Partager via


Api Management Service - Update

Updates an existing API Management service.

PATCH https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}?api-version=2021-08-01

URI Parameters

Name In Required Type Description
resourceGroupName
path True

string

The name of the resource group.

serviceName
path True

string

The name of the API Management service.

Regex pattern: ^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?$

subscriptionId
path True

string

Subscription credentials which uniquely identify Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.

api-version
query True

string

Version of the API to be used with the client request.

Request Body

Name Type Description
identity

ApiManagementServiceIdentity

Managed service identity of the Api Management service.

properties.additionalLocations

AdditionalLocation[]

Additional datacenter locations of the API Management service.

properties.apiVersionConstraint

ApiVersionConstraint

Control Plane Apis version constraint for the API Management service.

properties.certificates

CertificateConfiguration[]

List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10.

properties.customProperties

object

Custom properties of the API Management service.
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168 will disable the cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA for all TLS(1.0, 1.1 and 1.2).
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11 can be used to disable just TLS 1.1.
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10 can be used to disable TLS 1.0 on an API Management service.
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11 can be used to disable just TLS 1.1 for communications with backends.
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10 can be used to disable TLS 1.0 for communications with backends.
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2 can be used to enable HTTP2 protocol on an API Management service.
Not specifying any of these properties on PATCH operation will reset omitted properties' values to their defaults. For all the settings except Http2 the default value is True if the service was created on or before April 1, 2018 and False otherwise. Http2 setting's default value is False.

You can disable any of the following ciphers by using settings Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.[cipher_name]: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA. For example, Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256:false. The default value is true for them.
Note: The following ciphers can't be disabled since they are required by internal platform components: TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

properties.disableGateway

boolean

Property only valid for an Api Management service deployed in multiple locations. This can be used to disable the gateway in master region.

properties.enableClientCertificate

boolean

Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway.

properties.hostnameConfigurations

HostnameConfiguration[]

Custom hostname configuration of the API Management service.

properties.notificationSenderEmail

string

Email address from which the notification will be sent.

properties.privateEndpointConnections

RemotePrivateEndpointConnectionWrapper[]

List of Private Endpoint Connections of this service.

properties.publicIpAddressId

string

Public Standard SKU IP V4 based IP address to be associated with Virtual Network deployed service in the region. Supported only for Developer and Premium SKU being deployed in Virtual Network.

properties.publicNetworkAccess

PublicNetworkAccess

Whether or not public endpoint access is allowed for this API Management service. Value is optional but if passed in, must be 'Enabled' or 'Disabled'. If 'Disabled', private endpoints are the exclusive access method. Default value is 'Enabled'

properties.publisherEmail

string

Publisher email.

properties.publisherName

string

Publisher name.

properties.restore

boolean

Undelete Api Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored.

properties.virtualNetworkConfiguration

VirtualNetworkConfiguration

Virtual network configuration of the API Management service.

properties.virtualNetworkType

VirtualNetworkType

The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an Internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only.

sku

ApiManagementServiceSkuProperties

SKU properties of the API Management service.

tags

object

Resource tags.

zones

string[]

A list of availability zones denoting where the resource needs to come from.

Responses

Name Type Description
200 OK

ApiManagementServiceResource

The service was successfully updated.

202 Accepted

The service update request was Accepted.

Other Status Codes

ErrorResponse

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

ApiManagementUpdateServiceDisableTls10
ApiManagementUpdateServicePublisherDetails
ApiManagementUpdateServiceToNewVnetAndAvailabilityZones

ApiManagementUpdateServiceDisableTls10

Sample request

PATCH https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1?api-version=2021-08-01

{
  "properties": {
    "customProperties": {
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10": "false"
    }
  }
}

