Release - API Management service: October, 2020

A regular Azure API Management service update was started on October 21, 2020, and included the following new features and bug fixes, along other improvements. It may take several weeks for your API Management service to receive the update.

New

1. You can now create Developer, Basic, Standard, or Premium API Management services in the Brazil Southeast region.

2. xml-to-json policy supports two new parameters for handling empty values and trimming string values:

   <xml-to-json empty-values="preserve|asNull" trim="true|false" />

3. context.Request.Body and context.Response.Body support three new methods:

   JToken AsJToken(bool preserveContent = false, JsonSerializerSettings settings = null);
   JObject AsJObject(bool preserveContent = false, JsonSerializerSettings settings = null);
   JArray AsJArray(bool preserveContent = false, JsonSerializerSettings settings = null);

4. Liquid templates in the <set-body> policy now support accessing JObject and JArray variables, for example: context.Variables.contoso.property or context.Variables.contosoarray[0].property.

5. validate-jwt policy now supports JWE tokens compressed with the default algorithm.

6. Network Status API now returns status for the Azure Active Directory endpoint.

7. Named Values API now supports filtering by ID.

8. The "Max" aggregation has been enabled for the capacity metric in the Developer, Basic, Standard, and Premium service tiers. Note that in tiers other than Premium, it will show the value 0.

Fixed

1. Developer portal session is now correctly persisted in case of redirects to other websites. Previously, the session could have been lost when using sign-in delegation or redirecting to websites from e-mail notifications.
2. Developer portal now supports additional OAuth parameters for acquiring access tokens, which enables integration with external identity providers, like Auth0.
3. API Management now correctly handles wildcard OpenAPI parameters, such as /sample-operation/{*rest}.
4. We fixed several bugs, which could result in inaccurate Network Status API responses.
5. We fixed a bug, where API Management stored incorrect payload in the cache if a request contained conditional headers If-Modified-Since or If-None-Match and cache entry didn't exist.

Changed

1. The Connection header is no longer forwarded from the backend to the client.

Developer portal follows an independent release lifecycle and the per-release changelog is available on GitHub.

Release - self-hosted gateway: 1.1.0

New stable version of the self-hosted gateway is now available. Full list of container versions can be found here.

New

1. Migrated to .NET Core 3.1.
2. Migrated to mcr.microsoft.com/dotnet/core/aspnet:3.1.8-alpine3.12 base image.

Bug fixes

1. Connection closed (not re-used) when empty response is received from the upstream.
2. External cache selection is not updated when self-hosted gateway location is changed.

Breaking changes

None

Release - developer portal: 2.5.1

A new developer portal version has just been released.

If you're using the built-in (managed) developer portal, your portal will be automatically upgraded within two weeks. Make sure to republish it to upgrade the published portal.

If you're using a self-hosted developer portal, you need to merge the source code changes and republish and redeploy your portal manually.

Detailed release notes are available in the developer portal repository.

Preview: Debug API Management policies in real time

With the latest release of the Visual Studio Code extension for API Management, you will be able to debug policies configured in your Azure API Management services in real time. This new capability allows you to initiate live debugging sessions from Visual Studio Code, set breakpoints on policy statements, step into and over policies, inspect request context properties, and examine errors during policy execution.

This feature is available in the Developer tier only.

Get the Visual Studio Code extension and learn how to debug policies.

Release - API Management service: September, 2020

A regular Azure API Management service update was started on September 9, 2020, and included the following new features, bug fixes, and changes, along with other improvements. It may take over a week for your API Management service to receive the update.

New

1. You can now prevent users with “read” permissions only from accessing service secrets by enforcing management plane API calls to use API version 2019-12-01 or later. This setting can be enabled:
   • Via a service-level REST API call with the minApiVersion property set to 2019-12-01.
   • In the “Management API settings” tab of the “Management API” section in the Azure portal.
     
2. New functionality in the “Developer portal overview” section in the Azure portal lets you easily configure Azure Active Directory as an identity provider for sign-in and sign-up actions in the developer portal - by automating Azure AD application provisioning and service configuration.
3. Built-in API reports now include cache hit and miss metrics for the cache-lookup-value policy. Data is available only through the REST API, interface in the Azure portal is coming soon.

Fixed

1. Removing virtual network configuration is now also possible with a PATCH request in API version 2019-12-01.
2. SMTP monitor is no longer stuck in the initializing state in case of network misconfiguration.
3. Disabling TLS 1.0 or 1.1 for backend-side transport security now takes effect as expected. Before, the TLS protocols might have not been disabled despite the respective setting in API Management.

Changed

1. Default TLS certificates in all public Azure regions are updated to use a different set of Root Certificate Authorities (DigiCert Global Root G2). You can learn more about this change in the official documentation. No action is required unless your application explicitly specifies a list of acceptable CAs (known as certificate pinning). As a reminder, we advise to never take dependency on default TLS certificates or issuers of default TLS certificate provided by Azure API Management service, as they can be changed any time.
2. Previous implementation of subscription delegation in the new developer portal didn’t account for the order of parameters in the HMAC signature, which might have resulted in delegation failures. Your applications should compute the signature in accordance to the official Azure documentation: HMAC(salt + '\n' + productId + '\n' userId). If the order of the parameters in the signature is incorrect, the product subscription delegation flow will stop working.
3. Diagnostic logs are no longer captured if API-level sampling is set to 0%. Previously, in such cases settings were inherited from the global scope.
4. Response of the Network Status API call now contains two additional properties for each dependency: type and isOptional.
5. You can now specify Application Insights telemetry Operation Name as URL or name with the new operationNameFormat property in the DiagnosticContract.

The developer portal follows an independent release lifecycle and the per-release changelog is available on GitHub.