Skip to main content

Azure API Management update—January 2020

Published date: January 23, 2020

A regular Azure API Management service update was started on January 22, 2019, and included the following new features, bug fixes, and changes, along with other improvements. It may take over a week for your API Management service to receive the update.


  1. You can now create Consumption tier API Management services in South Africa North Azure region.
  2. The rate-limit and rate-limit-by-key policies can now output the number of remaining calls and the retry-after period into response headers or policy expression variables, using the following new attributes: retry-after-header-name, remaining-calls-header-name, retry-after-variable-name, remaining-calls-variable-name. For example:

    <rate-limit-by-key calls="5" renewal-period="30" counter-key="test"  remaining-calls-variable-name=remainingCallsPerIp""/>
    <rate-limit calls="20" renewal-period="90"  remaining-calls-variable-name="remainingCallsPerSubscription"/>

      <when condition="@(((int)context.Variables["remainingCallsPerIp"]) >= 0)">
        <set-header name="x-remaining-calls" exists-action="override">
           <value>@(System.Math.Min(((int)context.Variables["remainingCallsPerIp"]), ((int)context.Variables["remainingCallsPerSubscription"])).ToString())</value>

Documentation is coming soon.

  1. The authentication-certificate policy now supports certificates from a raw byte array. It accepts two new attributes: body (of type byte[]) and password (string). You can refer to an example of retrieving a certificate from Azure Key Vault and using it to authenticate a call with the backend. Documentation is coming soon.
  2. You can now use a new JSON parsing API in policy expressions:
    context.Request.Body.AsJToken(bool preserveContent = false, JsonSerializerSettings settings = null), context.Request.Body.AsJObject(bool preserveContent = false, JsonSerializerSettings settings = null), context.Request.Body.AsJArray(bool preserveContent = false, JsonSerializerSettings settings = null).
    The same methods can be used on context.Response.
  3. New developer portal now supports the invitation flow for new users. A link in the email redirects to a form to setup user’s password.


  1. Suspended Consumption tier services with invalid CNAME records (for example, custom hostname not pointing to the default API Management hostname or expired certificate) can now be activated after removing the invalid hostname configuration. Previously, such services couldn’t be activated.


  1. Developer portal now enforces HTTPs connection.
  2. Authentication delegation logic in the new portal has been migrated from the client side to the backend.
  3. The new developer portal endpoint has been optimized, reducing the loading times even by an order of magnitude.
  4. Average aggregation option for requests metrics in Azure Monitor is no longer available.

New developer portal follows an independent release lifecycle and the per-release changelog is available on GitHub. In particular, the latest release 2.2.0 contains changes necessary for extensibility of the portal with custom widgets. Refer to the project’s wiki for more details.

Learn more

  • API Management
  • Features

Related Products