Sample response

{
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1",
  "name": "apimService1",
  "type": "Microsoft.ApiManagement/service",
  "tags": {
    "Owner": "sasolank",
    "UID": "4f5025fe-0669-4e2e-8320-5199466e5eb3",
    "Reserved": "",
    "TestExpiration": "Thu, 29 Jun 2017 18:50:40 GMT",
    "Pool": "Manual",
    "TestSuiteExpiration": "Thu, 29 Jun 2017 18:51:46 GMT"
  },
  "location": "West US",
  "etag": "AAAAAAAYRPs=",
  "properties": {
    "publisherEmail": "admin@live.com",
    "publisherName": "Contoso",
    "notificationSenderEmail": "apimgmt-noreply@mail.windowsazure.com",
    "provisioningState": "Succeeded",
    "targetProvisioningState": "",
    "createdAtUtc": "2017-06-29T17:50:42.3191122Z",
    "gatewayUrl": "https://apimService1.azure-api.net",
    "portalUrl": "https://apimService1.portal.azure-api.net",
    "managementApiUrl": "https://apimService1.management.azure-api.net",
    "scmUrl": "https://apimService1.scm.azure-api.net",
    "hostnameConfigurations": [],
    "publicIPAddresses": [
      "40.86.176.232"
    ],
    "customProperties": {
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10": "False"
    },
    "virtualNetworkType": "None"
  },
  "sku": {
    "name": "Standard",
    "capacity": 1
  }
}

ApiManagementUpdateServicePublisherDetails

Sample request

PATCH https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1?api-version=2021-08-01

{
  "properties": {
    "publisherEmail": "foobar@live.com",
    "publisherName": "Contoso Vnext"
  }
}

Sample response

{
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1",
  "name": "apimService1",
  "type": "Microsoft.ApiManagement/service",
  "tags": {
    "Owner": "sasolank",
    "UID": "4f5025fe-0669-4e2e-8320-5199466e5eb3",
    "Reserved": "",
    "TestExpiration": "Thu, 29 Jun 2017 18:50:40 GMT",
    "Pool": "Manual",
    "TestSuiteExpiration": "Thu, 29 Jun 2017 18:51:46 GMT"
  },
  "location": "West US",
  "etag": "AAAAAAAYRPs=",
  "properties": {
    "publisherEmail": "foobar@live.com",
    "publisherName": "Contoso Vnext",
    "notificationSenderEmail": "apimgmt-noreply@mail.windowsazure.com",
    "provisioningState": "Succeeded",
    "targetProvisioningState": "",
    "createdAtUtc": "2017-06-29T17:50:42.3191122Z",
    "gatewayUrl": "https://apimService1.azure-api.net",
    "portalUrl": "https://apimService1.portal.azure-api.net",
    "managementApiUrl": "https://apimService1.management.azure-api.net",
    "scmUrl": "https://apimService1.scm.azure-api.net",
    "hostnameConfigurations": [],
    "publicIPAddresses": [
      "40.86.176.232"
    ],
    "customProperties": {
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10": "False"
    },
    "virtualNetworkType": "None"
  },
  "sku": {
    "name": "Standard",
    "capacity": 1
  }
}

ApiManagementUpdateServiceToNewVnetAndAvailabilityZones

Sample request

PATCH https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1?api-version=2021-08-01

{
  "properties": {
    "additionalLocations": [
      {
        "location": "Australia East",
        "sku": {
          "name": "Premium",
          "capacity": 3
        },
        "zones": [
          "1",
          "2",
          "3"
        ],
        "virtualNetworkConfiguration": {
          "subnetResourceId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/apimaeavnet/subnets/default"
        },
        "publicIpAddressId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/apim-australia-east-publicip"
      }
    ],
    "virtualNetworkConfiguration": {
      "subnetResourceId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet-apim-japaneast/subnets/apim2"
    },
    "virtualNetworkType": "External",
    "publicIpAddressId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/publicip-apim-japan-east"
  },
  "sku": {
    "name": "Premium",
    "capacity": 3
  },
  "zones": [
    "1",
    "2",
    "3"
  ]
}

