally Available in the Israel Central and Italy North Azure regions.

New features, fixes and improvements

• You can now specify timeout in milliseconds in the the forward-request policy via the new timeout-ms attribute.
• We fixed an issue where a large request log entry blocked Azure monitor log stream.
• We fixed an issue where the emit-metric policy could fail the request when no diagnostic entries are configured at any of the scopes.
• We fixed an issue where a request to a GraphQL API with empty GraphQL resolver policy fails the request.
• We fixed a few bugs in the developer portal test console.
• We fixed an issue in the publisher component of the developer portal which caused it to fail when there was not enough memory for creating a snapshot.

Developer portal releases

• No releases.

Self-hosted gateway container image releases

• 2.3.5

Self-hosted gateway Helm chart releases

• 1.7.5

Release - API Management service: September 2023

New features, fixes, and improvements

1. We have introduced new Azure Advisor recommendations:
   • Use Azure AD authentication instead of gateway token for Configuration API
   • Identity self-hosted gateways using gateway tokens that will expire in < 7 days
   • Identity validate-jwt policy usage with insecure key size
2. We have removed support for the retired set-graphql-resolver policy which had already been replaced with GraphQL API resolvers.
3. We have fixed an issue where the OpenAPI would fail if the parameter names where empty.
4. We have fixed an issue where nested objects were being overridden when import OpenAPI was used.
5. We have fixed an issue where the FixOpenApi parameter schema can now import complex schemas.
6. We have fixed a bug where validate-azure-token policy was not properly using expressions to resolve tenant-id.
7. We have fixed an issue where deleting the API release will now return 204 instead of 404 if release does not exist.
8. We have fixed an issue where the Deletion of API was not removing all of the releases. When deleting an API it will now delete all of its releases.
9. We have fixed an issue where the DELETE operation for API endpoint was synchronous and timing out. The DELETE operation has been made asynchronous to fix this issue.

Self-hosted gateway container image releases

1. 2.3.4
2. 2.3.3
3. 2.3.2
4. 2.3.1
5. 2.3.0

Self-hosted gateway Helm chart releases

1. 1.7.4
2. 1.7.3
3. 1.7.2
4. 1.7.1
5. 1.7.0

Release - API Management service: April 2023

Highlights

1. Azure API Management and Microsoft Defender for APIs integration is now in preview. Learn how Microsoft bolsters cloud-native security in Defender for Cloud with new API security capabilities.
2. Workspaces in Azure API Management are now in preview.
3. Synthetic GraphQL is now generally available.
4. Authorizations in Azure API Management are now generally available.
5. Incoming traffic to Azure API Management's gateway can be secured to clients running in a virtual network through Azure Private Link.

New features, fixes, and improvements

1. We fixed an issue, where the customers potentially could not change organization or email in the email notifications.

Developer portal releases

1. 2.23.0

Self-hosted gateway container image releases

1. 2.2.0

Self-hosted gateway Helm chart releases

1. 1.6.0

Release - API Management service: February & March 2023

A regular Azure API Management service update was started February 9, 2023. This release concluded rollout on March 31, 2023.

New features, fixes, and improvements

1. We added the new context.Deployment.Gateway.* object with several properties for accessing gateway information in runtime policies. (Learn more)
2. We fixed an issue, where the definition names in the API schema would display blank spaces.
3. We fixed an issue, where the developer portal was hiding default domain, a parameter has been added to include default domain in the hostnames.
4. We fixed an issue, where the API revisions were not being properly filtered.
5. We fixed an issue, where adding API schemas with the same namespace resulted in an error.
6. We fixed an issue, where policies contained all named values which caused a problem for secrets. The policy failed to check if given user had access to secret.
7. We fixed an issue, whereby Azure Active Directory v1 tokens could be validated with validate-azure-ad-token policy, but v2 tokens could not be validated. With this release, both v1 and v2 tokens are supported.
8. Previously, validate-azure-ad-token would only validate tokens against the public cloud instance of Azure Active Directory (AD). With this release, token validation is supported in every Azure cloud where Azure Active Directory is available.
9. Previously, the gateway would not refresh the GraphQL schema when it was updated from the Azure portal. The gateway now correctly refreshes the GraphQL schema after it's updated in the Azure portal.
10. We implemented a GraphQL context variable to allow access to all portions of the GraphQL context within policy expressions.

Self-hosted gateway container image release

1. 2.2.0 (Preview 1)
2. 2.1.8
3. 2.1.7

Self-hosted gateway Helm chart

1. 1.5.5
2. 1.5.4
3. 1.5.3
4. 1.5.2

Release - API Management service: December, 2022

A regular Azure API Management service update was started on December 8, 2022. This release will continue to roll out through January 2023.

