Merge pull request #312039 from cdpark/refresh-apicenter-batch1

Feature 551038: Q&M: Content Freshness for API Center - batch 1

Author: JamesJBarnett

articles/api-management/api-management-troubleshoot-cannot-add-custom-domain.md

@@ -1,58 +1,62 @@
 ---
-title: Cannot add custom domain by using Key Vault certificate
+title: Failed to Add Custom Domain Using Key Vault Certificate
 titleSuffix: Azure API Management
-description: Learn how to troubleshoot the issue in which you can't add a custom domain in Azure API Management by using a key vault certificate.
+description: Learn how to troubleshoot failure to add a custom domain in Azure API Management using a key vault certificate.
 services: api-management
 author: genlin
 manager: dcscontentpm
 ms.service: azure-api-management
-ms.topic: how-to
-ms.date: 07/19/2019
+ms.topic: troubleshooting-general
+ms.date: 02/18/2026
 ms.author: tehnoonr
 ms.custom: sfi-image-nochange
 ---
 
-# Failed to update API Management service hostnames
+# Troubleshoot: Failed to update API Management service hostnames
 
 [!INCLUDE [api-management-availability-all-tiers](../../includes/api-management-availability-all-tiers.md)]
 
-This article describes the "Failed to update API Management service hostnames" error that you may experience when you add a custom domain for the Azure API Management service. This article provides troubleshooting steps to help you resolve the issue.
+This article describes the "Failed to update API Management service hostnames" error, which might occur when you add a custom domain for the Azure API Management service. The following steps can help you resolve the issue.
 
-## Symptoms
+## Symptom
 
 When you try to add a custom domain for your API Management service by using a certificate from Azure Key Vault, you receive the following error message:
 
-- Failed to update API Management service hostnames. Request to resource 'https://vaultname.vault.azure.net/secrets/secretname/?api-version=7.0' failed with StatusCode: Forbidden for RequestId: . Exception message: Operation returned an invalid status code 'Forbidden'.
+```output
+Failed to update API Management service hostnames. Request to resource 'https://vaultname.vault.azure.net/secrets/secretname/?api-version=7.0' failed with StatusCode: Forbidden for RequestId: . Exception message: Operation returned an invalid status code 'Forbidden'.
+```
 
 ## Cause
 
-The API Management service does not have permission to access the key vault that you're trying to use for the custom domain.
+The API Management service doesn't have permission to access the key vault that you're trying to use for the custom domain.
 
 ## Solution
 
 To resolve this issue, follow these steps:
 
-1. Go to the [Azure portal](https://portal.azure.com), select your API Management instance, and then select **Managed identities**. Make sure that the **Register with Microsoft Entra ID** option is set to **Yes**. 
-    ![Registering with Azure Active Director](./media/api-management-troubleshoot-cannot-add-custom-domain/register-with-aad.png)
-1. In the Azure portal, open the **Key vaults** service, and select the key vault that you're trying to use for the custom domain.
-1. Select **Access policies**, and check whether there is a service principal that matches the name of the API Management service instance. If there is, select the service principal, and make sure that it has the **Get** permission listed under **Secret permissions**.  
-    ![Adding access policy for service principal](./media/api-management-troubleshoot-cannot-add-custom-domain/access-policy.png)
-1. If the API Management service is not in the list, select **Add access policy**, and then create the following access policy:
+1. Sign in to the [Azure portal](https://portal.azure.com), then select your API Management instance. Under **Security** in the sidebar menu, select **Managed identities**. Make sure that the **Status** setting is set to **On**.
+
+    :::image type="content" source="media/api-management-troubleshoot-cannot-add-custom-domain/register-with-entra.png" alt-text="Screenshot of managed identity setting to register with Entra ID.":::
+
+1. From the Azure portal, open the **Key vaults** service, and select the key vault that you're trying to use for the custom domain.
+
+1. Select **Access policies**, and check if a service principal matches the name of the API Management service instance. If so, select that service principal, and make sure that it has the **Get** permission listed under **Secret permissions**.
+
+1. If the API Management service isn't in the list, select **Add access policy**, and then create the following access policy:
     - **Configure from Template**: None
     - **Select principal**: Search the name of the API Management service, and then select it from the list
     - **Key permissions**: None
     - **Secret permissions**: Get
     - **Certificate permissions**: None
+
 1. Select **OK** to create the access policy.
+
 1. Select **Save** to save the changes.
 
