API Management documentation

Learn how to use API Management to publish APIs to external, partner, and employee developers securely and at scale. Create and manage modern API gateways for existing back-end services hosted anywhere.

• Azure API Management Documentation
• Overview and concepts
  • About API Management
  • API Management features availability
  • API Management gateways
  • v2 service tiers
  • Understand terminology
  • Service limits
• Get started
  • What's new in API Management
  • Create an instance
    • Create an instance - CLI
    • Create an instance - Portal
    • Create an instance - PowerShell
    • Create an instance - Visual Studio Code
    • Create an instance - Bicep
    • Create an instance - ARM template
    • Create an instance - Terraform
  • Tutorials
    • 1 - Import your first API
    • 2 - Create and publish a product
    • 3 - Mock API responses
    • 4 - Protect your API
    • 5 - Monitor published APIs
    • 6 - Debug your APIs
    • 7 - Add revisions
    • 8 - Add multiple versions
    • 9 - Customize developer portal
    • 10 - Manage APIs in Visual Studio Code
    • 11 - Link to an API Center
• Manage AI models, tools, and agents
  • AI Gateway overview
    • AI Gateway capabilities
  • Manage LLM APIs
    • Import Microsoft Foundry API
    • Import Azure OpenAI API
    • Import language model API
    • Import Google Gemini API
    • Import Amazon Bedrock API
    • Authenticate and authorize to LLM APIs
  • AI tools and agent integrations
    • Model Context Protocol MCP server capabilities
    • Expose REST API as MCP server
    • Expose existing MCP server
    • Secure access to MCP servers
    • Import agent-to-agent A2A API
  • Logging, metrics, and semantic caching
    • Log LLM tokens, requests, and responses
    • Semantic caching for LLM API requests
• Create and import APIs
  • Add an API manually
  • Import REST APIs
    • Import an OpenAPI Specification
    • Import an App Service web API
    • Import a Container App web API
    • Import a Function App web API
    • Import a Logic App
    • Import a WebSocket API
    • Configure API for server-sent events SSE
  • Import non-REST APIs
    • Import a Simple Object Access Protocol SOAP API
    • Import a SOAP API and convert to REST
    • GraphQL API options
    • Import a passthrough GraphQL API
    • Import and resolve GraphQL schema
    • Import gRPC API
    • Import Open Data Protocol OData API
    • Import SAP OData metadata
  • Import microservices as APIs
    • Manage microservices deployed in Azure Kubernetes Service AKS
    • Integrate with Service Fabric
    • Configure Service Fabric backend
  • API import restrictions
  • Edit and manage API configurations
    • Edit an API
    • Manage API versions
    • Manage API revisions
    • Configure backends
    • Automate API deployments
  • Configure caching
    • Caching overview
    • Add caching to improve performance
    • Custom caching
• Manage APIs with policies
  • API Management policies overview
  • Set or edit policies
  • Author policies using Azure Copilot
  • Create and debug policies in Visual Studio Code VS Code
  • Use policy expressions
  • Reuse policy configurations
  • Handle errors in policies
  • Monitor APIs with advanced logging
  • Implement advanced request throttling
  • Call external services from policies
  • Send messages to Azure Service Bus
  • Manage secrets using named values
  • Configure a GraphQL resolver
• Deploy, scale, and operate
  • Configure instance
    • Create an instance
    • Configure a custom domain
    • Configure autoscale
    • Plan and manage costs
    • Understand service limits
    • Use an external cache
    • Configure update settings
    • Landing zone accelerator
  • Scale and manage operations
    • Use capacity for scaling decisions
    • Upgrade and scale
    • Move instances between regions
    • Recover a deleted instance
    • Use role-based access control
    • Use managed identities for Azure resources
    • Send events to Event Grid
    • Reduce environmental impact
    • Manage using automation
    • DevOps and Continuous Integration/Continuous Deployment CI/CD
    • Migrate Amazon API Gateway to Azure API Management
  • Networking and security
