Merge pull request #206879 from dlepow/mitigate

[APIM] Tracing and subscription key

Author: ttorble

articles/api-management/api-management-howto-api-inspector.md

@@ -7,7 +7,7 @@ author: dlepow
 editor: ''
 ms.service: api-management
 ms.topic: tutorial
-ms.date: 12/10/2021
+ms.date: 08/08/2022
 ms.author: danlep
 ms.custom: devdivchpfy22
 ---
@@ -32,9 +32,14 @@ In this tutorial, you learn how to:
 
 ## Verify allow tracing setting
 
-The **Allow tracing** setting for the subscription used for your API must be enabled. If you're using the built-in all-access subscription, it's enabled by default. To verify in the portal, navigate to your API Management instance and select **Subscriptions**.
+To trace request processing, you must enable the **Allow tracing** setting for the subscription used to debug your API. To check in the portal:
+
+1. Navigate to your API Management instance and select **Subscriptions** to review the settings.
 
    :::image type="content" source="media/api-management-howto-api-inspector/allow-tracing-1.png" alt-text="Allow tracing for subscription":::
+1. If tracing isn't enabled for the subscription you're using, select the subscription and enable **Allow tracing**.
+
+[!INCLUDE [api-management-tracing-alert](../../includes/api-management-tracing-alert.md)]
 
 ## Trace a call
 
@@ -43,18 +48,21 @@ The **Allow tracing** setting for the subscription used for your API must be ena
 1. Select  **Demo Conference API** from your API list.
 1. Select the **Test** tab.
 1. Select the **GetSpeakers** operation.
-1. Confirm that the HTTP request header includes **Ocp-Apim-Trace: True** and a valid value for **Ocp-Apim-Subscription-Key**. If it doesn't, select **+ Add header** to add the header.
-1. Select **Send** to make an API call.
+1. Optionally check the value for the **Ocp-Apim-Subscription-Key** header used in the request by selecting the "eye" icon.
+    > [!TIP]
+    > You can override the value of **Ocp-Apim-Subscription-Key** by retrieving a key for another subscription in the portal. Select **Subscriptions**, and open the context menu (**...**) for another subscription. Select **Show/hide keys** and copy one of the keys. You can also regenerate keys if needed. Then, in the test console, select **+ Add header** to add an **Ocp-Apim-Subscription-Key** header with the new key value.
 
-  :::image type="content" source="media/api-management-howto-api-inspector/06-debug-your-apis-01-trace-call-1.png" alt-text="Configure API tracing":::
+1. Select **Trace**. 
 
-> [!TIP]
-> If **Ocp-Apim-Subscription-Key** isn't automatically populated in the HTTP request, you can retrieve it in the portal. Select **Subscriptions**, and open the context menu (**...**) for your suscription. Select **Show/hide keys**. You can also regenerate keys if needed. Then, add a key to the header.
+    * If your subscription doesn't already allow tracing, you're prompted to enable it if you want to trace the call. 
+    * You can also choose to send the request without tracing.
+
+      :::image type="content" source="media/api-management-howto-api-inspector/06-debug-your-apis-01-trace-call-1.png" alt-text="Screenshot showing configure API tracing.":::
 
 ## Review trace information
 
 1. After the call completes, go to the **Trace** tab in the **HTTP response**.
-1. Select any of the following links to jump to detailed trace info: **Inbound**, **Backend**, **Outbound**.
+1. Select any of the following links to jump to detailed trace info: **Inbound**, **Backend**, **Outbound**, **On error**.
 
      :::image type="content" source="media/api-management-howto-api-inspector/response-trace-1.png" alt-text="Review response trace":::
 
@@ -64,10 +72,12 @@ The **Allow tracing** setting for the subscription used for your API must be ena
 
     * **Outbound** - Shows the policies applied to the response before sending back to the caller.
 
+    * **On error** - Shows the errors that occurred during the processing of the request and the policies applied to the errors.
+
     > [!TIP]
     > Each step also shows the elapsed time since the request is received by API Management.
 
