![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 41%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,424 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 59%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Hi @Yves Schelpe (KdG) Thanks for reaching out. To control API visibility in the portal you can use Groups (https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-create-groups). All users are members of the Developers group.
To restrict the visibility of an API add it to a new 'restricted' product. Remove the Developers group from that product. Add a new 'restricted' group to the product. Add the users who should have access to the API the 'restricted' group. Those developers and no others will now see the API in the portal and be able to subscribe through the 'restricted' product.
If a user has access to a product. Then they can See the APIs in that product. This includes viewing the documentation on the developer portal. And seeing the API name in the list of APIs. If the product requires a subscription, then they cannot CALL the API until they are subscribed to that product. AFAIK there isn't any way to prevent the user from SEEING the API based on whether they are subscribed to the product.
Note: group membership is actually irrelevant to whether a user can be subscribed to a product. Groups are only relevant to the developer portal. A subscription can still be created by the administrator or someone with the correct RBAC permissions for a user that doesn't have access to a product through a group. If a user is subscribed to a product they will be able to see it and its APIs in the portal even if they aren't in a group that has access to the product.
Do let me know if you have any queries.
Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.