    • Networking options
    • Network isolation - classic tiers
      • Virtual network injection classic tiers - requirements
      • Deploy to virtual network - external
      • Deploy to virtual network - internal
      • Integrate Application Gateway in internal virtual network
    • Network isolation - v2 tiers
      • Virtual network injection v2 tiers
      • Virtual network integration v2 tiers
    • Virtual network for workspace gateways
    • Connect privately using private endpoint
    • Retrieve IP addresses
    • Defend against Distributed Denial of Service DDoS attacks
    • Configure Front Door
    • Security controls by Azure Policy
    • Security baseline
  • Reliability and disaster recovery
    • Access resource protected by network security perimeter
  • Configuration management
    • Landing zone accelerator
    • Manage using automation
    • DevOps and CI/CD
  • Resiliency and reliability
    • Reliability in API Management
    • Deploy to multiple Azure regions
    • Enable availability zones
    • Set up DR using backup/restore
• Secure API access
  • API authentication and authorization options
  • Authenticate APIs with Microsoft Entra ID
    • Protect product APIs with Microsoft Entra ID applications
    • Protect your API with Microsoft Entra ID
    • Protect your API with Azure AD B2C
  • Authenticate with certificates
    • Secure APIs using client certificate authentication
    • Mutual certificate authentication for backend
    • Manage Certificate Authority CA certificates
  • Manage API credentials
    • Credential manager overview
    • Managed connections - process flows
    • Configure common credential providers
    • Configure credential manager - Microsoft Graph API
    • Configure credential manager - GitHub
    • Configure credential manager - user-delegated permissions
    • Configure multiple connections
  • Security hardening
    • Manage protocols and ciphers
    • Protect with Defender for APIs
    • Mitigate Open Web Application Security Project OWASP API threats
• Monitoring and observability
  • Observability overview
  • Monitor API Management
  • Log events to Azure Event Hubs
  • Log requests with Azure Application Insights
• Workspaces for federated API management
  • Workspaces overview
  • Create a workspace
• Self-hosted gateway
  • Self-hosted gateway overview
  • Install and deploy
    • Provision a self-hosted gateway
    • Deploy a self-hosted gateway to Azure Kubernetes Service
    • Deploy a self-hosted gateway to Kubernetes YAML
    • Deploy a self-hosted gateway to Kubernetes Helm
    • Deploy self-hosted gateway to Kubernetes with OpenTelemetry Collector integration
    • Deploy a self-hosted gateway to Docker
    • Deploy a self-hosted gateway to Azure Container Apps
    • Deploy an Azure API Management gateway to Arc-enabled Kubernetes cluster
  • Configure self-hosted gateway
    • Configure custom domain for self-hosted gateway
    • Configure cloud metrics and logs for self-hosted gateway
    • Configure local metrics and logs for self-hosted gateway
    • Enable Dapr support on self-hosted gateway
    • Configure authentication to cloud instance
      • Self-hosted gateway authentication options
      • Authenticate with Microsoft Entra ID - workload identity
      • Authenticate with Microsoft Entra ID - client secret
      • Authenticate with an access token
    • Run self-hosted gateway in production
    • Self-hosted gateway support policy
• Developer portal and publishing
  • Manage users, groups, and subscriptions
    • Manage user accounts
    • Manage groups
    • Understand subscriptions
    • Create subscriptions
  • Customize the developer portal
    • Understand the developer portal
    • Frequently asked questions - developer portal
    • Automate portal deployments
    • Extend portal with custom functionality
    • Enable Cross-Origin Resource Sharing CORS for interactive console
    • Enable console OAuth support
    • Integrate Application Insights
    • Integrate Google Tag Manager
    • Customize developer portal on WordPress
  • Self-host the developer portal
    • Create self-hosted portal
    • Alternative approaches to self-hosting
    • Test self-hosted portal
