Kickstart your project with AVM templates.

api-management-services

report

If you believe that this package or its contents contain harmful information, please inform us.
Please be aware that we will never share your credentials.

This package contains:

Please let us know what this package contains.

Email address

Please enter a valid email address.

Please provide is us with more information.

This Bicep AVM module deploys an API Management Service. The default deployment is set to use a Premium SKU to align with Microsoft WAF-aligned best practices. In most cases, non-prod deployments should use a lower-tier SKU.

ipm add --package avm-bicep/api-management-services --version 0.12.0

Published: 23-10-2025

Project URL: https://ipmhub.io/avm-bicep

Package Type: Bicep

License: MIT

API Management Services `[Microsoft.ApiManagement/service]`

⚠️THIS MODULE IS CURRENTLY ORPHANED.⚠️

Only security and bug fixes are being handled by the AVM core team at present.

If interested in becoming the module owner of this orphaned module (must be Microsoft FTE), please look for the related "orphaned module" GitHub issue here!

This module deploys an API Management Service. The default deployment is set to use a Premium SKU to align with Microsoft WAF-aligned best practices. In most cases, non-prod deployments should use a lower-tier SKU.

Resource Types

Resource Type	API Version	References
`Microsoft.ApiManagement/service`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/apis`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/apis/diagnostics`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/apis/operations`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/apis/operations/policies`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/apis/policies`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/apiVersionSets`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/authorizationServers`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/backends`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/caches`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/identityProviders`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/loggers`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/namedValues`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/policies`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/portalsettings`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/products`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/products/apis`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/products/groups`	2024-05-01	AzAdvertizer Template reference
`Microsoft.ApiManagement/service/subscriptions`	2024-05-01	AzAdvertizer Template reference
`Microsoft.Authorization/locks`	2020-05-01	AzAdvertizer Template reference
`Microsoft.Authorization/roleAssignments`	2022-04-01	AzAdvertizer Template reference
`Microsoft.Insights/diagnosticSettings`	2021-05-01-preview	AzAdvertizer Template reference
`Microsoft.Network/privateEndpoints`	2024-10-01	AzAdvertizer Template reference
`Microsoft.Network/privateEndpoints/privateDnsZoneGroups`	2024-10-01	AzAdvertizer Template reference

Usage examples

The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.

Note: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.

Note: To reference the module, please use the following syntax ./packages/api-management-services/main.bicep.

Deploying a Consumption SKU
Using only defaults
Deploying a Developer SKU
Using large parameter set
Deploying an APIM v2 sku
WAF-aligned

Example 1: Deploying a Consumption SKU

This instance deploys the module using a Consumption SKU.

via Bicep module

module service './packages/api-management-services/main.bicep' = {
  name: 'serviceDeployment'
  params: {
    // Required parameters
    name: 'apiscon001'
    publisherEmail: 'apimgmt-noreply@mail.windowsazure.com'
    publisherName: 'az-amorg-x-001'
    // Non-required parameters
    sku: 'Consumption'
  }
}

via JSON parameters file

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    // Required parameters
    "name": {
      "value": "apiscon001"
    },
    "publisherEmail": {
      "value": "apimgmt-noreply@mail.windowsazure.com"
    },
    "publisherName": {
      "value": "az-amorg-x-001"
    },
    // Non-required parameters
    "sku": {
      "value": "Consumption"
    }
  }
}

via Bicep parameters file

using './packages/api-management-services/main.bicep'

// Required parameters
param name = 'apiscon001'
param publisherEmail = 'apimgmt-noreply@mail.windowsazure.com'
param publisherName = 'az-amorg-x-001'
// Non-required parameters
param sku = 'Consumption'

Example 2: Using only defaults

This instance deploys the module with the minimum set of required parameters.

via Bicep module

module service './packages/api-management-services/main.bicep' = {
  name: 'serviceDeployment'
  params: {
    // Required parameters
    name: 'apismin001'
    publisherEmail: 'apimgmt-noreply@mail.windowsazure.com'
    publisherName: 'az-amorg-x-001'
  }
}

via JSON parameters file

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    // Required parameters
    "name": {
      "value": "apismin001"
    },
    "publisherEmail": {
      "value": "apimgmt-noreply@mail.windowsazure.com"
    },
    "publisherName": {
      "value": "az-amorg-x-001"
    }
  }
}

via Bicep parameters file

using './packages/api-management-services/main.bicep'

// Required parameters
param name = 'apismin001'
param publisherEmail = 'apimgmt-noreply@mail.windowsazure.com'
param publisherName = 'az-amorg-x-001'

Example 3: Deploying a Developer SKU

This instance deploys the module using a Developer SKU.

via Bicep module

module service './packages/api-management-services/main.bicep' = {
  name: 'serviceDeployment'
  params: {
    // Required parameters
    name: 'apisdev001'
    publisherEmail: 'apimgmt-noreply@mail.windowsazure.com'
    publisherName: 'az-amorg-x-001'
    // Non-required parameters
    enableDeveloperPortal: true
    sku: 'Developer'
  }
}

via JSON parameters file

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    // Required parameters
    "name": {
      "value": "apisdev001"
    },
    "publisherEmail": {
      "value": "apimgmt-noreply@mail.windowsazure.com"
    },
    "publisherName": {
      "value": "az-amorg-x-001"
    },
    // Non-required parameters
    "enableDeveloperPortal": {
      "value": true
    },
    "sku": {
      "value": "Developer"
    }
  }
}

via Bicep parameters file

using './packages/api-management-services/main.bicep'

// Required parameters
param name = 'apisdev001'
param publisherEmail = 'apimgmt-noreply@mail.windowsazure.com'
param publisherName = 'az-amorg-x-001'
// Non-required parameters
param enableDeveloperPortal = true
param sku = 'Developer'

Example 4: Using large parameter set

This instance deploys the module with most of its features enabled.

via Bicep module

module service './packages/api-management-services/main.bicep' = {
  name: 'serviceDeployment'
  params: {
    // Required parameters
    name: 'apismax001'
    publisherEmail: 'apimgmt-noreply@mail.windowsazure.com'
    publisherName: 'az-amorg-x-001'
    // Non-required parameters
    additionalLocations: [
      {
        disableGateway: false
        location: '<location>'
        publicIpAddressResourceId: '<publicIpAddressResourceId>'
        sku: {
          capacity: 1
          name: 'Premium'
        }
        virtualNetworkConfiguration: {
          subnetResourceId: '<subnetResourceId>'
        }
      }
    ]
    apiDiagnostics: [
      {
        apiName: 'echo-api'
        loggerName: 'logger'
        metrics: true
        name: 'applicationinsights'
      }
    ]
    apis: [
      {
        apiVersionSetName: 'echo-version-set'
        displayName: 'Echo API'
        name: 'echo-api'
        path: 'echo'
        protocols: [
          'http'
          'https'
        ]
        serviceUrl: 'http://echoapi.cloudapp.net/api'
      }
    ]
    apiVersionSets: [
      {
        description: 'echo-version-set'
        displayName: 'echo-version-set'
        name: 'echo-version-set'
        versioningScheme: 'Segment'
      }
    ]
    authorizationServers: [
      {
        authorizationEndpoint: '<authorizationEndpoint>'
        clientId: 'apimclientid'
        clientRegistrationEndpoint: 'http://localhost'
        clientSecret: '<clientSecret>'
        displayName: 'AuthServer1'
        grantTypes: [
          'authorizationCode'
        ]
        name: 'AuthServer1'
        tokenEndpoint: '<tokenEndpoint>'
      }
    ]
    backends: [
      {
        name: 'backend'
        tls: {
          validateCertificateChain: false
          validateCertificateName: false
        }
        url: 'http://echoapi.cloudapp.net/api'
      }
    ]
    caches: [
      {
        connectionString: 'connectionstringtest'
        name: 'westeurope'
        useFromLocation: 'westeurope'
      }
    ]
    diagnosticSettings: [
      {
        eventHubAuthorizationRuleResourceId: '<eventHubAuthorizationRuleResourceId>'
        eventHubName: '<eventHubName>'
        metricCategories: [
          {
            category: 'AllMetrics'
          }
        ]
        name: 'customSetting'
        storageAccountResourceId: '<storageAccountResourceId>'
        workspaceResourceId: '<workspaceResourceId>'
      }
    ]
    identityProviders: [
      {
        allowedTenants: [
          'mytenant.onmicrosoft.com'
        ]
        authority: '<authority>'
        clientId: 'apimClientid'
        clientLibrary: 'MSAL-2'
        clientSecret: 'apimSlientSecret'
        name: 'aad'
        signInTenant: 'mytenant.onmicrosoft.com'
      }
    ]
    location: '<location>'
    lock: {
      kind: 'CanNotDelete'
      name: 'myCustomLockName'
    }
    loggers: [
      {
        credentials: {
          instrumentationKey: '<instrumentationKey>'
        }
        description: 'Logger to Azure Application Insights'
        isBuffered: false
        name: 'logger'
        targetResourceId: '<targetResourceId>'
        type: 'applicationInsights'
      }
    ]
    managedIdentities: {
      systemAssigned: true
      userAssignedResourceIds: [
        '<managedIdentityResourceId>'
      ]
    }
    namedValues: [
      {
        displayName: 'apimkey'
        name: 'apimkey'
        secret: true
      }
    ]
    policies: [
      {
        format: 'xml'
        value: '<policies> <inbound> <rate-limit-by-key calls=\'250\' renewal-period=\'60\' counter-key=\'@(context.Request.IpAddress)\' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>'
      }
    ]
    portalsettings: [
      {
        name: 'signin'
        properties: {
          enabled: false
        }
      }
      {
        name: 'signup'
        properties: {
          enabled: false
          termsOfService: {
            consentRequired: false
            enabled: false
          }
        }
      }
    ]
    products: [
      {
        apis: [
          'echo-api'
        ]
        approvalRequired: false
        displayName: 'Starter'
        groups: [
          'developers'
        ]
        name: 'Starter'
        subscriptionRequired: false
      }
    ]
    publicIpAddressResourceId: '<publicIpAddressResourceId>'
    publicNetworkAccess: 'Enabled'
    roleAssignments: [
      {
        name: '6352c3e3-ac6b-43d5-ac43-1077ff373721'
        principalId: '<principalId>'
        principalType: 'ServicePrincipal'
        roleDefinitionIdOrName: 'Owner'
      }
      {
        name: '<name>'
        principalId: '<principalId>'
        principalType: 'ServicePrincipal'
        roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
      }
      {
        principalId: '<principalId>'
        principalType: 'ServicePrincipal'
        roleDefinitionIdOrName: '<roleDefinitionIdOrName>'
      }
    ]
    subnetResourceId: '<subnetResourceId>'
    subscriptions: [
      {
        displayName: 'testArmSubscriptionAllApis'
        name: 'testArmSubscriptionAllApis'
        scope: '/apis'
      }
    ]
    tags: {
      Environment: 'Non-Prod'
      'hidden-title': 'This is visible in the resource name'
      Role: 'DeploymentValidation'
    }
    virtualNetworkType: 'Internal'
  }
}

