New-AzApiManagement

Creates an API Management deployment.

Syntax

New-AzApiManagement
   -ResourceGroupName <String>
   -Name <String>
   -Location <String>
   -Organization <String>
   -AdminEmail <String>
   [-Sku <string>]
   [-Capacity <Int32>]
   [-VpnType <PsApiManagementVpnType>]
   [-VirtualNetwork <PsApiManagementVirtualNetwork>]
   [-Tag <System.Collections.Generic.Dictionary`2[System.String,System.String]>]
   [-AdditionalRegions <PsApiManagementRegion[]>]
   [-CustomHostnameConfiguration <PsApiManagementCustomHostNameConfiguration[]>]
   [-SystemCertificateConfiguration <PsApiManagementSystemCertificate[]>]
   [-SslSetting <PsApiManagementSslSetting>]
   [-SystemAssignedIdentity]
   [-UserAssignedIdentity <String[]>]
   [-EnableClientCertificate]
   [-Zone <String[]>]
   [-DisableGateway <Boolean>]
   [-MinimalControlPlaneApiVersion <String>]
   [-PublicNetworkAccess <String>]
   [-PublicIpAddressId <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]

Description

The New-AzApiManagement cmdlet creates an API Management deployment in Azure API Management.

Examples

Example 1: Create a Developer tier API Management service

New-AzApiManagement -ResourceGroupName "ContosoGroup02" -Name "ContosoApi2" -Location "Central US" -Organization "Contoso" -AdminEmail "admin@contoso.com"

PublicIPAddresses                     : {104.43.240.65}
PrivateIPAddresses                    :
Id                                    : /subscriptions/a200340d-6b82-494d-9dbf-687ba6e33f9e/resourceGroups/ContosoGroup02/providers/Microsoft.ApiManagement/service/ContosoApi2
Name                                  : ContosoApi2
Location                              : Central US
Sku                                   : Developer
Capacity                              : 1
CreatedTimeUtc                        : 2/24/2020 10:34:12 PM
ProvisioningState                     : Succeeded
RuntimeUrl                            : https://contosoapi2.azure-api.net
RuntimeRegionalUrl                    : https://contosoapi2-centralus-01.regional.azure-api.net
PortalUrl                             : https://contosoapi2.portal.azure-api.net
DeveloperPortalUrl                    : https://contosoapi2.developer.azure-api.net
ManagementApiUrl                      : https://contosoapi2.management.azure-api.net
ScmUrl                                : https://contosoapi2.scm.azure-api.net
PublisherEmail                        : admin@contoso.com
OrganizationName                      : Contoso
NotificationSenderEmail               : apimgmt-noreply@mail.windowsazure.com
VirtualNetwork                        :
VpnType                               : None
PortalCustomHostnameConfiguration     :
ProxyCustomHostnameConfiguration      : {contosoapi2.azure-api.net}
ManagementCustomHostnameConfiguration :
ScmCustomHostnameConfiguration        :
DeveloperPortalHostnameConfiguration  :
SystemCertificates                    :
Tags                                  : {}
AdditionalRegions                     : {}
SslSetting                            : Microsoft.Azure.Commands.ApiManagement.Models.PsApiManagementSslSetting
Identity                              :
EnableClientCertificate               :
ResourceGroupName                     : ContosoGroup02

This command creates a Developer tier API Management service. The command specifies the organization and the administrator address. The command does not specify the SKU parameter. Therefore, the cmdlet uses the default value of Developer.

Example 2: Create a Standard tier service that has three units

New-AzApiManagement -ResourceGroupName "ContosoGroup02" -Name "ContosoApi" -Location "Central US" -Organization "Contoso" -AdminEmail "admin@contoso.com" -Sku Standard -Capacity 3

This command creates a Standard tier API Management service that has three units.

Example 3: Create a Consumption tier service

New-AzApiManagement -ResourceGroupName Api-Default-North-Europe -Name consumptionskuservice -Location 'West Europe' -Sku Consumption -Organization microsoft -AdminEmail contoso@contoso.com -SystemAssignedIdentity -EnableClientCertificate

