Introducing the all-new TIBCO Community site!

For current users, please click "Sign In" to reset your password and access the enhanced features. If you're a first-time visitor, we extend a warm welcome—click "Sign Up" to become a part of the TIBCO Community!

If you're seeking alternative community sites, explore ibi, Jaspersoft, and Spotfire.

Jump to content
  • TIBCO Cloud API Management Release Notes


    Ana Bahr

    Closed Issue

     

    WA-13333 - 

    Resolved the issue where the  endpoints with path parameters conflict with themselves when the parameters are renamed.

    EIN-11502 - Resolved the issue where a valid request for a deleted path returned 596.

     

    Enhancement

    • Able to set empty value to "Your Public Traffic Manager Domain" for new endpoints.
    • Able to get the hourly usage data for the package key using v3 API.

    Closed Issue

     

    WA-13312

    Resolved an intermittent issue where JavaScript in Content Pages was not working.

    WA-12628 -

    Streamlined notification process for whitelisting client domains for improved turnaround time.

     

    Enhancement

    • Added ability to  disable the developer email notification for new package key creation.
    • Resolved an issue where an error occurred while calling private endpoints with multiple paths.

    Closed Issue

     

    WA-13312 - 

    Resolved the issue where the JavaScript in Content Pages were not working.

    WA-13201 -

    Resolved the issue where the page 4 of the package keys page was not loading data.

    WA-12751 - Resolved the issue where the unexpected additional route occurred in Load Balancing when creating a new endpoint.

    Closed Issue

     

    WA-7049 - 

    Resolved the issue where the External Oauth server invocation for access token fails form I/O docs.

    WA-13306 - Resolved the issue where the Terms of Service and Privacy Policy links are incorrect on the member registration page.

    WA-12832 -  Resolved the issue where the notifications are not enabled during V3 Package create event when notifyAdminEmails are set.

    WA-13155 - Resolved the issue where the Mashery v3 API content-type response header is incorrect for error conditions.

     

    Enhancement

    • Implemented improved user logging and tracking in Control Center.

    Closed Issue

     

    EIN-11518 - 

    Resolved an issue where the Interactive documentation upload gave 'A system error has occurred while processing your request'.

    Closed Issue

     

    WA-13209 - 

    Resolved the issue where my apps & keys page was not loading due to excess application / keys.

    Closed Issues

     

    WA-12932 - Resolved an issue where XSS can execute following Application registration when specific payloads are provided.

    WA-12867 -Resolved an issue where a call to return Package Keys responds with an Integer-Id instead of an UUID..

    EIN-11410 - Resolved an error handling issue where a request for a deleted endpoint is accepted rather than rejected. Enhancement

    • Please change to updated Package Key search to display packages in alphabetical order.

    Closed Issue

     

    WA-13137- Resolved an issue in the service mesh where PostService was not able to set a PublicEndpointPath.

    Closed Issues 

     

    WA-13805 - Audit History logs now provide more granular detail regarding changes to a specific plan..

    EIN-10724 - Resolved an issue where a deleted/disabled key continues to work while using HTTP Basic Authentication Connector for SAAS.

    Closed Issue WA-13185 - Resolved an issue where a user could not re-enable a package key previously disabled. 

    WA-13186 - Resolved an issue where audit logs did not record disabled member status.

     

    Enhancement

    • Templates for Control Center and Developer Portal notifications for new member registration are now consistent.

       

    Closed Issue

     

    WA-13139 - Resolved the issue where V3 API call fails when Mesh endpoint is in a different region.

     

    Enhancement

    • 27 June, 2023

    20 June, 2023

    Resolved the issue where V3 API call fails when Mesh endpoint is in a different region.

    Closed Issues

     

    EIN-10861 - Resolved the issue where the backend slowness was resulting in socket exhaustion across the EU SNI Stack.

     

    Enhancement

    • May 23, 2023

    Enhancement

    • Added ability to allow values less than 60 seconds for Cache TTL. 

    May 16, 2023

    Added the provision to communicate SSL certificate expiry through Admin Dashboard.

    Closed Issues

     

    WA-12772 - 

    Resolved the encoding issue of the feedback form.

    WA-12964 - Resolved the issue related to LABEL_EXPIRES field explanation.

    Closed Issues

    Enhancement

    • Areas can now optionally implement a variety of data retention and anonymization policies.

    March 28,2023

    March 9, 2023

    March 7, 2023

    Closed Issues

    • WA-12494 -  IllegalStateException error seen when deleting an API created through Swagger, and recreating the API using the same Swagger.
    • WA-12583 - Custom developer email notification template was not being applied even though a new API key was issued.

    Enhancements

    • The Notification Email that is sent to Administrators is now editable.
    • When automating API publishing within a CI/CD pipeline, users now have access to manage APIs within TIBCO Cloud API Management via the Platform API created within TIBCO Cloud (TCI, BW, etc.). Also, users are now able to analyze available endpoints, paths and methods through TIBCO Cloud Mesh.

     

    February 28, 2023

    Closed Issues

    • EIN-10456 -Resolved a URL routing issue, for a specific call scenario, during call transformation.

    Enhancement

    • Users can now create Admin-specific email templates for Package Key notifications.

    February 21, 2023

    Closed Issues

    • EIN-10181 -Resolved an issue where the X-Mashery-Message-ID header failed to propagate during call transformation.

    February 14, 2023

    Closed Issues

    • WA-12417 - Resolve an issue where a disabled user?s keys remained active.
    • WA-12556 -Introduced an enhancement to include the entire payload on package key deletion events, similar to package key creation events.

