![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 83%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
The interactive "Try it" console in the Azure API Management (APIM) developer portal sends requests from the browser, so common issues usually fall into these areas:
- CORS configuration
- The console makes client-side API calls, so CORS must be enabled on the APIs.
- Fix CORS errors by adding a CORS policy on the API(s) or configuring the portal to use a CORS proxy.
- For details, see "Enable CORS for interactive console in the API Management developer portal" referenced in the documentation.
- Using the CORS proxy vs direct calls
- By default, the Azure portal test console uses a CORS proxy with a fixed public IP and can only reach public endpoints.
- If the APIM gateway is network-isolated or blocks the proxy IP, enable the option to bypass the CORS proxy so the browser calls APIM directly.
- OAuth 2.0 configuration for the test console
- If the backend API is secured with OAuth 2.0, configure an OAuth 2.0 user authorization server in APIM and then configure the API to use it.
- In the developer portal test console, select the configured authorization server and flow (for example, Authorization code) so the console can obtain a valid access token and attach it as an Authorization: Bearer header.
- Subscription keys
- Ensure the API requires and accepts the subscription key being used.
- In the Azure portal test console, APIM automatically populates the
Ocp-Apim-Subscription-Keyheader using the built-in all-access subscription key; verify that this key is valid for the API.
- Access control to portal content
- If a user is not authorized to access a page in the developer portal, the portal returns 404 Not Found.
- Use the administrative interface’s View as feature to preview pages as different groups and verify access.
When specific symptoms (CORS error messages, 401 responses, 404 on certain pages, or OAuth login issues) are available, map them to the corresponding configuration above: CORS policy, CORS proxy usage, OAuth 2.0 test console setup, subscription key, or portal page access.
References:
- Overview of the developer portal
- API Management developer portal - frequently asked questions
- Secure access to the API Management developer portal
- How to authorize test console of developer portal by configuring OAuth 2.0 user authorization
- Import an OpenAPI specification
- Tutorial: Import and publish your first API