New TIBCO Community Launches Soon!

The community will temporarily be 'read-only' beginning July 8th until the launch.

TIBCO Mashery Release Notes

By:
Last updated:
7:17am Jun 28, 2022
Table of Contents

June 21, 2022

Closed Issues

  • WA-12301 Resolved a scenario where erroneous "Maximum limit reached" notifications are presented when creating new API definitions in the Organization.
  • WA-12267 - Resolved an issue where API/endpoints were responding unexpectedly to specific package/plan configurations.

June 07, 2022

Closed Issue

  • WA-6834 Eliminated erroneous prompts when adding API Key inputs on the Developer Portal.

May 24, 2022

Closed Issues

  • WA-12243/WA-12144 - Resolved an issue where the API application threw an error while adding API endpoints to a package/plan.
  • WA-12013 - Allow toggle to deactivate "autocomplete" browser functionality on the DevPortal login.
  • WA-11656 - Resolved "duplicate entry" errors when adding endpoints to a plan.
  • WA-10472 - Unable to update the Plan Designer.

Change in Functionality

  • Enabled an enhanced theme on the Developer Portal for improved user experience.

May 10, 2022

Closed Issues

  • WA-12218 - The Portal Setup documentation link, API Management Customization Documentation, has been fixed.
  • EIN-9612 - Resolved an issue where the REST > SOAP connector failed to render the correct content hierarchy in SOAPBody.

Change in Functionality

  • Updated response code for the JWT authenticator when an invalid token is passed in the API call.

April 26, 2022

Closed Issue

  • WA-12268 Resolved an issue where API/endpoints were responding unexpectedly to specific package/plan configurations.

New Feature

  • Introducing a new optional query parameter, (record_offset), for MARK (Members, Applications, Roles, Keys) objects. More information can be found here and here.

April 19, 2022

Closed Issues

  • WA-12252 Addressed a scenario where inactive plans could not be accessed, deleted, or re-enabled.
  • EIN-8908 - Resolved an issue where a SOAP endpoint WSDL retrieval request updated only the hostname and not the URI/path.

April 12, 2022

Changes in Functionality

  • Implemented health checks of APIs for "ptl" and "api-v2" workers to resolve sporadic permission-based errors.
  • Resolved a processing issue where the lighttpd server became destabilized due to lighttpd error logs.
  • Service Endpoint type is now displayed as "standard" or "token" for GET Service definition endpoints on package/plan level.
  • Enhanced DevPortal login experience to include richer security configurability options.

April 05, 2022

Closed Issues

  • EIN-9512 - Resolved an issue where creating tokens without an Origin header, using the token endpoint (V3 API), responded unexpectedly.
  • EIN-9506 - Resolved an issue where CORS-enabled endpoints were responding unexpectedly to preflight requests.
  • EIN-8767 - Resolved authentication error of API Key in request body for “Content-Type: application/json”.

Enhancement/Change in Functionality

  • Resolved an issue where token endpoints were responding unexpectedly to 'OPTIONS' (preflight) requests.

March 22, 2022

Closed Issues

  • WA-12119 - Resolved a sporadic response inconsistency in V3 API (GET) invocation.
  • WA-12055 - Increased the number of visible organizations within User Access configuration.
  • WA-11117 - Resolved an error where a deleted endpoint was displayed as “active” in the plan_endpoints table database.
  • EIN-9403 - Addressed a scenario where limit values at the PackageKey level were not honored when Plan level limits were unlimited/different.
  • EIN-8675/EIN-7846 - Resolved Memcached inconsistencies after configuration changes.

New Feature

  • Added visibility of functionality for plan/package EAVs.

Enhancements/Changes in Functionality

  • Redesigned Plan Designer page by separately sorting in-use API endpoints and methods for better user experience.
  • Improved functionality by allowing propagation of rate limits from the plan/key level to the method level on existing endpoints.
  • Added support for custom error codes.

March 08, 2022

Changes in Functionality

  • Removed restriction to add EAVs for packages and plans.
  • API Definitions on the Plan Designer are now sorted and displayed for improved user experience.
  • Improved GET calls retrieving all package keys accessible for a plan.
  • Resolved an inconsistency by adding a "stop on error" configurable boolean field on the Call Transformations page.
  • Improved discovery of packages linked to specific API definition endpoints.

