API Management documentation

Learn how to use API Management to publish APIs to external, partner, and employee developers securely and at scale. Create and manage modern API gateways for existing back-end services hosted anywhere.

• Azure API Management Documentation
• Get started
  • What's new?
  • Overview
    • About API Management
    • API Management features availability
    • API Management gateways
    • v2 service tiers
    • Terminology
    • Service limits
  • Create an instance
    • Create an instance - CLI
    • Create an instance - Portal
    • Create an instance - PowerShell
    • Create an instance - Visual Studio Code
    • Create an instance - Bicep
    • Create an instance - ARM template
    • Create an instance - Terraform
  • Tutorials
    • 1 - Import your first API
    • 2 - Create and publish a product
    • 3 - Mock API responses
    • 4 - Protect your API
    • 5 - Monitor published APIs
    • 6 - Debug your APIs
    • 7 - Add revisions
    • 8 - Add multiple versions
    • 9 - Customize developer portal
    • 10 - Manage APIs in Visual Studio Code
• Deployment and operations
  • Provision and scale
    • Use capacity for scaling decisions
    • Upgrade and scale
    • Configure autoscale
    • Plan and manage costs
    • Configure a custom domain
    • Use an external cache
    • Compute platform
    • Migrate from stv1 to stv2 platform
      • Scenarios to migrate to stv2
      • Migrate a non-VNet-injected instance
      • Migrate a VNet-injected instance
    • Validate service updates
    • Move instances between regions
    • Recover a deleted instance
    • Use role-based access control
    • Use managed identities for Azure resources
    • Send events to Event Grid
  • Network isolation
    • Networking options
    • Network isolation - classic tiers
      • Virtual network injection classic tiers - requirements
      • Deploy to virtual network - external
      • Deploy to virtual network - internal
      • Integrate Application Gateway in internal virtual network
    • Network isolation - v2 tiers
      • Virtual network injection v2 tiers
      • Virtual network integration v2 tiers
    • Virtual network integration workspace gateway - requirements
    • Connect privately using private endpoint
    • Retrieve IP addresses
    • Defend against DDoS attacks
    • Configure Front Door
  • Workspaces
    • Workspaces overview
    • Create a workspace
  • Configuration management
    • Landing zone accelerator
    • Manage using automation
    • Configure using Git
    • DevOps and CI/CD
  • Resiliency
    • High availability features
    • Deploy to multiple Azure regions
    • Enable availability zones
    • Set up DR using backup/restore
  • Security
    • Security controls by Azure Policy
    • Security baseline
• Logs and monitoring
  • Observability
  • Get API analytics
  • Log events to Azure Event Hubs
  • Log requests with Azure Application Insights
  • Visualize data using Managed Grafana
• Define APIs
  • Add and import APIs
    • Add an API manually
    • Import an OpenAPI Specification
    • Import a SOAP API
    • Import a SOAP API and convert to REST
    • Import a WebSocket API
    • GraphQL
      • GraphQL API options
      • Import a passthrough GraphQL API
      • Import and resolve GraphQL schema
    • Import an App Service web API
    • Import a Container App web API
    • Import a Function App web API
    • Import a Logic App
    • Configure Service Fabric backend
    • OData
      • Import OData API
      • Import SAP OData metadata
    • Import gRPC API
    • Azure OpenAI and LLM APIs
      • GenAI gateway capabilities in API Management
      • Import Azure OpenAI API
      • Authenticate and authorize to Azure OpenAI
      • Semantic caching for Azure OpenAI API requests
      • Protect Azure OpenAI keys
    • Configure API for SSE
    • API import restrictions
    • Microservices as APIs
      • Manage microservices deployed in AKS
      • Integrate with Service Fabric
  • Modify APIs
    • Edit an API
    • Versions
    • Revisions
    • Backends
    • Automate API deployments
  • Cache
    • Add caching to improve performance
    • Custom caching
• Manage APIs with policies
  • API Management policies overview
  • Set or edit policies
  • Author policies using Microsoft Copilot in Azure
  • Debug policies in VS Code
  • Policy expressions
  • Reuse policy configurations
  • Error handling
  • Advanced monitoring
  • Advanced request throttling
  • Using external services
  • Manage secrets using named values
  • Configure a GraphQL resolver
• Manage APIs on-premises and in other clouds
  • Self-hosted gateway overview
  • Deploy the gateway
    • Provision a self-hosted gateway
    • Deploy a self-hosted gateway to Azure Kubernetes Service
    • Deploy a self-hosted gateway to Kubernetes YAML
    • Deploy a self-hosted gateway to Kubernetes Helm
    • Deploy self-hosted gateway to Kubernetes with OpenTelemetry Collector integration
    • Deploy a self-hosted gateway to Docker
    • Deploy a self-hosted gateway to Azure Container Apps
    • Deploy an Azure API Management gateway to Arc-enabled Kubernetes cluster
  • Configure custom domain for self-hosted gateway
  • Configure cloud metrics and logs for self-hosted gateway
  • Configure local metrics and logs for self-hosted gateway
  • Enable Dapr support on self-hosted gateway
  • Use Microsoft Entra authentication on self-hosted gateway
  • Guidance for running on Kubernetes
  • Support policy for self-hosted gateway
• Secure your APIs
