Maintained with ☕️ by
IcePanel logo

Azure API Management update January 25



On January 25, we started a regular Azure API Management service update. It includes the following bug fixes, changes, and new features: * We added [JWE]( support to the [validate-jwt]( policy. We added a new **decryption-keys** element to the policy definition. (It must be placed between the **issuer-signing-keys** and **audiences** elements.) It can contain multiple **key** elements structured similarly to the **issuer-signing-keys/key** elements. Only JWTs with the **alg** property set to **dir** (symmetric keys) and the **enc** property set to **A128CBC-HS256**, **A192CBC-HS384**, or **A256CBC-HS512** are currently supported. Tokens that use other settings will fail validation with the "TokenDecryptionFailed" error reason. * We now log nested exceptions to Azure Application Insights. For each exception, we tell you which policy produced it. * From now on, all new revisions and versions will be created with a copy of their predecessors' diagnostics settings. * We provided a couple of additional email template parameters in the New Developer Account Confirmation email template to make it more flexible for customers who use delegation or have a custom portal. * In accordance with the [OpenAPI specification](, auto-generated request samples shown in the developer portal will no longer show read-only properties. * We fixed a bug where we occasionally failed to add APIs and groups to a product when deploying from the configuration repository. * We're upgrading the service to a more modern compute SKU, which is slightly roomier and faster than the one used before. As a result, you might see a slight uptick in available capacity. We deploy updates gradually, and it usually takes a week or more for every active service instance to receive them. * API Management * Features * [ API Management](