Sample response

location: https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/operationresults/TGV2eTExMDZtMDJfVGVybV9jMmZlY2QwMA==?api-version=2021-08-01
{
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1",
  "name": "apimService1",
  "type": "Microsoft.ApiManagement/service",
  "location": "Japan East",
  "etag": "AAAAAAAWBIU=",
  "properties": {
    "publisherEmail": "contoso@microsoft.com",
    "publisherName": "apimPublisher",
    "notificationSenderEmail": "apimgmt-noreply@mail.windowsazure.com",
    "provisioningState": "Succeeded",
    "targetProvisioningState": "",
    "createdAtUtc": "2021-04-08T23:41:35.6447381Z",
    "gatewayUrl": "https://apimService1.azure-api.net",
    "gatewayRegionalUrl": "https://apimService1-japaneast-01.regional.azure-api.net",
    "portalUrl": "https://apimService1.portal.azure-api.net",
    "developerPortalUrl": "https://apimService1.developer.azure-api.net",
    "managementApiUrl": "https://apimService1.management.azure-api.net",
    "scmUrl": "https://apimService1.scm.azure-api.net",
    "hostnameConfigurations": [
      {
        "type": "Proxy",
        "hostName": "apimService1.azure-api.net",
        "negotiateClientCertificate": false,
        "defaultSslBinding": false,
        "certificateSource": "BuiltIn"
      },
      {
        "type": "Proxy",
        "hostName": "mycustomdomain.int-azure-api.net",
        "negotiateClientCertificate": false,
        "certificate": {
          "expiry": "2022-06-09T23:59:59+00:00",
          "thumbprint": "2994B5FFB8F76B3C687D324A8DEE0432C1ED18CD",
          "subject": "CN=mycustomdomain.int-azure-api.net"
        },
        "defaultSslBinding": true,
        "certificateSource": "Managed"
      }
    ],
    "publicIPAddresses": [
      "20.78.248.217"
    ],
    "additionalLocations": [
      {
        "location": "Australia East",
        "sku": {
          "name": "Premium",
          "capacity": 3
        },
        "zones": [
          "1",
          "2",
          "3"
        ],
        "publicIPAddresses": [
          "20.213.1.35"
        ],
        "virtualNetworkConfiguration": {
          "subnetResourceId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/apimaeavnet/subnets/default"
        },
        "gatewayRegionalUrl": "https://apimService1-australiaeast-01.regional.azure-api.net",
        "disableGateway": false,
        "publicIpAddressId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/apim-australia-east-publicip",
        "platformVersion": "stv2"
      }
    ],
    "virtualNetworkConfiguration": {
      "subnetResourceId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet-apim-japaneast/subnets/apim2"
    },
    "customProperties": {
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": "false",
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": "false",
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256": "false",
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256": "false",
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256": "false",
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA": "false",
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA": "false",
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168": "false",
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10": "false",
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11": "false",
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30": "false",
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10": "false",
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11": "false",
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30": "false",
      "Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2": "false"
    },
    "virtualNetworkType": "Internal",
    "disableGateway": false,
    "publicIpAddressId": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/publicip-apim-japan-east",
    "publicNetworkAccess": "Enabled",
    "platformVersion": "stv2"
  },
  "sku": {
    "name": "Premium",
    "capacity": 3
  },
  "zones": [
    "1",
    "2",
    "3"
  ],
  "systemData": {
    "lastModifiedBy": "contoso@microsoft.com",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2022-01-21T20:04:21.6108974Z"
  }
}

Definitions

Name Description
AdditionalLocation

Description of an additional API Management resource location.

ApiManagementServiceIdentity

Identity properties of the Api Management service resource.

ApiManagementServiceResource

A single API Management service resource in List or Get response.

ApiManagementServiceSkuProperties

API Management service resource SKU properties.

ApiManagementServiceUpdateParameters

Parameter supplied to Update Api Management Service.

ApimIdentityType

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service.

ApiVersionConstraint

Control Plane Apis version constraint for the API Management service.

ArmIdWrapper

A wrapper for an ARM resource id

CertificateConfiguration

Certificate configuration which consist of non-trusted intermediates and root certificates.

CertificateInformation

SSL certificate information.

CertificateSource

Certificate Source.

CertificateStatus

Certificate Status.

createdByType

The type of identity that created the resource.

ErrorFieldContract

Error Field contract.

ErrorResponse

Error Response.

HostnameConfiguration

Custom hostname configuration.

HostnameType

Hostname type.

PlatformVersion

Compute Platform Version running the service.

PrivateEndpointServiceConnectionStatus

The private endpoint connection status.

PrivateLinkServiceConnectionState

A collection of information about the state of the connection between service consumer and provider.

PublicNetworkAccess

Whether or not public endpoint access is allowed for this API Management service. Value is optional but if passed in, must be 'Enabled' or 'Disabled'. If 'Disabled', private endpoints are the exclusive access method. Default value is 'Enabled'

RemotePrivateEndpointConnectionWrapper

Remote Private Endpoint Connection resource.

SkuType

Name of the Sku.

systemData

Metadata pertaining to creation and last modification of the resource.

