Defining an API involves creating the resources and the allowed methods for each resource. When invoking the operation (accessing the resource) with a wrong HTTP method (for example, PUT instead of GET), the API Management service returns a 404 Resource Not Found instead of a 405 Method Not Allowed.
<choose>
<when condition="@(context.LastError.Message.Contains("Unable to match incoming request"))">
<return-response>
<set-status code="405" reason="Method not allowed" />
<set-body>@{
return new JObject(
new JProperty("status", "HTTP 405"),
new JProperty("message", "Method not allowed"),
new JProperty("text", context.Response.StatusCode.ToString()),
new JProperty("errorReason", context.LastError.Message.ToString())
).ToString();
}</set-body>
</return-response>
</when>
<otherwise />
</choose>
AROCKIA TAGORE I
Thanks for posting your question in Microsoft Q&A. This is still a limitation as per current design and you can refer
https://techcommunity.microsoft.com/t5/azure-paas-blog/azure-api-management-limitation-workaround-return-404-instead-of/ba-p/1588413
doc and adjust the policy code in the error handling section (for all Operations/single API/All APIs) as below.
Policy snippet:
(from the doc; validated in my APIM)
<choose>
<when condition="@(context.LastError.Source == "configuration" && context.LastError.Reason == "OperationNotFound")">
<return-response>
<set-status code="405" reason="Method not allowed" />
<set-body>@{
return new JObject(
new JProperty("status", "HTTP 405"),
new JProperty("message", "Method not allowed"),
new JProperty("text", context.Response.StatusCode.ToString()),
new JProperty("errorReason", context.LastError.Message.ToString())
).ToString();
}</set-body>
</return-response>
</when>
<otherwise />
</choose>
Note: The workaround above has a limitation that it will show 405 also when the request URL is not found.
I hope this helps and let me know if you have any questions.
If you found the answer to your question helpful, please take a moment to mark it as "Yes" for others to benefit from your experience. Or simply add a comment tagging me and would be happy to answer your questions.
AROCKIA TAGORE I thanks for sharing the screenshot. You have applied the policy expression in on-error section of GET operation. Instead add this code snippet in All operations and add <base /> in the GET operation like below:
All operations:
GET operation:
APIM will map the operation based on URL template and verb as described in https://learn.microsoft.com/en-us/azure/api-management/api-management-terminology#term-definitions and the code snippet applied in GET operation will not execute since it was not matching (different verb POST). Hence this policy needs to be applied at All operations or at API level.
I hope this helps.