    January 31, 2023

    Closed Issues

    • EIN-10501 - Resolved issue where the backend slowness was resulting in socket exhaustion across the EU SNI Stack.
    • EIN-10503 - Failsafe set for an area triggered 503 Service Unavailable errors for other areas.

     

    January 24, 2023

    Closed Issues

    WA-12562 - Resolved issue where My Account - Appplications page still had key?s data displayed.

     

    January 10, 2023

    Closed Issues

    • WA-12662 - Resolved an issue where packageKey couldn't call a particular endpoint.
    • WA-12595 - There are consistent counts on Client Usage Report now.

    November 01, 2022

    Closed Issues

    • WA-12432 - Resolved an issue where the Username error notification is visible only if we have passed through the Captcha verification.

    Enhancement

    • Added ability to disable email notifications when a new application, key, or user is created.

    October 18, 2022

    Closed Issues

    • WA-12114 - Unexpected error when attempting to delete organizations with APIs and Packages has now been fixed.
    • WA-12136 - The Organization of an API can now be changed to Area Level in Untethered Cloud API Management Local Edition.

    Enhancement

    • Added ability to mask API Keys and Secrets within Developer Portal

     

    October 11, 2022

    Closed Issues

    • WA-12425 -Resolved an issue where seconds to attempt initial connection to endpoint cannot be set to more than 7 seconds.
    • WA-12453 -Resolved I/O Docs vulnerability issue.

    Enhancement

    • Administrators are now able to generate reports identifying client utilization of a given endpoint.

     

    October 4, 2022

    Closed Issues

    • WA-12493 -Resolved an issue, when transforming an OAS 3.0 Swagger payload via API, where specified custom ports were not included in resulting APIM definition.

     

    September 20, 2022

    Closed Issues

    • WA-12447 -Resolved an issue that prevented applications from moving across users.
    • WA-12460 -Enhanced error logging in flows where application ownership is changed.
    • WA-12504 -MARK API for POST/application now correctly supports validation for "id" field.

    Enhancement

    • Added support for reassignment of sub-organizations (to Parent orgs)

     

    September 13, 2022

    Closed Issues

    • EIN-9570 - Resolved an issue where specific forwarded headers were missing in authentication calls.

    September 6, 2022

    Closed Issues

    • WA-12107 - Resolved an issue where applications have is_packaged set to false even though there are package_keys assigned.
    • WA-12470 - Resolved an issue where IODocs default option didn't work.
    • WA-12442 - Developer portal issue.

    Enhancement

    • You can now detect if the last package key is deleted in the delete package key event.

    July 26, 2022

    Closed Issues

    • WA-12400 - Resolved scenario where users were unable to clone endpoints.
    • WA-12396 - Resolved issue where character-specific changes to endpoints could not be made.

    Enhancement

    • Site Administrators and Super Administrators now have the ability to enable the File Manager in the Control Center.

    Changes in Functionality

    • When deleting or removing a domain from an area, and an error is given, service details are now added with the error.

    July 12, 2022

    Enhancements

    • Enhanced user experience in Developer Portal by improving accessibility and searchability of API Documentation.
    • Email notifications now occur for the creation of new user/package keys via the V3 API.
    • Session timeout behavior has been enhanced to improve user experience and prevent data loss.

     

    June 28, 2022

    Closed Issue

    • EIN-9643 - Introduced infrastructure improvements to decrease data synchronization latency and quicken data accessibility.

    June 21, 2022

    Closed Issues

    • WA-12301 - Resolved a scenario where erroneous "Maximum limit reached" notifications are presented when creating new API definitions in the Organization.
    • WA-12267 - Resolved an issue where API/endpoints were responding unexpectedly to specific package/plan configurations.

    June 07, 2022

    Closed Issue

    • WA-6834 - Eliminated erroneous prompts when adding API Key inputs on the Developer Portal.

    May 24, 2022

    Closed Issues

    • WA-12243/WA-12144 - Resolved an issue where the API application threw an error while adding API endpoints to a package/plan.
    • WA-12013 - Allow toggle to deactivate "autocomplete" browser functionality on the DevPortal login.
    • WA-11656 - Resolved "duplicate entry" errors when adding endpoints to a plan.
    • WA-10472 - Unable to update the Plan Designer.

    Change in Functionality

    • Enabled an enhanced theme on the Developer Portal for improved user experience.

    May 10, 2022

    Closed Issues

    • WA-12218 - The Portal Setup documentation link, API Management Customization Documentation, has been fixed.
    • EIN-9612 - Resolved an issue where the REST > SOAP connector failed to render the correct content hierarchy in SOAPBody.

    Change in Functionality

    • Updated response code for the JWT authenticator when an invalid token is passed in the API call.

    April 26, 2022

    Closed Issue

    • WA-12268 - Resolved an issue where API/endpoints were responding unexpectedly to specific package/plan configurations.

    New Feature

    • Introducing a new optional query parameter, (record_offset), for MARK (Members, Applications, Roles, Keys) objects. More information can be found here and here.

    April 19, 2022

    Closed Issues

    • WA-12252 - Addressed a scenario where inactive plans could not be accessed, deleted, or re-enabled.
    • EIN-8908 - Resolved an issue where a SOAP endpoint WSDL retrieval request updated only the hostname and not the URI/path.

    April 12, 2022

    Changes in Functionality

    • Implemented health checks of APIs for "ptl" and "api-v2" workers to resolve sporadic permission-based errors.
    • Resolved a processing issue where the lighttpd server became destabilized due to lighttpd error logs.
    • Service Endpoint type is now displayed as "standard" or "token" for GET Service definition endpoints on package/plan level.
    • Enhanced DevPortal login experience to include richer security configurability options.