March 01, 2022

Closed Issues

  • WA-12050 - Resolved an inconsistency identified between User Package Keys and Applications.
  • WA-12068 - Updated package ids for existing keys having incorrect package/plan combination.

New Feature

  • Improved readability of functionality for individual EAVs in the Control Center.

Changes in Functionality

  • Added a date filter to V3 APIs for improved user experience.

February 15, 2022

Closed Issue

  • EIN-9198 - Resolved Null Pointer exception error after SSL handshake.

February 08, 2022

Closed Issues

  • WA-12070 - Resolved an issue where the Plan Designer page didn't load for any packages.
  • WA-12010 - Resolved an issue where endpoint reversion was not completing successfully.
  • EIN-6001 - Addressed a scenario where API Management sync displayed Turkish time zone instead of UTC or user timezone.

Changes in Functionality

  • Clarified error response in scenarios where package key update fails.

February 01, 2022

Closed Issues

  • WA-12008 - Addressed a scenario where any low-privileged user was able to issue SQL queries to access sensitive information.
  • WA-11955 - Addressed an issue where a new/cloned endpoint didn't work with the AMSData URI.
  • WA-11888 - Resolved an issue where one could easily access/download the Swagger specifications from the API Management without authentication.
  • EIN-8691 - Resolved Memcache inconsistencies after configuration changes.
  • EIN-1369 - Resolved Memcached inconsistencies after configuration changes.

January 25, 2022

Changes in Functionality

  • Resolved an issue where API Management sent notifications for the user, key, and application activity using an outdated PHPMailer.
  • Added functionality to retain the entries in public_domain_endpoints by marking them as "not-active" when the state changes to "deleted".

January 11, 2022

Change in Functionality

  • When a user is about to delete the account of any other user in Mashery, a warning appears with the necessary actions that would be taken on deleting that particular user.

Closed Issues

  • WA-11803 - Blocked the creation of endpoint/s with relative path "/../" in the URI.
  • WA-11788 - Resolved an issue related to the mismatch of user data in the database.
  • WA-11777 - Masked the API keys in the email notification when the Call Inspector was Enabled/Disabled for the Mashery Cloud.

November 16, 2021

Changes in Functionality

  • SOAP Cache Connector default TTL (Time-to-live) value of 300 seconds can now be overridden by Endpoint TTL or Service TTL. For more information, refer to the SOAP Cache Connector.
  • REST Cache Connector default TTL (Time-to-live) value of 300 seconds can now be overridden by EndpointTTL or ServiceTTL. For more information, refer to the REST Cache Connector.

Closed Issue

  • EIN-8805 - SOAP Cache Connector loses European/Unicode characters.
  • EIN-8854 - Resolved an issue where the Custom HTTP headers configured in Mashery APIs had "encoded" values instead of actual values.
  • EIN-8488 - Analyzed and resolved the issue related to AWS Lambda Sidecar Integration Connector.

November 9, 2021

Closed Issue

  • WA-11611 - Resolved a sporadic issue where an SSO user is unable to access an API Definition.
  • WA-11739 - Users removed from TIBCO Cloud were still showing up in Control Center.

October 20, 2021

Changes in Functionality

  • On the Plan Designer page, the defined fetch limit to fetch all endpoints in multiple calls has been set to 600.
  • Enabled "Full" SSL support on Mashery developer portals by default; previously set to "None".
  • Pre-flight check added in CIC Subscription provisioning to verify if the current Mashery area name already exists.

Closed Issue

  • WA-11824 - Changed queries in PersistedServiceMapi to select based on the status i.e. "not-deleted" instead of "active".
  • EIN-8850 - Resolved the issue related to InjectModelAttributeHeader and InjectConditionalHeader connectors when the call is run through EU-Central.

October 13, 2021

Closed Issue

EIN-7977 - Resolved OAuth issue related to U.S. Daylight Savings time change.

October 6, 2021

Improvements

SOAP Cache Connector / REST Cache Connector - When defining cache_ttl at the service level or endpoint level, then the regular cache is coming into play and it is overriding the SOAP Cache Connector/REST Cache Connector. Now, cache_ttl will be defined in pre input and not at the service level or endpoint level.

September 28, 2021

Enhancements/Changes in Functionality

Tool Tip Text Update for Cache Disabling

The following tool tip is now added for how to disable caching once Cache Time-to-Live feature is enabled on the API Service and API Endpoint pages: "Setting a value of 0 will disable caching."