via JSON parameters file

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    // Required parameters
    "name": {
      "value": "apismax001"
    },
    "publisherEmail": {
      "value": "apimgmt-noreply@mail.windowsazure.com"
    },
    "publisherName": {
      "value": "az-amorg-x-001"
    },
    // Non-required parameters
    "additionalLocations": {
      "value": [
        {
          "disableGateway": false,
          "location": "<location>",
          "publicIpAddressResourceId": "<publicIpAddressResourceId>",
          "sku": {
            "capacity": 1,
            "name": "Premium"
          },
          "virtualNetworkConfiguration": {
            "subnetResourceId": "<subnetResourceId>"
          }
        }
      ]
    },
    "apiDiagnostics": {
      "value": [
        {
          "apiName": "echo-api",
          "loggerName": "logger",
          "metrics": true,
          "name": "applicationinsights"
        }
      ]
    },
    "apis": {
      "value": [
        {
          "apiVersionSetName": "echo-version-set",
          "displayName": "Echo API",
          "name": "echo-api",
          "path": "echo",
          "protocols": [
            "http",
            "https"
          ],
          "serviceUrl": "http://echoapi.cloudapp.net/api"
        }
      ]
    },
    "apiVersionSets": {
      "value": [
        {
          "description": "echo-version-set",
          "displayName": "echo-version-set",
          "name": "echo-version-set",
          "versioningScheme": "Segment"
        }
      ]
    },
    "authorizationServers": {
      "value": [
        {
          "authorizationEndpoint": "<authorizationEndpoint>",
          "clientId": "apimclientid",
          "clientRegistrationEndpoint": "http://localhost",
          "clientSecret": "<clientSecret>",
          "displayName": "AuthServer1",
          "grantTypes": [
            "authorizationCode"
          ],
          "name": "AuthServer1",
          "tokenEndpoint": "<tokenEndpoint>"
        }
      ]
    },
    "backends": {
      "value": [
        {
          "name": "backend",
          "tls": {
            "validateCertificateChain": false,
            "validateCertificateName": false
          },
          "url": "http://echoapi.cloudapp.net/api"
        }
      ]
    },
    "caches": {
      "value": [
        {
          "connectionString": "connectionstringtest",
          "name": "westeurope",
          "useFromLocation": "westeurope"
        }
      ]
    },
    "diagnosticSettings": {
      "value": [
        {
          "eventHubAuthorizationRuleResourceId": "<eventHubAuthorizationRuleResourceId>",
          "eventHubName": "<eventHubName>",
          "metricCategories": [
            {
              "category": "AllMetrics"
            }
          ],
          "name": "customSetting",
          "storageAccountResourceId": "<storageAccountResourceId>",
          "workspaceResourceId": "<workspaceResourceId>"
        }
      ]
    },
    "identityProviders": {
      "value": [
        {
          "allowedTenants": [
            "mytenant.onmicrosoft.com"
          ],
          "authority": "<authority>",
          "clientId": "apimClientid",
          "clientLibrary": "MSAL-2",
          "clientSecret": "apimSlientSecret",
          "name": "aad",
          "signInTenant": "mytenant.onmicrosoft.com"
        }
      ]
    },
    "location": {
      "value": "<location>"
    },
    "lock": {
      "value": {
        "kind": "CanNotDelete",
        "name": "myCustomLockName"
      }
    },
    "loggers": {
      "value": [
        {
          "credentials": {
            "instrumentationKey": "<instrumentationKey>"
          },
          "description": "Logger to Azure Application Insights",
          "isBuffered": false,
          "name": "logger",
          "targetResourceId": "<targetResourceId>",
          "type": "applicationInsights"
        }
      ]
    },
    "managedIdentities": {
      "value": {
        "systemAssigned": true,
        "userAssignedResourceIds": [
          "<managedIdentityResourceId>"
        ]
      }
    },
    "namedValues": {
      "value": [
        {
          "displayName": "apimkey",
          "name": "apimkey",
          "secret": true
        }
      ]
    },
    "policies": {
      "value": [
        {
          "format": "xml",
          "value": "<policies> <inbound> <rate-limit-by-key calls=\"250\" renewal-period=\"60\" counter-key=\"@(context.Request.IpAddress)\" /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>"
        }
      ]
    },
    "portalsettings": {
      "value": [
        {
          "name": "signin",
          "properties": {
            "enabled": false
          }
        },
        {
          "name": "signup",
          "properties": {
            "enabled": false,
            "termsOfService": {
              "consentRequired": false,
              "enabled": false
            }
          }
        }
      ]
    },
    "products": {
      "value": [
        {
          "apis": [
            "echo-api"
          ],
          "approvalRequired": false,
          "displayName": "Starter",
          "groups": [
            "developers"
          ],
          "name": "Starter",
          "subscriptionRequired": false
        }
      ]
    },
    "publicIpAddressResourceId": {
      "value": "<publicIpAddressResourceId>"
    },
    "publicNetworkAccess": {
      "value": "Enabled"
    },
    "roleAssignments": {
      "value": [
        {
          "name": "6352c3e3-ac6b-43d5-ac43-1077ff373721",
          "principalId": "<principalId>",
          "principalType": "ServicePrincipal",
          "roleDefinitionIdOrName": "Owner"
        },
        {
          "name": "<name>",
          "principalId": "<principalId>",
          "principalType": "ServicePrincipal",
          "roleDefinitionIdOrName": "b24988ac-6180-42a0-ab88-20f7382dd24c"
        },
        {
          "principalId": "<principalId>",
          "principalType": "ServicePrincipal",
          "roleDefinitionIdOrName": "<roleDefinitionIdOrName>"
        }
      ]
    },
    "subnetResourceId": {
      "value": "<subnetResourceId>"
    },
    "subscriptions": {
      "value": [
        {
          "displayName": "testArmSubscriptionAllApis",
          "name": "testArmSubscriptionAllApis",
          "scope": "/apis"
        }
      ]
    },
    "tags": {
      "value": {
        "Environment": "Non-Prod",
        "hidden-title": "This is visible in the resource name",
        "Role": "DeploymentValidation"
      }
    },
    "virtualNetworkType": {
      "value": "Internal"
    }
  }
}

via Bicep parameters file

using './packages/api-management-services/main.bicep'

// Required parameters
param name = 'apismax001'
param publisherEmail = 'apimgmt-noreply@mail.windowsazure.com'
param publisherName = 'az-amorg-x-001'
// Non-required parameters
param additionalLocations = [
  {
    disableGateway: false
    location: '<location>'
    publicIpAddressResourceId: '<publicIpAddressResourceId>'
    sku: {
      capacity: 1
      name: 'Premium'
    }
    virtualNetworkConfiguration: {
      subnetResourceId: '<subnetResourceId>'
    }
  }
]
param apiDiagnostics = [
  {
    apiName: 'echo-api'
    loggerName: 'logger'
    metrics: true
    name: 'applicationinsights'
  }
]
param apis = [
  {
    apiVersionSetName: 'echo-version-set'
    displayName: 'Echo API'
    name: 'echo-api'
    path: 'echo'
    protocols: [
      'http'
      'https'
    ]
    serviceUrl: 'http://echoapi.cloudapp.net/api'
  }
]
param apiVersionSets = [
  {
    description: 'echo-version-set'
    displayName: 'echo-version-set'
    name: 'echo-version-set'
    versioningScheme: 'Segment'
  }
]
param authorizationServers = [
  {
    authorizationEndpoint: '<authorizationEndpoint>'
    clientId: 'apimclientid'
    clientRegistrationEndpoint: 'http://localhost'
    clientSecret: '<clientSecret>'
    displayName: 'AuthServer1'
    grantTypes: [
      'authorizationCode'
    ]
    name: 'AuthServer1'
    tokenEndpoint: '<tokenEndpoint>'
  }
]
param backends = [
  {
    name: 'backend'
    tls: {
      validateCertificateChain: false
      validateCertificateName: false
    }
    url: 'http://echoapi.cloudapp.net/api'
  }
]
param caches = [
  {
    connectionString: 'connectionstringtest'
    name: 'westeurope'
    useFromLocation: 'westeurope'
  }
]
param diagnosticSettings = [
  {
    eventHubAuthorizationRuleResourceId: '<eventHubAuthorizationRuleResourceId>'
    eventHubName: '<eventHubName>'
    metricCategories: [
      {
        category: 'AllMetrics'
      }
    ]
    name: 'customSetting'
    storageAccountResourceId: '<storageAccountResourceId>'
    workspaceResourceId: '<workspaceResourceId>'
  }
]
param identityProviders = [
  {
    allowedTenants: [
      'mytenant.onmicrosoft.com'
    ]
    authority: '<authority>'
    clientId: 'apimClientid'
    clientLibrary: 'MSAL-2'
    clientSecret: 'apimSlientSecret'
    name: 'aad'
    signInTenant: 'mytenant.onmicrosoft.com'
  }
]
param location = '<location>'
param lock = {
  kind: 'CanNotDelete'
  name: 'myCustomLockName'
}
param loggers = [
  {
    credentials: {
      instrumentationKey: '<instrumentationKey>'
    }
    description: 'Logger to Azure Application Insights'
    isBuffered: false
    name: 'logger'
    targetResourceId: '<targetResourceId>'
    type: 'applicationInsights'
  }
]
param managedIdentities = {
  systemAssigned: true
  userAssignedResourceIds: [
    '<managedIdentityResourceId>'
  ]
}
param namedValues = [
  {
    displayName: 'apimkey'
    name: 'apimkey'
    secret: true
  }
]
param policies = [
  {
    format: 'xml'
    value: '<policies> <inbound> <rate-limit-by-key calls=\'250\' renewal-period=\'60\' counter-key=\'@(context.Request.IpAddress)\' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>'
  }
]
param portalsettings = [
  {
    name: 'signin'
    properties: {
      enabled: false
    }
  }
  {
    name: 'signup'
    properties: {
      enabled: false
      termsOfService: {
        consentRequired: false
        enabled: false
      }
    }
  }
]
param products = [
  {
    apis: [
      'echo-api'
    ]
    approvalRequired: false
    displayName: 'Starter'
    groups: [
      'developers'
    ]
    name: 'Starter'
    subscriptionRequired: false
  }
]
param publicIpAddressResourceId = '<publicIpAddressResourceId>'
param publicNetworkAccess = 'Enabled'
param roleAssignments = [
  {
    name: '6352c3e3-ac6b-43d5-ac43-1077ff373721'
    principalId: '<principalId>'
    principalType: 'ServicePrincipal'
    roleDefinitionIdOrName: 'Owner'
  }
  {
    name: '<name>'
    principalId: '<principalId>'
    principalType: 'ServicePrincipal'
    roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
  }
  {
    principalId: '<principalId>'
    principalType: 'ServicePrincipal'
    roleDefinitionIdOrName: '<roleDefinitionIdOrName>'
  }
]
param subnetResourceId = '<subnetResourceId>'
param subscriptions = [
  {
    displayName: 'testArmSubscriptionAllApis'
    name: 'testArmSubscriptionAllApis'
    scope: '/apis'
  }
]
param tags = {
  Environment: 'Non-Prod'
  'hidden-title': 'This is visible in the resource name'
  Role: 'DeploymentValidation'
}
param virtualNetworkType = 'Internal'

Example 5: Deploying an APIM v2 sku

This instance deploys the module using a v2 SKU.

via Bicep module

module service './packages/api-management-services/main.bicep' = {
  name: 'serviceDeployment'
  params: {
    // Required parameters
    name: 'apisv2s001'
    publisherEmail: 'apimgmt-noreply@mail.windowsazure.com'
    publisherName: 'az-amorg-x-001'
    // Non-required parameters
    enableDeveloperPortal: true
    sku: 'BasicV2'
  }
}

via JSON parameters file

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    // Required parameters
    "name": {
      "value": "apisv2s001"
    },
    "publisherEmail": {
      "value": "apimgmt-noreply@mail.windowsazure.com"
    },
    "publisherName": {
      "value": "az-amorg-x-001"
    },
    // Non-required parameters
    "enableDeveloperPortal": {
      "value": true
    },
    "sku": {
      "value": "BasicV2"
    }
  }
}

via Bicep parameters file

using './packages/api-management-services/main.bicep'

// Required parameters
param name = 'apisv2s001'
param publisherEmail = 'apimgmt-noreply@mail.windowsazure.com'
param publisherName = 'az-amorg-x-001'
// Non-required parameters
param enableDeveloperPortal = true
param sku = 'BasicV2'

Example 6: WAF-aligned

This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.

via Bicep module

module service './packages/api-management-services/main.bicep' = {
  name: 'serviceDeployment'
  params: {
    // Required parameters
    name: 'apiswaf002'
    publisherEmail: 'apimgmt-noreply@mail.windowsazure.com'
    publisherName: 'az-amorg-x-001'
    // Non-required parameters
    additionalLocations: [
      {
        availabilityZones: [
          1
          2
          3
        ]
        disableGateway: false
        location: '<location>'
        sku: {
          capacity: 3
          name: 'Premium'
        }
      }
    ]
    apis: [
      {
        apiVersionSetName: 'echo-version-set'
        description: 'An echo API service'
        displayName: 'Echo API'
        name: 'echo-api'
        path: 'echo'
        protocols: [
          'https'
        ]
        serviceUrl: 'https://echoapi.cloudapp.net/api'
      }
    ]
    apiVersionSets: [
      {
        description: 'An echo API version set'
        displayName: 'Echo version set'
        name: 'echo-version-set'
        versioningScheme: 'Segment'
      }
    ]
    authorizationServers: [
      {
        authorizationEndpoint: '<authorizationEndpoint>'
        clientId: 'apimClientid'
        clientRegistrationEndpoint: 'https://localhost'
        clientSecret: '<clientSecret>'
        displayName: 'AuthServer1'
        grantTypes: [
          'authorizationCode'
        ]
        name: 'AuthServer1'
        tokenEndpoint: '<tokenEndpoint>'
      }
    ]
    backends: [
      {
        name: 'backend'
        tls: {
          validateCertificateChain: true
          validateCertificateName: true
        }
        url: 'https://echoapi.cloudapp.net/api'
      }
    ]
    caches: [
      {
        connectionString: 'connectionstringtest'
        name: 'westeurope'
        useFromLocation: 'westeurope'
      }
    ]
    customProperties: {
      'Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2': 'True'
      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'False'
      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'False'
      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'False'
      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'False'
      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'False'
      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'False'
      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'False'
      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'False'
      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'False'
      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'False'
      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'False'
      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'False'
      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'False'
      'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'False'
    }
    diagnosticSettings: [
      {
        eventHubAuthorizationRuleResourceId: '<eventHubAuthorizationRuleResourceId>'
        eventHubName: '<eventHubName>'
        storageAccountResourceId: '<storageAccountResourceId>'
        workspaceResourceId: '<workspaceResourceId>'
      }
    ]
    identityProviders: [
      {
        allowedTenants: [
          'mytenant.onmicrosoft.com'
        ]
        authority: '<authority>'
        clientId: 'apimClientid'
        clientLibrary: 'MSAL-2'
        clientSecret: '<clientSecret>'
        name: 'aad'
        signInTenant: 'mytenant.onmicrosoft.com'
      }
    ]
    loggers: [
      {
        credentials: {
          instrumentationKey: '<instrumentationKey>'
        }
        description: 'Logger to Azure Application Insights'
        isBuffered: false
        name: 'logger'
        targetResourceId: '<targetResourceId>'
        type: 'applicationInsights'
      }
    ]
    managedIdentities: {
      systemAssigned: true
      userAssignedResourceIds: [
        '<managedIdentityResourceId>'
      ]
    }
    namedValues: [
      {
        displayName: 'apimkey'
        name: 'apimkey'
        secret: true
      }
    ]
    policies: [
      {
        format: 'xml'
        value: '<policies> <inbound> <rate-limit-by-key calls=\'250\' renewal-period=\'60\' counter-key=\'@(context.Request.IpAddress)\' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>'
      }
    ]
    portalsettings: [
      {
        name: 'signin'
        properties: {
          enabled: false
        }
      }
      {
        name: 'signup'
        properties: {
          enabled: false
          termsOfService: {
            consentRequired: false
            enabled: false
          }
        }
      }
    ]
    privateEndpoints: [
      {
        privateDnsZoneGroup: {
          privateDnsZoneGroupConfigs: [
            {
              privateDnsZoneResourceId: '<privateDnsZoneResourceId>'
            }
          ]
        }
        subnetResourceId: '<subnetResourceId>'
      }
    ]
    products: [
      {
        apis: [
          'echo-api'
        ]
        approvalRequired: true
        description: 'This is an echo API'
        displayName: 'Echo API'
        groups: [
          'developers'
        ]
        name: 'Starter'
        subscriptionRequired: true
        terms: 'By accessing or using the services provided by Echo API through Azure API Management, you agree to be bound by these Terms of Use. These terms may be updated from time to time, and your continued use of the services constitutes acceptance of any changes.'
      }
    ]
    publicNetworkAccess: '<publicNetworkAccess>'
    subscriptions: [
      {
        displayName: 'testArmSubscriptionAllApis'
        name: 'testArmSubscriptionAllApis'
        scope: '/apis'
      }
    ]
    tags: {
      Environment: 'Non-Prod'
      'hidden-title': 'This is visible in the resource name'
      Role: 'DeploymentValidation'
    }
  }
}