    April 05, 2022

    Closed Issues

    • EIN-9512 - Resolved an issue where creating tokens without an Origin header, using the token endpoint (V3 API), responded unexpectedly.
    • EIN-9506 - Resolved an issue where CORS-enabled endpoints were responding unexpectedly to preflight requests.
    • EIN-8767 - Resolved authentication error of API Key in request body for ?Content-Type: application/json?.

    Enhancement/Change in Functionality

    • Resolved an issue where token endpoints were responding unexpectedly to 'OPTIONS' (preflight) requests.

    March 22, 2022

    Closed Issues

    • WA-12119 - Resolved a sporadic response inconsistency in V3 API (GET) invocation.
    • WA-12055 - Increased the number of visible organizations within User Access configuration.
    • WA-11117 - Resolved an error where a deleted endpoint was displayed as ?active? in the plan_endpoints table database.
    • EIN-9403 - Addressed a scenario where limit values at the PackageKey level were not honored when Plan level limits were unlimited/different.
    • EIN-8675/EIN-7846 - Resolved Memcached inconsistencies after configuration changes.

    New Feature

    • Added visibility of functionality for plan/package EAVs.

    Enhancements/Changes in Functionality

    • Redesigned Plan Designer page by separately sorting in-use API endpoints and methods for better user experience.
    • Improved functionality by allowing propagation of rate limits from the plan/key level to the method level on existing endpoints.
    • Added support for custom error codes.

    March 08, 2022

    Changes in Functionality

    • Removed restriction to add EAVs for packages and plans.
    • API Definitions on the Plan Designer are now sorted and displayed for improved user experience.
    • Improved GET calls retrieving all package keys accessible for a plan.
    • Resolved an inconsistency by adding a "stop on error" configurable boolean field on the Call Transformations page.
    • Improved discovery of packages linked to specific API definition endpoints.

    March 01, 2022

    Closed Issues

    • WA-12050 - Resolved an inconsistency identified between User Package Keys and Applications.
    • WA-12068 - Updated package ids for existing keys having incorrect package/plan combination.

    New Feature

    • Improved readability of functionality for individual EAVs in the Control Center.

    Changes in Functionality

    • Added a date filter to V3 APIs for improved user experience.

    February 15, 2022

    Closed Issue

    • EIN-9198 - Resolved Null Pointer exception error after SSL handshake.

    February 08, 2022

    Closed Issues

    • WA-12070 - Resolved an issue where the Plan Designer page didn't load for any packages.
    • WA-12010 - Resolved an issue where endpoint reversion was not completing successfully.
    • EIN-6001 - Addressed a scenario where API Management sync displayed Turkish time zone instead of UTC or user timezone.

    Changes in Functionality

    • Clarified error response in scenarios where package key update fails.

    February 01, 2022

    Closed Issues

    • WA-12008 - Addressed a scenario where any low-privileged user was able to issue SQL queries to access sensitive information.
    • WA-11955 - Addressed an issue where a new/cloned endpoint didn't work with the AMSData URI.
    • WA-11888 - Resolved an issue where one could easily access/download the Swagger specifications from the API Management without authentication.
    • EIN-8691 - Resolved Memcache inconsistencies after configuration changes.
    • EIN-1369 - Resolved Memcached inconsistencies after configuration changes.

    January 25, 2022

    Changes in Functionality

    • Resolved an issue where API Management sent notifications for the user, key, and application activity using an outdated PHPMailer.
    • Added functionality to retain the entries in public_domain_endpoints by marking them as "not-active" when the state changes to "deleted".

    January 11, 2022

    Change in Functionality

    • When a user is about to delete the account of any other user in Mashery, a warning appears with the necessary actions that would be taken on deleting that particular user.

    Closed Issues

    • WA-11803 - Blocked the creation of endpoint/s with relative path "/../" in the URI.
    • WA-11788 - Resolved an issue related to the mismatch of user data in the database.
    • WA-11777 - Masked the API keys in the email notification when the Call Inspector was Enabled/Disabled for the Mashery Cloud.

    November 16, 2021

    Changes in Functionality

    • SOAP Cache Connector default TTL (Time-to-live) value of 300 seconds can now be overridden by Endpoint TTL or Service TTL. For more information, refer to the SOAP Cache Connector.
    • REST Cache Connector default TTL (Time-to-live) value of 300 seconds can now be overridden by EndpointTTL or ServiceTTL. For more information, refer to the REST Cache Connector.

    Closed Issue

    • EIN-8805 - SOAP Cache Connector loses European/Unicode characters.
    • EIN-8854 - Resolved an issue where the Custom HTTP headers configured in Mashery APIs had "encoded" values instead of actual values.
    • EIN-8488 - Analyzed and resolved the issue related to AWS Lambda Sidecar Integration Connector.

    November 9, 2021

    Closed Issue

    • WA-11611 - Resolved a sporadic issue where an SSO user is unable to access an API Definition.
    • WA-11739 - Users removed from TIBCO Cloud were still showing up in Control Center.

    October 20, 2021

    Changes in Functionality

    • On the Plan Designer page, the defined fetch limit to fetch all endpoints in multiple calls has been set to 600.
    • Enabled "Full" SSL support on Mashery developer portals by default; previously set to "None".
    • Pre-flight check added in CIC Subscription provisioning to verify if the current Mashery area name already exists.

