Axway API Manager 7.5.3 Release Notes

Document version: 17 September 2018

Summary

API Manager is a licensed product running on top of API Gateway, and has the same deployment options as API Manager: a software installation, a physical or virtual appliance, a virtualized deployment in Docker containers, or as a managed service on Axway Cloud. For more information on API Gateway, see the API Gateway Release Notes.

New features and enhancements

The following new features and enhancements are available in this release.

Improved visual experience

User interfaces have been refreshed to a more visually attractive look shared by all Axway products.

  • All web-based user interfaces have been made cleaner and simpler.
  • Minor improvements to Policy Studio screens.
  • Shared look-and-feel makes the products feel familiar, making them easy to learn.

API Builder connector for API Manager

API Builder connector brings a smooth transition from creating to controlling APIs, and enhances support for the complete API lifecycle in API Management Plus:

  • Configure cloud application connectors for API Builder application APIs.
  • Easily import, secure, and manage API Builder application APIs in API Manager.

Improved Docker support

The support for running API Management in Docker containers has been improved:

  • Pre-built Docker images enable immediate deployment on Docker (CentOS Linux 7 base image).
  • Docker scripts are also included, enabling you to customize the base image, perform security hardening, and rebuild the Docker container (CentOS Linux 7 or Red Hat Enterprise Linux 7 base image).
  • Docker support has been added for API Portal, so you can now run the full API Management Plus solution in Docker containers.

For more details, see the API Gateway Installation Guide

RAML 1.0 support

You can now use API Manager to import RAML 1.0 API documents as well as RAML 0.8. This enables you to manage and secure APIs deployed on, for example, the Mulesoft ESB.

Client SDK generator

You can publish your governed APIs in API Portal, and allow your users to create Titanium clients incredibly quickly using the SDK generator. In addition, you can generate native iOS, Android, and NodeJS applications that can access your managed APIs.

For more details, see API Portal Administrator Guide and API Portal User Guide.

Fixed issues

The fixes for issues included in API Manager v7.5.2 SP 1 and SP 2 are also included in API Manager v7.5.3.

Case ID Internal ID Description

RDAPI‑5162

00853653

Issue: Error importing a Swagger 2.0 file to API Manager.
Resolution: Previously, you could import a Swagger 2.0 file into API Manager even though the file contained duplicated elements and was therefore not valid. The file was imported successfully as if it was a valid JSON file.
Now, when you try to import a Swagger file into API Manager and the file contains duplicated elements, the import is blocked. API Manager returns a HTTP 400 error that states that there were duplicate elements in the file and shows which elements were duplicated to help fix the issue.

RDAPI-5540

00856500

Issue: UnrecognizedPropertyException when importing a Swagger 2.0 definition to API Manager.
Resolution: Previously, API Manager did not support vendor extensions in Swagger 2.0 definitions, and the import into API Manager failed. Now, the support for vendor extensions has been added, and the import into API Manager succeeds. The extensions are ignored on import, but can be used normally after that.

RDAPI-5681

00849580, 00881178

Issue: Unable to log in to web UIs when using port forwarding.
Resolution: Previously, if you configured port mappings (Docker, tunneling, forwarding) and exposed API Manager and API Gateway Manager on different virtual hosts from the ones configured during installation, you could not log in to the web applications. Now, you can log in even if you configure port mapping such as port forwarding.

RDAPI-5868

00847852

Issue: HTTP 500 returned for a request without the required parameters.
Resolution: Previously, when API Manager received a request that was missing a required parameter, it returned an HTTP 500 Internal Server Error. This gave the wrong impression that the problem was in API Manager, not in the request. Now, the behavior of API Manager has been changed. Instead of HTTP 500, API Manager now returns HTTP 400 Bad Request that helps to correctly locate the problem.

RDAPI-5869

00847835

Issue: HTTP 500 returned for a request with a wrong API Key.
Resolution: Previously, if you requested an API protected with an API Key using the wrong or no API Key, API Manager returned HTTP 500 Internal Server Error. Now, API Manager correctly returns HTTP 401 Unauthorized.

