Azure API Management update February 14

On February 14, we started a regular Azure API Management service update. The update includes the following bug fixes, changes, and new features:

• You can now use the rate-limit policy at the API and API operation levels in addition to the product scope that was supported before.
• You can now refer a certificate by its identifier in the authentication-certificate policy.
• You can now use the set-header policy to modify the Host header that will be forwarded to the back end.
• You can now use System.Security.Cryptography.X509Certificates.RSACertificateExtensions class methods in policy expressions.
• You can now change the Publisher Email and Organization Name properties without restarting API Management.
• We optimized updates of the Named Value entity.
• We removed the limit of 256 characters for API version release notes.
• We added a property to control when to store client IP addresses in Azure Monitor and Azure Application Insights logs.
• We fixed a bug that allowed creation of empty and single-slash API paths at the same time.
• We fixed a bug that prevented propagation of a product’s subscriptionRequired property changes.
• We fixed an issue with API Management deletion by making the DELETE call on providers/Microsoft.ApiManagement/service a long-running operation.
• We no longer remove the Content-Length and Content-Type headers for HEAD requests to API Management. According to the specification, a HEAD request should return the same headers as a GET request.
• We fixed a bug that might cause API Management to lose association between an open product and an API if the API was previously part of another open product.

We deploy updates gradually. It usually takes a week or more for every active service instance to receive the updates.