  • Secure developer portal access
    • Options to secure developer portal access
    • Authenticate with username and password
    • Authenticate with Microsoft Entra ID
    • Authenticate with Azure AD B2C
    • Delegate authentication
    • Email notifications and templates
  • Export APIs
    • Synchronize APIs to API Center
    • Export APIs to Postman for API development
    • Export APIs to the Power Platform
      • Export API as custom connector
      • Enable Cross-Origin Resource Sharing CORS for custom connector
  • Monetize APIs
    • Monetization overview
    • How API Management supports monetization
• Troubleshoot
  • Diagnose issues in production
  • Troubleshoot failed to update hostnames error
  • Troubleshoot response time-outs and errors
• Reference
  • Azure CLI
  • Azure PowerShell
  • Azure PowerShell samples
  • Monitoring data reference
  • REST API
  • REST API SDKs
    • .NET
    • JavaScript
    • Java
    • Python
    • Go
    • Ruby
  • Resource Manager template
  • Terraform provider
  • API Management policies
    • Policy reference index
    • Authentication policies
      • authentication-basic
      • authentication-certificate
      • authentication-managed-identity
      • validate-azure-ad-token
      • validate-client-certificate
      • validate-jwt
      • get-authorization-context
      • validate-headers
      • validate-parameters
      • validate-content
      • validate-graphql-request
      • validate-odata-request
      • validate-status-code
    • Request and response transformation
      • cors
      • cross-domain
      • check-header
      • find-and-replace
      • rewrite-uri
      • redirect-content-urls
      • set-body
      • set-header
      • set-method
      • set-query-parameter
      • set-status
      • set-variable
      • json-to-xml
      • xml-to-json
      • jsonp
      • choose
      • forward-request
      • include-fragment
      • proxy
      • return-response
      • mock-response
      • send-request
      • send-one-way-request
      • send-service-bus-message
      • publish-event
      • publish-to-dapr
      • invoke-dapr-binding
      • set-backend-service
      • set-backend-service Dapr
      • http-data-source
      • cosmosdb-data-source
      • sql-data-source
      • wait
      • retry
    • Caching
      • cache-lookup
      • cache-lookup-value
      • cache-store
      • cache-store-value
      • cache-remove-value
    • Throttling and rate limits
      • quota
      • quota-by-key
      • rate-limit
      • rate-limit-by-key
      • limit-concurrency
      • ip-filter
    • Observability and logging
      • emit-metric
      • log-to-eventhub
      • trace
    • AI-related policies
      • azure-openai-emit-token-metric
      • azure-openai-semantic-cache-lookup
      • azure-openai-semantic-cache-store
      • azure-openai-token-limit
      • llm-content-safety
      • llm-emit-token-metric
      • llm-semantic-cache-lookup
      • llm-semantic-cache-store
      • llm-token-limit
  • Azure Policy built-ins
  • Event Grid events schema
  • Virtual network configuration
  • Self-hosted gateway container configuration
  • Self-hosted gateway Azure Arc configuration
• Resources
  • Stack Overflow
  • Microsoft Q&A question page
  • GitHub policy snippets
  • Azure updates
  • Pricing
  • Regional availability
  • API design ebook
  • API security strategy ebook
  • Web API implementation
  • RESTful web API design
  • Community
  • FAQ
  • Breaking changes and retirements
    • Breaking changes overview
    • Virtual network changes March 2023
    • Metrics retirements August 2023
    • Virtual network changes September 2023
    • Deprecated legacy developer portal October 2023
    • Workspaces preview breaking changes June 2024
    • API version retirements June 2024
    • Workspaces preview breaking changes, part 2 March 2025
    • Git configuration retirement March 2025
    • Direct management API retirement March 2025
    • Managed certificates suspension August 2025 - March 2026
    • ADAL-based identity provider retirement September 2025
    • CAPTCHA endpoint update September 2025
    • Trusted service connectivity retirement March 2026
    • Built-in analytics dashboard retirement March 2027