PublicIPAddresses                     :
PrivateIPAddresses                    :
Id                                    : /subscriptions/subid/resourceGroups/Api-Default-North-Europe/providers/Microsoft.ApiManagement/service/consumptionskuservice
Name                                  : consumptionskuservice
Location                              : West Europe
Sku                                   : Consumption
Capacity                              : 0
ProvisioningState                     : Succeeded
RuntimeUrl                            : https://consumptionskuservice.azure-api.net
PortalCustomHostnameConfiguration     :
ProxyCustomHostnameConfiguration      : {consumptionskuservice.azure-api.net}
ManagementCustomHostnameConfiguration :
ScmCustomHostnameConfiguration        :
DeveloperPortalHostnameConfiguration  :
SystemCertificates                    :
Tags                                  : {}
AdditionalRegions                     : {}
SslSetting                            : Microsoft.Azure.Commands.ApiManagement.Models.PsApiManagementSslSetting
Identity                              : Microsoft.Azure.Commands.ApiManagement.Models.PsApiManagementServiceIdentity
EnableClientCertificate               : True
ResourceGroupName                     : Api-Default-North-Europe

This command creates a consumption tier API Management service with Client Certificate enabled in west Europe.

Example 4: Create an API Management service and Enable TLS 1.0 protocol

$enableTls=@{"Tls10" = "True"}
$sslSetting = New-AzApiManagementSslSetting -FrontendProtocol $enableTls -BackendProtocol $enableTls
New-AzApiManagement -ResourceGroupName Api-Default-CentralUS -Name "testtlspowershell" -Sku Standard -Location "CentralUS" -Organization "Microsoft" -AdminEmail "bar@contoso.com" -SslSetting $sslSetting

PublicIPAddresses                     : {23.99.140.18}
PrivateIPAddresses                    :
Id                                    : /subscriptions/subid/resourceGroups/Api-Default-CentralUS/providers/Microsoft.ApiManagement/service/testtlspowershell
Name                                  : testtlspowershell
Location                              : Central US
Sku                                   : Standard
Capacity                              : 1
ProvisioningState                     : Succeeded
RuntimeUrl                            : https://testtlspowershell.azure-api.net
RuntimeRegionalUrl                    : https://testtlspowershell-centralus-01.regional.azure-api.net
PortalUrl                             : https://testtlspowershell.portal.azure-api.net
ManagementApiUrl                      : https://testtlspowershell.management.azure-api.net
ScmUrl                                : https://testtlspowershell.scm.azure-api.net
PublisherEmail                        : bar@contoso.com
OrganizationName                      : Microsoft
NotificationSenderEmail               : apimgmt-noreply@mail.windowsazure.com
VirtualNetwork                        :
VpnType                               : None
PortalCustomHostnameConfiguration     :
ProxyCustomHostnameConfiguration      : {testtlspowershell.azure-api.net}
ManagementCustomHostnameConfiguration :
ScmCustomHostnameConfiguration        :
DeveloperPortalHostnameConfiguration  :
SystemCertificates                    :
Tags                                  : {}
AdditionalRegions                     : {}
SslSetting                            : Microsoft.Azure.Commands.ApiManagement.Models.PsApiManagementSslSetting
Identity                              :
EnableClientCertificate               :
ResourceGroupName                     : Api-Default-CentralUS

This command creates a Standard SKU Api Management service and Enable TLS 1.0 on Frontend client to ApiManagement Gateway and Backend client between ApiManagement Gateway and Backend.

Example 5: Create an API Management service in Availability Zones

New-AzApiManagement -ResourceGroupName "contoso-rg" -Name "apim-test-pshell-azs" -Location "Central US" -Organization "Contoso" -AdminEmail "admin@contoso.com" -Sku Premium -Capacity 3 -Zone @("1","2","3")

PublicIPAddresses                     : {52.238.252.170}
PrivateIPAddresses                    :
Id                                    : /subscriptions/aa7def4e-6bcd-4b28-b8d5-7613a618e753/resourceGroups/contoso-rg/providers/Microsoft.ApiManagement/service/apim-test-pshell-azs
Name                                  : apim-test-pshell-azs
Location                              : Central US
Sku                                   : Premium
Capacity                              : 3
CreatedTimeUtc                        : 7/30/2021 7:47:12 PM
ProvisioningState                     : Succeeded
RuntimeUrl                            : https://apim-test-pshell-azs.azure-api.net
RuntimeRegionalUrl                    : https://apim-test-pshell-azs-centralus-01.regional.azure-api.net
PortalUrl                             : https://apim-test-pshell-azs.portal.azure-api.net
DeveloperPortalUrl                    : https://apim-test-pshell-azs.developer.azure-api.net
ManagementApiUrl                      : https://apim-test-pshell-azs.management.azure-api.net
ScmUrl                                : https://apim-test-pshell-azs.scm.azure-api.net
PublisherEmail                        : admin@contoso.com
OrganizationName                      : Contoso
NotificationSenderEmail               : apimgmt-noreply@mail.windowsazure.com
VirtualNetwork                        :
VpnType                               : None
PortalCustomHostnameConfiguration     :
ProxyCustomHostnameConfiguration      : {apim-test-pshell-azs.azure-api.net}
ManagementCustomHostnameConfiguration :
ScmCustomHostnameConfiguration        :
DeveloperPortalHostnameConfiguration  :
SystemCertificates                    :
Tags                                  : {}
AdditionalRegions                     : {}
SslSetting                            : Microsoft.Azure.Commands.ApiManagement.Models.PsApiManagementSslSetting
Identity                              :
EnableClientCertificate               :
Zone                                  : {1, 2, 3}
DisableGateway                        : False
MinimalControlPlaneApiVersion         :
ResourceGroupName                     : contoso-rg