    Closed Issue

    • WA-11824 - Changed queries in PersistedServiceMapi to select based on the status i.e. "not-deleted" instead of "active".
    • EIN-8850 - Resolved the issue related to InjectModelAttributeHeader and InjectConditionalHeader connectors when the call is run through EU-Central.

    October 13, 2021

    Closed Issue

    EIN-7977 - Resolved OAuth issue related to U.S. Daylight Savings time change.

    October 6, 2021

    Improvements

    SOAP Cache Connector / REST Cache Connector - When defining cache_ttl at the service level or endpoint level, then the regular cache is coming into play and it is overriding the SOAP Cache Connector/REST Cache Connector. Now, cache_ttl will be defined in pre input and not at the service level or endpoint level.

    September 28, 2021

    Enhancements/Changes in Functionality

    Tool Tip Text Update for Cache Disabling

    The following tool tip is now added for how to disable caching once Cache Time-to-Live feature is enabled on the API Service and API Endpoint pages: "Setting a value of 0 will disable caching."

    Closed Issues

    • WA-11756 - Resolved an issue with custom key creation in specific scenarios.
    • WA-11691- Addressed a reported issue causing frequent logouts in Mashery Cloud.
    • WA-11730 - Addressed a filtering issue with Organization picker within TIBCO Cloud Mesh.
    • WA-11489 - Addressed a Mashery V3 API call issue when moving a given package key from one API Package to another API Package. For more information, see the Package Keys topic in the Mashery Cloud API documentation.
    • EIN-8440 - Resolved a sporadic issue involving erroneous access to a defined Method not included in a Plan.

    September 14, 2021

    Enhancements/Changes in Functionality

    WA-11633 - Implemented optimizations to Service Definition configuration.

    Closed Issue

    WA-11704 - Package key audit history 'Changed By' column was incorrectly showing the owner of the key instead of the user that made the change.

    August 31, 2021

    Closed Issues

    • WA-11596 - Pagination was not working as expected on the HTTPS Client Profile page. 
    • WA-11715 / WA-11724 - Mashery throwing Duplicate Entry error for a particular URI.
    • WA-11668  - Unable to change the Application Owner.
    • WA-11689 - Resolved an intermittent accessibility issue within the Content Page of the Developer Portal.

    August 10, 2021

    Enhancements/Changes in Functionality

    • WA-11318 - Developer Portal - TIBCO analytics tags updated/removed (Google Analytics).
    • WA-11631 - Added support for rejecting the whitelisting of a top-level domain when a sub-domain is already approved and or in use.
    • WA-11695 - Interactive Documentation within the Mashery Cloud Control Center now lists the current versions of endpoints.

    Closed Issues

    • WA-11626 - New member profiles created during ?Invite New Members? now default to the user?s First Name and Last Name.
    • WA-11691 - Addressed an uncommon scenario where users experienced sporadic logout behavior.

    July 27, 2021

    Enhancement

    A Cancel button is added in the confirmation popup windows.

    Closed Issues

    • WA-11590 - Fetching the service and endpoints using the Mashery API fetch call to the plans were returning invalid dates.
    • WA-11678 - Content added (Using Manage -> Contents -> Select any random custom page) were not getting saved.
    • WA-11434 -  Pages (and their child pages) in the Developer Portal were not visible to users as expected.
    • WA-11519 - The HEAD request to get the X-Total-Count header did not work consistently across resources.

    June 29, 2021

    Enhancement

    IP Whitelisting Connector updated for improved compatibility with Azure.

    June 15, 2021

    Closed Issue

    • WA-11533 - Resolved admin issue of creating/deleting sub-organizations.

    June 01, 2021

    Change in Functionality

    Admin is now warned if an Admin user has an Mashery API key while being disabled or deleted.

    Closed Issues

    • WA-11426 - Cloning of an Application Service Registry endpoint now works as expected.
    • WA-11538 - Issues with Mashery user accounts having special characters in TIBCO cloud account now fixed.

    May 18, 2021

    Closed Issues

    • WA-11344 - Updated visibility and access for the API Manager role to view HTTPSClientProfile in Mashery Control Center.
    • WA-11554 - Developer portal key activity reports were not returning any data. This issue has been fixed.

    April 27, 2021

    Change in Functionality

    When using the Mashery Platform API to CreateAccessToken, if User_Context is not passed in the call, the response will return a ?null? value instead of a blank value.

    Closed Issues

    • WA-11270 - General performance, security, and stability fixes.
    • WA-11255 - Resolved issue which prevented Organization Admins from creating Sub-Organization Endpoints.

    April 20, 2021

    Enhancement

    The behavior of the Service User role has been updated:

    • Service User can be assigned along with other roles.
    • ACL Permissions of roles other than Service User role determine the access permission for the user.  
    • Evaluation Area Creation: For the auto-generated user with Service User, an Administrator role is now added in the creation process.

    Closed Issues

    • WA-11518 - Resolved error during login from TIBCO Cloud into Mashery Control Center under a specific Organization/Child-Organization.
    • WA-11456 - Updates to use and scope of Service User roles.
    • WA-11316 - The Delete audit trail history for an API Package Key after a Package/Plan is deleted was missing. This is now fixed.

    April 13, 2021

    Enhancement

    The user_context field is now included in the response from TIBCO Cloud Mashery.

    March 30, 2021

    New Features

    Enriched Call Log Export (ECLE) has been updated as follows:

    • All ECLE profiles now require the enhanced security configuration which includes assumed-role access and native s3 bucket encryption.
    • As communicated in the past, all un-encrypted and IAM access functionality will be deprecated and all the un-encrypted configurations will be disabled.
    • Please see the setup instructions present on the Control Center ECLE page for more information about configuring your AWS account prior to creating or updating an ECLE profile.

