🎉 Announcements
- Workspaces are now generally available. Learn how to empower API teams and federate the management of APIs with workspaces.
- GenAI gateway capabilities are now expanded to support a wider range of large language models through Azure AI Model Inference API.
- Developer portal audit logging is now generally available.
- WordPress plugin to build customized developer portals is now in preview.
- You can watch the recording of our July live stream on YouTube. We'll be hosting another live stream in September—stay tuned to our blog for the upcoming announcement.
❗ Changes
- If an API does not require subscription authentication, any API request that includes a subscription key will now be treated the same as a request without a subscription key. Previously, if a request included a subscription key associated with a different API or product, API Management would return a
401 Unauthorizedresponse. This change improves the security of your APIs by preventing the accidental exposure of subscription keys linked to other products. - As part of the general availability of workspaces, we are discontinuing support for preview workspaces in API Management. You can learn more about these changes in the last section of the workspaces general availability announcement and in this documentation article.
New features
- We added support for serializing a single child XML element into a JSON array using the
XML-to-JSONpolicy. - We added support for case-insensitive property names comparison with the optional
case-insensitive-property-namesattribute in thevalidate-contentpolicy. The default value isfalse. - We added support for the
2024-02-01and2024-06-01Azure OpenAI API versions in theazure-openai-token-limitandazure-openai-emit-token-metricpolicies. - We added support for integer and integer arrays as output of Azure OpenAI embeddings calls in the
azure-openai-token-limitandazure-openai-emit-token-metricpolicies. - We added support for managed identity authentication for newly created backends.
- We added support for the ES256 token signing algorithm in the
validate-jwtpolicy.
Fixes and improvements
- We fixed an issue with the
retrypolicy not working correctly with load balancer backends. - We fixed a bug with the backend reconnect action not working properly.
- We fixed a bug with the decrypted token not being included in a context variable when using the
validate-azure-ad-tokenpolicy. - We made the
certificate-idattribute of thedecryption-keyselement in thevalidate-azure-ad-tokenpolicy optional. - We fixed a bug that caused refresh failures for certificates in a key vault referenced within a policy fragment.
- We optimized the performance of deleting users. Previously, the operation could time out if there were thousands or more users in the API Management service.
- We fixed a bug that caused an incorrect date-time format to be returned when testing GraphQL resolvers.
- We removed internal runtime exception details from GraphQL resolver error messages.
- The developer portal
delegationUrlsetting now defaults tonull. Previously, it defaulted to an empty string, causing payload validation errors onPUTcalls to the management API.