Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
APPLIES TO: Developer | Basic | Basic v2 | Standard | Standard v2 | Premium | Premium v2
With API Management’s WebSocket API solution, API publishers can quickly add a WebSocket API in API Management via the Azure portal, Azure CLI, Azure PowerShell, and other Azure tools.
WebSocket APIs can be secured by applying API Management's access control policies to the initial handshake operation. You can also test WebSocket APIs using the API test consoles in both Azure portal and developer portal. Building on existing observability capabilities, API Management provides metrics and logs for monitoring and troubleshooting WebSocket APIs.
In this article, you will:
- Understand WebSocket passthrough flow.
- Add a WebSocket API to your API Management instance.
- Test your WebSocket API.
- View the metrics and logs for your WebSocket API.
- Learn the limitations of WebSocket API.
Prerequisites
- An existing API Management instance. Create one if you haven't already.
- A WebSocket API.
- Azure CLI
WebSocket passthrough
API Management supports WebSocket passthrough.
 
During the WebSocket passthrough, the client application establishes a WebSocket connection with the API Management gateway, which then establishes a connection with the corresponding backend services. API Management then proxies WebSocket client-server messages.
- The client application sends a WebSocket handshake request to the gateway, invoking the onHandshake operation
- The API Management gateway applies configured policies and sends WebSocket handshake requests to the corresponding backend service.
- The backend service upgrades a connection to WebSocket.
- The gateway upgrades the corresponding connection to WebSocket.
- After the connection pair is established, API Management brokers messages back and forth between the client application and backend service.
- The client application sends a message to the gateway.
- The gateway forwards the message to the backend service.
- The backend service sends a message to the gateway.
- The gateway forwards the message to the client application.
- When either side disconnects, API Management terminates the corresponding connection.
Note
The client-side and backend-side connections consist of one-to-one mapping.
onHandshake operation
Per the WebSocket protocol, when a client application tries to establish a WebSocket connection with a backend service, it first sends an opening handshake request. Each WebSocket API in API Management has an onHandshake operation. onHandshake is an immutable, unremovable, automatically created system operation. The onHandshake operation enables API publishers to intercept these handshake requests and apply API Management policies to them.
 
Add a WebSocket API
- 
- In the Azure portal, navigate to your API Management instance.
 
- In the left menu, select APIs > + Add API. 
- Under Define a new API, select WebSocket. 
- In the dialog box, select Full and complete the required form fields. - Field - Description - Display name - The name by which your WebSocket API is displayed. - Name - Raw name of the WebSocket API. Automatically populates as you type the display name. - WebSocket URL - The base URL with your websocket name. For example: ws://example.com/your-socket-name - URL scheme - Accept the default - API URL suffix - Add a URL suffix to identify this specific API in this API Management instance. It has to be unique in this API Management instance. - Products - Associate your WebSocket API with a product to publish it. - Gateways - Associate your WebSocket API with existing gateways. 
- Click Create. 
Test your WebSocket API
- Navigate to your WebSocket API. 
- Within your WebSocket API, select the onHandshake operation. 
- Select the Test tab to access the Test console. 
- Optionally, provide query string parameters required for the WebSocket handshake.   
- Click Connect. 
- View connection status in Output. 
- Enter value in Payload. 
- Click Send. 
- View received messages in Output. 
- Repeat preceding steps to test different payloads. 
- When testing is complete, select Disconnect. 
View metrics and logs
Use standard API Management and Azure Monitor features to monitor WebSocket APIs:
- View API metrics in Azure Monitor
- Optionally enable diagnostic settings to collect and view API Management gateway logs, which include WebSocket API operations, or WebSocket connection logs
For example, the following screenshot shows recent WebSocket API responses with code 101 from the ApiManagementGatewayLogs table. These results indicate the successful switch of the requests from TCP to the WebSocket protocol.
 
Limitations
The following are the current restrictions of WebSocket support in API Management:
- WebSocket APIs aren't supported yet in the Consumption tier.
- WebSocket APIs support the following valid buffer types for messages: Close, BinaryFragment, BinaryMessage, UTF8Fragment, and UTF8Message.
- Currently, the set-header policy doesn't support changing certain well-known headers, including Hostheaders, in onHandshake requests.
- During the TLS handshake with a WebSocket backend, API Management validates that the server certificate is trusted and that its subject name matches the hostname. With HTTP APIs, API Management validates that the certificate is trusted but doesn’t validate that hostname and subject match.
For WebSocket connection limits, see API Management limits.
Unsupported policies
The following policies aren't supported by and can't be applied to the onHandshake operation:
- Mock response
- Get from cache
- Store to cache
- Allow cross-domain calls
- CORS
- JSONP
- Set request method
- Set body
- Convert XML to JSON
- Convert JSON to XML
- Transform XML using XSLT
- Validate content
- Validate parameters
- Validate headers
- Validate status code
Note
If you applied the policies at higher scopes (for example, global or product) and they're inherited by a WebSocket API through the policy, they are skipped at runtime.
Related content
- API import limitations
- Import an OpenAPI specification
- Import a SOAP API
- Import a SOAP API and convert it to REST
- Import an App Service API
- Import a container app API
- Import a WebSocket API
- Import a GraphQL API
- Import a GraphQL schema and set up field resolvers
- Import a function app API
- Import a logic app API
- Import a Service Fabric service
- Import an Azure AI Foundry API
- Import an Azure OpenAI API
- Import an LLM API
- Import an OData API
- Import SAP OData metadata
- Import a gRPC API
- Edit an API