    Added the ability to validate API calls using encrypted JWT JWE (JSON Web Encryption).

    Enhancements

    General performance, security, and stability improvements. (AJ-2249, AJ-2260, AJ-2281, AJ-2294, AJ-2298, AJ-2322)

    March 2, 2021

    New Feature

    Support for Mutual Transport Layer Security (mTLS)

    Control Center UI updated for supporting mTLS (Mutual TLS) configuration for endpoints. mTLS ensures verification between client and server. Note this feature is only for Mashery Local 5.3.1 and above customers, who are using tethered mode only.

    Enhancements

    General performance, security, and stability improvements (WA-11271, WA-11351, WA-11437).

    Closed Issue

    • EIN-8084 - Broken formatting on Call Inspector Call Detail panes. This is now fixed.

    February 9, 2021

    Enhancement

    General performance, security, and stability improvements (WA-11253).

    January 26, 2021

    New Feature

    Ability to Configure Content Security Policy (CSP) for Developer Portal

    A Content Security Policy (CSP) editor is now available when configuring a Developer Portal. For more information, refer to Customizing your Portal.

    Enhancements

    General performance, security, and stability improvements (WA-11275, WA-11385).

    November 10, 2020

    New Feature

    The Service User role, initially available only for CIC areas, is now available on all areas. Once a user is assigned this role, the user will not able to login to the Control Center/Dashboard. The appropriate warning/confirmation is displayed to the user when this role is assigned to any member in the Access settings panel. A user assigned to this role will be able to invoke APIs as an area admin. A service user will be also able to login to developer portal.

    October 29, 2020

    New Features

    The API Policy Connector has been updated with the following new feature:

    • JWE (JSON Web Encryption) support for third party JWT token. Compliant to JWE RFC https://tools.ietf.org/html/rfc7516. Supports following key algorithms and content encryption algorithms:
      • JWE 'alg' : [ RSA1_5, RSA-OAEP, RSA-OAEP-256, ECDH-ES,ECDH-ES+A128KW, ECDH-ES+A192KW and ECDH-ES+A256KW]
      • JWE 'enc' : [ A128CBC-HS256, A192CBC-HS384 and A256CBC-HS512, A128GCM, A192GCM and A256GCM, HS512]

    OIDC Token Authentication Connector

    The OIDC Token Authentication Connector is now available. This Connector supports securing APIs in TIBCO Mashery using third party OIDC IDP based ID token. Features include:

    • Ability to configure up to ten user info endpoints per service endpoint for ID validation using any third party OIDC IDP.
    • Conditional pickup of user info endpoint for user info based on incoming meta data for geo-distributed API services.
    • Ability to enrich API request header with user info meta data that is returned after successful ID validation.
    • Support for strict case sensitive method for GET and POST calls to third party OAuth2.0 Auth server user info endpoint. HTTP Verb must be case-sensitive and supported that way in compliance with RFC 7231 guidelines.
    • Support of configurable parameter enable_error_set to control error response code sent by TIBCO Mashery. If enable_error_set is configured as "true", TIBCO Mashery responds with ERR_403_NOT_AUTHORIZED that is Gateway supported error message. In this case, http response status code and status text for connector is overridden by error set defined for that endpoint in Mashery Control Center. If enable_error_set is configured with value other than "true", then there is no change in Mashery Connector existing functionality that responds with ERR_401_UNAUTHORIZED for backend server response code with 401 for unauthorized calls. enable_error_set parameter value with "true" is case-insensitive.
    • Support of UserInfo error responses on error condition as defined in the OAuth 2.0 Bearer Token Usage Specification. https://tools.ietf.org/html/rfc6750#section-3.1

    Enhancement

    The SOAP WS-Security Connector has been updated with the following enhancements:

    • Supports SOAP message payload size up to 1024 KB (1 MB).
    • Error handling improvement for accurate checking of supported signature and encryption algorithms.

    October 27, 2020

    New Feature

    New Organization-specific Role: Organization Support User

    Added new organization-specific role - Organization Support User - for all organizations including existing organizations. The Organization Support User role has read-only access to all pages in the API Control Center dashboard with data filtered based on the Organization. Buttons (such as Save, Create, Edit, and Delete) and various fields (such as check boxes and text boxes) are disabled for Organization support users.

    Change in Functionality

    The warning message for 'Time to wait for a response from endpoint' has been updated to specify that it applies only for Mashery Cloud calls (and not for Mashery Local).

    Closed Issues

    • WA-11295 - Fixed general issues related to Dapi.
    • WA-11282 - Map Overlay reports were not loading correctly from API Control Center > Reports > Developer Activity > Map Overlay. This is now fixed.

    October 13, 2020

    Closed Issue

    WA-11105 - Resolved packager-based reporting map overlay display bug.

    October 8, 2020

    New Feature

    SOAP WS-Security Connector

    The SOAP WS-Security Connector is now available. This Connector supports SOAP WS-security specs to validate SOAP API calls for SOAP message signature, apply encryption/decryption to enforce integrity and confidentiality on messages. It also supports optionally creating the security header with the timestamp component in the outgoing request to the backend API server.

