A regular Azure API Management service update was started on May 5, 2021, and included the following new features, bug fixes, and other improvements. It may take several weeks for your API Management service to receive the update.
Featured
- Open-source API Portal is now generally available.
- Azure API Management's support for Availability Zones is now generally available.
- Request and response validation policies are now generally available.
New
- You can now validate the client certificate with the new
<validate-client-certificate>policy. Documentation and support in the Azure portal are coming soon. - The Visual Studio Code extension now supports policy debugging for self-hosted gateways running locally.
- The Visual Studio Code extension now supports Dapr and validation policies.
- The developer portal now supports resource owner password grant flow.
- The new Ciphers + Protocols page in the Azure portal lets you manage API gateways' cipher and protocol configuration and displays a warning if a weak cipher or protocol is enabled.
- The Locations page in the Azure portal lets you now configure Availability Zones.
- You can now apply validation policies with the visual policy editors in the Azure portal, without writing any policy code.
- The
timeoutattribute of thesend-requestpolicy now supports policy expressions.
Fixed
- Caching issues, which might have resulted in a broken developer portal's administrative interface, are now resolved.
Changed
- The client certificate renegotiation feature is now disabled for all new and existing API Management services, except for the services that relied on it in the last 30 days (services with at least one API call that resulted in a client certificate request from a policy, not as part of an initial TLS handshake). The API gateway will request a client certificate only if
HostnameConfiguration's propertynegotiateClientCertificateis set totrue. If the property is set tofalse, the client certificate won't be available in thecontext.Request.Certificateproperty.