Azure/API-Management 2020-09

Release - API Management service: September, 2020

on GitHub

A regular Azure API Management service update was started on September 9, 2020, and included the following new features, bug fixes, and changes, along with other improvements. It may take over a week for your API Management service to receive the update.

New

1. You can now prevent users with “read” permissions only from accessing service secrets by enforcing management plane API calls to use API version 2019-12-01 or later. This setting can be enabled:
   • Via a service-level REST API call with the minApiVersion property set to 2019-12-01.
   • In the “Management API settings” tab of the “Management API” section in the Azure portal.
     
2. New functionality in the “Developer portal overview” section in the Azure portal lets you easily configure Azure Active Directory as an identity provider for sign-in and sign-up actions in the developer portal - by automating Azure AD application provisioning and service configuration.
3. Built-in API reports now include cache hit and miss metrics for the cache-lookup-value policy. Data is available only through the REST API, interface in the Azure portal is coming soon.

Fixed

1. Removing virtual network configuration is now also possible with a PATCH request in API version 2019-12-01.
2. SMTP monitor is no longer stuck in the initializing state in case of network misconfiguration.
3. Disabling TLS 1.0 or 1.1 for backend-side transport security now takes effect as expected. Before, the TLS protocols might have not been disabled despite the respective setting in API Management.

Changed

1. Default TLS certificates in all public Azure regions are updated to use a different set of Root Certificate Authorities (DigiCert Global Root G2). You can learn more about this change in the official documentation. No action is required unless your application explicitly specifies a list of acceptable CAs (known as certificate pinning). As a reminder, we advise to never take dependency on default TLS certificates or issuers of default TLS certificate provided by Azure API Management service, as they can be changed any time.
2. Previous implementation of subscription delegation in the new developer portal didn’t account for the order of parameters in the HMAC signature, which might have resulted in delegation failures. Your applications should compute the signature in accordance to the official Azure documentation: HMAC(salt + '\n' + productId + '\n' userId). If the order of the parameters in the signature is incorrect, the product subscription delegation flow will stop working.
3. Diagnostic logs are no longer captured if API-level sampling is set to 0%. Previously, in such cases settings were inherited from the global scope.
4. Response of the Network Status API call now contains two additional properties for each dependency: type and isOptional.
5. You can now specify Application Insights telemetry Operation Name as URL or name with the new operationNameFormat property in the DiagnosticContract.

The developer portal follows an independent release lifecycle and the per-release changelog is available on GitHub.