    Enhancement

    The AWS Lambda Sidecar Integration Connector has been updated with the following improvement:

    Enhancement

    The REST <-> SOAP Transformation Connector has been updated with the following improvement:

    • Supports accurate Content-Type header for REST ? SOAP transformation for both SOAP1.1 and SOAP1.2
      • REST(JSON) -> SOAP 1.1 , Content-Type header is set to application/xml;charset=UTF-8 after transformation.
      • REST(JSON) -> SOAP 1.2 , Content-Type header is set to application/soap+xml;charset=UTF-8 after transformation.

    October 1, 2020

    New Feature

    JSON Schema And Payload Size Validation Connector

    The JSON Schema And Payload Size Validation Connector is now available. This Connector supports RESTful API request validation using JSON schema provided either in Content Type header or Link header. Features include:

    • Support for RESTful API payload size validation.
    • Optionally supports fail-safe mode for payload size validation. In fail-safe true mode, an API call is forwarded even if it is more than the configured max size but less than max allowed payload size.
    • Supports configuration 'override_custom_error_message' for enabling API service endpoint supported static custom messages to override Connector runtime message.

    September 23, 2020

    Change in Functionality

    Call Log Export (ECLE) S3 Server-Side Encryption

    In an effort to provide improved security for the Call Log Export (ECLE) feature, we have added support for S3 Server-Side Encryption. To use this feature, all AWS resources are created by the customer, providing full ownership of the encryption, authentication/authorization, and storage mechanisms using the TIBCO provided CloudFormation template.

    To activate this feature, enable the Bucket Encryption flag on the ECLE profile create or edit screens. Once the Bucket Encryption flag is enabled, you will need to input fields S3 Bucket Name, IAM Role Arn, CMK Arn, and ExternalId for Role Assumption. This information is generated after successful stack creation using the provided CloudFormation template.

    For more information, refer to the Setup Instructions provided in the ECLE profile create or edit screen.

    Because security is more important than ever, we are deprecating the existing IAM based bucket policy functionality in early November.  Between the launch of the encryption functionality and the depreciation of IAM bucket policy support, we are requiring customers to run in both modes. The provided CloudFormation template will allow you to either apply the new settings to an existing bucket, or create a new bucket with both sets of configuration.  We will notify you once the IAM policy functionality has been disabled, at which point, we recommend that you remove the IAM based policy from your S3 bucket. ECLE profiles not implementing the new encryption policy by November 10th will be disabled until such time their configuration is updated to the new encrypted mode. 

    September 15, 2020

    Improvement

    The API Policy connector has been updated with the following improvements:

    • Extend payload match policy to support SOAP messages. Now payload match policy supports both REST & SOAP.
    • Support of new configuration 'Enable_Error_Set' for enabling API service endpoint supported static custom messages to override Connector runtime message.

    August 27, 2020

    New Feature

    AWS Lambda Sidecar Integration Connector 

    The AWS Lambda Sidecar Integration Connector is now available. This Connector supports TIBCO Cloud Mashery sidecar integration for AWS Lambda function. Features include:

    • Supports AssumeRole IAM policy with external ID for enhancement security of AWS Lambda resources access in compliance of AWS shared responsibility model.
    • Supports configurable sure-fire and fail-safe modes to invoke AWS Lambda function to influence Gateway action.
    • Supports RESTful POST messages only for AWS Lambda function invocation.
    • Supports optional configurable parameters to apply business policies to influence API behavior in the end-to-end call flow.

    Enhancement

    The REST <-> SOAP Transformation connector has been updated with the following improvement: 

    • Now supports handling of JSON payload with namespace in the transformation. 

    August 18, 2020

    New Feature

    The following headers are added in the response of the Mashery Developer Portal and Mashery Control Center page:

    X-Content-Type-Options nosniff, X-XSS-Protection 1; Content-Security-Policy.

    For Content Security policy header, Portal administrators may want to update the Content Security Policy from the Portal Settings page.

    About Content Security Policy

    Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.

    CSP makes it possible for server administrators to reduce or eliminate the vectors by which XSS can occur by specifying the domains that the browser should consider to be valid sources of executable scripts. A CSP-compatible browser will then only execute scripts loaded in source files received from those allowed/listed domains.

    By default, Content Security Policy header is not added in the developer portal response. Portal administrator can set the content security policy through Control Center > Manage > Potal > Portal Setup page. Administrators can set the content security policy in the given text field. By default, no content security policy is set on the Developer Portal. Example of security policy required for the Developer Portal is provided in the description text.

    Example -

    If the administrator wants to set the Content Security Policy, the administrator will copy the example text, replace the value for portal-domain and then add/update any other directives. The policy provided in the example is required by the Developer Portal; hence those values should not be removed.

    If the administrator wants to allow to load script from another domain, such as abcd.com , and a font from coolfonts.com, then the administrator will add *.abcd.com in the script-src directive and *.coolfonts.com in font-src directive of the example and set the entire text as a new content security policy.

    August 4, 2020

    Changes in Functionality

    There is a change in the way error messages are displayed to the user. The error message is now more informative with service key and endpoint key information and a hyperlink pointing to existing endpoint.  Also a single message is now displayed for all the conflicting HTTP verb instead of one error message for each verb. 

    July 30, 2020

    Improvements

    The OAuth 2.0 Token Authentication connector has been updated with the following improvement:

    • Support of configurable parameter Enable_Error_Set to control error response code sent by TIBCO Mashery.

      If Enable_Error_Set is configured as "true", TIBCO Mashery responds with ERR_403_NOT_AUTHORIZED in place of ERR_401_UNAUTHORIZED. In this case http response status code and status text for connector is overridden by error set defined for that endpoint in Mashery Control Center.