via JSON parameters file

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    // Required parameters
    "name": {
      "value": "apiswaf002"
    },
    "publisherEmail": {
      "value": "apimgmt-noreply@mail.windowsazure.com"
    },
    "publisherName": {
      "value": "az-amorg-x-001"
    },
    // Non-required parameters
    "additionalLocations": {
      "value": [
        {
          "availabilityZones": [
            1,
            2,
            3
          ],
          "disableGateway": false,
          "location": "<location>",
          "sku": {
            "capacity": 3,
            "name": "Premium"
          }
        }
      ]
    },
    "apis": {
      "value": [
        {
          "apiVersionSetName": "echo-version-set",
          "description": "An echo API service",
          "displayName": "Echo API",
          "name": "echo-api",
          "path": "echo",
          "protocols": [
            "https"
          ],
          "serviceUrl": "https://echoapi.cloudapp.net/api"
        }
      ]
    },
    "apiVersionSets": {
      "value": [
        {
          "description": "An echo API version set",
          "displayName": "Echo version set",
          "name": "echo-version-set",
          "versioningScheme": "Segment"
        }
      ]
    },
    "authorizationServers": {
      "value": [
        {
          "authorizationEndpoint": "<authorizationEndpoint>",
          "clientId": "apimClientid",
          "clientRegistrationEndpoint": "https://localhost",
          "clientSecret": "<clientSecret>",
          "displayName": "AuthServer1",
          "grantTypes": [
            "authorizationCode"
          ],
          "name": "AuthServer1",
          "tokenEndpoint": "<tokenEndpoint>"
        }
      ]
    },
    "backends": {
      "value": [
        {
          "name": "backend",
          "tls": {
            "validateCertificateChain": true,
            "validateCertificateName": true
          },
          "url": "https://echoapi.cloudapp.net/api"
        }
      ]
    },
    "caches": {
      "value": [
        {
          "connectionString": "connectionstringtest",
          "name": "westeurope",
          "useFromLocation": "westeurope"
        }
      ]
    },
    "customProperties": {
      "value": {
        "Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2": "True",
        "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30": "False",
        "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10": "False",
        "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11": "False",
        "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": "False",
        "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": "False",
        "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA": "False",
        "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256": "False",
        "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256": "False",
        "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA": "False",
        "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256": "False",
        "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168": "False",
        "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30": "False",
        "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10": "False",
        "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11": "False"
      }
    },
    "diagnosticSettings": {
      "value": [
        {
          "eventHubAuthorizationRuleResourceId": "<eventHubAuthorizationRuleResourceId>",
          "eventHubName": "<eventHubName>",
          "storageAccountResourceId": "<storageAccountResourceId>",
          "workspaceResourceId": "<workspaceResourceId>"
        }
      ]
    },
    "identityProviders": {
      "value": [
        {
          "allowedTenants": [
            "mytenant.onmicrosoft.com"
          ],
          "authority": "<authority>",
          "clientId": "apimClientid",
          "clientLibrary": "MSAL-2",
          "clientSecret": "<clientSecret>",
          "name": "aad",
          "signInTenant": "mytenant.onmicrosoft.com"
        }
      ]
    },
    "loggers": {
      "value": [
        {
          "credentials": {
            "instrumentationKey": "<instrumentationKey>"
          },
          "description": "Logger to Azure Application Insights",
          "isBuffered": false,
          "name": "logger",
          "targetResourceId": "<targetResourceId>",
          "type": "applicationInsights"
        }
      ]
    },
    "managedIdentities": {
      "value": {
        "systemAssigned": true,
        "userAssignedResourceIds": [
          "<managedIdentityResourceId>"
        ]
      }
    },
    "namedValues": {
      "value": [
        {
          "displayName": "apimkey",
          "name": "apimkey",
          "secret": true
        }
      ]
    },
    "policies": {
      "value": [
        {
          "format": "xml",
          "value": "<policies> <inbound> <rate-limit-by-key calls=\"250\" renewal-period=\"60\" counter-key=\"@(context.Request.IpAddress)\" /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>"
        }
      ]
    },
    "portalsettings": {
      "value": [
        {
          "name": "signin",
          "properties": {
            "enabled": false
          }
        },
        {
          "name": "signup",
          "properties": {
            "enabled": false,
            "termsOfService": {
              "consentRequired": false,
              "enabled": false
            }
          }
        }
      ]
    },
    "privateEndpoints": {
      "value": [
        {
          "privateDnsZoneGroup": {
            "privateDnsZoneGroupConfigs": [
              {
                "privateDnsZoneResourceId": "<privateDnsZoneResourceId>"
              }
            ]
          },
          "subnetResourceId": "<subnetResourceId>"
        }
      ]
    },
    "products": {
      "value": [
        {
          "apis": [
            "echo-api"
          ],
          "approvalRequired": true,
          "description": "This is an echo API",
          "displayName": "Echo API",
          "groups": [
            "developers"
          ],
          "name": "Starter",
          "subscriptionRequired": true,
          "terms": "By accessing or using the services provided by Echo API through Azure API Management, you agree to be bound by these Terms of Use. These terms may be updated from time to time, and your continued use of the services constitutes acceptance of any changes."
        }
      ]
    },
    "publicNetworkAccess": {
      "value": "<publicNetworkAccess>"
    },
    "subscriptions": {
      "value": [
        {
          "displayName": "testArmSubscriptionAllApis",
          "name": "testArmSubscriptionAllApis",
          "scope": "/apis"
        }
      ]
    },
    "tags": {
      "value": {
        "Environment": "Non-Prod",
        "hidden-title": "This is visible in the resource name",
        "Role": "DeploymentValidation"
      }
    }
  }
}

via Bicep parameters file

using './packages/api-management-services/main.bicep'

// Required parameters
param name = 'apiswaf002'
param publisherEmail = 'apimgmt-noreply@mail.windowsazure.com'
param publisherName = 'az-amorg-x-001'
// Non-required parameters
param additionalLocations = [
  {
    availabilityZones: [
      1
      2
      3
    ]
    disableGateway: false
    location: '<location>'
    sku: {
      capacity: 3
      name: 'Premium'
    }
  }
]
param apis = [
  {
    apiVersionSetName: 'echo-version-set'
    description: 'An echo API service'
    displayName: 'Echo API'
    name: 'echo-api'
    path: 'echo'
    protocols: [
      'https'
    ]
    serviceUrl: 'https://echoapi.cloudapp.net/api'
  }
]
param apiVersionSets = [
  {
    description: 'An echo API version set'
    displayName: 'Echo version set'
    name: 'echo-version-set'
    versioningScheme: 'Segment'
  }
]
param authorizationServers = [
  {
    authorizationEndpoint: '<authorizationEndpoint>'
    clientId: 'apimClientid'
    clientRegistrationEndpoint: 'https://localhost'
    clientSecret: '<clientSecret>'
    displayName: 'AuthServer1'
    grantTypes: [
      'authorizationCode'
    ]
    name: 'AuthServer1'
    tokenEndpoint: '<tokenEndpoint>'
  }
]
param backends = [
  {
    name: 'backend'
    tls: {
      validateCertificateChain: true
      validateCertificateName: true
    }
    url: 'https://echoapi.cloudapp.net/api'
  }
]
param caches = [
  {
    connectionString: 'connectionstringtest'
    name: 'westeurope'
    useFromLocation: 'westeurope'
  }
]
param customProperties = {
  'Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2': 'True'
  'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30': 'False'
  'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10': 'False'
  'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11': 'False'
  'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'False'
  'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'False'
  'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'False'
  'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'False'
  'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'False'
  'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'False'
  'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'False'
  'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'False'
  'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30': 'False'
  'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10': 'False'
  'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11': 'False'
}
param diagnosticSettings = [
  {
    eventHubAuthorizationRuleResourceId: '<eventHubAuthorizationRuleResourceId>'
    eventHubName: '<eventHubName>'
    storageAccountResourceId: '<storageAccountResourceId>'
    workspaceResourceId: '<workspaceResourceId>'
  }
]
param identityProviders = [
  {
    allowedTenants: [
      'mytenant.onmicrosoft.com'
    ]
    authority: '<authority>'
    clientId: 'apimClientid'
    clientLibrary: 'MSAL-2'
    clientSecret: '<clientSecret>'
    name: 'aad'
    signInTenant: 'mytenant.onmicrosoft.com'
  }
]
param loggers = [
  {
    credentials: {
      instrumentationKey: '<instrumentationKey>'
    }
    description: 'Logger to Azure Application Insights'
    isBuffered: false
    name: 'logger'
    targetResourceId: '<targetResourceId>'
    type: 'applicationInsights'
  }
]
param managedIdentities = {
  systemAssigned: true
  userAssignedResourceIds: [
    '<managedIdentityResourceId>'
  ]
}
param namedValues = [
  {
    displayName: 'apimkey'
    name: 'apimkey'
    secret: true
  }
]
param policies = [
  {
    format: 'xml'
    value: '<policies> <inbound> <rate-limit-by-key calls=\'250\' renewal-period=\'60\' counter-key=\'@(context.Request.IpAddress)\' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>'
  }
]
param portalsettings = [
  {
    name: 'signin'
    properties: {
      enabled: false
    }
  }
  {
    name: 'signup'
    properties: {
      enabled: false
      termsOfService: {
        consentRequired: false
        enabled: false
      }
    }
  }
]
param privateEndpoints = [
  {
    privateDnsZoneGroup: {
      privateDnsZoneGroupConfigs: [
        {
          privateDnsZoneResourceId: '<privateDnsZoneResourceId>'
        }
      ]
    }
    subnetResourceId: '<subnetResourceId>'
  }
]
param products = [
  {
    apis: [
      'echo-api'
    ]
    approvalRequired: true
    description: 'This is an echo API'
    displayName: 'Echo API'
    groups: [
      'developers'
    ]
    name: 'Starter'
    subscriptionRequired: true
    terms: 'By accessing or using the services provided by Echo API through Azure API Management, you agree to be bound by these Terms of Use. These terms may be updated from time to time, and your continued use of the services constitutes acceptance of any changes.'
  }
]
param publicNetworkAccess = '<publicNetworkAccess>'
param subscriptions = [
  {
    displayName: 'testArmSubscriptionAllApis'
    name: 'testArmSubscriptionAllApis'
    scope: '/apis'
  }
]
param tags = {
  Environment: 'Non-Prod'
  'hidden-title': 'This is visible in the resource name'
  Role: 'DeploymentValidation'
}

Parameters

Required parameters

Parameter	Type	Description
`name`	string	The name of the API Management service.
`publisherEmail`	string	The email address of the owner of the service.
`publisherName`	string	The name of the owner of the service.

Conditional parameters

Parameter	Type	Description
`skuCapacity`	int	The scale units for this API Management service. Required if using Basic, Standard, or Premium skus. For range of capacities for each sku, reference https://azure.microsoft.com/en-us/pricing/details/api-management/.

Optional parameters

Parameter	Type	Description
`additionalLocations`	array	Additional datacenter locations of the API Management service. Not supported with V2 SKUs.
`apiDiagnostics`	array	API Diagnostics.
`apis`	array	APIs.
`apiVersionSets`	array	API Version Sets.
`authorizationServers`	array	Authorization servers.
`availabilityZones`	array	A list of availability zones denoting where the resource needs to come from. Only supported by Premium sku.
`backends`	array	Backends.
`caches`	array	Caches.
`certificates`	array	List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10.
`customProperties`	object	Custom properties of the API Management service. Not supported if SKU is Consumption.
`diagnosticSettings`	array	The diagnostic settings of the service.
`disableGateway`	bool	Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region.
`enableClientCertificate`	bool	Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway.
`enableDeveloperPortal`	bool	Enable the Developer Portal. The developer portal is not supported on the Consumption SKU.
`enableTelemetry`	bool	Enable/Disable usage telemetry for module.
`hostnameConfigurations`	array	Custom hostname configuration of the API Management service.
`identityProviders`	array	Identity providers.
`location`	string	Location for all Resources.
`lock`	object	The lock settings of the service.
`loggers`	array	Loggers.
`managedIdentities`	object	The managed identity definition for this resource.
`minApiVersion`	string	Limit control plane API calls to API Management service with version equal to or newer than this value.
`namedValues`	array	Named values.
`newGuidValue`	string	Necessary to create a new GUID.
`notificationSenderEmail`	string	The notification sender email address for the service.
`policies`	array	Policies.
`portalsettings`	array	Portal settings.
`privateEndpoints`	array	Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.
`products`	array	Products.
`publicIpAddressResourceId`	string	Public Standard SKU IP V4 based IP address to be associated with Virtual Network deployed service in the region. Supported only for Developer and Premium SKU being deployed in Virtual Network.
`publicNetworkAccess`	string	Whether or not public endpoint access is allowed for this API Management service. If set to 'Disabled', private endpoints are the exclusive access method. MUST be enabled during service creation.
`restore`	bool	Undelete API Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored.
`roleAssignments`	array	Array of role assignments to create.
`sku`	string	The pricing tier of this API Management service.
`subnetResourceId`	string	The full resource ID of a subnet in a virtual network to deploy the API Management service in.
`subscriptions`	array	Subscriptions.
`tags`	object	Tags of the resource.
`virtualNetworkType`	string	The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only.

