I deleted an API that had an outbound policy to replace the string ""
I subsequently recreated the API using the same API instance with definition "https://markcolorapi.azurewebsites.net/swagger/v1/swagger.json" which created a base definition without any policy statements.
For some reason, it still applies the outbound policy. I've checked the API as well as "All Operations" but I can't seem to find where it may be getting this rule from unless its a remnant of the one I deleted.
In Azure APIM you can apply policy at 4 levels:
If you want to verify the effective policy scope, you can select the operation and at the bottom you can see the 'calculate effective Policy' button. The effective policy will give you details about all the policies applied and from which scope they are applied.