UserIdentityProperties
VirtualNetworkConfiguration

Configuration of a virtual network to which API Management service is deployed.

VirtualNetworkType

The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an Internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only.

AdditionalLocation

Description of an additional API Management resource location.

Name Type Default value Description
disableGateway

boolean

False

Property only valid for an Api Management service deployed in multiple locations. This can be used to disable the gateway in this additional location.

gatewayRegionalUrl

string

Gateway URL of the API Management service in the Region.

location

string

The location name of the additional region among Azure Data center regions.

platformVersion

PlatformVersion

Compute Platform Version running the service.

privateIPAddresses

string[]

Private Static Load Balanced IP addresses of the API Management service which is deployed in an Internal Virtual Network in a particular additional location. Available only for Basic, Standard, Premium and Isolated SKU.

publicIPAddresses

string[]

Public Static Load Balanced IP addresses of the API Management service in the additional location. Available only for Basic, Standard, Premium and Isolated SKU.

publicIpAddressId

string

Public Standard SKU IP V4 based IP address to be associated with Virtual Network deployed service in the location. Supported only for Premium SKU being deployed in Virtual Network.

sku

ApiManagementServiceSkuProperties

SKU properties of the API Management service.

virtualNetworkConfiguration

VirtualNetworkConfiguration

Virtual network configuration for the location.

zones

string[]

A list of availability zones denoting where the resource needs to come from.

ApiManagementServiceIdentity

Identity properties of the Api Management service resource.

Name Type Description
principalId

string

The principal id of the identity.

tenantId

string

The client tenant id of the identity.

type

ApimIdentityType

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service.

userAssignedIdentities

<string,  UserIdentityProperties>

The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/ providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

ApiManagementServiceResource

A single API Management service resource in List or Get response.

Name Type Default value Description
etag

string

ETag of the resource.

id

string

Resource ID.

identity

ApiManagementServiceIdentity

Managed service identity of the Api Management service.

location

string

Resource location.

name

string

Resource name.

properties.additionalLocations

AdditionalLocation[]

Additional datacenter locations of the API Management service.

properties.apiVersionConstraint

ApiVersionConstraint

Control Plane Apis version constraint for the API Management service.

properties.certificates

CertificateConfiguration[]

List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10.

properties.createdAtUtc

string

Creation UTC date of the API Management service.The date conforms to the following format: yyyy-MM-ddTHH:mm:ssZ as specified by the ISO 8601 standard.

properties.customProperties

object

Custom properties of the API Management service.
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168 will disable the cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA for all TLS(1.0, 1.1 and 1.2).
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11 can be used to disable just TLS 1.1.
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10 can be used to disable TLS 1.0 on an API Management service.
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11 can be used to disable just TLS 1.1 for communications with backends.
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10 can be used to disable TLS 1.0 for communications with backends.
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2 can be used to enable HTTP2 protocol on an API Management service.
Not specifying any of these properties on PATCH operation will reset omitted properties' values to their defaults. For all the settings except Http2 the default value is True if the service was created on or before April 1, 2018 and False otherwise. Http2 setting's default value is False.

You can disable any of the following ciphers by using settings Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.[cipher_name]: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA. For example, Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256:false. The default value is true for them.
Note: The following ciphers can't be disabled since they are required by internal platform components: TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

properties.developerPortalUrl

string

DEveloper Portal endpoint URL of the API Management service.

properties.disableGateway

boolean

False

Property only valid for an Api Management service deployed in multiple locations. This can be used to disable the gateway in master region.

properties.enableClientCertificate

boolean

False

Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway.

properties.gatewayRegionalUrl

string

Gateway URL of the API Management service in the Default Region.

properties.gatewayUrl

string

Gateway URL of the API Management service.

properties.hostnameConfigurations

HostnameConfiguration[]

Custom hostname configuration of the API Management service.

properties.managementApiUrl

string

Management API endpoint URL of the API Management service.

properties.notificationSenderEmail

string

Email address from which the notification will be sent.

properties.platformVersion

PlatformVersion

Compute Platform Version running the service in this location.

properties.portalUrl

string

Publisher portal endpoint Url of the API Management service.

properties.privateEndpointConnections

RemotePrivateEndpointConnectionWrapper[]

List of Private Endpoint Connections of this service.

properties.privateIPAddresses

string[]