Parameter: `name`

The name of the API Management service.

Required: Yes
Type: string

Parameter: `publisherEmail`

The email address of the owner of the service.

Required: Yes
Type: string

Parameter: `publisherName`

The name of the owner of the service.

Required: Yes
Type: string

Parameter: `skuCapacity`

The scale units for this API Management service. Required if using Basic, Standard, or Premium skus. For range of capacities for each sku, reference https://azure.microsoft.com/en-us/pricing/details/api-management/.

Required: No
Type: int
Default: 3

Parameter: `additionalLocations`

Additional datacenter locations of the API Management service. Not supported with V2 SKUs.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`location`	string	The location name of the additional region among Azure Data center regions.
`sku`	object	SKU properties of the API Management service.

Optional parameters

Parameter	Type	Description
`availabilityZones`	array	A list of availability zones denoting where the resource needs to come from.
`disableGateway`	bool	Property only valid for an Api Management service deployed in multiple locations. This can be used to disable the gateway in this additional location.
`natGatewayState`	string	Property can be used to enable NAT Gateway for this API Management service.
`publicIpAddressResourceId`	string	Public Standard SKU IP V4 based IP address to be associated with Virtual Network deployed service in the location. Supported only for Premium SKU being deployed in Virtual Network.
`virtualNetworkConfiguration`	object	Virtual network configuration for the location.

Parameter: `additionalLocations.location`

The location name of the additional region among Azure Data center regions.

Required: Yes
Type: string

Parameter: `additionalLocations.sku`

SKU properties of the API Management service.

Required: Yes
Type: object

Required parameters

Parameter	Type	Description
`capacity`	int	Capacity of the SKU (number of deployed units of the SKU). For Consumption SKU capacity must be specified as 0.
`name`	string	Name of the Sku.

Parameter: `additionalLocations.sku.capacity`

Capacity of the SKU (number of deployed units of the SKU). For Consumption SKU capacity must be specified as 0.

Required: Yes
Type: int

Parameter: `additionalLocations.sku.name`

Name of the Sku.

Required: Yes
Type: string

Allowed:

[
  'Basic'
  'BasicV2'
  'Consumption'
  'Developer'
  'Isolated'
  'Premium'
  'Standard'
  'StandardV2'
]

Parameter: `additionalLocations.availabilityZones`

A list of availability zones denoting where the resource needs to come from.

Required: No
Type: array
Allowed:
```
[
  1
  2
  3
]
```

Parameter: `additionalLocations.disableGateway`

Property only valid for an Api Management service deployed in multiple locations. This can be used to disable the gateway in this additional location.

Required: No
Type: bool

Parameter: `additionalLocations.natGatewayState`

Property can be used to enable NAT Gateway for this API Management service.

Required: No
Type: string
Allowed:
```
[
  'Disabled'
  'Enabled'
]
```

Parameter: `additionalLocations.publicIpAddressResourceId`

Public Standard SKU IP V4 based IP address to be associated with Virtual Network deployed service in the location. Supported only for Premium SKU being deployed in Virtual Network.

Required: No
Type: string

Parameter: `additionalLocations.virtualNetworkConfiguration`

Virtual network configuration for the location.

Required: No
Type: object

Required parameters

Parameter	Type	Description
`subnetResourceId`	string	The full resource ID of a subnet in a virtual network to deploy the API Management service in.

Parameter: `additionalLocations.virtualNetworkConfiguration.subnetResourceId`

The full resource ID of a subnet in a virtual network to deploy the API Management service in.

Required: Yes
Type: string

Parameter: `apiDiagnostics`

API Diagnostics.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`apiName`	string	The name of the parent API.
`loggerName`	string	The name of the logger.

Conditional parameters

Parameter	Type	Description
`httpCorrelationProtocol`	string	Sets correlation protocol to use for Application Insights diagnostics. Required if using Application Insights.
`metrics`	bool	Emit custom metrics via emit-metric policy. Required if using Application Insights.
`operationNameFormat`	string	The format of the Operation Name for Application Insights telemetries. Required if using Application Insights.

Optional parameters

Parameter	Type	Description
`alwaysLog`	string	Specifies for what type of messages sampling settings should not apply.
`backend`	object	Diagnostic settings for incoming/outgoing HTTP messages to the Backend.
`frontend`	object	Diagnostic settings for incoming/outgoing HTTP messages to the Gateway.
`logClientIp`	bool	Log the ClientIP.
`name`	string	Type of diagnostic resource.
`samplingPercentage`	int	Rate of sampling for fixed-rate sampling. Specifies the percentage of requests that are logged. 0% sampling means zero requests logged, while 100% sampling means all requests logged.
`verbosity`	string	The verbosity level applied to traces emitted by trace policies.

Parameter: `apiDiagnostics.apiName`

The name of the parent API.

Required: Yes
Type: string

Parameter: `apiDiagnostics.loggerName`

The name of the logger.

Required: Yes
Type: string

Parameter: `apiDiagnostics.httpCorrelationProtocol`

Sets correlation protocol to use for Application Insights diagnostics. Required if using Application Insights.

Required: No
Type: string
Allowed:
```
[
  'Legacy'
  'None'
  'W3C'
]
```

Parameter: `apiDiagnostics.metrics`

Emit custom metrics via emit-metric policy. Required if using Application Insights.

Required: No
Type: bool

Parameter: `apiDiagnostics.operationNameFormat`

The format of the Operation Name for Application Insights telemetries. Required if using Application Insights.

Required: No
Type: string
Allowed:
```
[
  'Name'
  'URI'
]
```

Parameter: `apiDiagnostics.alwaysLog`

Specifies for what type of messages sampling settings should not apply.

Required: No
Type: string

Parameter: `apiDiagnostics.backend`

Diagnostic settings for incoming/outgoing HTTP messages to the Backend.

Required: No
Type: object

Parameter: `apiDiagnostics.frontend`

Diagnostic settings for incoming/outgoing HTTP messages to the Gateway.

Required: No
Type: object

Parameter: `apiDiagnostics.logClientIp`

Log the ClientIP.

Required: No
Type: bool

Parameter: `apiDiagnostics.name`

Type of diagnostic resource.

Required: No
Type: string

Allowed:

[
  'applicationinsights'
  'azuremonitor'
  'local'
]

Parameter: `apiDiagnostics.samplingPercentage`

Rate of sampling for fixed-rate sampling. Specifies the percentage of requests that are logged. 0% sampling means zero requests logged, while 100% sampling means all requests logged.

Required: No
Type: int

Parameter: `apiDiagnostics.verbosity`

The verbosity level applied to traces emitted by trace policies.

Required: No
Type: string

Allowed:

[
  'error'
  'information'
  'verbose'
]

Parameter: `apis`

APIs.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`displayName`	string	API name. Must be 1 to 300 characters long.
`name`	string	API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number.
`path`	string	Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API.

Optional parameters

Parameter	Type	Description
`apiRevision`	string	Describes the Revision of the API. If no value is provided, default revision 1 is created.
`apiRevisionDescription`	string	Description of the API Revision.
`apiType`	string	Type of API to create. * http creates a REST API * soap creates a SOAP pass-through API * websocket creates websocket API * graphql creates GraphQL API.
`apiVersion`	string	Indicates the Version identifier of the API if the API is versioned.
`apiVersionDescription`	string	Description of the API Version.
`apiVersionSetName`	string	The name of the API version set to link.
`authenticationSettings`	object	Collection of authentication settings included into this API.
`description`	string	Description of the API. May include HTML formatting tags.
`diagnostics`	array	Array of diagnostics to apply to the Service API.
`format`	string	Format of the Content in which the API is getting imported.
`isCurrent`	bool	Indicates if API revision is current API revision.
`operations`	array	The operations of the api.
`policies`	array	Array of Policies to apply to the Service API.
`protocols`	array	Describes on which protocols the operations in this API can be invoked. - HTTP or HTTPS.
`serviceUrl`	string	Absolute URL of the backend service implementing this API. Cannot be more than 2000 characters long.
`sourceApiId`	string	API identifier of the source API.
`subscriptionKeyParameterNames`	object	Protocols over which API is made available.
`subscriptionRequired`	bool	Specifies whether an API or Product subscription is required for accessing the API.
`type`	string	Type of API.
`value`	string	Content value when Importing an API.

Parameter: `apis.displayName`

API name. Must be 1 to 300 characters long.

Required: Yes
Type: string

Parameter: `apis.name`

API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number.

Required: Yes
Type: string

Parameter: `apis.path`

Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API.

Required: Yes
Type: string

Parameter: `apis.apiRevision`

Describes the Revision of the API. If no value is provided, default revision 1 is created.

Required: No
Type: string

Parameter: `apis.apiRevisionDescription`

Description of the API Revision.

Required: No
Type: string

Parameter: `apis.apiType`

Type of API to create. * http creates a REST API * soap creates a SOAP pass-through API * websocket creates websocket API * graphql creates GraphQL API.

Required: No
Type: string

Allowed:

[
  'graphql'
  'http'
  'soap'
  'websocket'
]

Parameter: `apis.apiVersion`

Indicates the Version identifier of the API if the API is versioned.

Required: No
Type: string

Parameter: `apis.apiVersionDescription`

Description of the API Version.

Required: No
Type: string

Parameter: `apis.apiVersionSetName`

The name of the API version set to link.

Required: No
Type: string

Parameter: `apis.authenticationSettings`

Collection of authentication settings included into this API.

Required: No
Type: object

Parameter: `apis.description`

Description of the API. May include HTML formatting tags.

Required: No
Type: string

Parameter: `apis.diagnostics`

Array of diagnostics to apply to the Service API.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`loggerName`	string	The name of the logger.

Conditional parameters

Parameter	Type	Description
`httpCorrelationProtocol`	string	Sets correlation protocol to use for Application Insights diagnostics. Required if using Application Insights.
`metrics`	bool	Emit custom metrics via emit-metric policy. Required if using Application Insights.
`operationNameFormat`	string	The format of the Operation Name for Application Insights telemetries. Required if using Application Insights.

Optional parameters

Parameter	Type	Description
`alwaysLog`	string	Specifies for what type of messages sampling settings should not apply.
`backend`	object	Diagnostic settings for incoming/outgoing HTTP messages to the Backend.
`frontend`	object	Diagnostic settings for incoming/outgoing HTTP messages to the Gateway.
`logClientIp`	bool	Log the ClientIP.
`name`	string	Type of diagnostic resource.
`samplingPercentage`	int	Rate of sampling for fixed-rate sampling. Specifies the percentage of requests that are logged. 0% sampling means zero requests logged, while 100% sampling means all requests logged.
`verbosity`	string	The verbosity level applied to traces emitted by trace policies.

Parameter: `apis.diagnostics.loggerName`

The name of the logger.

Required: Yes
Type: string

Parameter: `apis.diagnostics.httpCorrelationProtocol`

Sets correlation protocol to use for Application Insights diagnostics. Required if using Application Insights.

Required: No
Type: string
Allowed:
```
[
  'Legacy'
  'None'
  'W3C'
]
```

Parameter: `apis.diagnostics.metrics`

Emit custom metrics via emit-metric policy. Required if using Application Insights.

Required: No
Type: bool

Parameter: `apis.diagnostics.operationNameFormat`

The format of the Operation Name for Application Insights telemetries. Required if using Application Insights.

Required: No
Type: string
Allowed:
```
[
  'Name'
  'URI'
]
```

Parameter: `apis.diagnostics.alwaysLog`

Specifies for what type of messages sampling settings should not apply.

Required: No
Type: string

Parameter: `apis.diagnostics.backend`

Diagnostic settings for incoming/outgoing HTTP messages to the Backend.

Required: No
Type: object

Parameter: `apis.diagnostics.frontend`

Diagnostic settings for incoming/outgoing HTTP messages to the Gateway.

Required: No
Type: object

Parameter: `apis.diagnostics.logClientIp`

Log the ClientIP.

Required: No
Type: bool

Parameter: `apis.diagnostics.name`

Type of diagnostic resource.

Required: No
Type: string

Allowed:

[
  'applicationinsights'
  'azuremonitor'
  'local'
]

Parameter: `apis.diagnostics.samplingPercentage`

Rate of sampling for fixed-rate sampling. Specifies the percentage of requests that are logged. 0% sampling means zero requests logged, while 100% sampling means all requests logged.

Required: No
Type: int

Parameter: `apis.diagnostics.verbosity`

The verbosity level applied to traces emitted by trace policies.

Required: No
Type: string

Allowed:

[
  'error'
  'information'
  'verbose'
]

Parameter: `apis.format`

Format of the Content in which the API is getting imported.

Required: No
Type: string

Allowed:

[
  'openapi'
  'openapi-link'
  'openapi+json'
  'openapi+json-link'
  'swagger-json'
  'swagger-link-json'
  'wadl-link-json'
  'wadl-xml'
  'wsdl'
  'wsdl-link'
]

Parameter: `apis.isCurrent`

Indicates if API revision is current API revision.