-Check whether the issue is resolved. To do this, try to create the custom domain in the API Management service by using the Key Vault certificate.
+To check whether the issue is resolved, try to create the custom domain in the API Management service by using the Key Vault certificate.
 
 ## Related content
-Learn more about API Management service:
-
-- Check out more videos about API Management.
-* For other ways to secure your back-end service, see [Mutual Certificate authentication](api-management-howto-mutual-certificates.md).
 
-* [Create an API Management service instance](get-started-create-service-instance.md).
-* [Manage your first API](import-and-publish.md).
+* [Secure backend services by using client certificate authentication in Azure API Management](api-management-howto-mutual-certificates.md)
+* [Quickstart: Create a new Azure API Management instance by using the Azure portal](get-started-create-service-instance.md)
+* [Tutorial: Import and publish your first API](import-and-publish.md)

articles/api-management/how-to-deploy-self-hosted-gateway-kubernetes-helm.md

@@ -1,52 +1,57 @@
 ---
-title: Deploy a self-hosted gateway to Kubernetes with Helm
-description: Learn how to deploy self-hosted gateway component of Azure API Management to Kubernetes with Helm
+title: Deploy a Self-Hosted Gateway to Kubernetes with Helm
+description: Learn how to deploy self-hosted gateway component of Azure API Management to Kubernetes by using Helm.
 author: tomkerkhove
 manager: mrcarlosdev
 ms.service: azure-api-management
 ms.topic: how-to
-ms.date: 12/21/2021
+ms.date: 02/19/2026
 ms.author: tomkerkhove
 ---
 
-# Deploy self-hosted gateway to Kubernetes with Helm
+# Deploy a self-hosted gateway to Kubernetes by using Helm
 
 [!INCLUDE [api-management-availability-premium-dev](../../includes/api-management-availability-premium-dev.md)]
 
-[Helm][helm] is an open-source packaging tool that helps you install and manage the lifecycle of Kubernetes applications. It allows you to manage Kubernetes charts, which are packages of pre-configured Kubernetes resources.
+[Helm][helm] is an open-source packaging tool that helps you install and manage the lifecycle of Kubernetes applications. Helm allows you to manage Kubernetes charts, which are packages of preconfigured Kubernetes resources.
 
-This article provides the steps for deploying self-hosted gateway component of Azure API Management to a Kubernetes cluster by using Helm.
+This article explains how to deploy a self-hosted gateway component of Azure API Management to a Kubernetes cluster by using Helm.
 
 > [!NOTE]
-> You can also deploy self-hosted gateway to an [Azure Arc-enabled Kubernetes cluster](how-to-deploy-self-hosted-gateway-azure-arc.md) as a [cluster extension](/azure/azure-arc/kubernetes/extensions).
+> You can also deploy a self-hosted gateway to an [Azure Arc-enabled Kubernetes cluster](how-to-deploy-self-hosted-gateway-azure-arc.md) as a [cluster extension](/azure/azure-arc/kubernetes/extensions).
 
 ## Prerequisites
 
-- Create a Kubernetes cluster, or have access to an existing one.
+- Create an Azure Kubernetes cluster, or have access to an existing one.
    > [!TIP]
-   > [Single-node clusters](https://kubernetes.io/docs/setup/#learning-environment) work well for development and evaluation purposes. Use [Kubernetes Certified](https://kubernetes.io/partners/#conformance) multi-node clusters on-premises or in the cloud for production workloads.
-* [Create an Azure API Management instance](get-started-create-service-instance.md).
-* [Provision a gateway resource in your API Management instance](api-management-howto-provision-self-hosted-gateway.md).
-* [Install Helm v3][helm-install].
+   > [Single-node clusters](https://kubernetes.io/docs/setup/#learning-environment) work well for development and evaluation purposes. Use [Kubernetes Certified](https://kubernetes.io/partners/#iframe-landscape-conformance) multi-node clusters on-premises or in the cloud for production workloads.
+* Create an [Azure API Management instance](get-started-create-service-instance.md).
+* Provision a [gateway resource in your API Management instance](api-management-howto-provision-self-hosted-gateway.md).
+* Install [Helm v3 or later][helm-install].
 