Closed Issues

  • WA-11756 - Resolved an issue with custom key creation in specific scenarios.
  • WA-11691- Addressed a reported issue causing frequent logouts in Mashery Cloud.
  • WA-11730 - Addressed a filtering issue with Organization picker within TIBCO Cloud Mesh.
  • WA-11489 - Addressed a Mashery V3 API call issue when moving a given package key from one API Package to another API Package. For more information, see the Package Keys topic in the Mashery Cloud API documentation.
  • EIN-8440 - Resolved a sporadic issue involving erroneous access to a defined Method not included in a Plan.

September 14, 2021

Enhancements/Changes in Functionality

WA-11633 - Implemented optimizations to Service Definition configuration.

Closed Issue

WA-11704 - Package key audit history 'Changed By' column was incorrectly showing the owner of the key instead of the user that made the change.

August 31, 2021

Closed Issues

  • WA-11596 - Pagination was not working as expected on the HTTPS Client Profile page. 
  • WA-11715 / WA-11724 - Mashery throwing Duplicate Entry error for a particular URI.
  • WA-11668  - Unable to change the Application Owner.
  • WA-11689 - Resolved an intermittent accessibility issue within the Content Page of the Developer Portal.

August 10, 2021

Enhancements/Changes in Functionality

  • WA-11318 - Developer Portal - TIBCO analytics tags updated/removed (Google Analytics).
  • WA-11631 - Added support for rejecting the whitelisting of a top-level domain when a sub-domain is already approved and or in use.
  • WA-11695 - Interactive Documentation within the Mashery Cloud Control Center now lists the current versions of endpoints.

Closed Issues

  • WA-11626 - New member profiles created during “Invite New Members” now default to the user’s First Name and Last Name.
  • WA-11691 - Addressed an uncommon scenario where users experienced sporadic logout behaviour.

July 27, 2021

Enhancement

A Cancel button is added in the confirmation popup windows.

Closed Issues

  • WA-11590 - Fetching the service and endpoints using the Mashery API fetch call to the plans were returning invalid dates.
  • WA-11678 - Content added (Using Manage -> Contents -> Select any random custom page) were not getting saved.
  • WA-11434 -  Pages (and their child pages) in the Developer Portal were not visible to users as expected.
  • WA-11519 - The HEAD request to get the X-Total-Count header did not work consistently across resources.

June 29, 2021

Enhancement

IP Whitelisting Connector updated for improved compatibility with Azure.

June 15, 2021

Closed Issue

  • WA-11533 - Resolved admin issue of creating/deleting sub-organizations.

June 01, 2021

Change in Functionality

Admin is now warned if an Admin user has an Mashery API key while being disabled or deleted.

Closed Issues

  • WA-11426 - Cloning of an Application Service Registry endpoint now works as expected.
  • WA-11538 - Issues with Mashery user accounts having special characters in TIBCO cloud account now fixed.

May 18, 2021

Closed Issues

  • WA-11344 - Updated visibility and access for the API Manager role to view HTTPSClientProfile in Mashery Control Center.
  • WA-11554 - Developer portal key activity reports were not returning any data. This issue has been fixed.

April 27, 2021

Change in Functionality

When using the Mashery Platform API to CreateAccessToken, if User_Context is not passed in the call, the response will return a “null” value instead of a blank value.

Closed Issues

  • WA-11270 - General performance, security, and stability fixes.
  • WA-11255 - Resolved issue which prevented Organization Admins from creating Sub-Organization Endpoints.

April 20, 2021

Enhancement

The behavior of the Service User role has been updated:

  • Service User can be assigned along with other roles.
  • ACL Permissions of roles other than Service User role determine the access permission for the user.  
  • Evaluation Area Creation: For the auto-generated user with Service User, an Administrator role is now added in the creation process.

Closed Issues

  • WA-11518 - Resolved error during login from TIBCO Cloud into Mashery Control Center under a specific Organization/Child-Organization.
  • WA-11456 - Updates to use and scope of Service User roles.
  • WA-11316 - The Delete audit trail history for an API Package Key after a Package/Plan is deleted was missing. This is now fixed.

April 13, 2021

Enhancement

The user_context field is now included in the response from TIBCO Cloud Mashery.