Required: No
Type: bool

Parameter: `apis.operations`

The operations of the api.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`displayName`	string	The display name of the operation.
`method`	string	A Valid HTTP Operation Method. Typical Http Methods like GET, PUT, POST but not limited by only them.
`name`	string	The name of the policy.
`urlTemplate`	string	Relative URL template identifying the target resource for this operation. May include parameters. Example: /customers/{cid}/orders/{oid}/?date={date}.

Optional parameters

Parameter	Type	Description
`description`	string	Description of the operation. May include HTML formatting tags. Must not be longer than 1.000 characters.
`policies`	array	The policies to apply to the operation.
`request`	object	An entity containing request details.
`responses`	array	An entity containing request details.
`templateParameters`	array	Collection of URL template parameters.

Parameter: `apis.operations.displayName`

The display name of the operation.

Required: Yes
Type: string

Parameter: `apis.operations.method`

A Valid HTTP Operation Method. Typical Http Methods like GET, PUT, POST but not limited by only them.

Required: Yes
Type: string

Parameter: `apis.operations.name`

The name of the policy.

Required: Yes
Type: string

Parameter: `apis.operations.urlTemplate`

Relative URL template identifying the target resource for this operation. May include parameters. Example: /customers/{cid}/orders/{oid}/?date={date}.

Required: Yes
Type: string

Parameter: `apis.operations.description`

Description of the operation. May include HTML formatting tags. Must not be longer than 1.000 characters.

Required: No
Type: string

Parameter: `apis.operations.policies`

The policies to apply to the operation.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`format`	string	Format of the policyContent.
`name`	string	The name of the policy.
`value`	string	Contents of the Policy as defined by the format.

Parameter: `apis.operations.policies.format`

Format of the policyContent.

Required: Yes
Type: string

Allowed:

[
  'rawxml'
  'rawxml-link'
  'xml'
  'xml-link'
]

Parameter: `apis.operations.policies.name`

The name of the policy.

Required: Yes
Type: string

Parameter: `apis.operations.policies.value`

Contents of the Policy as defined by the format.

Required: Yes
Type: string

Parameter: `apis.operations.request`

An entity containing request details.

Required: No
Type: object

Parameter: `apis.operations.responses`

An entity containing request details.

Required: No
Type: array

Parameter: `apis.operations.templateParameters`

Collection of URL template parameters.

Required: No
Type: array

Parameter: `apis.policies`

Array of Policies to apply to the Service API.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`value`	string	Contents of the Policy as defined by the format.

Optional parameters

Parameter	Type	Description
`format`	string	Format of the policyContent.
`name`	string	The name of the policy.

Parameter: `apis.policies.value`

Contents of the Policy as defined by the format.

Required: Yes
Type: string

Parameter: `apis.policies.format`

Format of the policyContent.

Required: No
Type: string

Allowed:

[
  'rawxml'
  'rawxml-link'
  'xml'
  'xml-link'
]

Parameter: `apis.policies.name`

The name of the policy.

Required: No
Type: string

Parameter: `apis.protocols`

Describes on which protocols the operations in this API can be invoked. - HTTP or HTTPS.

Required: No
Type: array

Parameter: `apis.serviceUrl`

Absolute URL of the backend service implementing this API. Cannot be more than 2000 characters long.

Required: No
Type: string

Parameter: `apis.sourceApiId`

API identifier of the source API.

Required: No
Type: string

Parameter: `apis.subscriptionKeyParameterNames`

Protocols over which API is made available.

Required: No
Type: object

Parameter: `apis.subscriptionRequired`

Specifies whether an API or Product subscription is required for accessing the API.

Required: No
Type: bool

Parameter: `apis.type`

Type of API.

Required: No
Type: string

Allowed:

[
  'graphql'
  'http'
  'soap'
  'websocket'
]

Parameter: `apis.value`

Content value when Importing an API.

Required: No
Type: string

Parameter: `apiVersionSets`

API Version Sets.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`displayName`	string	The display name of the Name of API Version Set.
`name`	string	API Version set name.
`versioningScheme`	string	An value that determines where the API Version identifier will be located in a HTTP request.

Optional parameters

Parameter	Type	Description
`description`	string	Description of API Version Set.
`versionHeaderName`	string	Name of HTTP header parameter that indicates the API Version if versioningScheme is set to header.
`versionQueryName`	string	Name of query parameter that indicates the API Version if versioningScheme is set to query.

Parameter: `apiVersionSets.displayName`

The display name of the Name of API Version Set.

Required: Yes
Type: string

Parameter: `apiVersionSets.name`

API Version set name.

Required: Yes
Type: string

Parameter: `apiVersionSets.versioningScheme`

An value that determines where the API Version identifier will be located in a HTTP request.

Required: Yes
Type: string
Allowed:
```
[
  'Header'
  'Query'
  'Segment'
]
```

Parameter: `apiVersionSets.description`

Description of API Version Set.

Required: No
Type: string

Parameter: `apiVersionSets.versionHeaderName`

Name of HTTP header parameter that indicates the API Version if versioningScheme is set to header.

Required: No
Type: string

Parameter: `apiVersionSets.versionQueryName`

Name of query parameter that indicates the API Version if versioningScheme is set to query.

Required: No
Type: string

Parameter: `authorizationServers`

Authorization servers.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`authorizationEndpoint`	string	OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2.
`clientId`	securestring	Client or app ID registered with this authorization server.
`clientSecret`	securestring	Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value.
`displayName`	string	API Management Service Authorization Servers name. Must be 1 to 50 characters long.
`grantTypes`	array	Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials.
`name`	string	Identifier of the authorization server.

Optional parameters

Parameter	Type	Description
`authorizationMethods`	array	HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. - HEAD, OPTIONS, TRACE, GET, POST, PUT, PATCH, DELETE.
`bearerTokenSendingMethods`	array	Specifies the mechanism by which access token is passed to the API. - authorizationHeader or query.
`clientAuthenticationMethod`	array	Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. - Basic or Body.
`clientRegistrationEndpoint`	string	Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced.
`defaultScope`	string	Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values.
`resourceOwnerPassword`	securestring	Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password.
`resourceOwnerUsername`	string	Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username.
`serverDescription`	string	Description of the authorization server. Can contain HTML formatting tags.
`supportState`	bool	If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security.
`tokenBodyParameters`	array	Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. - TokenBodyParameterContract object.
`tokenEndpoint`	string	OAuth token endpoint. Contains absolute URI to entity being referenced.

Parameter: `authorizationServers.authorizationEndpoint`

OAuth authorization endpoint. See http://tools.ietf.org/html/rfc6749#section-3.2.

Required: Yes
Type: string

Parameter: `authorizationServers.clientId`

Client or app ID registered with this authorization server.

Required: Yes
Type: securestring

Parameter: `authorizationServers.clientSecret`

Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value.

Required: Yes
Type: securestring

Parameter: `authorizationServers.displayName`

API Management Service Authorization Servers name. Must be 1 to 50 characters long.

Required: Yes
Type: string

Parameter: `authorizationServers.grantTypes`

Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials.

Required: Yes
Type: array

Allowed:

[
  'authorizationCode'
  'clientCredentials'
  'implicit'
  'resourceOwnerPassword'
]

Parameter: `authorizationServers.name`

Identifier of the authorization server.

Required: Yes
Type: string

Parameter: `authorizationServers.authorizationMethods`

HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. - HEAD, OPTIONS, TRACE, GET, POST, PUT, PATCH, DELETE.

Required: No
Type: array

Parameter: `authorizationServers.bearerTokenSendingMethods`

Specifies the mechanism by which access token is passed to the API. - authorizationHeader or query.

Required: No
Type: array

Parameter: `authorizationServers.clientAuthenticationMethod`

Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. - Basic or Body.

Required: No
Type: array

Parameter: `authorizationServers.clientRegistrationEndpoint`

Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced.

Required: No
Type: string

Parameter: `authorizationServers.defaultScope`

Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values.

Required: No
Type: string

Parameter: `authorizationServers.resourceOwnerPassword`

Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password.

Required: No
Type: securestring

Parameter: `authorizationServers.resourceOwnerUsername`

Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username.

Required: No
Type: string

Parameter: `authorizationServers.serverDescription`

Description of the authorization server. Can contain HTML formatting tags.

Required: No
Type: string

Parameter: `authorizationServers.supportState`

If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security.

Required: No
Type: bool

Parameter: `authorizationServers.tokenBodyParameters`

Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. - TokenBodyParameterContract object.

Required: No
Type: array

Parameter: `authorizationServers.tokenEndpoint`

OAuth token endpoint. Contains absolute URI to entity being referenced.

Required: No
Type: string

Parameter: `availabilityZones`

A list of availability zones denoting where the resource needs to come from. Only supported by Premium sku.

Required: No
Type: array
Default:
```
[
  1
  2
  3
]
```
Allowed:
```
[
  1
  2
  3
]
```

Parameter: `backends`

Backends.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`name`	string	Backend Name.
`url`	string	Runtime URL of the Backend.

Optional parameters

Parameter	Type	Description
`credentials`	object	Backend Credentials Contract Properties.
`description`	string	Backend Description.
`protocol`	string	Backend communication protocol. - http or soap.
`proxy`	object	Backend Proxy Contract Properties.
`resourceId`	string	Management Uri of the Resource in External System. This URL can be the Arm Resource ID of Logic Apps, Function Apps or API Apps.
`serviceFabricCluster`	object	Backend Service Fabric Cluster Properties.
`title`	string	Backend Title.
`tls`	object	Backend TLS Properties.

Parameter: `backends.name`

Backend Name.

Required: Yes
Type: string

Parameter: `backends.url`

Runtime URL of the Backend.

Required: Yes
Type: string

Parameter: `backends.credentials`

Backend Credentials Contract Properties.

Required: No
Type: object

Parameter: `backends.description`

Backend Description.

Required: No
Type: string

Parameter: `backends.protocol`

Backend communication protocol. - http or soap.

Required: No
Type: string

Parameter: `backends.proxy`

Backend Proxy Contract Properties.

Required: No
Type: object

Parameter: `backends.resourceId`

Management Uri of the Resource in External System. This URL can be the Arm Resource ID of Logic Apps, Function Apps or API Apps.

Required: No
Type: string

Parameter: `backends.serviceFabricCluster`

Backend Service Fabric Cluster Properties.

Required: No
Type: object

Parameter: `backends.title`

Backend Title.

Required: No
Type: string

Parameter: `backends.tls`

Backend TLS Properties.

Required: No
Type: object

Parameter: `caches`

Caches.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`connectionString`	string	Runtime connection string to cache. Can be referenced by a named value like so, {{}}.
`name`	string	Identifier of the Cache entity. Cache identifier (should be either 'default' or valid Azure region identifier).
`useFromLocation`	string	Location identifier to use cache from (should be either 'default' or valid Azure region identifier).

Optional parameters

Parameter	Type	Description
`description`	string	Cache description.
`resourceId`	string	Original uri of entity in external system cache points to.

Parameter: `caches.connectionString`

Runtime connection string to cache. Can be referenced by a named value like so, {{}}.

Required: Yes
Type: string

Parameter: `caches.name`

Identifier of the Cache entity. Cache identifier (should be either 'default' or valid Azure region identifier).

Required: Yes
Type: string

Parameter: `caches.useFromLocation`

Location identifier to use cache from (should be either 'default' or valid Azure region identifier).

Required: Yes
Type: string

Parameter: `caches.description`

Cache description.

Required: No
Type: string

Parameter: `caches.resourceId`

Original uri of entity in external system cache points to.

Required: No
Type: string

Parameter: `certificates`

List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10.

Required: No
Type: array

Parameter: `customProperties`

Custom properties of the API Management service. Not supported if SKU is Consumption.

Required: No
Type: object

Default:

{
    'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA': 'False'
    'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA': 'False'
    'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA': 'False'
    'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256': 'False'
    'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256': 'False'
    'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA': 'False'
    'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256': 'False'
    'Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168': 'False'
}

Parameter: `diagnosticSettings`

The diagnostic settings of the service.

Required: No
Type: array

Optional parameters

Parameter	Type	Description
`eventHubAuthorizationRuleResourceId`	string	Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
`eventHubName`	string	Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
`logAnalyticsDestinationType`	string	A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.
`logCategoriesAndGroups`	array	The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to `[]` to disable log collection.
`marketplacePartnerResourceId`	string	The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.
`metricCategories`	array	The name of metrics that will be streamed. "allMetrics" includes all possible metrics for the resource. Set to `[]` to disable metric collection.
`name`	string	The name of the diagnostic setting.
`storageAccountResourceId`	string	Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
`workspaceResourceId`	string	Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.

Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId`

Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.

Required: No
Type: string

Parameter: `diagnosticSettings.eventHubName`

Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.

Required: No
Type: string

Parameter: `diagnosticSettings.logAnalyticsDestinationType`

A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.

Required: No
Type: string
Allowed:
```
[
  'AzureDiagnostics'
  'Dedicated'
]
```

Parameter: `diagnosticSettings.logCategoriesAndGroups`

The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to [] to disable log collection.

Required: No
Type: array

Optional parameters

Parameter	Type	Description
`category`	string	Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here.
`categoryGroup`	string	Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to `allLogs` to collect all logs.
`enabled`	bool	Enable or disable the category explicitly. Default is `true`.

Parameter: `diagnosticSettings.logCategoriesAndGroups.category`

Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here.

Required: No
Type: string

Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup`

Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to allLogs to collect all logs.

Required: No
Type: string

Parameter: `diagnosticSettings.logCategoriesAndGroups.enabled`

Enable or disable the category explicitly. Default is true.

Required: No
Type: bool

Parameter: `diagnosticSettings.marketplacePartnerResourceId`

The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.

