Share via

Does API Management Support 405 Status code(Method not allowed) instead of 404(Resource Not Found)

AROCKIA TAGORE I 25 Reputation points
2023-07-27T11:45:37.18+00:00

Hi,

Defining an API involves creating the resources and the allowed methods for each resource. When invoking the operation (accessing the resource) with a wrong HTTP method (for example, PUT instead of GET), the API Management service returns a 404 Resource Not Found instead of a 405 Method Not Allowed.

we have used below code in Policy but we are not getting status code 405

               
 <choose>
 <when condition="@(context.LastError.Message.Contains("Unable to match incoming request"))">
                <return-response>
                    <set-status code="405" reason="Method not allowed" />
                    <set-body>@{
                    return new JObject(
                        new JProperty("status", "HTTP 405"),
                        new JProperty("message", "Method not allowed"),
                        new JProperty("text", context.Response.StatusCode.ToString()),
                        new JProperty("errorReason", context.LastError.Message.ToString())
                    ).ToString();
                }</set-body>
                </return-response>
            </when>
            <otherwise />
        </choose>

Could you please check and let me know how to get required status code ?

Thanks,

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,144 questions
0 comments
Accepted answer
  1. MuthuKumaranMurugaachari-MSFT 22,336 Reputation points
    2023-07-27T14:15:39.5+00:00

    AROCKIA TAGORE I Thanks for posting your question in Microsoft Q&A. This is still a limitation as per current design and you can refer https://techcommunity.microsoft.com/t5/azure-paas-blog/azure-api-management-limitation-workaround-return-404-instead-of/ba-p/1588413 doc and adjust the policy code in the error handling section (for all Operations/single API/All APIs) as below.

    Policy snippet: (from the doc; validated in my APIM)

    <choose>
            <when condition="@(context.LastError.Source == "configuration" && context.LastError.Reason == "OperationNotFound")">
                <return-response>
                    <set-status code="405" reason="Method not allowed" />
                    <set-body>@{
                    return new JObject(
                        new JProperty("status", "HTTP 405"),
                        new JProperty("message", "Method not allowed"),
                        new JProperty("text", context.Response.StatusCode.ToString()),
                        new JProperty("errorReason", context.LastError.Message.ToString())
                    ).ToString();
                }</set-body>
                </return-response>
            </when>
            <otherwise />
        </choose>

    Note: The workaround above has a limitation that it will show 405 also when the request URL is not found.

    I hope this helps and let me know if you have any questions.

    If you found the answer to your question helpful, please take a moment to mark it as "Yes" for others to benefit from your experience. Or simply add a comment tagging me and would be happy to answer your questions.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.