      If Enable_Error_Set is configured with value other than "true", then there is no change in Mashery Connector existing functionality that responds with ERR_401_UNAUTHORIZED for backend server response code with 401 for unauthorized calls.

      Enable_Error_Set parameter value with "true" is case-insensitive.

    July 21, 2020

    Enhancements

    General performance and stability improvements (WA-11046, WA-10992, WA-10843, WA-10786, WA-9402).

    Closed Issue

    • WA-11039 - While persisting Swagger 2.0 documents, a publicly-available schema document was relocated to a different URL location. Access to this schema document is not required to validate the document, so the reference to this URL has been removed.

    July 7, 2020

    New Features

    • Previously, there was no option to re-parent a Portal Access Group role, once it was created. Now, you can re-parent an existing Portal Access Group role, by going to the edit page of Portal Access Groups, and re-parent it to any other organization or area level based on the permission of the user.
    • RFC compliance for handling cache logic has been implemented.

    Enhancements

    UI improvements (Plan Designer page) and performance enhancements in API Control Center dashboard.

    Closed Issues

    • EIN-1052 - Several POST,PUT,DELETE requests failed to return the correct response.
    • EIN-4445 - GET response that was cached was being returned for POST, PUT, DELETE, PATCH and OPTIONS calls to the same endpoint
    • WA-8858 - Improved session management for TIBCO Cloud enabled Mashery subscriptions. Users will no longer risk being logged out of the API Control Center when their session in TIBCO Cloud is left unused, assuming they are actively using the API Control Center.
    • WA-10868 - If the 50 most recently created or updated records in the Organizations list were Sub organizations, the "New organization" button was getting hidden. This is now resolved and the button will not be hidden. 
    • WA-10906 - The drop-down value for HTTPS Client Profile went blank or changed to a previous value.
    • WA-11009 - Endpoint address not shown in Load Balancing menu in API Definition configuration.

    July 2, 2020

    Improvements

    The OAuth Token Authentication connector has been updated with the following improvement:

    • Support for strict case sensitive method for GET and POST calls to third party OAuth2.0 Auth server token validation endpoint. HTTP Verb must be case-sensitive and supported that way in compliance with RFC 7231 guidelines. https://tools.ietf.org/html/rfc7231#section-4

    The HTTP Basic Authentication Connector has been updated with the following improvements:

    • Support of 401 (Unauthorized) status code and WWW-Authenticate header field for an empty Authorization header in HTTP Basic Authentication Connector. Improvement is in compliance to RFC https://tools.ietf.org/html/rfc7617 for an empty authorization header in API request needed for HTTP Basic Authentication.
    • Optional configuration parameter to keep TIBCO Cloud Mashery proxy platform response codes for backward compatibility.

    June 11, 2020

    New Features

    REST <-> SOAP Transformation Connector

    The REST <-> SOAP Transformation Connector is now available. This Connector supports the transforming of API request payload from REST(JSON) to SOAP and transforming backend SOAP response into REST(JSON). Also, supports RESTful POST messages only for transformation.

    OAuth2.0 Token Authentication Connector

    The OAuth2.0 Token Authentication Connector is now available. This Connector supports securing APIs in TIBCO Mashery using third party IDP based OAuth2.0 access token. Features include:

    • Ability to configure up to ten OAuth2.0 introspection endpoints per service endpoint for token validation using any third party IDP.
    • Conditional pickup of introspection endpoint for token validation based on incoming meta data for geo-distributed API services.
    • Ability to enrich API request header with meta data that can be returned after successful token validation.

    June 2, 2020

    New Feature

    TIBCO Cloud Mesh

    TIBCO Cloud Mesh allows you to discover any private REST endpoint exposed within TIBCO Cloud domains, within your organization or related organizations.

    Authentication and authorization for these private endpoints is provided automatically. You can browse available services and select one, rather than copying and pasting a URL.

    For more information, see Creating an Endpoint using TIBCO Cloud Mesh.

    Closed Issue

    WA-10959 - Resolved issue wherein links on API Control Center > Manage > Portal > General redirected to blank pages.

    May 28, 2020

    New Feature

    Sensitive Data Field Masking for Call Log Export

    Call Log Export (ECLE) Masking feature allows customers to mask some or all characters in sensitive fields such as API Key and OAuth token in both new and existing ECLE profiles. Customers must update ECLE profile in order to activate for existing exports.

    For more information, see Call Log Export Setting.

    May 21, 2020

    Enhancement

    Updated API Policy Connector

    The following improvement was made in the API Policy Connector.

    • Supports 'Effect' factor that drives 'Allow' or 'Deny' behavior on match policy.

    May 12, 2020

    Closed Issues

    WA-10860 - API Control Center threw a duplicate endpoint error when "/" was included at the end of the request URL path.

    Enhancement

    WA-10604 - Revised the UI text in API Control Center for the "Remove API Key and Signature from Endpoint Call" feature for clarity of actual function.

    May 11, 2020

    New Features

    JWT Authentication Connector

    The JWT Authentication Connector is now available. This Connector supports match policy to allow additional validation based on JWT claims value.

    OAuth2JWT Authentication Connector

    The OAuth2JWT Authentication Connector is now available. This Connector supports match policy to allow additional validation based on JWT claims value.

    API Policy Connector

    The API Policy Connector is now available. This Connector allows you to apply policies to change the behavior of the API through configuration. Currently supports Request, Response and third party JWT object context.