March 30, 2021

New Features

Enriched Call Log Export (ECLE) has been updated as follows:

  • All ECLE profiles now require the enhanced security configuration which includes assumed-role access and native s3 bucket encryption.
  • As communicated in the past, all un-encrypted and IAM access functionality will be deprecated and all the un-encrypted configurations will be disabled.
  • Please see the setup instructions present on the Control Center ECLE page for more information about configuring your AWS account prior to creating or updating an ECLE profile.

Added the ability to validate API calls using encrypted JWT JWE (JSON Web Encryption).

Enhancements

General performance, security, and stability improvements. (AJ-2249, AJ-2260, AJ-2281, AJ-2294, AJ-2298, AJ-2322)

March 2, 2021

New Feature

Support for Mutual Transport Layer Security (mTLS)

Control Center UI updated for supporting mTLS (Mutual TLS) configuration for endpoints. mTLS ensures verification between client and server. Note this feature is only for Mashery Local 5.3.1 and above customers, who are using tethered mode only.

Enhancements

General performance, security, and stability improvements (WA-11271, WA-11351, WA-11437).

Closed Issue

  • EIN-8084 - Broken formatting on Call Inspector Call Detail panes. This is now fixed.

February 9, 2021

Enhancement

General performance, security, and stability improvements (WA-11253).

January 26, 2021

New Feature

Ability to Configure Content Security Policy (CSP) for Developer Portal

A Content Security Policy (CSP) editor is now available when configuring a Developer Portal. For more information, refer to Customizing your Portal.

Enhancements

General performance, security, and stability improvements (WA-11275, WA-11385).

November 10, 2020

New Feature

The Service User role, initially available only for CIC areas, is now available on all areas. Once a user is assigned this role, the user will not able to login to the Control Center/Dashboard. The appropriate warning/confirmation is displayed to the user when this role is assigned to any member in the Access settings panel. A user assigned to this role will be able to invoke APIs as an area admin. A service user will be also able to login to developer portal.

October 29, 2020

New Features

The API Policy Connector has been updated with the following new feature:

  • JWE (JSON Web Encryption) support for third party JWT token. Compliant to JWE RFC https://tools.ietf.org/html/rfc7516. Supports following key algorithms and content encryption algorithms:
    • JWE 'alg' : [ RSA1_5, RSA-OAEP, RSA-OAEP-256, ECDH-ES,ECDH-ES+A128KW, ECDH-ES+A192KW and ECDH-ES+A256KW]
    • JWE 'enc' : [ A128CBC-HS256, A192CBC-HS384 and A256CBC-HS512, A128GCM, A192GCM and A256GCM, HS512]

OIDC Token Authentication Connector

The OIDC Token Authentication Connector is now available. This Connector supports securing APIs in TIBCO Mashery using third party OIDC IDP based ID token. Features include:

  • Ability to configure up to ten user info endpoints per service endpoint for ID validation using any third party OIDC IDP.
  • Conditional pickup of user info endpoint for user info based on incoming meta data for geo-distributed API services.
  • Ability to enrich API request header with user info meta data that is returned after successful ID validation.
  • Support for strict case sensitive method for GET and POST calls to third party OAuth2.0 Auth server user info endpoint. HTTP Verb must be case-sensitive and supported that way in compliance with RFC 7231 guidelines.
  • Support of configurable parameter enable_error_set to control error response code sent by TIBCO Mashery. If enable_error_set is configured as "true", TIBCO Mashery responds with ERR_403_NOT_AUTHORIZED that is Gateway supported error message. In this case, http response status code and status text for connector is overridden by error set defined for that endpoint in Mashery Control Center. If enable_error_set is configured with value other than "true", then there is no change in Mashery Connector existing functionality that responds with ERR_401_UNAUTHORIZED for backend server response code with 401 for unauthorized calls. enable_error_set parameter value with "true" is case-insensitive.
  • Support of UserInfo error responses on error condition as defined in the OAuth 2.0 Bearer Token Usage Specification. https://tools.ietf.org/html/rfc6750#section-3.1

Enhancement

The SOAP WS-Security Connector has been updated with the following enhancements:

  • Supports SOAP message payload size up to 1024 KB (1 MB).
  • Error handling improvement for accurate checking of supported signature and encryption algorithms.

October 27, 2020

New Feature

New Organization-specific Role: Organization Support User

Added new organization-specific role - Organization Support User - for all organizations including existing organizations. The Organization Support User role has read-only access to all pages in the API Control Center dashboard with data filtered based on the Organization. Buttons (such as Save, Create, Edit and Delete) and various fields (such as checkboxes and text boxes) are disabled for Organization support users.

