TIBCO Mashery Release Notes

By:
Last updated:
3:28pm Jul 10, 2020

July 7, 2020

New Features

  • Previously, there was no option to re-parent a Portal Access Group role, once it was created. Now, you can re-parent an existing Portal Access Group role, by going to the edit page of Portal Access Groups, and re-parent it to any other organization or area level based on the permission of the user.
  • RFC compliance for handling cache logic has been implemented.

Enhancements

UI improvements (Plan Designer page) and performance enhancements in API Control Center dashboard.

Closed Issues

  • EIN-1052 - Several POST,PUT,DELETE requests failed to return the correct response.
  • EIN-4445 - GET response that was cached was being returned for POST, PUT, DELETE, PATCH and OPTIONS calls to the same endpoint
  • WA-8858 - Improved session management for TIBCO Cloud enabled Mashery subscriptions. Users will no longer risk being logged out of the API Control Center when their session in TIBCO Cloud is left unused, assuming they are actively using the API Control Center.
  • WA-10868 - If the 50 most recently created or updated records in the Organizations list were Sub organizations, the "New organization" button was getting hidden. This is now resolved and the button will not be hidden. 
  • WA-10906 - The drop-down value for HTTPS Client Profile went blank or changed to a previous value.
  • WA-11009 - Endpoint address not shown in Load Balancing menu in API Definition configuration.

July 2, 2020

Improvements

The HTTP Basic Authentication connector has been updated with the following improvements:

  • Support of 401 (Unauthorized) status code and WWW-Authenticate header field for an empty Authorization header in HTTP Basic Authentication Connector. Improvement is in compliance to RFC (https://tools.ietf.org/html/rfc7617) for an empty authorization header in API request needed for HTTP Basic Authentication. 
  • Optional configuration parameter to keep TIBCO Cloud Mashery proxy platform default response codes for backward compatibility. 

June 30, 2020

Improvements

The OAuth Token Authentication connector has been updated with the following improvement:

  • Support for strict case sensitive method for GET and POST calls to third party OAuth2.0 Auth server token validation endpoint. HTTP Verb must be case-sensitive and supported that way in compliance with RFC 7231 guidelines. https://tools.ietf.org/html/rfc7231#section-4

The HTTP Basic Authentication Connector has been updated with the following improvements:

  • Support of 401 (Unauthorized) status code and WWW-Authenticate header field for an empty Authorization header in HTTP Basic Authentication Connector. Improvement is in compliance to RFC https://tools.ietf.org/html/rfc7617 for an empty authorization header in API request needed for HTTP Basic Authentication.
  • Optional configuration parameter to keep TIBCO Cloud Mashery proxy platform response codes for backward compatibility.

June 11, 2020

New Features

REST <-> SOAP Transformation Connector

The REST <-> SOAP Transformation Connector is now available. This Connector supports the transforming of API request payload from REST(JSON) to SOAP and transforming backend SOAP response into REST(JSON). Also, supports RESTful POST messages only for transformation.

OAuth2.0 Token Authentication Connector

The OAuth2.0 Token Authentication Connector is now available. This Connector supports securing APIs in TIBCO Mashery using third party IDP based OAuth2.0 access token. Features include:

  • Ability to configure up to ten OAuth2.0 introspection endpoints per service endpoint for token validation using any third party IDP.
  • Conditional pickup of introspection endpoint for token validation based on incoming meta data for geo-distributed API services.
  • Ability to enrich API request header with meta data that can be returned after successful token validation.

June 2, 2020

New Feature

TIBCO Cloud Mesh

TIBCO Cloud Mesh allows you to discover any private REST endpoint exposed within TIBCO Cloud domains, within your organization or related organizations.

Authentication and authorization for these private endpoints is provided automatically. You can browse available services and select one, rather than copying and pasting a URL.

For more information, see Creating an Endpoint using TIBCO Cloud Mesh.

Closed Issue

WA-10959 - Resolved issue wherein links on API Control Center > Manage > Portal > General redirected to blank pages.

May 28, 2020

New Feature

Sensitive Data Field Masking for Call Log Export

Call Log Export (ECLE) Masking feature allows customers to mask some or all characters in sensitive fields such as API Key and OAuth token in both new and existing ECLE profiles. Customers must update ECLE profile in order to activate for existing exports.

For more information, see Call Log Export Setting.

May 21, 2020

Enhancement

Updated API Policy Connector

The following improvement was made in the API Policy Connector.

  • Supports 'Effect' factor that drives 'Allow' or 'Deny' behavior on match policy.

May 12, 2020

Closed Issues

WA-10860 - API Control Center threw a duplicate endpoint error when "/" was included at the end of the request URL path.

Enhancement

WA-10604 - Revised the UI text in API Control Center for the "Remove API Key and Signature from Endpoint Call" feature for clarity of actual function.

May 11, 2020

New Features

JWT Authentication Connector

The JWT Authentication Connector is now available. This Connector supports match policy to allow additional validation based on JWT claims value.

OAuth2JWT Authentication Connector

The OAuth2JWT Authentication Connector is now available. This Connector supports match policy to allow additional validation based on JWT claims value.

API Policy Connector

The API Policy Connector is now available. This Connector allows you to apply policies to change the behavior of the API through configuration. Currently supports Request, Response and third party JWT object context.