RDAPI-5870

00839029

Issue: Incorrect HTTP status code returned if API method fails.
Resolution: Previously, when API Manager received a client request to invoke an API, and the request had the correct path but an invalid verb, API Manager returned HTTP 500. If the client request had both the correct path and verb, API Manager returned an Allow header.
Now, if a client request to invoke an API has the correct path, but an invalid verb, API Manager returns HTTP 405 Method is not allowed. The Allow header is only returned when API Manager returns HTTP 405 Method is not allowed, or for an OPTIONS request.

RDAPI-5908

00854949

Issue: Modifications to the content type of the API Manager Alert emails is ignored.
Resolution: Previously, any modifications you did to the content type of API Manager Alert emails in the Send API Manager Alert filter were not respected, and the filter did not set the value you had defined. Now, the Send API Manager Alert filter correctly sets the content type as you defined.

RDAPI-5990

00858037

Issue: Too long summary affects the API Access UI in API Manager.
Resolution: Previously, if the summary of an back-end API was over 80 characters, the Enabled, Quota and Scope options were not visible in the API Access section on the Edit Application window, so you could not edit these settings. Now, the width of the API summary column is fixed. If the summary is over 80 characters, the text wraps to keep the options visible.

RDAPI-6212

00837700

Issue: OAuth token refresh issue.
Resolution: Previously, an outbound OAuth connector in API Manager could use a token that seemed to be valid but that was rejected by the service provider. As a result, API Manager deleted the token and reported a failure. Now, you can configure the default routing policy to retry the request, if API Manager receives a 401 response. API Manager attempts to acquire a new token before retrying the original request.

RDAPI-6356

00866150

Issue: Organization names containing an ampersand not displayed correctly.
Resolution: Previously, organization names containing an ampersand ("&") were not displayed correctly in all lists (for example, the back-end API, the front-end API, or the application lists). Instead of the ampersand character, the character encoding was shown. Now, organization names containing an ampersand are displayed correctly in all lists.

RDAPI-6437

00864967

Issue: Unclear that metrics database is required for monitoring in API Manager.
Resolution: Previously, the database requirements for API Manager monitoring were not clear in the API Manager user documentation.
Now, the topic on API Manager monitoring in the API Manager User Guide includes an updated prerequisites section that clearly states all of the database requirements and configuration steps.

RDAPI-6719

00867086

Issue: Wrong error code returned for HTTP GET on non-existing organization.
Resolution: Previously, if you tried to perform a GET request on non-existing organization, API Manager returned an HTTP 500 error. Now, a HTTP 404 error code is returned instead.

RDAPI-6740

00866643

Issue: Issue with WSDL schema definitions in API Manager.
Resolution: Previously, any WSDL with an external schema definition in API Manager accessed using API Catalogcontained an invalid reference to the schema. Now, the external schema definition location matches the behavior of the WSDL that can be accessed using the runtime.

RDAPI-6818

00872554

Issue: API Manager configuration files downloadable without authentication.
Resolution: Previously, a user could download the API Manager configuration files (such as /conf/apimgmtconfig.py) without authentication. Now, the configuration files have been moved to another location and they cannot be downloaded anymore.

RDAPI-6923

00869225

Issue: The setup-apimanager script ignores environmentalized values for Cassandra host.
Resolution: Previously, the setup-apimanager script did not use environmentalized values to connect to Cassandra. Now, the script respects environmentalized values (like an environmentalized Cassandra host) when connecting to Cassandra.

RDAPI-7924

00875546

Issue: Issue when importing a SOAP API into another environment.
Resolution: Previously, if you virtualized a SOAP API generated from a file URI in API Manager, and then exported the API to import it into another environment, API Manager threw a java.util.NoSuchElementException on import. Now, you can successfully export and import a SOAP API virtualized from a file URI into another environment.

RDAPI-7066

00869358

Issue: HTTP 500 error after deleting an application.
Resolution: Previously, the API Manager REST API assumed that no objects with the same ID will ever be re-created. Now, it is known that some entities can be re-created with the same ID (for example, on application import or to re-create API keys to be shared with the partners) and this rule is no longer enforced.