-1. On the **Message** tab, the **ocp-apim-trace-location** header shows the location of the trace data stored in Azure blob storage. If needed, go to this location to retrieve the trace.
+1. On the **Message** tab, the **ocp-apim-trace-location** header shows the location of the trace data stored in Azure blob storage. If needed, go to this location to retrieve the trace. Trace data can be accessed for up to 24 hours.
 
      :::image type="content" source="media/api-management-howto-api-inspector/response-message-1.png" alt-text="Trace location in Azure Storage":::
 ## Next steps

articles/api-management/api-management-howto-create-subscriptions.md

@@ -4,14 +4,12 @@ description: Learn how to create subscriptions in Azure API Management. A subscr
 services: api-management
 documentationcenter: ''
 author: dlepow
-manager: cfowler
-editor: ''
 
 ms.service: api-management
 ms.workload: mobile
 ms.tgt_pltfrm: na
-ms.topic: article
-ms.date: 11/14/2018
+ms.topic: how-to
+ms.date: 08/03/2022
 ms.author: danlep
 ---
 # Create subscriptions in Azure API Management
@@ -27,17 +25,23 @@ To take the steps in this article, the prerequisites are as follows:
 + [Create an API Management instance](get-started-create-service-instance.md).
 + Understand [subscriptions in API Management](api-management-subscriptions.md).
 
+
+
 ## Create a new subscription
 
-1. Select **Subscriptions** in the menu on the left.
-2. Select **Add subscription**.
-3. Provide a name of the subscription and select the scope.
-4. Optionally, choose if the subscription should be associated with a user.
-5. Select **Save**.
+1. Navigate to your API Management instance in the [Azure portal](https://portal.azure.com).
+1. In the left menu, under **APIs**, select **Subscriptions** > **Add subscription**.
+1. Provide a **Name** and optional **Display name** of the subscription.
+1. Optionally, select **Allow tracing** to enable tracing for debugging and troubleshooting APIs. [Learn more](api-management-howto-api-inspector.md)
+
+    [!INCLUDE [api-management-tracing-alert](../../includes/api-management-tracing-alert.md)]
+1. Select a **Scope** of the subscription from the dropdown list. [Learn more](api-management-subscriptions.md#scope-of-subscriptions)
+1. Optionally, choose if the subscription should be associated with a **User** and whether to send a notification for use with the developer portal.
+1. Select **Create**.
 
-![Flexible subscriptions](./media/api-management-subscriptions/flexible-subscription.png)
+:::image type="content" source="media/api-management-howto-create-subscriptions/create-subscription.png" alt-text="Screenshot showing how to create an API Management subscription in the portal.":::
 
-After you create the subscription, two API keys are provided to access the APIs. One key is primary, and one is secondary. 
+After you create the subscription, it appears in the list on the **Subscriptions** page. Two API keys are provided to access the APIs. One key is primary, and one is secondary. 
 
 ## Next steps
 Get more information on API Management:

articles/api-management/api-management-subscriptions.md

@@ -63,6 +63,9 @@ In these cases, you don't need to create a product and add APIs to it first.
 
 Each API Management instance comes with an immutable, all-APIs subscription (also called an *all-access* subscription). This built-in subscription makes it straightforward to test and debug APIs within the test console.
 
+> [!WARNING]
+> The all-access subscription enables access to every API in the API Management instance and should only be used by authorized users. Never use this subscription for routine API access or embed the all-access subscription key in client apps.
+
 > [!NOTE]
 > If you're using an API-scoped subscription or the all-access subscription, any [policies](api-management-howto-policies.md) configured at the product scope aren't applied to requests from that subscription.
 
@@ -76,9 +79,7 @@ Creating a subscription without assigning an owner makes it a standalone subscri
 
 ## Create subscriptions in Azure portal
 
-API publishers can [create subscriptions](api-management-howto-create-subscriptions.md) directly in the Azure portal:
-
-![Flexible subscriptions](./media/api-management-subscriptions/flexible-subscription.png)
+API publishers can [create subscriptions](api-management-howto-create-subscriptions.md) directly in the Azure portal. 
 
 ## How API Management handles requests with or without subscription keys