Change in Functionality

The warning message for 'Time to wait for a response from endpoint' has been updated to specify that it applies only for Mashery Cloud calls (and not for Mashery Local).

Closed Issues

  • WA-11295 - Fixed general issues related to Dapi.
  • WA-11282 - Map Overlay reports were not loading correctly from API Control Center > Reports > Developer Activity > Map Overlay. This is now fixed.

October 13, 2020

Closed Issue

WA-11105 - Resolved packager-based reporting map overlay display bug.

October 8, 2020

New Feature

SOAP WS-Security Connector

The SOAP WS-Security Connector Connector is now available. This Connector supports SOAP WS-security specs to validate SOAP API calls for SOAP message signature, apply encryption/decryption to enforce integrity and confidentiality on messages. It also supports optionally creating the security header with the timestamp component in the outgoing request to the backend API server.

Enhancement

The AWS Lambda Sidecar Integration Connector has been updated with the following improvement:

Enhancement

The REST <-> SOAP Transformation Connector has been updated with the following improvement:

  • Supports accurate Content-Type header for REST → SOAP transformation for both SOAP1.1 and SOAP1.2
    • REST(JSON) -> SOAP 1.1 , Content-Type header is set to application/xml;charset=UTF-8 after transformation.
    • REST(JSON) -> SOAP 1.2 , Content-Type header is set to application/soap+xml;charset=UTF-8 after transformation.

October 1, 2020

New Feature

JSON Schema And Payload Size Validation Connector

The JSON Schema And Payload Size Validation Connector is now available. This Connector supports RESTful API request validation using JSON schema provided either in Content Type header or Link header. Features include:

  • Support for RESTful API payload size validation.
  • Optionally supports fail-safe mode for payload size validation. In fail-safe true mode, an API call is forwarded even if it is more than the configured max size but less than max allowed payload size.
  • Supports configuration 'override_custom_error_message' for enabling API service endpoint supported static custom messages to override Connector runtime message.

September 23, 2020

Change in Functionality

Call Log Export (ECLE) S3 Server-Side Encryption

In an effort to provide improved security for the Call Log Export (ECLE) feature, we have added support for S3 Server-Side Encryption. To use this feature, all AWS resources are created by the customer, providing full ownership of the encryption, authentication/authorization, and storage mechanisms using the TIBCO provided CloudFormation template.

To activate this feature, enable the Bucket Encryption flag on the ECLE profile create or edit screens. Once the Bucket Encryption flag is enabled, you will need to input fields S3 Bucket Name, IAM Role Arn, CMK Arn, and ExternalId for Role Assumption. This information is generated after successful stack creation using the provided CloudFormation template.

For more information, refer to the Setup Instructions provided in the ECLE profile create or edit screen.

Because security is more important than ever, we are deprecating the existing IAM based bucket policy functionality in early November.  Between the launch of the encryption functionality and the depreciation of IAM bucket policy support, we are requiring customers to run in both modes. The provided CloudFormation template will allow you to either apply the new settings to an existing bucket, or create a new bucket with both sets of configuration.  We will notify you once the IAM policy functionality has been disabled, at which point, we recommend that you remove the IAM based policy from your S3 bucket. ECLE profiles not implementing the new encryption policy by November 10th will be disabled until such time their configuration is updated to the new encrypted mode. 

September 15, 2020

Improvement

The API Policy connector has been updated with the following improvements:

  • Extend payload match policy to support SOAP messages. Now payload match policy supports both REST & SOAP.
  • Support of new configuration 'Enable_Error_Set' for enabling API service endpoint supported static custom messages to override Connector runtime message.

August 27, 2020

New Feature

AWS Lambda Sidecar Integration Connector 

The AWS Lambda Sidecar Integration Connector is now available. This Connector supports TIBCO Cloud Mashery sidecar integration for AWS Lambda function. Features include:

  • Supports AssumeRole IAM policy with external ID for enhancement security of AWS Lambda resources access in compliance of AWS shared responsibility model.
  • Supports configurable sure-fire and fail-safe modes to invoke AWS Lambda function to influence Gateway action.
  • Supports RESTful POST messages only for AWS Lambda function invocation.
  • Supports optional configurable parameters to apply business policies to influence API behavior in the end-to-end call flow.