This command creates a Premium SKU Api Management service in Zones

Example 6: Create an API Management service in Internal Mode into Virtual Network with Stv2

$virtualNetwork = New-AzApiManagementVirtualNetwork -SubnetResourceId "/subscriptions/4f5285a3-9fd7-40ad-91b1-d8fc3823983d/resourceGroups/contosogroup/providers/Microsoft.Network/virtualNetworks/apimvnet/subnets/ps"
$publicIpAddressId = "/subscriptions/4f5285a3-9fd7-40ad-91b1-d8fc3823983d/resourceGroups/contosogroup/providers/Microsoft.Network/publicIPAddresses/apim-external-vnet-ipv4"
New-AzApiManagement -ResourceGroupName "contosogroup" -Location "West US2" -Name "pstestinternalvnet2" -Organization "Contoso" -AdminEmail "admin@contoso.com" -VirtualNetwork $virtualNetwork -VpnType "Internal" -Sku "Premium" -PublicIpAddressId $publicIpAddressId

PublicIPAddresses                     : {20.99.249.73}
PrivateIPAddresses                    : {10.0.2.4}
Id                                    : /subscriptions/4f5285a3-9fd7-40ad-91b1-d8fc3823983d/resourceGroups/contosogroup/providers/Microsoft.ApiManagement/service/pstestinternalvnet2
Name                                  : pstestinternalvnet2
Location                              : West US 2
Sku                                   : Premium
Capacity                              : 1
CreatedTimeUtc                        : 3/24/2022 11:09:57 PM
ProvisioningState                     : Succeeded
RuntimeUrl                            : https://pstestinternalvnet2.azure-api.net
RuntimeRegionalUrl                    : https://pstestinternalvnet2-westus2-01.regional.azure-api.net
PortalUrl                             : https://pstestinternalvnet2.portal.azure-api.net
DeveloperPortalUrl                    : https://pstestinternalvnet2.developer.azure-api.net
ManagementApiUrl                      : https://pstestinternalvnet2.management.azure-api.net
ScmUrl                                : https://pstestinternalvnet2.scm.azure-api.net
PublisherEmail                        : admin@contoso.com
OrganizationName                      : Contoso
NotificationSenderEmail               : apimgmt-noreply@mail.windowsazure.com
VirtualNetwork                        : Microsoft.Azure.Commands.ApiManagement.Models.PsApiManagementVirtualNetwork
VpnType                               : Internal
PortalCustomHostnameConfiguration     :
ProxyCustomHostnameConfiguration      : {pstestinternalvnet2.azure-api.net}
ManagementCustomHostnameConfiguration :
ScmCustomHostnameConfiguration        :
DeveloperPortalHostnameConfiguration  :
SystemCertificates                    :
Tags                                  : {}
AdditionalRegions                     : {}
SslSetting                            : Microsoft.Azure.Commands.ApiManagement.Models.PsApiManagementSslSetting
Identity                              :
EnableClientCertificate               :
Zone                                  :
DisableGateway                        :
MinimalControlPlaneApiVersion         :
PublicIpAddressId                     : /subscriptions/4f5285a3-9fd7-40ad-91b1-d8fc3823983d/resourceGroups/contosogroup/providers/Microsoft.Network/publicIPAddresses/apim-external-vnet-ipv4
PlatformVersion                       : stv2
PublicNetworkAccess                   : Enabled
PrivateEndpointConnections            :
ResourceGroupName                     : contosogroup

The cmdlet deploys the API Management service into Virtual Network using stv2 platform version.