New features, fixes, and improvements

1. The log-to-eventhub policy now supports securing connections to Azure Event Hub with managed identity.
2. We fixed an issue, where the GraphQL in API Management will no longer fail when an introspection query is added to the synthetic GraphQL resolver policy.
3. We fixed an issue, where saving some policy fragments in Consumption tier services was failing.
4. We fixed an issue, where modifying a policy using client SDKs or PowerShell was failing with a 406 Not Acceptable response. The issue was caused by the management API's failure to handle PUT requests with the wildcard (*/*) Accept header.

Developer portal releases

1. 2.22.0

Release - API Management service: October, 2022

A regular Azure API Management service update was started on October 31, 2022. It may take several weeks for your API Management service to receive the update.

Feature retirements

1. Support for Azure API Management self-hosted gateway version 0 and version 1 ends 1 October 2023.

New features, fixes, and improvements

1. You can now easily validate Azure Active Directory tokens on incoming requests with the new validate-azure-ad-token policy. Learn more in the documentation or blog post.
2. We fixed an issue, where API Management didn't allow clients to open new WebSocket connections even though they didn't exceed the connections limit.
3. API Management updates are now rolled out to one Availability Zone at a time. Previously, updates were rolled out to multiple Availability Zones, reducing the service capacity by up to 50%.
4. You can now use cors and caching policies (cache-store and cache-lookup) inside policy fragments. Previously the cors policy inside policy fragments didn't correctly apply CORS configuration to the API; caching policies couldn't be configured due to an error.
5. API Management scale-out attempts that fail due to insufficient subnet capacity are now properly logged in Activity Logs.
6. XML schema validation with validate-content policy no longer results in validation errors for elements with type "anyType".
7. The execution time of the send-one-way-request policy is no longer included in the backendTime metric in the diagnostic logs, since it's an asynchronous, non-blocking operation. Previously, it was included in the backendTime metric but excluded from the totalTime metric.

Developer portal releases

1. 2.21.0
2. 2.20.0
3. 2.19.1

Self-hosted gateway container image releases

1. 2.1.6
2. 2.1.5

Self-hosted gateway Helm chart releases

1. 1.5.1
2. 1.5.0

API Management service: September, 2022

A regular Azure API Management service update was started on September 7, 2022. It may take several weeks for your API Management service to receive the update.

Highlights

1. Custom widget support in managed developer portal is now generally available.
2. Expanded support for Azure Policy definitions for Azure API Management is now generally available.
3. Support for OAuth 2.0 authorization code flow using PKCE for developer portal user sign-in and sign-up is now generally available.

New features, fixes, and improvements

1. The new allow-additional-properties attribute of the validate-content policy lets you implement a runtime override of the additionalProperties value configured in the JSON schemas - for example, to always prevent requests or responses with undefined schema properties, regardless of the JSON configuration. Documentation will be released soon in the validate-content policy reference.
2. Account confirmation links in the account registration email notifications sent to developer portal users no longer include user ID and identity in the URL.
3. We fixed an issue, where request and response validation policies would skip the on-error policy section if multiple validations failed.
4. Azure API Management no longer depends on the SMTP endpoints for sending email notifications and those endpoints can now be removed from the VNet configuration for allowed network traffic.
5. We optimized performance of synthetic GraphQL APIs resolving multiple fields from the same endpoint.
6. We fixed an issue, where using the developer portal test console configured with authorization code grant flow and OpenID Connect resulted in an error.
7. We fixed an issue, where several properties in the "APIs - List By Service" management API response weren't propagated with values. The contract now follows the documented schema.
8. We fixed an issue where an invalid request to create an API Schema could result in an 500 Internal Server Error response. API Management now returns 400 Bad Request in such cases.
9. We fixed an issue, where an unsuccessful management operation on a policy fragment could result in failure of future management operations on that policy fragment.
10. We fixed an issue, where built-in git repository export could fail.

Developer portal releases

1. 2.19.0
2. 2.18.2

Self-hosted gateway container image releases

1. 2.1.4

Self-hosted gateway Helm chart releases

1. 1.4.1

DevOps Resource Kit releases

1. 1.0.0 (general availability)
2. 1.0.0-beta.11
3. 1.0.0-beta.10
4. 1.0.0-beta.9
5. 1.0.0-beta.8

Release - API Management service: July, 2022

A regular Azure API Management service update was started on July 20, 2022. It may take several weeks for your API Management service to receive the update.

