Azure API Management update January 25
Published date: 25 January, 2019
On January 25, we started a regular Azure API Management service update. It includes the following bug fixes, changes, and new features:
We added JWE support to the validate-jwt policy. We added a new decryption-keys element to the policy definition. (It must be placed between the issuer-signing-keys and audiences elements.) It can contain multiple key elements structured similarly to the issuer-signing-keys/key elements. Only JWTs with the alg property set to dir (symmetric keys) and the enc property set to A128CBC-HS256, A192CBC-HS384, or A256CBC-HS512 are currently supported. Tokens that use other settings will fail validation with the "TokenDecryptionFailed" error reason.
We now log nested exceptions to Azure Application Insights. For each exception, we tell you which policy produced it.
From now on, all new revisions and versions will be created with a copy of their predecessors' diagnostics settings.
We provided a couple of additional email template parameters in the New Developer Account Confirmation email template to make it more flexible for customers who use delegation or have a custom portal.
In accordance with the OpenAPI specification, auto-generated request samples shown in the developer portal will no longer show read-only properties.
We fixed a bug where we occasionally failed to add APIs and groups to a product when deploying from the configuration repository.
We're upgrading the service to a more modern compute SKU, which is slightly roomier and faster than the one used before. As a result, you might see a slight uptick in available capacity.
We deploy updates gradually, and it usually takes a week or more for every active service instance to receive them.