  • Secure API access
    • API authentication and authorization options
    • Protect your API with Microsoft Entra ID
    • Protect your API with Azure AD B2C
    • Secure APIs using client certificate authentication
    • Manage CA certificates
    • Manage protocols and ciphers
    • Protect with Defender for APIs
    • Mitigate OWASP API threats
  • Manage API credentials
    • Credential manager overview
    • Managed connections - process flows
    • Configure common credential providers
    • Configure credential manager - Microsoft Entra ID
    • Configure credential manager - GitHub
    • Configure credential manager - user-delegated permissions
    • Configure multiple connections
  • Set up backend authentication
    • Mutual certificate authentication
• Publish APIs to developers
  • Use subscriptions
    • Subscriptions
    • Create subscriptions
  • Manage users
    • Manage user accounts
    • Manage groups
  • Manage and customize the developer portal
    • Understand the developer portal
    • Frequently asked questions - developer portal
    • Automate portal deployments
    • Extend portal with custom functionality
    • Enable CORS for interactive console
    • Enable console OAuth support
    • Integrate Application Insights
    • Log developer portal usage
    • Integrate Google Tag Manager
    • Customize developer portal on WordPress
  • Self-host the developer portal
    • Create self-hosted portal
    • Alternative approaches to self-hosting
    • Test self-hosted portal
  • Secure access to developer portal
    • Options to secure developer portal access
    • Authenticate with username and password
    • Authenticate with Microsoft Entra ID
    • Authenticate with Azure AD B2C
    • Delegate authentication
    • Email notifications and templates
  • Export APIs
    • Inventory APIs in API Center
    • Export APIs to Postman for API development
    • Export APIs to the Power Platform
      • Export API as custom connector
      • Enable CORS for custom connector
  • Monetize APIs
    • Monetization overview
    • How API Management supports monetization
• Troubleshoot
  • Diagnose issues in production
  • Troubleshoot failed to update hostnames error
  • Troubleshoot response timeouts and errors
• Samples
  • Policy snippets
  • Azure PowerShell
• Reference
  • Azure CLI
  • Azure PowerShell
  • REST API
  • REST API SDKs
    • .NET
    • JavaScript
    • Java
    • Python
    • Go
    • Ruby
  • Resource Manager template
  • Terraform provider
  • API Management policies
    • Policy reference index
    • authentication-basic
    • authentication-certificate
    • authentication-managed-identity
    • azure-openai-emit-token-metric
    • azure-openai-semantic-cache-lookup
    • azure-openai-semantic-cache-store
    • azure-openai-token-limit
    • cache-lookup
    • cache-lookup-value
    • cache-store
    • cache-store-value
    • cache-remove-value
    • check-header
    • choose
    • cors
    • cosmosdb-data-source
    • cross-domain
    • emit-metric
    • find-and-replace
    • forward-request
    • get-authorization-context
    • http-data-source
    • include-fragment
    • invoke-dapr-binding
    • ip-filter
    • jsonp
    • json-to-xml
    • limit-concurrency
    • llm-emit-token-metric
    • llm-semantic-cache-lookup
    • llm-semantic-cache-store
    • llm-token-limit
    • log-to-eventhub
    • mock-response
    • proxy
    • publish-event
    • publish-to-dapr
    • quota
    • quota-by-key
    • rate-limit
    • rate-limit-by-key
    • redirect-content-urls
    • retry
    • return-response
    • rewrite-uri
    • send-one-way-request
    • send-request
    • set-backend-service
    • set-backend-service Dapr
    • set-body
    • set-header
    • set-method
    • set-query-parameter
    • set-status
    • set-variable
    • sql-data-source
    • trace
    • validate-azure-ad-token
    • validate-client-certificate
    • validate-content
    • validate-graphql-request
    • validate-headers
    • validate-jwt
    • validate-odata-request
    • validate-parameters
    • validate-status-code
    • wait
    • xml-to-json
    • xsl-transform
  • Azure Policy built-ins
  • Gateway log schema
  • Developer portal audit log schema
  • Event Grid events schema
  • Virtual network configuration
  • Self-hosted gateway container configuration
  • Self-hosted gateway Azure Arc configuration
  • Diagnostic logs settings
• Resources
  • FAQ
  • Pricing
  • Azure updates
  • API design
    • API design ebook
    • RESTful web API design
    • Web API implementation
  • Building an API security strategy
  • Breaking changes and retirements
    • Breaking changes overview
    • Virtual network changes March 2023
    • Metrics retirements August 2023
    • Virtual network changes September 2023
    • Self-hosted gateway v0/v1 retirements October 2023
    • Deprecated legacy developer portal October 2023
    • Workspaces preview breaking changes June 2024
    • API version retirements June 2024
    • stv1 compute platform retirement - Global Azure August 2024
    • stv1 compute platform retirement - Azure Government, Azure in China February 2025
    • Workspaces preview breaking changes, part 2 March 2025
    • Git configuration retirement March 2025
    • Direct management API retirement March 2025
    • ADAL-based identity provider retirement September 2025
    • CAPTCHA endpoint update September 2025
    • Built-in analytics dashboard retirement March 2027
  • Regional availability
  • Microsoft Q&A question page
  • Stack Overflow