Required: No
Type: string

Parameter: `diagnosticSettings.metricCategories`

The name of metrics that will be streamed. "allMetrics" includes all possible metrics for the resource. Set to [] to disable metric collection.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`category`	string	Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to `AllMetrics` to collect all metrics.

Optional parameters

Parameter	Type	Description
`enabled`	bool	Enable or disable the category explicitly. Default is `true`.

Parameter: `diagnosticSettings.metricCategories.category`

Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to AllMetrics to collect all metrics.

Required: Yes
Type: string

Parameter: `diagnosticSettings.metricCategories.enabled`

Enable or disable the category explicitly. Default is true.

Required: No
Type: bool

Parameter: `diagnosticSettings.name`

The name of the diagnostic setting.

Required: No
Type: string

Parameter: `diagnosticSettings.storageAccountResourceId`

Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.

Required: No
Type: string

Parameter: `diagnosticSettings.workspaceResourceId`

Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.

Required: No
Type: string

Parameter: `disableGateway`

Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region.

Required: No
Type: bool
Default: False

Parameter: `enableClientCertificate`

Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway.

Required: No
Type: bool
Default: False

Parameter: `enableDeveloperPortal`

Enable the Developer Portal. The developer portal is not supported on the Consumption SKU.

Required: No
Type: bool
Default: False

Parameter: `enableTelemetry`

Enable/Disable usage telemetry for module.

Required: No
Type: bool
Default: True

Parameter: `hostnameConfigurations`

Custom hostname configuration of the API Management service.

Required: No
Type: array

Parameter: `identityProviders`

Identity providers.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`name`	string	Identity provider name.

Conditional parameters

Parameter	Type	Description
`clientId`	string	Client ID of the Application in the external Identity Provider. Required if identity provider is used.
`clientSecret`	securestring	Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used.

Optional parameters

Parameter	Type	Description
`allowedTenants`	array	List of Allowed Tenants when configuring Azure Active Directory login. - string.
`authority`	string	OpenID Connect discovery endpoint hostname for AAD or AAD B2C.
`clientLibrary`	string	The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider.
`passwordResetPolicyName`	string	Password Reset Policy Name. Only applies to AAD B2C Identity Provider.
`profileEditingPolicyName`	string	Profile Editing Policy Name. Only applies to AAD B2C Identity Provider.
`signInPolicyName`	string	Signin Policy Name. Only applies to AAD B2C Identity Provider.
`signInTenant`	string	The TenantId to use instead of Common when logging into Active Directory.
`signUpPolicyName`	string	Signup Policy Name. Only applies to AAD B2C Identity Provider.
`type`	string	Identity Provider Type identifier.

Parameter: `identityProviders.name`

Identity provider name.

Required: Yes
Type: string

Parameter: `identityProviders.clientId`

Client ID of the Application in the external Identity Provider. Required if identity provider is used.

Required: No
Type: string

Parameter: `identityProviders.clientSecret`

Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used.

Required: No
Type: securestring

Parameter: `identityProviders.allowedTenants`

List of Allowed Tenants when configuring Azure Active Directory login. - string.

Required: No
Type: array

Parameter: `identityProviders.authority`

OpenID Connect discovery endpoint hostname for AAD or AAD B2C.

Required: No
Type: string

Parameter: `identityProviders.clientLibrary`

The client library to be used in the developer portal. Only applies to AAD and AAD B2C Identity Provider.

Required: No
Type: string
Allowed:
```
[
  'ADAL'
  'MSAL-2'
]
```

Parameter: `identityProviders.passwordResetPolicyName`

Password Reset Policy Name. Only applies to AAD B2C Identity Provider.

Required: No
Type: string

Parameter: `identityProviders.profileEditingPolicyName`

Profile Editing Policy Name. Only applies to AAD B2C Identity Provider.

Required: No
Type: string

Parameter: `identityProviders.signInPolicyName`

Signin Policy Name. Only applies to AAD B2C Identity Provider.

Required: No
Type: string

Parameter: `identityProviders.signInTenant`

The TenantId to use instead of Common when logging into Active Directory.

Required: No
Type: string

Parameter: `identityProviders.signUpPolicyName`

Signup Policy Name. Only applies to AAD B2C Identity Provider.

Required: No
Type: string

Parameter: `identityProviders.type`

Identity Provider Type identifier.

Required: No
Type: string

Allowed:

[
  'aad'
  'aadB2C'
  'facebook'
  'google'
  'microsoft'
  'twitter'
]

Parameter: `location`

Location for all Resources.

Required: No
Type: string
Default: [resourceGroup().location]

Parameter: `lock`

The lock settings of the service.

Required: No
Type: object

Optional parameters

Parameter	Type	Description
`kind`	string	Specify the type of lock.
`name`	string	Specify the name of lock.
`notes`	string	Specify the notes of the lock.

Parameter: `lock.kind`

Specify the type of lock.

Required: No
Type: string

Allowed:

[
  'CanNotDelete'
  'None'
  'ReadOnly'
]

Parameter: `lock.name`

Specify the name of lock.

Required: No
Type: string

Parameter: `lock.notes`

Specify the notes of the lock.

Required: No
Type: string

Parameter: `loggers`

Loggers.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`name`	string	Resource Name.
`type`	string	Logger type.

Conditional parameters

Parameter	Type	Description
`credentials`	secureObject	The name and SendRule connection string of the event hub for azureEventHub logger. Instrumentation key for applicationInsights logger. Required if loggerType = applicationInsights or azureEventHub.
`targetResourceId`	string	Azure Resource Id of a log target (either Azure Event Hub resource or Azure Application Insights resource). Required if loggerType = applicationInsights or azureEventHub.

Optional parameters

Parameter	Type	Description
`description`	string	Logger description.
`isBuffered`	bool	Whether records are buffered in the logger before publishing.

Parameter: `loggers.name`

Resource Name.

Required: Yes
Type: string

Parameter: `loggers.type`

Logger type.

Required: Yes
Type: string

Allowed:

[
  'applicationInsights'
  'azureEventHub'
  'azureMonitor'
]

Parameter: `loggers.credentials`

The name and SendRule connection string of the event hub for azureEventHub logger. Instrumentation key for applicationInsights logger. Required if loggerType = applicationInsights or azureEventHub.

Required: No
Type: secureObject

Parameter: `loggers.targetResourceId`

Azure Resource Id of a log target (either Azure Event Hub resource or Azure Application Insights resource). Required if loggerType = applicationInsights or azureEventHub.

Required: No
Type: string

Parameter: `loggers.description`

Logger description.

Required: No
Type: string

Parameter: `loggers.isBuffered`

Whether records are buffered in the logger before publishing.

Required: No
Type: bool

Parameter: `managedIdentities`

The managed identity definition for this resource.

Required: No
Type: object

Optional parameters

Parameter	Type	Description
`systemAssigned`	bool	Enables system assigned managed identity on the resource.
`userAssignedResourceIds`	array	The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption.

Parameter: `managedIdentities.systemAssigned`

Enables system assigned managed identity on the resource.

Required: No
Type: bool

Parameter: `managedIdentities.userAssignedResourceIds`

The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption.

Required: No
Type: array

Parameter: `minApiVersion`

Limit control plane API calls to API Management service with version equal to or newer than this value.

Required: No
Type: string

Parameter: `namedValues`

Named values.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`displayName`	string	Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters.
`name`	string	The name of the named value.

Optional parameters

Parameter	Type	Description
`keyVault`	object	KeyVault location details of the namedValue.
`secret`	bool	Determines whether the value is a secret and should be encrypted or not. Default value is false.
`tags`	array	Tags that when provided can be used to filter the NamedValue list. - string.
`value`	securestring	Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value.

Parameter: `namedValues.displayName`

Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters.

Required: Yes
Type: string

Parameter: `namedValues.name`

The name of the named value.

Required: Yes
Type: string

Parameter: `namedValues.keyVault`

KeyVault location details of the namedValue.

Required: No
Type: object

Parameter: `namedValues.secret`

Determines whether the value is a secret and should be encrypted or not. Default value is false.

Required: No
Type: bool

Parameter: `namedValues.tags`

Tags that when provided can be used to filter the NamedValue list. - string.

Required: No
Type: array

Parameter: `namedValues.value`

Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value.

Required: No
Type: securestring

Parameter: `newGuidValue`

Necessary to create a new GUID.

Required: No
Type: string
Default: [newGuid()]

Parameter: `notificationSenderEmail`

The notification sender email address for the service.

Required: No
Type: string
Default: 'apimgmt-noreply@mail.windowsazure.com'

Parameter: `policies`

Policies.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`value`	string	Contents of the Policy as defined by the format.

Optional parameters

Parameter	Type	Description
`format`	string	Format of the policyContent.
`name`	string	The name of the policy.

Parameter: `policies.value`

Contents of the Policy as defined by the format.

Required: Yes
Type: string

Parameter: `policies.format`

Format of the policyContent.

Required: No
Type: string

Allowed:

[
  'rawxml'
  'rawxml-link'
  'xml'
  'xml-link'
]

Parameter: `policies.name`

The name of the policy.

Required: No
Type: string

Parameter: `portalsettings`

Portal settings.

Required: No
Type: array
Discriminator: name

The available variants are:

Variant	Description
`signin`	The type for sign-in portal settings.
`signup`	The type for sign-up portal settings.
`delegation`	The type for delegation portal settings.

Variant: `portalsettings.name-signin`

The type for sign-in portal settings.

To use this variant, set the property name to signin.

Required parameters

Parameter	Type	Description
`name`	string	The name of the portal-setting.
`properties`	object	The portal-settings contract properties.

Parameter: `portalsettings.name-signin.name`

The name of the portal-setting.

Required: Yes
Type: string
Allowed:
```
[
  'signin'
]
```

Parameter: `portalsettings.name-signin.properties`

The portal-settings contract properties.

Required: Yes
Type: object

Required parameters

Parameter	Type	Description
`enabled`	bool	Redirect Anonymous users to the Sign-In page.

Parameter: `portalsettings.name-signin.properties.enabled`

Redirect Anonymous users to the Sign-In page.

Required: Yes
Type: bool

Variant: `portalsettings.name-signup`

The type for sign-up portal settings.

To use this variant, set the property name to signup.

Required parameters

Parameter	Type	Description
`name`	string	The name of the portal-setting.
`properties`	object	The portal-settings contract properties.

Parameter: `portalsettings.name-signup.name`

The name of the portal-setting.

Required: Yes
Type: string
Allowed:
```
[
  'signup'
]
```

Parameter: `portalsettings.name-signup.properties`

The portal-settings contract properties.

Required: Yes
Type: object

Optional parameters

Parameter	Type	Description
`enabled`	bool	Allow users to sign up on a developer portal.
`termsOfService`	object	Terms of service contract properties.

Parameter: `portalsettings.name-signup.properties.enabled`

Allow users to sign up on a developer portal.

Required: No
Type: bool

Parameter: `portalsettings.name-signup.properties.termsOfService`

Required: No
Type: object

Otional parameters

Parameter	Type	Description
`consentRequired`	bool	Ask user for consent to the terms of service.
`enabled`	bool	Display terms of service during a sign-up process.
`text`	string	A terms of service text.

Parameter: `portalsettings.name-signup.properties.termsOfService.consentRequired`

Ask user for consent to the terms of service.

Required: No
Type: bool

Parameter: `portalsettings.name-signup.properties.termsOfService.enabled`

Display terms of service during a sign-up process.

Required: No
Type: bool

Parameter: `portalsettings.name-signup.properties.termsOfService.text`

A terms of service text.

Required: No
Type: string

Variant: `portalsettings.name-delegation`

The type for delegation portal settings.

To use this variant, set the property name to delegation.

Required parameters

Parameter	Type	Description
`name`	string	The name of the portal-setting.
`properties`	object	The portal-settings contract properties.

Parameter: `portalsettings.name-delegation.name`

The name of the portal-setting.

Required: Yes
Type: string
Allowed:
```
[
  'delegation'
]
```

Parameter: `portalsettings.name-delegation.properties`

The portal-settings contract properties.

Required: Yes
Type: object

Optional parameters

Parameter	Type	Description
`subscriptions`	object	Subscriptions delegation settings.
`url`	string	A delegation Url.
`userRegistration`	object	User registration delegation settings.
`validationKey`	securestring	A base64-encoded validation key to validate, that a request is coming from Azure API Management.

Parameter: `portalsettings.name-delegation.properties.subscriptions`

Subscriptions delegation settings.

Required: No
Type: object

Required parameters

Parameter	Type	Description
`enabled`	bool	Enable or disable delegation for subscriptions.

Parameter: `portalsettings.name-delegation.properties.subscriptions.enabled`

Enable or disable delegation for subscriptions.

Required: Yes
Type: bool

Parameter: `portalsettings.name-delegation.properties.url`

A delegation Url.

Required: No
Type: string

Parameter: `portalsettings.name-delegation.properties.userRegistration`

User registration delegation settings.

Required: No
Type: object

Required parameters

Parameter	Type	Description
`enabled`	bool	Enable or disable delegation for user registration.

Parameter: `portalsettings.name-delegation.properties.userRegistration.enabled`

Enable or disable delegation for user registration.

Required: Yes
Type: bool

Parameter: `portalsettings.name-delegation.properties.validationKey`

A base64-encoded validation key to validate, that a request is coming from Azure API Management.

Required: No
Type: securestring

Parameter: `privateEndpoints`

Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`subnetResourceId`	string	Resource ID of the subnet where the endpoint needs to be created.