Private Static Load Balanced IP addresses of the API Management service in Primary region which is deployed in an Internal Virtual Network. Available only for Basic, Standard, Premium and Isolated SKU.

properties.provisioningState

string

The current provisioning state of the API Management service which can be one of the following: Created/Activating/Succeeded/Updating/Failed/Stopped/Terminating/TerminationFailed/Deleted.

properties.publicIPAddresses

string[]

Public Static Load Balanced IP addresses of the API Management service in Primary region. Available only for Basic, Standard, Premium and Isolated SKU.

properties.publicIpAddressId

string

Public Standard SKU IP V4 based IP address to be associated with Virtual Network deployed service in the region. Supported only for Developer and Premium SKU being deployed in Virtual Network.

properties.publicNetworkAccess

PublicNetworkAccess

Whether or not public endpoint access is allowed for this API Management service. Value is optional but if passed in, must be 'Enabled' or 'Disabled'. If 'Disabled', private endpoints are the exclusive access method. Default value is 'Enabled'

properties.publisherEmail

string

Publisher email.

properties.publisherName

string

Publisher name.

properties.restore

boolean

False

Undelete Api Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored.

properties.scmUrl

string

SCM endpoint URL of the API Management service.

properties.targetProvisioningState

string

The provisioning state of the API Management service, which is targeted by the long running operation started on the service.

properties.virtualNetworkConfiguration

VirtualNetworkConfiguration

Virtual network configuration of the API Management service.

properties.virtualNetworkType

VirtualNetworkType

None

The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an Internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only.

sku

ApiManagementServiceSkuProperties

SKU properties of the API Management service.

systemData

systemData

Metadata pertaining to creation and last modification of the resource.

tags

object

Resource tags.

type

string

Resource type for API Management resource is set to Microsoft.ApiManagement.

zones

string[]

A list of availability zones denoting where the resource needs to come from.

ApiManagementServiceSkuProperties

API Management service resource SKU properties.

Name Type Description
capacity

integer

Capacity of the SKU (number of deployed units of the SKU). For Consumption SKU capacity must be specified as 0.

name

SkuType

Name of the Sku.

ApiManagementServiceUpdateParameters

Parameter supplied to Update Api Management Service.

Name Type Default value Description
etag

string

ETag of the resource.

id

string

Resource ID.

identity

ApiManagementServiceIdentity

Managed service identity of the Api Management service.

name

string

Resource name.

properties.additionalLocations

AdditionalLocation[]

Additional datacenter locations of the API Management service.

properties.apiVersionConstraint

ApiVersionConstraint

Control Plane Apis version constraint for the API Management service.

properties.certificates

CertificateConfiguration[]

List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10.

properties.createdAtUtc

string

Creation UTC date of the API Management service.The date conforms to the following format: yyyy-MM-ddTHH:mm:ssZ as specified by the ISO 8601 standard.

properties.customProperties

object

Custom properties of the API Management service.
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168 will disable the cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA for all TLS(1.0, 1.1 and 1.2).
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11 can be used to disable just TLS 1.1.
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10 can be used to disable TLS 1.0 on an API Management service.
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11 can be used to disable just TLS 1.1 for communications with backends.
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10 can be used to disable TLS 1.0 for communications with backends.
Setting Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2 can be used to enable HTTP2 protocol on an API Management service.
Not specifying any of these properties on PATCH operation will reset omitted properties' values to their defaults. For all the settings except Http2 the default value is True if the service was created on or before April 1, 2018 and False otherwise. Http2 setting's default value is False.

You can disable any of the following ciphers by using settings Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.[cipher_name]: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA. For example, Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256:false. The default value is true for them.
Note: The following ciphers can't be disabled since they are required by internal platform components: TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

properties.developerPortalUrl

string

DEveloper Portal endpoint URL of the API Management service.

properties.disableGateway

boolean

False

Property only valid for an Api Management service deployed in multiple locations. This can be used to disable the gateway in master region.

properties.enableClientCertificate

boolean

False

Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway.

properties.gatewayRegionalUrl

string

Gateway URL of the API Management service in the Default Region.

properties.gatewayUrl

string

Gateway URL of the API Management service.

properties.hostnameConfigurations

HostnameConfiguration[]

Custom hostname configuration of the API Management service.

properties.managementApiUrl

string

Management API endpoint URL of the API Management service.

properties.notificationSenderEmail

string

Email address from which the notification will be sent.