Enhancement

The REST <-> SOAP Transformation connector has been updated with the following improvement: 

  • Now supports handling of JSON payload with namespace in the transformation. 

August 18, 2020

New Feature

The following headers are added in the response of the Mashery Developer Portal and Mashery Control Center page:

X-Content-Type-Options nosniff, X-XSS-Protection 1; Content-Security-Policy.

For Content Security policy header, Portal administrators may want to update the Content Security Policy from the Portal Settings page.

About Content Security Policy

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.

CSP makes it possible for server administrators to reduce or eliminate the vectors by which XSS can occur by specifying the domains that the browser should consider to be valid sources of executable scripts. A CSP-compatible browser will then only execute scripts loaded in source files received from those allowed/listed domains.

By default, Content Security Policy header is not added in the developer portal response. Portal administrator can set the content security policy through Control Center > Manage > Potal > Portal Setup page. Administrators can set the content security policy in the given text field. By default, no content security policy is set on the Developer Portal. Example of security policy required for the Developer Portal is provided in the description text.

Example -

If the administrator wants to set the Content Security Policy, the administrator will copy the example text, replace the value for portal-domain and then add/update any other directives. The policy provided in the example is required by the Developer Portal; hence those values should not be removed.

If the administrator wants to allow to load script from another domain, such as abcd.com , and a font from coolfonts.com, then the administrator will add *.abcd.com in the script-src directive and *.coolfonts.com in font-src directive of the example and set the entire text as a new content security policy.

August 4, 2020

Changes in Functionality

There is a change in the way error messages are displayed to the user. The error message is now more informative with service key and endpoint key information and a hyperlink pointing to existing endpoint.  Also a single message is now displayed for all the conflicting HTTP verb instead of one error message for each verb. 

July 30, 2020

Improvements

The OAuth 2.0 Token Authentication connector has been updated with the following improvement:

  • Support of configurable parameter Enable_Error_Set to control error response code sent by TIBCO Mashery.

    If Enable_Error_Set is configured as "true", TIBCO Mashery responds with ERR_403_NOT_AUTHORIZED in place of ERR_401_UNAUTHORIZED. In this case http response status code and status text for connector is overridden by error set defined for that endpoint in Mashery Control Center.

    If Enable_Error_Set is configured with value other than "true", then there is no change in Mashery Connector existing functionality that responds with ERR_401_UNAUTHORIZED for backend server response code with 401 for unauthorized calls.

    Enable_Error_Set parameter value with "true" is case-insensitive.

July 21, 2020

Enhancements

General performance and stability improvements (WA-11046, WA-10992, WA-10843, WA-10786, WA-9402).

Closed Issue

  • WA-11039 - While persisting Swagger 2.0 documents, a publicly-available schema document was relocated to a different URL location. Access to this schema document is not required to validate the document, so the reference to this URL has been removed.

July 7, 2020

New Features

  • Previously, there was no option to re-parent a Portal Access Group role, once it was created. Now, you can re-parent an existing Portal Access Group role, by going to the edit page of Portal Access Groups, and re-parent it to any other organization or area level based on the permission of the user.
  • RFC compliance for handling cache logic has been implemented.

Enhancements

UI improvements (Plan Designer page) and performance enhancements in API Control Center dashboard.

Closed Issues

  • EIN-1052 - Several POST,PUT,DELETE requests failed to return the correct response.
  • EIN-4445 - GET response that was cached was being returned for POST, PUT, DELETE, PATCH and OPTIONS calls to the same endpoint
  • WA-8858 - Improved session management for TIBCO Cloud enabled Mashery subscriptions. Users will no longer risk being logged out of the API Control Center when their session in TIBCO Cloud is left unused, assuming they are actively using the API Control Center.
  • WA-10868 - If the 50 most recently created or updated records in the Organizations list were Sub organizations, the "New organization" button was getting hidden. This is now resolved and the button will not be hidden. 
  • WA-10906 - The drop-down value for HTTPS Client Profile went blank or changed to a previous value.
  • WA-11009 - Endpoint address not shown in Load Balancing menu in API Definition configuration.