Optional parameters

Parameter	Type	Description
`applicationSecurityGroupResourceIds`	array	Application security groups in which the Private Endpoint IP configuration is included.
`customDnsConfigs`	array	Custom DNS configurations.
`customNetworkInterfaceName`	string	The custom name of the network interface attached to the Private Endpoint.
`enableTelemetry`	bool	Enable/Disable usage telemetry for module.
`ipConfigurations`	array	A list of IP configurations of the Private Endpoint. This will be used to map to the first-party Service endpoints.
`isManualConnection`	bool	If Manual Private Link Connection is required.
`location`	string	The location to deploy the Private Endpoint to.
`lock`	object	Specify the type of lock.
`manualConnectionRequestMessage`	string	A message passed to the owner of the remote resource with the manual connection request.
`name`	string	The name of the Private Endpoint.
`privateDnsZoneGroup`	object	The private DNS Zone Group to configure for the Private Endpoint.
`privateLinkServiceConnectionName`	string	The name of the private link connection to create.
`resourceGroupResourceId`	string	The resource ID of the Resource Group the Private Endpoint will be created in. If not specified, the Resource Group of the provided Virtual Network Subnet is used.
`roleAssignments`	array	Array of role assignments to create.
`service`	string	The subresource to deploy the Private Endpoint for. For example "vault" for a Key Vault Private Endpoint.
`tags`	object	Tags to be applied on all resources/Resource Groups in this deployment.

Parameter: `privateEndpoints.subnetResourceId`

Resource ID of the subnet where the endpoint needs to be created.

Required: Yes
Type: string

Parameter: `privateEndpoints.applicationSecurityGroupResourceIds`

Application security groups in which the Private Endpoint IP configuration is included.

Required: No
Type: array

Parameter: `privateEndpoints.customDnsConfigs`

Custom DNS configurations.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`ipAddresses`	array	A list of private IP addresses of the private endpoint.

Optional parameters

Parameter	Type	Description
`fqdn`	string	FQDN that resolves to private endpoint IP address.

Parameter: `privateEndpoints.customDnsConfigs.ipAddresses`

A list of private IP addresses of the private endpoint.

Required: Yes
Type: array

Parameter: `privateEndpoints.customDnsConfigs.fqdn`

FQDN that resolves to private endpoint IP address.

Required: No
Type: string

Parameter: `privateEndpoints.customNetworkInterfaceName`

The custom name of the network interface attached to the Private Endpoint.

Required: No
Type: string

Parameter: `privateEndpoints.enableTelemetry`

Enable/Disable usage telemetry for module.

Required: No
Type: bool

Parameter: `privateEndpoints.ipConfigurations`

A list of IP configurations of the Private Endpoint. This will be used to map to the first-party Service endpoints.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`name`	string	The name of the resource that is unique within a resource group.
`properties`	object	Properties of private endpoint IP configurations.

Parameter: `privateEndpoints.ipConfigurations.name`

The name of the resource that is unique within a resource group.

Required: Yes
Type: string

Parameter: `privateEndpoints.ipConfigurations.properties`

Properties of private endpoint IP configurations.

Required: Yes
Type: object

Required parameters

Parameter	Type	Description
`groupId`	string	The ID of a group obtained from the remote resource that this private endpoint should connect to.
`memberName`	string	The member name of a group obtained from the remote resource that this private endpoint should connect to.
`privateIPAddress`	string	A private IP address obtained from the private endpoint's subnet.

Parameter: `privateEndpoints.ipConfigurations.properties.groupId`

The ID of a group obtained from the remote resource that this private endpoint should connect to.

Required: Yes
Type: string

Parameter: `privateEndpoints.ipConfigurations.properties.memberName`

The member name of a group obtained from the remote resource that this private endpoint should connect to.

Required: Yes
Type: string

Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress`

A private IP address obtained from the private endpoint's subnet.

Required: Yes
Type: string

Parameter: `privateEndpoints.isManualConnection`

If Manual Private Link Connection is required.

Required: No
Type: bool

Parameter: `privateEndpoints.location`

The location to deploy the Private Endpoint to.

Required: No
Type: string

Parameter: `privateEndpoints.lock`

Specify the type of lock.

Required: No
Type: object

Optional parameters

Parameter	Type	Description
`kind`	string	Specify the type of lock.
`name`	string	Specify the name of lock.
`notes`	string	Specify the notes of the lock.

Parameter: `privateEndpoints.lock.kind`

Specify the type of lock.

Required: No
Type: string

Allowed:

[
  'CanNotDelete'
  'None'
  'ReadOnly'
]

Parameter: `privateEndpoints.lock.name`

Specify the name of lock.

Required: No
Type: string

Parameter: `privateEndpoints.lock.notes`

Specify the notes of the lock.

Required: No
Type: string

Parameter: `privateEndpoints.manualConnectionRequestMessage`

A message passed to the owner of the remote resource with the manual connection request.

Required: No
Type: string

Parameter: `privateEndpoints.name`

The name of the Private Endpoint.

Required: No
Type: string

Parameter: `privateEndpoints.privateDnsZoneGroup`

The private DNS Zone Group to configure for the Private Endpoint.

Required: No
Type: object

Required parameters

Parameter	Type	Description
`privateDnsZoneGroupConfigs`	array	The private DNS Zone Groups to associate the Private Endpoint. A DNS Zone Group can support up to 5 DNS zones.

Optional parameters

Parameter	Type	Description
`name`	string	The name of the Private DNS Zone Group.

Parameter: `privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs`

The private DNS Zone Groups to associate the Private Endpoint. A DNS Zone Group can support up to 5 DNS zones.

Required: Yes
Type: array

Required parameters

Parameter	Type	Description
`privateDnsZoneResourceId`	string	The resource id of the private DNS zone.

Optional parameters

Parameter	Type	Description
`name`	string	The name of the private DNS Zone Group config.

Parameter: `privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs.privateDnsZoneResourceId`

The resource id of the private DNS zone.

Required: Yes
Type: string

Parameter: `privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs.name`

The name of the private DNS Zone Group config.

Required: No
Type: string

Parameter: `privateEndpoints.privateDnsZoneGroup.name`

The name of the Private DNS Zone Group.

Required: No
Type: string

Parameter: `privateEndpoints.privateLinkServiceConnectionName`

The name of the private link connection to create.

Required: No
Type: string

Parameter: `privateEndpoints.resourceGroupResourceId`

The resource ID of the Resource Group the Private Endpoint will be created in. If not specified, the Resource Group of the provided Virtual Network Subnet is used.

Required: No
Type: string

Parameter: `privateEndpoints.roleAssignments`

Array of role assignments to create.

Required: No
Type: array
Roles configurable by name:
- 'Contributor'
- 'DNS Resolver Contributor'
- 'DNS Zone Contributor'
- 'Domain Services Contributor'
- 'Domain Services Reader'
- 'Network Contributor'
- 'Owner'
- 'Private DNS Zone Contributor'
- 'Reader'
- 'Role Based Access Control Administrator'

Required parameters

Parameter	Type	Description
`principalId`	string	The principal ID of the principal (user/group/identity) to assign the role to.
`roleDefinitionIdOrName`	string	The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.

Optional parameters

Parameter	Type	Description
`condition`	string	The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".
`conditionVersion`	string	Version of the condition.
`delegatedManagedIdentityResourceId`	string	The Resource Id of the delegated managed identity resource.
`description`	string	The description of the role assignment.
`name`	string	The name (as GUID) of the role assignment. If not provided, a GUID will be generated.
`principalType`	string	The principal type of the assigned principal ID.

Parameter: `privateEndpoints.roleAssignments.principalId`

The principal ID of the principal (user/group/identity) to assign the role to.

Required: Yes
Type: string

Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName`

The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.

Required: Yes
Type: string

Parameter: `privateEndpoints.roleAssignments.condition`

The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".

Required: No
Type: string

Parameter: `privateEndpoints.roleAssignments.conditionVersion`

Version of the condition.

Required: No
Type: string
Allowed:
```
[
  '2.0'
]
```

Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId`

The Resource Id of the delegated managed identity resource.

Required: No
Type: string

Parameter: `privateEndpoints.roleAssignments.description`

The description of the role assignment.

Required: No
Type: string

Parameter: `privateEndpoints.roleAssignments.name`

The name (as GUID) of the role assignment. If not provided, a GUID will be generated.

Required: No
Type: string

Parameter: `privateEndpoints.roleAssignments.principalType`

The principal type of the assigned principal ID.

Required: No
Type: string

Allowed:

[
  'Device'
  'ForeignGroup'
  'Group'
  'ServicePrincipal'
  'User'
]

Parameter: `privateEndpoints.service`

The subresource to deploy the Private Endpoint for. For example "vault" for a Key Vault Private Endpoint.

Required: No
Type: string

Parameter: `privateEndpoints.tags`

Tags to be applied on all resources/Resource Groups in this deployment.

Required: No
Type: object

Parameter: `products`

Products.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`displayName`	string	API Management Service Products name. Must be 1 to 300 characters long.
`name`	string	Product Name.

Optional parameters

Parameter	Type	Description
`apis`	array	Names of Product APIs.
`approvalRequired`	bool	Whether subscription approval is required. If false, new subscriptions will be approved automatically enabling developers to call the products APIs immediately after subscribing. If true, administrators must manually approve the subscription before the developer can any of the products APIs. Can be present only if subscriptionRequired property is present and has a value of false.
`description`	string	Product description. May include HTML formatting tags.
`groups`	array	Names of Product Groups.
`state`	string	whether product is published or not. Published products are discoverable by users of developer portal. Non published products are visible only to administrators. Default state of Product is notPublished. - notPublished or published.
`subscriptionRequired`	bool	Whether a product subscription is required for accessing APIs included in this product. If true, the product is referred to as "protected" and a valid subscription key is required for a request to an API included in the product to succeed. If false, the product is referred to as "open" and requests to an API included in the product can be made without a subscription key. If property is omitted when creating a new product it's value is assumed to be true.
`subscriptionsLimit`	int	Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false.
`terms`	string	Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process.

Parameter: `products.displayName`

API Management Service Products name. Must be 1 to 300 characters long.

Required: Yes
Type: string

Parameter: `products.name`

Product Name.

Required: Yes
Type: string

Parameter: `products.apis`

Names of Product APIs.

Required: No
Type: array

Parameter: `products.approvalRequired`

Whether subscription approval is required. If false, new subscriptions will be approved automatically enabling developers to call the products APIs immediately after subscribing. If true, administrators must manually approve the subscription before the developer can any of the products APIs. Can be present only if subscriptionRequired property is present and has a value of false.

Required: No
Type: bool

Parameter: `products.description`

Product description. May include HTML formatting tags.

Required: No
Type: string

Parameter: `products.groups`

Names of Product Groups.

Required: No
Type: array

Parameter: `products.state`

whether product is published or not. Published products are discoverable by users of developer portal. Non published products are visible only to administrators. Default state of Product is notPublished. - notPublished or published.

Required: No
Type: string

Parameter: `products.subscriptionRequired`

Whether a product subscription is required for accessing APIs included in this product. If true, the product is referred to as "protected" and a valid subscription key is required for a request to an API included in the product to succeed. If false, the product is referred to as "open" and requests to an API included in the product can be made without a subscription key. If property is omitted when creating a new product it's value is assumed to be true.

Required: No
Type: bool

Parameter: `products.subscriptionsLimit`

Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false.

Required: No
Type: int

Parameter: `products.terms`

Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process.

Required: No
Type: string

Parameter: `publicIpAddressResourceId`

Public Standard SKU IP V4 based IP address to be associated with Virtual Network deployed service in the region. Supported only for Developer and Premium SKU being deployed in Virtual Network.

Required: No
Type: string

Parameter: `publicNetworkAccess`

Whether or not public endpoint access is allowed for this API Management service. If set to 'Disabled', private endpoints are the exclusive access method. MUST be enabled during service creation.

Required: No
Type: string

Parameter: `restore`

Undelete API Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored.

Required: No
Type: bool
Default: False

Parameter: `roleAssignments`

Array of role assignments to create.

Required: No
Type: array
Roles configurable by name:
- 'API Management Developer Portal Content Editor'
- 'API Management Service Contributor'
- 'API Management Service Operator Role'
- 'API Management Service Reader Role'
- 'Contributor'
- 'Owner'
- 'Reader'
- 'Role Based Access Control Administrator'
- 'User Access Administrator'

Required parameters

Parameter	Type	Description
`principalId`	string	The principal ID of the principal (user/group/identity) to assign the role to.
`roleDefinitionIdOrName`	string	The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.

Optional parameters

Parameter	Type	Description
`condition`	string	The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".
`conditionVersion`	string	Version of the condition.
`delegatedManagedIdentityResourceId`	string	The Resource Id of the delegated managed identity resource.
`description`	string	The description of the role assignment.
`name`	string	The name (as GUID) of the role assignment. If not provided, a GUID will be generated.
`principalType`	string	The principal type of the assigned principal ID.

Parameter: `roleAssignments.principalId`

The principal ID of the principal (user/group/identity) to assign the role to.

Required: Yes
Type: string

Parameter: `roleAssignments.roleDefinitionIdOrName`

Required: Yes
Type: string

Parameter: `roleAssignments.condition`

Required: No
Type: string

Parameter: `roleAssignments.conditionVersion`

Version of the condition.

Required: No
Type: string
Allowed:
```
[
  '2.0'
]
```

Parameter: `roleAssignments.delegatedManagedIdentityResourceId`

The Resource Id of the delegated managed identity resource.

Required: No
Type: string

Parameter: `roleAssignments.description`

The description of the role assignment.

Required: No
Type: string

Parameter: `roleAssignments.name`

The name (as GUID) of the role assignment. If not provided, a GUID will be generated.

Required: No
Type: string

Parameter: `roleAssignments.principalType`

The principal type of the assigned principal ID.

Required: No
Type: string

Allowed:

[
  'Device'
  'ForeignGroup'
  'Group'
  'ServicePrincipal'
  'User'
]

Parameter: `sku`

The pricing tier of this API Management service.