properties.platformVersion

PlatformVersion

Compute Platform Version running the service in this location.

properties.portalUrl

string

Publisher portal endpoint Url of the API Management service.

properties.privateEndpointConnections

RemotePrivateEndpointConnectionWrapper[]

List of Private Endpoint Connections of this service.

properties.privateIPAddresses

string[]

Private Static Load Balanced IP addresses of the API Management service in Primary region which is deployed in an Internal Virtual Network. Available only for Basic, Standard, Premium and Isolated SKU.

properties.provisioningState

string

The current provisioning state of the API Management service which can be one of the following: Created/Activating/Succeeded/Updating/Failed/Stopped/Terminating/TerminationFailed/Deleted.

properties.publicIPAddresses

string[]

Public Static Load Balanced IP addresses of the API Management service in Primary region. Available only for Basic, Standard, Premium and Isolated SKU.

properties.publicIpAddressId

string

Public Standard SKU IP V4 based IP address to be associated with Virtual Network deployed service in the region. Supported only for Developer and Premium SKU being deployed in Virtual Network.

properties.publicNetworkAccess

PublicNetworkAccess

Whether or not public endpoint access is allowed for this API Management service. Value is optional but if passed in, must be 'Enabled' or 'Disabled'. If 'Disabled', private endpoints are the exclusive access method. Default value is 'Enabled'

properties.publisherEmail

string

Publisher email.

properties.publisherName

string

Publisher name.

properties.restore

boolean

False

Undelete Api Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored.

properties.scmUrl

string

SCM endpoint URL of the API Management service.

properties.targetProvisioningState

string

The provisioning state of the API Management service, which is targeted by the long running operation started on the service.

properties.virtualNetworkConfiguration

VirtualNetworkConfiguration

Virtual network configuration of the API Management service.

properties.virtualNetworkType

VirtualNetworkType

None

The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an Internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only.

sku

ApiManagementServiceSkuProperties

SKU properties of the API Management service.

tags

object

Resource tags.

type

string

Resource type for API Management resource is set to Microsoft.ApiManagement.

zones

string[]

A list of availability zones denoting where the resource needs to come from.

ApimIdentityType

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service.

Name Type Description
None

string

SystemAssigned

string

SystemAssigned, UserAssigned

string

UserAssigned

string

ApiVersionConstraint

Control Plane Apis version constraint for the API Management service.

Name Type Description
minApiVersion

string

Limit control plane API calls to API Management service with version equal to or newer than this value.

ArmIdWrapper

A wrapper for an ARM resource id

Name Type Description
id

string

CertificateConfiguration

Certificate configuration which consist of non-trusted intermediates and root certificates.

Name Type Description
certificate

CertificateInformation

Certificate information.

certificatePassword

string

Certificate Password.

encodedCertificate

string

Base64 Encoded certificate.

storeName enum:
  • CertificateAuthority
  • Root

The System.Security.Cryptography.x509certificates.StoreName certificate store location. Only Root and CertificateAuthority are valid locations.

CertificateInformation

SSL certificate information.

Name Type Description
expiry

string

Expiration date of the certificate. The date conforms to the following format: yyyy-MM-ddTHH:mm:ssZ as specified by the ISO 8601 standard.

subject

string

Subject of the certificate.

thumbprint

string

Thumbprint of the certificate.

CertificateSource

Certificate Source.

Name Type Description
BuiltIn

string

Custom

string

KeyVault

string

Managed

string

CertificateStatus

Certificate Status.

Name Type Description
Completed

string

Failed

string

InProgress

string

createdByType

The type of identity that created the resource.

Name Type Description
Application

string

Key

string

ManagedIdentity

string

User

string

ErrorFieldContract

Error Field contract.

Name Type Description
code

string

Property level error code.

message

string

Human-readable representation of property-level error.

target

string

Property name.

ErrorResponse

Error Response.

Name Type Description
error.code

string

Service-defined error code. This code serves as a sub-status for the HTTP error code specified in the response.

error.details

ErrorFieldContract[]

The list of invalid fields send in request, in case of validation error.

error.message

string

Human-readable representation of the error.

HostnameConfiguration

Custom hostname configuration.