    Additional features of this Connector:

    • Third party JWT Claims Verification Policy. Supports JWT token object context.
    • Third party JWT Signature Verification Policy. Supports JWT token object context.
    • API Payload Attribute Match Policy. Supports Request and Response object context. API policy for finding payload attribute and applying match. Support JSONPath (JSON Payload) and XPath expression (XML Payload).
    • API Request and Response object context based match policy. Supports match keywords using operation ContainsAny, ContainsAll, JSONPath, and XPath.

    Closed Issues

    WA-10798 - Conflict when creating a public endpoint resolved.

    April 2, 2020

    Enhancements

    Updated XML <-> JSON Transformation Connector  

    The following improvements were made in the XML <-> JSON Transformation Connector.

    • Support optional charset check in the application/json Content-Type header for accurate JSON ? XML transformation. 
    • Support overriding default Connector error messages with APICC configured custom error messages using an optional flag 'override_custom_error_message'.

    Updated SOAP <-> REST Transformation Connector

    The following improvements were made in the SOAP <-> REST Transformation Connector.

    • Support accurate caching of POST request having XML payload with namespace.
    • Support overriding default Connector error messages with TIBCO Mashery Control Center configured custom error messages using an optional flag 'override_custom_error_message'.

    Updated SOAP Cache Connector

    The following improvement was made in the SOAP Cache Connector. Support accurate caching of POST request having XML payload with namespace.

    Updated REST Cache Connector

    The following improvement was made in the REST Cache Connector. Support accurate caching of POST request having XML payload with namespace.

    March 24, 2020

    Closed Issues

    • WA-10685 - Mashery provided OAuth Token endpoint was returning ?Service Not Found? during CORS pre-flight call.
    • WA-10618 - Resolved ACL consistency between API and Dashboard.

    March 20, 2020

    Changes in Functionality

    Updated IP Blocking Connector

    Following improvements were made in this Mashery Connector:

    1. The IP Blocking Connector has been improved to accurately identify Client IP addresses for blocking feature.

    2. Connectors now supports overriding default behavior of X-FORWARDED-FOR header to pick client IP address using a configurable flag keep_client_ip_as_source. This flag overrides default selecting IP address of intermediaries like load balancer or third party proxy that is closest to the Mashery stack.

    March 19, 2020

    Changes in Functionality

    Updated IP Whitelisting Connector

    Following improvements were made in this Mashery Connector:

    1. The IP Whitelisting Connector has been Improved to accurately identify Client IP addresses for whitelisting feature.

    2. Connectors now supports overriding default behavior of X-FORWARDED-FOR header to pick client IP address using a configurable flag keep_client_ip_as_source . This flag overrides default selecting IP address of intermediaries like load balancer or third party proxy that is closest to the Mashery stack.

    New Feature

    REST Cache Connector

    New Mashery Connector, REST Cache Connector, supports caching of REST POST requests, which allows requests that have the same payload and configured headers value to be served from the cache.

    March 10, 2020

    New Feature

    Organization-related information (Org/SubOrg Name & UUID) synchronized to Mashery Local for inclusion in logs is now available through Log Service.

    February 27, 2020

    New Features

    SOAP Cache Connector

    New Mashery Connector, SOAP Cache Connector, supports caching of SOAP with POST requests, which allows requests that have the same payload and configured headers value to be served from the cache.

    Ping Auth Connector

    New Mashery Connector, Ping Auth Connector, consists of the following:

    January 21, 2020

    New Features

    • Normalize Audit History timezone from PDT to GMT.
    • Support hyphen and underscore in Organization and Sub-Organization names.

    Closed Issues

    • WA-10600 - Enum values not honored during ?try it now? with Swagger 2.0 on Interactive Documentation resolved. 
    • WA-10380 - Manually-entered parameter values were reverting to defaults in interactive documentation.
    • WA-9635 - Page content was blank in CMS on page load.
    • WA-9903 - Second use of authorization resulted in ?Unknown security definition type http? error.

    January 9, 2020

    New Features

    XML <-> JSON Transformation Connector

    New Mashery Connector, XML <-> JSON Transformation Connector,  supports transforming an API request payload from XML to JSON and vice versa.:

    SOAP <-> REST Transformation Connector

    New Mashery Connector, SOAP <-> REST Transformation Connector, supports transforming API request payload from SOAP message to REST(JSON) and vice versa.

    November 12, 2019

    New Feature

    In an effort to simplify Domain whitelisting, the Control Center has been modified to not allow IP addresses to be specified when adding whitelisted domains. A warning message is displayed if an IP address is specified.

    November 5, 2019

    Closed Issue

    WA-10256 - Removal of replacement variables in New Member Registration email were being appended to Email regardless of the configured template. This has been fixed.

    November 1, 2019

    Closed Issue

    WA-10439 Developer-facing Reporting and CSV download on Developer Portal returning 404 page not found.

    October 10, 2019

    New Feature

    Time stamp of last login for Developer Portal user now exposed on the member record, accessible via API Call.

    July 3, 2019

    Closed Issue

    RPT-3250 - Unable to create Amazon S3 bucket path for Enriched Call Log Export (ECLE).

    June 19, 2019

    New Feature

    Geo Target Routing Connector updated in the TIBCO Cloud? Mashery - Connectors Guide.

    Mashery Connectors are TIBCO Mashery's Cloud feature plugins and extensions that have been developed and available out of box for Mashery Cloud customers. Connectors have been carefully envisioned to address common use-cases such as: content injection, content filtering, content transformation, call authentication using third-party IDP, IP-based call filtering, domain-based routing, geo-location based routing and HTTP header manipulation.


    User Feedback

    Recommended Comments

    There are no comments to display.


×
×
  • Create New...