July 2, 2020

Improvements

The OAuth Token Authentication connector has been updated with the following improvement:

  • Support for strict case sensitive method for GET and POST calls to third party OAuth2.0 Auth server token validation endpoint. HTTP Verb must be case-sensitive and supported that way in compliance with RFC 7231 guidelines. https://tools.ietf.org/html/rfc7231#section-4

The HTTP Basic Authentication Connector has been updated with the following improvements:

  • Support of 401 (Unauthorized) status code and WWW-Authenticate header field for an empty Authorization header in HTTP Basic Authentication Connector. Improvement is in compliance to RFC https://tools.ietf.org/html/rfc7617 for an empty authorization header in API request needed for HTTP Basic Authentication.
  • Optional configuration parameter to keep TIBCO Cloud Mashery proxy platform response codes for backward compatibility.

June 11, 2020

New Features

REST <-> SOAP Transformation Connector

The REST <-> SOAP Transformation Connector is now available. This Connector supports the transforming of API request payload from REST(JSON) to SOAP and transforming backend SOAP response into REST(JSON). Also, supports RESTful POST messages only for transformation.

OAuth2.0 Token Authentication Connector

The OAuth2.0 Token Authentication Connector is now available. This Connector supports securing APIs in TIBCO Mashery using third party IDP based OAuth2.0 access token. Features include:

  • Ability to configure up to ten OAuth2.0 introspection endpoints per service endpoint for token validation using any third party IDP.
  • Conditional pickup of introspection endpoint for token validation based on incoming meta data for geo-distributed API services.
  • Ability to enrich API request header with meta data that can be returned after successful token validation.

June 2, 2020

New Feature

TIBCO Cloud Mesh

TIBCO Cloud Mesh allows you to discover any private REST endpoint exposed within TIBCO Cloud domains, within your organization or related organizations.

Authentication and authorization for these private endpoints is provided automatically. You can browse available services and select one, rather than copying and pasting a URL.

For more information, see Creating an Endpoint using TIBCO Cloud Mesh.

Closed Issue

WA-10959 - Resolved issue wherein links on API Control Center > Manage > Portal > General redirected to blank pages.

May 28, 2020

New Feature

Sensitive Data Field Masking for Call Log Export

Call Log Export (ECLE) Masking feature allows customers to mask some or all characters in sensitive fields such as API Key and OAuth token in both new and existing ECLE profiles. Customers must update ECLE profile in order to activate for existing exports.

For more information, see Call Log Export Setting.

May 21, 2020

Enhancement

Updated API Policy Connector

The following improvement was made in the API Policy Connector.

  • Supports 'Effect' factor that drives 'Allow' or 'Deny' behavior on match policy.

May 12, 2020

Closed Issues

WA-10860 - API Control Center threw a duplicate endpoint error when "/" was included at the end of the request URL path.

Enhancement

WA-10604 - Revised the UI text in API Control Center for the "Remove API Key and Signature from Endpoint Call" feature for clarity of actual function.

May 11, 2020

New Features

JWT Authentication Connector

The JWT Authentication Connector is now available. This Connector supports match policy to allow additional validation based on JWT claims value.

OAuth2JWT Authentication Connector

The OAuth2JWT Authentication Connector is now available. This Connector supports match policy to allow additional validation based on JWT claims value.

API Policy Connector

The API Policy Connector is now available. This Connector allows you to apply policies to change the behavior of the API through configuration. Currently supports Request, Response and third party JWT object context.

Additional features of this Connector:

  • Third party JWT Claims Verification Policy. Supports JWT token object context.
  • Third party JWT Signature Verification Policy. Supports JWT token object context.
  • API Payload Attribute Match Policy. Supports Request and Response object context. API policy for finding payload attribute and applying match. Support JSONPath (JSON Payload) and XPath expression (XML Payload).
  • API Request and Response object context based match policy. Supports match keywords using operation ContainsAny, ContainsAll, JSONPath and XPath.

Closed Issues

WA-10798 - Conflict when creating a public endpoint resolved.

April 2, 2020

Enhancements

Updated XML <-> JSON Transformation Connector  

The following improvements were made in the XML <-> JSON Transformation Connector.

  • Support optional charset check in the application/json Content-Type header for accurate JSON → XML transformation. 
  • Support overriding default Connector error messages with APICC configured custom error messages using an optional flag 'override_custom_error_message'.

Updated SOAP <-> REST Transformation Connector

The following improvements were made in the SOAP <-> REST Transformation Connector.