-## Adding the Helm repository
+## Add the Helm repository
 
-1. Add Azure API Management as a new Helm repository.
+1. Add Azure API Management as a new Helm repository by using the following command.
 
    ```console
    helm repo add azure-apim-gateway https://azure.github.io/api-management-self-hosted-gateway/helm-charts/
    ```
 
-2. Update repo to fetch the latest Helm charts.
+1. Update the repo to fetch the latest Helm charts.
 
    ```console
    helm repo update
    ```
 
-3. Verify your Helm configuration by listing all available charts.
+1. Verify your Helm configuration by listing all available charts.
 
    ```console
-   $ helm search repo azure-apim-gateway
+   helm search repo azure-apim-gateway
+   ```
+
+   The following example shows the available charts.
+
+   ```output
    NAME                                            CHART VERSION   APP VERSION     DESCRIPTION
    azure-apim-gateway/azure-api-management-gateway 1.15.0           2.11.0           A Helm chart to deploy an Azure API Management ...
    ```
@@ -55,12 +60,19 @@ This article provides the steps for deploying self-hosted gateway component of A
 
 [!INCLUDE [api-management-self-hosted-gateway-authentication](../../includes/api-management-self-hosted-gateway-authentication.md)]
 
-1. Select **Gateways** from under **Deployment and infrastructure**.
-2. Select the self-hosted gateway resource you intend to deploy.
-3. Select **Deployment**.
-4. A new token in the **Token** text box was autogenerated for you using the default **Expiry** and **Secret Key** values. Adjust either or both if desired and select **Generate** to create a new token.
-5. Take note of your **Token** and **Configuration URL**
-6. Install the self-hosted gateway by using the Helm chart
+1. In the [Azure portal](https://portal.azure.com), navigate to your API Management instance.
+
+1. Under **Deployment and infrastructure** in the sidebar menu, select **Self-hosted gateways**.
+
+1. Select the self-hosted gateway resource you intend to deploy.
+
+1. Select **Deployment**.
+
+1. A new token in the **Token** text box was autogenerated for you using the default **Expiry** and **Secret Key** values. Adjust either or both if desired, and select **Generate** to create a new token.
+
+1. Take note of your **Token** and **Configuration URL**.
+
+1. Install the self-hosted gateway by using the Helm chart.
 
    ```console
    helm install azure-api-management-gateway \
@@ -69,23 +81,23 @@ This article provides the steps for deploying self-hosted gateway component of A
                 azure-apim-gateway/azure-api-management-gateway
    ```
 
-7. Execute the command. The command instructs your Kubernetes cluster to:
+1. Execute the command. The command instructs your Kubernetes cluster to:
     * Download the image of the self-hosted gateway from the Microsoft Container Registry and run it as a container.
     * Configure the container to expose HTTP (8080) and HTTPS (8081) ports.
 
    > [!IMPORTANT]
-   > By default, the gateway is using a ClusterIP service and is only exposed inside the cluster.
+   > By default, the gateway uses a ClusterIP service and is only exposed inside the cluster.
    > You can change this by specifying the type of Kubernetes service during installation.
    > 
    > For example, you can expose it through a load balancer by adding `--set service.type=LoadBalancer`
 
 
 ## Related content
 
-* Learn more about the self-hosted gateway, see [Azure API Management self-hosted gateway overview](self-hosted-gateway-overview.md).
-* Learn more about guidance for [running the self-hosted gateway on Kubernetes in production](how-to-self-hosted-gateway-on-kubernetes-in-production.md).
-* Learn [how to deploy API Management self-hosted gateway to Azure Arc-enabled Kubernetes clusters](how-to-deploy-self-hosted-gateway-azure-arc.md).
-* Learn more about the [observability capabilities of the Azure API Management gateways](observability.md).
+* [Self-hosted gateway overview](self-hosted-gateway-overview.md)
+* [Guidance for running self-hosted gateway on Kubernetes in production](how-to-self-hosted-gateway-on-kubernetes-in-production.md)
+* [Deploy an Azure API Management gateway on Azure Arc (preview)](how-to-deploy-self-hosted-gateway-azure-arc.md)
+* [Observability in Azure API Management](observability.md)
 
-[helm]: https://helm.sh/
+[helm]: https://helm.sh
 [helm-install]: https://helm.sh/docs/intro/install/