Additional features of this Connector:

  • Third party JWT Claims Verification Policy. Supports JWT token object context.
  • Third party JWT Signature Verification Policy. Supports JWT token object context.
  • API Payload Attribute Match Policy. Supports Request and Response object context. API policy for finding payload attribute and applying match. Support JSONPath (JSON Payload) and XPath expression (XML Payload).
  • API Request and Response object context based match policy. Supports match keywords using operation ContainsAny, ContainsAll, JSONPath and XPath.

Closed Issues

WA-10798 - Conflict when creating a public endpoint resolved.

April 2, 2020

Enhancements

Updated XML <-> JSON Transformation Connector  

The following improvements were made in the XML <-> JSON Transformation Connector.

  • Support optional charset check in the application/json Content-Type header for accurate JSON → XML transformation. 
  • Support overriding default Connector error messages with APICC configured custom error messages using an optional flag 'override_custom_error_message'.

Updated SOAP <-> REST Transformation Connector

The following improvements were made in the SOAP <-> REST Transformation Connector.

  • Support accurate caching of POST request having XML payload with namespace.
  • Support overriding default Connector error messages with TIBCO Mashery Control Center configured custom error messages using an optional flag 'override_custom_error_message'.

Updated SOAP Cache Connector

The following improvement was made in the SOAP Cache Connector. Support accurate caching of POST request having XML payload with namespace.

Updated REST Cache Connector

The following improvement was made in the REST Cache Connector. Support accurate caching of POST request having XML payload with namespace.

March 24, 2020

Closed Issues

  • WA-10685 - Mashery provided OAuth Token endpoint was returning “Service Not Found” during CORS pre-flight call.
  • WA-10618 - Resolved ACL consistency between API and Dashboard.

March 20, 2020

Changes in Functionality

Updated IP Blocking Connector

Following improvements were made in this Mashery Connector:

1. The IP Blocking Connector has been improved to accurately identify Client IP addresses for blocking feature.

2. Connectors now supports overriding default behavior of X-FORWARDED-FOR header to pick client IP address using a configurable flag keep_client_ip_as_source. This flag overrides default selecting IP address of intermediaries like load balancer or third party proxy that is closest to the Mashery stack.

March 19, 2020

Changes in Functionality

Updated IP Whitelisting Connector

Following improvements were made in this Mashery Connector:

1. The IP Whitelisting Connector has been Improved to accurately identify Client IP addresses for whitelisting feature.

2. Connectors now supports overriding default behavior of X-FORWARDED-FOR header to pick client IP address using a configurable flag keep_client_ip_as_source . This flag overrides default selecting IP address of intermediaries like load balancer or third party proxy that is closest to the Mashery stack.

New Feature

REST Cache Connector

New Mashery Connector, REST Cache Connector, supports caching of REST POST requests, which allows requests that have the same payload and configured headers value to be served from the cache.

March 10, 2020

New Feature

Organization-related information (Org/SubOrg Name & UUID) synchronized to Mashery Local for inclusion in logs is now available through Log Service.

February 27, 2020

New Features

SOAP Cache Connector

New Mashery Connector, SOAP Cache Connector, supports caching of SOAP with POST requests, which allows requests that have the same payload and configured headers value to be served from the cache.

Ping Auth Connector

New Mashery Connector, Ping Auth Connector, consists of the following:

January 21, 2020

New Features

  • Normalize Audit History timezone from PDT to GMT.
  • Support hyphen and underscore in Organization and Sub-Organization names.

Closed Issues

  • WA-10600 - Enum values not honored during ‘try it now’ with Swagger 2.0 on Interactive Documentation resolved. 
  • WA-10380 - Manually-entered parameter values were reverting to defaults in interactive documentation.
  • WA-9635 - Page content was blank in CMS on page load.
  • WA-9903 - Second use of authorization resulted in “Unknown security definition type http” error.

January 9, 2020

New Features

XML <-> JSON Transformation Connector

New Mashery Connector, XML <-> JSON Transformation Connector,  supports transforming an API request payload from XML to JSON and vice versa.:

SOAP <-> REST Transformation Connector

New Mashery Connector, SOAP <-> REST Transformation Connector, supports transforming API request payload from SOAP message to REST(JSON) and vice versa.

November 12, 2019

New Feature

In an effort to simplify Domain whitelisting, the Control Center has been modified to not allow IP addresses to be specified when adding whitelisted domains. A warning message is displayed if an IP address is specified.

November 5, 2019

Closed Issue

WA-10256 - Removal of replacement variables in New Member Registration email were being appended to Email regardless of the configured template. This has been fixed.

November 1, 2019

Closed Issue

WA-10439 Developer-facing Reporting and CSV download on Developer Portal returning 404 page not found.

October 10, 2019

New Feature

Time stamp of last login for Developer Portal user now exposed on the member record, accessible via API Call.

July 3, 2019

Closed Issue

RPT-3250 - Unable to create Amazon S3 bucket path for Enriched Call Log Export (ECLE).

June 19, 2019

New Feature

Geo Target Routing Connector updated in the TIBCO Cloud™ Mashery - Connectors Guide.

Mashery Connectors are TIBCO Mashery's Cloud feature plugins and extensions that have been developed and available out of box for Mashery Cloud customers. Connectors have been carefully envisioned to address common use-cases such as: content injection, content filtering, content transformation, call authentication using third-party IDP, IP-based call filtering, domain-based routing, geo-location based routing and HTTP header manipulation.