  • Support accurate caching of POST request having XML payload with namespace.
  • Support overriding default Connector error messages with TIBCO Mashery Control Center configured custom error messages using an optional flag 'override_custom_error_message'.

Updated SOAP Cache Connector

The following improvement was made in the SOAP Cache Connector. Support accurate caching of POST request having XML payload with namespace.

Updated REST Cache Connector

The following improvement was made in the REST Cache Connector. Support accurate caching of POST request having XML payload with namespace.

March 24, 2020

Closed Issues

  • WA-10685 - Mashery provided OAuth Token endpoint was returning “Service Not Found” during CORS pre-flight call.
  • WA-10618 - Resolved ACL consistency between API and Dashboard.

March 20, 2020

Changes in Functionality

Updated IP Blocking Connector

Following improvements were made in this Mashery Connector:

1. The IP Blocking Connector has been improved to accurately identify Client IP addresses for blocking feature.

2. Connectors now supports overriding default behavior of X-FORWARDED-FOR header to pick client IP address using a configurable flag keep_client_ip_as_source. This flag overrides default selecting IP address of intermediaries like load balancer or third party proxy that is closest to the Mashery stack.

March 19, 2020

Changes in Functionality

Updated IP Whitelisting Connector

Following improvements were made in this Mashery Connector:

1. The IP Whitelisting Connector has been Improved to accurately identify Client IP addresses for whitelisting feature.

2. Connectors now supports overriding default behavior of X-FORWARDED-FOR header to pick client IP address using a configurable flag keep_client_ip_as_source . This flag overrides default selecting IP address of intermediaries like load balancer or third party proxy that is closest to the Mashery stack.

New Feature

REST Cache Connector

New Mashery Connector, REST Cache Connector, supports caching of REST POST requests, which allows requests that have the same payload and configured headers value to be served from the cache.

March 10, 2020

New Feature

Organization-related information (Org/SubOrg Name & UUID) synchronized to Mashery Local for inclusion in logs is now available through Log Service.

February 27, 2020

New Features

SOAP Cache Connector

New Mashery Connector, SOAP Cache Connector, supports caching of SOAP with POST requests, which allows requests that have the same payload and configured headers value to be served from the cache.

Ping Auth Connector

New Mashery Connector, Ping Auth Connector, consists of the following:

January 21, 2020

New Features

  • Normalize Audit History timezone from PDT to GMT.
  • Support hyphen and underscore in Organization and Sub-Organization names.

Closed Issues

  • WA-10600 - Enum values not honored during ‘try it now’ with Swagger 2.0 on Interactive Documentation resolved. 
  • WA-10380 - Manually-entered parameter values were reverting to defaults in interactive documentation.
  • WA-9635 - Page content was blank in CMS on page load.
  • WA-9903 - Second use of authorization resulted in “Unknown security definition type http” error.

January 9, 2020

New Features

XML <-> JSON Transformation Connector

New Mashery Connector, XML <-> JSON Transformation Connector,  supports transforming an API request payload from XML to JSON and vice versa.:

SOAP <-> REST Transformation Connector

New Mashery Connector, SOAP <-> REST Transformation Connector, supports transforming API request payload from SOAP message to REST(JSON) and vice versa.

November 12, 2019

New Feature

In an effort to simplify Domain whitelisting, the Control Center has been modified to not allow IP addresses to be specified when adding whitelisted domains. A warning message is displayed if an IP address is specified.

November 5, 2019

Closed Issue

WA-10256 - Removal of replacement variables in New Member Registration email were being appended to Email regardless of the configured template. This has been fixed.

November 1, 2019

Closed Issue

WA-10439 Developer-facing Reporting and CSV download on Developer Portal returning 404 page not found.

October 10, 2019

New Feature

Time stamp of last login for Developer Portal user now exposed on the member record, accessible via API Call.

July 3, 2019

Closed Issue

RPT-3250 - Unable to create Amazon S3 bucket path for Enriched Call Log Export (ECLE).

June 19, 2019

New Feature

Geo Target Routing Connector updated in the TIBCO Cloud™ Mashery - Connectors Guide.

Mashery Connectors are TIBCO Mashery's Cloud feature plugins and extensions that have been developed and available out of box for Mashery Cloud customers. Connectors have been carefully envisioned to address common use-cases such as: content injection, content filtering, content transformation, call authentication using third-party IDP, IP-based call filtering, domain-based routing, geo-location based routing and HTTP header manipulation.