New features, fixes, and improvements

1. We optimized the loading time of API schemas for management plane (including Azure portal) and developer portal operations.
2. We increased the maximum length of each URL path segment from 520 to 1024 characters.
3. We fixed an issue, where API Management allowed creation of multiple API versions with empty identifiers within one API version set.
4. We fixed an issue, where API Management deserialized C-style hex strings in exported OpenAPI files as hex values.
5. We fixed an issue, where API Management failed to export OpenAPI definitions if referenced schemas didn't have the typename property defined.
6. The set-body policy now supports xsi-nil attribute with two values ("blank" and "null") for controlling how elements marked with xsi:nil="true" are represented in XML payloads. If the value is set to blank, API Management uses the prior behavior, where nil is represented as an empty string. If the value is set to null, nil is represented with a null value.
7. You can now monitor inbound connectivity to the API Management control plane in the "Network status" tab of the "Network" page in the Azure portal interface for your API Management service.
8. Authorizations now support Salesforce, ServiceNow, Twitter, Stripe, and Zendesk identity providers.
9. Authorizations now support PKCE authorization flow in the generic OAuth2 identity provider.
10. Improvements to the GraphQL support:
    1. API Management now supports GraphQL requests with the content type application/graphql. Previously, such requests resulted in a 400 Bad request error.
    2. GraphQL resolvers can now be configured in policy fragments for reuse in the backend policy section.
    3. We fixed an issue, where creating a new GraphQL API using the property format: graphql-format resulted in failures in execution of the management API operations or ARM templates. This property worked only for existing GraphQL APIs.
    4. We fixed an issue, where accessing context.Request in a synthetic GraphQL API's set-graphql-resolver policy would overwrite the context.Request value.
    5. We fixed an issue, where parsing of lists with scalar values resulted in runtime errors.

Developer portal releases

1. 2.18.1
2. 2.18.0

Self-hosted gateway container image releases

1. 2.1.3
2. 2.1.2
3. 2.1.1
4. 2.0.4

Browse the recently added release notes for older images:

1. 2.1.0
2. 2.0.3
3. 2.0.2
4. 2.0.1
5. 2.0.0

Self-hosted gateway Helm chart releases

1. 1.4.0
2. 1.3.1
3. 1.3.0

DevOps Resource Kit releases

1. 1.0.0-beta.8
2. 1.0.0-beta.7

Release - API Management service: June, 2022

A regular Azure API Management service update was started on June 20, 2022. It may take several weeks for your API Management service to receive the update.

Highlights

1. GraphQL passthrough support is now generally available
2. Synthetic GraphQL is now in public preview
3. Authorizations are now in public preview
4. Self-hosted gateway v2 is now generally available
5. Reusable policy fragments are now generally available
6. Developer portal's support for Content Security Policy and self-hosted portal CORS configuration are now generally available
7. Learn how to prevent or mitigate OWASP API Security Top 10 threats in Azure API Management

New features, fixes, and improvements

1. Email notifications now have valid SPF and DKIM signatures. Previously, the generated DKIM signatures were invalid.
2. System.Net.IpAddress and System.Enum namespaces are now allowed in policy expressions.
3. Scale-up operations will now fail faster if there isn't enough space in a virtual network subnet to accommodate additional API Management service units. The error will be included in the Activity Logs.
4. We fixed an issue, where scale-up operations could get stuck for multiple days in stv1 deployments. As a precaution against other potential problems with the stv1 architecture, we recommend migrating services to the stv2 architecture. Learn more about the migration process.
5. We fixed an issue, where WebSocket connections couldn't be established for requests with multiple Connection headers.
6. Management API SAS token can no longer be generated with an expiration date set in the past.
7. "Dapr" is now a reserved backend entity ID.

Developer portal releases

1. 2.17.0

Self-hosted gateway Helm releases

1. 1.2.0

DevOps Resource Kit releases

1. 1.0.0-beta.6
2. 1.0.0-beta.5

Release - API Management service: May, 2022

A regular Azure API Management service update was started on May 10, 2022. It may take several weeks for your API Management service to receive the update.

New features, fixes, and improvements

1. GraphQL support now includes policy-based authorizations, graphql-ws-based subscriptions, and improved developer portal and Azure portal interfaces.
2. Availability zone deployments are now available in the Switzerland North region.
3. You can now access the API Management service name in runtime policies with the new context.Deployment.ServiceId property. The ServiceId property is also included in Application Insights logs.
4. validate-parameters and validate-content policies now support GUID properties defined as format: uuid.
5. Event Hub loggers can now use managed identity authentication. Azure portal interface for configuring this authentication is coming soon.

Changes

1. Values of the server name property in Application Insights live metrics no longer include the .azure-api.net suffix.
2. The value of ServiceName property in API inspector JSON no longer includes the .azure-api.net suffix.

Developer portal releases

1. 2.16.0 - highlights:
   • Improvements to API reference pages and test console.
   • Support for GraphQL subscriptions.
2. 2.15.1 - highlights:
   • Includes a fix for a regression in the API list dropdown widget introduced in version 2.15.0.
3. 2.15.0 - highlights:
   • The authorization server information has been temporarily removed from the API details widget, until a more complete solution is in place.
   • Terms of use are now included in the authentication pages.

Self-hosted gateway Helm releases

1. 1.1.0

DevOps Resource Kit releases

1. 1.0.0-beta.4
2. 1.0.0-beta.3
3. 1.0.0-beta.2