Example 7: Create an API Management service for an external virtual network for Stv1

$virtualNetwork = New-AzApiManagementVirtualNetwork -SubnetResourceId "/subscriptions/a8ff56dc-3bc7-4174-b1e8-3726ab15d0e2/resourceGroups/ContosoGroup/providers/Microsoft.Network/virtualNetworks/westUsVirtualNetwork/subnets/backendSubnet"
New-AzApiManagement -ResourceGroupName "ContosoGroup" -Location "West US" -Name "ContosoApi" -Organization Contoso -AdminEmail admin@contoso.com -VirtualNetwork $virtualNetwork -VpnType "External" -Sku "Premium"

This command creates a Premium-tier API Management service in an Azure virtual network subnet having an external-facing gateway endpoint with a master region in the West US in stv1 model

Parameters

-AdditionalRegions

Additional deployment regions of Azure API Management.

Type:PsApiManagementRegion[]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-AdminEmail

Specifies the originating email address for all notifications that the API Management system sends.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Capacity

Specifies the SKU capacity of the Azure API Management service. The default is one (1).

Type:Nullable<T>[Int32]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-CustomHostnameConfiguration

Custom hostname configurations. Default value is $null. Passing $null will set the default hostname.

Type:PsApiManagementCustomHostNameConfiguration[]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableGateway

Flag only meant to be used for Premium SKU ApiManagement Service and Non Internal VNET deployments. This is useful in case we want to take a gateway region out of rotation. This can also be used to standup a new region in Passive mode, test it and then make it Live later.

Type:Nullable<T>[Boolean]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EnableClientCertificate

Flag only meant to be used for Consumption SKU ApiManagement Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Location

Specifies the location to create the Api Management service. To obtain valid locations, use the cmdlet Get-AzResourceProvider -ProviderNamespace "Microsoft.ApiManagement" | where {$_.ResourceTypes[0].ResourceTypeName -eq "service"} | Select-Object Locations

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-MinimalControlPlaneApiVersion

Minimal Control Plane Apis version to allow for managing the API Management service.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifies a name for the API Management deployment.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Organization

Specifies the name of an organization. API Management uses this address in the developer portal in email notifications.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-PublicIpAddressId

Standard SKU PublicIpAddress ResoureId for integration into stv2 Virtual Network Deployments

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PublicNetworkAccess

Whether or not public endpoint access is allowed for this service.Possible values include: 'Enabled', 'Disabled'

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResourceGroupName

Specifies the name of the of resource group under which this cmdlet creates an API Management deployment.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Sku

The tier of the Azure API Management service. Valid values are Developer, Basic, Standard, Premium and Consumption. The default value is Developer.

Type:Nullable<T>[PsApiManagementSku]
Accepted values:Developer, Basic, Standard, Premium, Consumption
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-SslSetting

The Ssl Setting of the ApiManagement Service. Default value is $null

Type:PsApiManagementSslSetting
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-SystemAssignedIdentity

Generate and assign an Azure Active Directory Identity for this server for use with key management services like Azure KeyVault.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SystemCertificateConfiguration

Certificates issued by Internal CA to be installed on the service. Default value is $null.

Type:PsApiManagementSystemCertificate[]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Tag

Tags dictionary.

Type:Dictionary<TKey,TValue>[System.String,System.String]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-UserAssignedIdentity

Assign User Identities to this server for use with key management services like Azure KeyVault.

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-VirtualNetwork

Virtual Network Configuration of master Azure API Management deployment region.

Type:PsApiManagementVirtualNetwork
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-VpnType

Virtual Network Type of the ApiManagement Deployment. Valid Values are

  • "None" (Default Value. ApiManagement is not part of any Virtual Network")
  • "External" (ApiManagement Deployment is setup inside a Virtual Network having an Internet Facing Endpoint)
  • "Internal" (ApiManagement Deployment is setup inside a Virtual Network having an Intranet Facing Endpoint)
Type:PsApiManagementVpnType
Accepted values:None, External, Internal
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Zone

A list of availability zones denoting where the api management service is deployed into.

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

Inputs

String

Nullable<T>[[Microsoft.Azure.Commands.ApiManagement.Models.PsApiManagementSku, Microsoft.Azure.PowerShell.Cmdlets.ApiManagement, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]]

Nullable<T>[[System.Int32, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]

PsApiManagementVirtualNetwork

Dictionary<TKey,TValue>[[System.String, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.String, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]

PsApiManagementRegion[]

PsApiManagementCustomHostNameConfiguration[]

PsApiManagementSystemCertificate[]

Outputs

PsApiManagement