Sreekanth Gandla Thank you for posting your question in Microsoft Q&A. Based on my understanding, currently you are importing API through PowerShell with above command and would like to apply CORS with Allowed origins, Allowed headers and Allowed methods etc.
CORS is applied through cors
policy and can be applied at global, product, API or operation scope. Here is official doc reference: https://learn.microsoft.com/en-us/azure/api-management/cors-policy to check for more details.
I understand you would like to apply this policy through PowerShell and use Set-AzApiManagementPolicy
command (https://learn.microsoft.com/en-us/powershell/module/az.apimanagement/set-azapimanagementpolicy?view=azps-9.4.0) for that.
Here is the sample policy snippet (to apply at product) from doc:
$apimContext = New-AzApiManagementContext -ResourceGroupName "rgName" -ServiceName "apimName"
$PolicyString = '<policies>
<inbound>
<base />
<cors allow-credentials="true">
<allowed-origins>
<!-- Localhost useful for development -->
<origin>http://localhost:8080/</origin>
<origin>http://example.com/</origin>
</allowed-origins>
<allowed-methods preflight-result-max-age="300">
<method>GET</method>
<method>POST</method>
<method>PATCH</method>
<method>DELETE</method>
</allowed-methods>
<allowed-headers>
<!-- Examples below show Azure Mobile Services headers -->
<header>x-zumo-installation-id</header>
<header>x-zumo-application</header>
<header>x-zumo-version</header>
<header>x-zumo-auth</header>
<header>content-type</header>
<header>accept</header>
</allowed-headers>
<expose-headers>
<!-- Examples below show Azure Mobile Services headers -->
<header>x-zumo-installation-id</header>
<header>x-zumo-application</header>
</expose-headers>
</cors>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>'
Set-AzApiManagementPolicy -Context $apimContext -Format "application/vnd.ms-azure-apim.policy.raw+xml" -ProductId "starter" -Policy $PolicyString
You can refer doc to apply the policy at different scopes based on your need. But please note that whole policy snippet has to be included in the snippet (not just CORS) otherwise it may override other existing policy at that scope.
I hope this answers your question and feel free to add a comment for any other questions. Would be happy to answer if any. Please accept as "Yes" if the answer is helpful, so that it can help others in the community.