Required: No
Type: string
Default: 'Premium'

Allowed:

[
  'Basic'
  'BasicV2'
  'Consumption'
  'Developer'
  'Premium'
  'Standard'
  'StandardV2'
]

Parameter: `subnetResourceId`

The full resource ID of a subnet in a virtual network to deploy the API Management service in.

Required: No
Type: string

Parameter: `subscriptions`

Subscriptions.

Required: No
Type: array

Required parameters

Parameter	Type	Description
`displayName`	string	API Management Service Subscriptions name. Must be 1 to 100 characters long.
`name`	string	Subscription name.

Optional parameters

Parameter	Type	Description
`allowTracing`	bool	Determines whether tracing can be enabled.
`ownerId`	string	User (user ID path) for whom subscription is being created in form /users/{userId}.
`primaryKey`	string	Primary subscription key. If not specified during request key will be generated automatically.
`scope`	string	Scope type to choose between a product, "allAPIs" or a specific API. Scope like "/products/{productId}" or "/apis" or "/apis/{apiId}".
`secondaryKey`	string	Secondary subscription key. If not specified during request key will be generated automatically.
`state`	string	Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are "" active "?" the subscription is active, "" suspended "?" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled.

Parameter: `subscriptions.displayName`

API Management Service Subscriptions name. Must be 1 to 100 characters long.

Required: Yes
Type: string

Parameter: `subscriptions.name`

Subscription name.

Required: Yes
Type: string

Parameter: `subscriptions.allowTracing`

Determines whether tracing can be enabled.

Required: No
Type: bool

Parameter: `subscriptions.ownerId`

User (user ID path) for whom subscription is being created in form /users/{userId}.

Required: No
Type: string

Parameter: `subscriptions.primaryKey`

Primary subscription key. If not specified during request key will be generated automatically.

Required: No
Type: string

Parameter: `subscriptions.scope`

Scope type to choose between a product, "allAPIs" or a specific API. Scope like "/products/{productId}" or "/apis" or "/apis/{apiId}".

Required: No
Type: string

Parameter: `subscriptions.secondaryKey`

Secondary subscription key. If not specified during request key will be generated automatically.

Required: No
Type: string

Parameter: `subscriptions.state`

Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are "" active "?" the subscription is active, "" suspended "?" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled.

Required: No
Type: string

Parameter: `tags`

Tags of the resource.

Required: No
Type: object

Parameter: `virtualNetworkType`

The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only.

Required: No
Type: string
Default: 'None'
Allowed:
```
[
  'External'
  'Internal'
  'None'
]
```

Outputs

Output	Type	Description
`location`	string	The location the resource was deployed into.
`name`	string	The name of the API management service.
`privateEndpoints`	array	The private endpoints of the key vault.
`resourceGroupName`	string	The resource group the API management service was deployed into.
`resourceId`	string	The resource ID of the API management service.
`systemAssignedMIPrincipalId`	string	The principal ID of the system assigned identity.

Cross-referenced modules

This section gives you an overview of all local-referenced module files (i.e., other modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).

Reference	Type
`./packages/private-endpoints/main.bicep`	Local Reference
`./packages/utl-common-types/main.bicep`	Local Reference

Notes

The latest version of this module only includes supported versions of the API Management resource. All unsupported versions of API Management have been removed from the related parameters. See the API Management stv1 platform retirement article for more details.

Parameter Usage: `apiManagementServicePolicy`

Parameter JSON format

"apiManagementServicePolicy": {
    "value": {
        "value":"<policies> <inbound> <rate-limit-by-key calls='250' renewal-period='60' counter-key='@(context.Request.IpAddress)' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>",
        "format":"xml"
    }
}

Bicep format

apiManagementServicePolicy: {
    value:'<policies> <inbound> <rate-limit-by-key calls=\'250\' renewal-period='60' counter-key=\'@(context.Request.IpAddress)\' /> </inbound> <backend> <forward-request /> </backend> <outbound> </outbound> </policies>'
    format:'xml'
}

Data Collection

The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.

Changelog

The latest version of the changelog can be found here.

0.12.0

Changes

Added support for privateEndpoints parameter
Added privateEndpoints output

Breaking Changes

publicNetworkAccess is set to Disabled if not specified and privateEndpoints are configured

0.11.2

Changes

Added support for publicNetworkAccess parameter

Breaking Changes

None

0.11.1

Changes

Applied the @secure() decorator to the value parameter within the namedValue input object.
Minor json formatting adjustments

Breaking Changes

None

0.11.0

Changes

Introduced avm/res/api-management/service/api as child module
Introduced avm/res/api-management/service/api/diagnostics as child module
Introduced avm/res/api-management/service/api/policy as child module
Introduced avm/res/api-management/service/api-version-set as child module
Introduced avm/res/api-management/service/authorization-server as child module
Introduced avm/res/api-management/service/backend as child module
Introduced avm/res/api-management/service/cache as child module
Introduced avm/res/api-management/service/identity-provider as child module
Introduced avm/res/api-management/service/logger as child module
Introduced avm/res/api-management/service/named-value as child module
Introduced avm/res/api-management/service/policy as child module
Introduced avm/res/api-management/service/portalsetting as child module
Introduced avm/res/api-management/service/product as child module
Introduced avm/res/api-management/service/product/api as child module
Introduced avm/res/api-management/service/product/group as child module
Introduced avm/res/api-management/service/subscription as child module
Added types for parameters
- backends
- caches
- apiDiagnostics
- identityProviders
- loggers
- namedValues
- policies
- portalsettings
- products
- subscriptions
- certificates
Updated LockType to 'avm-common-types version' 0.6.0, enabling custom notes for locks.

Breaking Changes

Reduced type of products/apis & products/products from array of objects to array of string as only the name can be configured
Diverse bugfixes like renaming the parameters identityProvider/signinTenant to signInTenant,logger/resourceId to targetResourceId & logger/loggerType to type being named incorrectly and hence not being passed through

0.9.1

Changes

Initial version
Updated ReadMe with AzAdvertizer reference

Breaking Changes

None

 
 {
  "workingFolder": "packages",
  "packages": [
    // packages defined earlier
    {
      "name": "avm-bicep/api-management-services",
      "version": "0.12.0"
    }
  ]
}

Stats

Selected version:

0.12.0

Downloads this version:

Downloads all versions:

Latest version:

0.12.0

Latest update:

23-10-2025

avm-bicep

Other versions (5)

Other packages

from avm-bicep

aad-domain-services

action-groups

action-rules

View all from publisher

Ready to End Infrastructure Code Chaos?

Join infrastructure teams who've moved from scattered repositories to unified package management

Built by infrastructure experts

Who understand your challenges

Complete solutions

No scattered files

See what's deployed where

When it needs updates

Zero vendor lock-in

Packages work without us

Start Free Trial Book Live Demo Schedule Assessment

No setup fees or contracts Free migration assistance Cancel anytime with no penalties
Direct founder access Zero security incidents in 2+ years Works with any cloud, any CI/CD platform

Kickstart your project with AVM templates.

Report Package api-management-services

API Management Services [Microsoft.ApiManagement/service]

Navigation

Resource Types

Usage examples

Example 1: Deploying a Consumption SKU

Example 2: Using only defaults

Example 3: Deploying a Developer SKU

Example 4: Using large parameter set

Example 5: Deploying an APIM v2 sku

Example 6: WAF-aligned

Parameters

Parameter: name

Parameter: publisherEmail

Parameter: publisherName

Parameter: skuCapacity

Parameter: additionalLocations

Parameter: additionalLocations.location

Parameter: additionalLocations.sku

Parameter: additionalLocations.sku.capacity

Parameter: additionalLocations.sku.name

Parameter: additionalLocations.availabilityZones

Parameter: additionalLocations.disableGateway

Parameter: additionalLocations.natGatewayState

Parameter: additionalLocations.publicIpAddressResourceId

Parameter: additionalLocations.virtualNetworkConfiguration

Parameter: additionalLocations.virtualNetworkConfiguration.subnetResourceId

Parameter: apiDiagnostics

Parameter: apiDiagnostics.apiName

Parameter: apiDiagnostics.loggerName

Parameter: apiDiagnostics.httpCorrelationProtocol

Parameter: apiDiagnostics.metrics

Parameter: apiDiagnostics.operationNameFormat

Parameter: apiDiagnostics.alwaysLog

Parameter: apiDiagnostics.backend

Parameter: apiDiagnostics.frontend

Parameter: apiDiagnostics.logClientIp

Parameter: apiDiagnostics.name

Parameter: apiDiagnostics.samplingPercentage

Parameter: apiDiagnostics.verbosity

Parameter: apis

Parameter: apis.displayName

Parameter: apis.name

Parameter: apis.path

Parameter: apis.apiRevision

Parameter: apis.apiRevisionDescription

Parameter: apis.apiType

Parameter: apis.apiVersion

Parameter: apis.apiVersionDescription

Parameter: apis.apiVersionSetName

Parameter: apis.authenticationSettings

Parameter: apis.description

Parameter: apis.diagnostics

Parameter: apis.diagnostics.loggerName

Parameter: apis.diagnostics.httpCorrelationProtocol

Parameter: apis.diagnostics.metrics

Parameter: apis.diagnostics.operationNameFormat

Parameter: apis.diagnostics.alwaysLog

Parameter: apis.diagnostics.backend

Parameter: apis.diagnostics.frontend

Parameter: apis.diagnostics.logClientIp

Parameter: apis.diagnostics.name

Parameter: apis.diagnostics.samplingPercentage

Parameter: apis.diagnostics.verbosity

Parameter: apis.format

Parameter: apis.isCurrent

Parameter: apis.operations

Parameter: apis.operations.displayName

Parameter: apis.operations.method

Parameter: apis.operations.name

Parameter: apis.operations.urlTemplate

Parameter: apis.operations.description

Parameter: apis.operations.policies

Parameter: apis.operations.policies.format

Parameter: apis.operations.policies.name

Parameter: apis.operations.policies.value

Parameter: apis.operations.request

Parameter: apis.operations.responses

Parameter: apis.operations.templateParameters

API Management Services `[Microsoft.ApiManagement/service]`

Parameter: `name`

Parameter: `publisherEmail`

Parameter: `publisherName`

Parameter: `skuCapacity`

Parameter: `additionalLocations`

Parameter: `additionalLocations.location`

Parameter: `additionalLocations.sku`

Parameter: `additionalLocations.sku.capacity`

Parameter: `additionalLocations.sku.name`

Parameter: `additionalLocations.availabilityZones`

Parameter: `additionalLocations.disableGateway`

Parameter: `additionalLocations.natGatewayState`

Parameter: `additionalLocations.publicIpAddressResourceId`

Parameter: `additionalLocations.virtualNetworkConfiguration`

Parameter: `additionalLocations.virtualNetworkConfiguration.subnetResourceId`

Parameter: `apiDiagnostics`

Parameter: `apiDiagnostics.apiName`

Parameter: `apiDiagnostics.loggerName`

Parameter: `apiDiagnostics.httpCorrelationProtocol`

Parameter: `apiDiagnostics.metrics`

Parameter: `apiDiagnostics.operationNameFormat`

Parameter: `apiDiagnostics.alwaysLog`

Parameter: `apiDiagnostics.backend`

Parameter: `apiDiagnostics.frontend`

Parameter: `apiDiagnostics.logClientIp`

Parameter: `apiDiagnostics.name`

Parameter: `apiDiagnostics.samplingPercentage`

Parameter: `apiDiagnostics.verbosity`

Parameter: `apis`

Parameter: `apis.displayName`

Parameter: `apis.name`

Parameter: `apis.path`

Parameter: `apis.apiRevision`

Parameter: `apis.apiRevisionDescription`

Parameter: `apis.apiType`

Parameter: `apis.apiVersion`

Parameter: `apis.apiVersionDescription`

Parameter: `apis.apiVersionSetName`

Parameter: `apis.authenticationSettings`

Parameter: `apis.description`

Parameter: `apis.diagnostics`

Parameter: `apis.diagnostics.loggerName`

Parameter: `apis.diagnostics.httpCorrelationProtocol`

Parameter: `apis.diagnostics.metrics`

Parameter: `apis.diagnostics.operationNameFormat`

Parameter: `apis.diagnostics.alwaysLog`

Parameter: `apis.diagnostics.backend`

Parameter: `apis.diagnostics.frontend`

Parameter: `apis.diagnostics.logClientIp`

Parameter: `apis.diagnostics.name`

Parameter: `apis.diagnostics.samplingPercentage`

Parameter: `apis.diagnostics.verbosity`

Parameter: `apis.format`

Parameter: `apis.isCurrent`

Parameter: `apis.operations`

Parameter: `apis.operations.displayName`

Parameter: `apis.operations.method`

Parameter: `apis.operations.name`

Parameter: `apis.operations.urlTemplate`

Parameter: `apis.operations.description`

Parameter: `apis.operations.policies`

Parameter: `apis.operations.policies.format`

Parameter: `apis.operations.policies.name`

Parameter: `apis.operations.policies.value`

Parameter: `apis.operations.request`

Parameter: `apis.operations.responses`

Parameter: `apis.operations.templateParameters`

Parameter: `apis.policies`

Parameter: `apis.policies.value`

Parameter: `apis.policies.format`

Parameter: `apis.policies.name`

Parameter: `apis.protocols`

Parameter: `apis.serviceUrl`

Parameter: `apis.sourceApiId`

Parameter: `apis.subscriptionKeyParameterNames`

Parameter: `apis.subscriptionRequired`

Parameter: `apis.type`

Parameter: `apis.value`

Parameter: `apiVersionSets`