Name Type Default value Description
certificate

CertificateInformation

Certificate information.

certificatePassword

string

Certificate Password.

certificateSource

CertificateSource

Certificate Source.

certificateStatus

CertificateStatus

Certificate Status.

defaultSslBinding

boolean

False

Specify true to setup the certificate associated with this Hostname as the Default SSL Certificate. If a client does not send the SNI header, then this will be the certificate that will be challenged. The property is useful if a service has multiple custom hostname enabled and it needs to decide on the default ssl certificate. The setting only applied to Proxy Hostname Type.

encodedCertificate

string

Base64 Encoded certificate.

hostName

string

Hostname to configure on the Api Management service.

identityClientId

string

System or User Assigned Managed identity clientId as generated by Azure AD, which has GET access to the keyVault containing the SSL certificate.

keyVaultId

string

Url to the KeyVault Secret containing the Ssl Certificate. If absolute Url containing version is provided, auto-update of ssl certificate will not work. This requires Api Management service to be configured with aka.ms/apimmsi. The secret should be of type application/x-pkcs12

negotiateClientCertificate

boolean

False

Specify true to always negotiate client certificate on the hostname. Default Value is false.

type

HostnameType

Hostname type.

HostnameType

Hostname type.

Name Type Description
DeveloperPortal

string

Management

string

Portal

string

Proxy

string

Scm

string

PlatformVersion

Compute Platform Version running the service.

Name Type Description
mtv1

string

Platform running the service on Multi Tenant V1 platform.

stv1

string

Platform running the service on Single Tenant V1 platform.

stv2

string

Platform running the service on Single Tenant V2 platform.

undetermined

string

Platform version cannot be determined, as compute platform is not deployed.

PrivateEndpointServiceConnectionStatus

The private endpoint connection status.

Name Type Description
Approved

string

Pending

string

Rejected

string

PrivateLinkServiceConnectionState

A collection of information about the state of the connection between service consumer and provider.

Name Type Description
actionsRequired

string

A message indicating if changes on the service provider require any updates on the consumer.

description

string

The reason for approval/rejection of the connection.

status

PrivateEndpointServiceConnectionStatus

Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.

PublicNetworkAccess

Whether or not public endpoint access is allowed for this API Management service. Value is optional but if passed in, must be 'Enabled' or 'Disabled'. If 'Disabled', private endpoints are the exclusive access method. Default value is 'Enabled'

Name Type Description
Disabled

string

Enabled

string

RemotePrivateEndpointConnectionWrapper

Remote Private Endpoint Connection resource.

Name Type Description
id

string

Private Endpoint connection resource id

name

string

Private Endpoint Connection Name

properties.groupIds

string[]

All the Group ids.

properties.privateEndpoint

ArmIdWrapper

The resource of private end point.

properties.privateLinkServiceConnectionState

PrivateLinkServiceConnectionState

A collection of information about the state of the connection between service consumer and provider.

properties.provisioningState

string

The provisioning state of the private endpoint connection resource.

type

string

Private Endpoint Connection Resource Type

SkuType

Name of the Sku.

Name Type Description
Basic

string

Basic SKU of Api Management.

Consumption

string

Consumption SKU of Api Management.

Developer

string

Developer SKU of Api Management.

Isolated

string

Isolated SKU of Api Management.

Premium

string

Premium SKU of Api Management.

Standard

string

Standard SKU of Api Management.

systemData

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt

string

The timestamp of resource creation (UTC).

createdBy

string

The identity that created the resource.

createdByType

createdByType

The type of identity that created the resource.

lastModifiedAt

string

The timestamp of resource last modification (UTC)

lastModifiedBy

string

The identity that last modified the resource.

lastModifiedByType

createdByType

The type of identity that last modified the resource.

UserIdentityProperties

Name Type Description
clientId

string

The client id of user assigned identity.

principalId

string

The principal id of user assigned identity.

VirtualNetworkConfiguration

Configuration of a virtual network to which API Management service is deployed.

Name Type Description
subnetResourceId

string

The full resource ID of a subnet in a virtual network to deploy the API Management service in.

subnetname

string

The name of the subnet.

vnetid

string

The virtual network ID. This is typically a GUID. Expect a null GUID by default.

VirtualNetworkType

The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an Internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only.

Name Type Description
External

string

The service is part of Virtual Network and it is accessible from Internet.

Internal

string

The service is part of Virtual Network and it is only accessible from within the virtual network.

None

string

The service is not part of any Virtual Network.