RDAPI-7108

00869995

Issue: Restart required after changing the API Manager template.
Resolution: Previously, if you made changes to the API Manager template that the Connect To URL filter used for routing API Proxy requests, you had to restart the instances after deploying the changes. Now, deploying the changes is enough and you do not have to restart the instances.

RDAPI-7490

00869993

Issue: HTTP 404 error when trying to remove an application's access to an API.
Resolution: Previously, when you used a REST API call to remove an API from an application, you got an error message if the application creator did not exist, because API Manager tried to send an email notification to the application creator. Now, API Manager no longer tries to send email notifications if no application creator exists, and you can remove an API from application.

RDAPI-7855

00883175

Issue: Modified outbound service URL is not preserved when importing an API.
Resolution: Previously, in API Manager, if you modified the back-end service URL on the Outbound tab of a front-end API and then exported that API and imported it into another environment, the modified URL was not displayed in the imported API. Now, the modified URL is displayed in the imported API.

RDAPI-8119

00883931

Issue: Error in API Manager when trying to approve pending applications by enabling Manage Selected.
Resolution: Previously, in the drop-down list of the applications waiting to be approved in API Manager, if you set Manage Selected to Enable, you received an internal server error. Now, you cannot enable Manage Selected for any application that is waiting to be approved. You can only enable or disableManage Selected on approved applications.

Known issues

The following are known issues in this version of API Manager.

Cassandra synchronization in multi-datacenter environments

In multi-datacenter environments with Cassandra read/write consistency set to local quorum, there is a small risk of configuration corruption if the event triggering API Manager to load a configuration change happens before the configuration replication to the other datacenter is complete. Changing the polling time as described in Multi-datacenter configuration in the API Gateway Installation Guide reduces this risk, but does not remove it completely.

This issue results in outdated configuration data being used for the affected API until API Gateway is restarted. For example, as a result of this, valid traffic may be rejected if a new API has been added and not updated, or wrong traffic may be accepted if an API has been deprecated and not updated. The workaround requires a restart of all API Gateway instances in the affected datacenter.

Axway is working on a product change that will avoid restarting API Gateway in such situations, and recommends to:

  • Wait for the resolution before going live with multiple datacenters and local quorum consistency.
  • If this is not possible, monitor your production environment closely for this error, and restart API Gateway if the error is encountered.

Upgrade from API Manager v7.3.0 not supported

Upgrading API Manager version 7.3.0 to version 7.5.3 is not supported.

RAML import does not support references to external files

Importing RAML version 0.8 or RAML version 1.0 files that include references to external files is currently not supported.

API Manager users cannot complete registration after upgrading API Gateway

New users that were registered in API Manager before an upgrade, but who did not complete registration by activating their account with the link provided in email, cannot complete registration after the upgrade. The link in the email references the API Manager API v1.1 that is no longer available. For example:

https://<API Gateway IP address>/api/portal/v1.1/users/validateuser?email=s@s.com&validator=9a5addcb-e10c-499b-bf0a-0c70915f3862

The workaround is that the user copies the link address, pastes it to the address bar, and changes the API version v1.1 to v1.2 or v1.3. After this, the activation link works, and the user can complete registration.

Deleting an organization does not delete all the users from that organization

When you simultaneously delete several organizations with a number of users in each of them, some users are not fully deleted. This results in errors when trying to list users or applications in API Manager.

The workaround is to manually delete these users from the api_portal_portaluserstoreldap table.

Issues with application quota overrides

Creating an application quota override corrupts the quota-related Cassandra tables. In addition, application quota overrides might not appear in API Manager after they are created, despite being present in Cassandra. If you try to edit an application again, the quota does not appear.

It is not recommended to create application quota overrides in API Manager.

Creating and deleting an application override quota in quick succession can also trigger a NullPointerException error. This is harmless but adds extra noise to traces.

Unsupported Swagger 2.0 elements

When registering a back-end API from a Swagger 2.0 definition, API Manager does not support the following elements and does not import them into the API Catalog:

  • title
  • termsOfService
  • contact
  • license
  • tags
  • securityDefinitions
  • externalDocs

For each path/API method:

  • tags
  • security
  • For each parameter:
    • default
    • maximum
    • exclusiveMaximum
    • minimum
    • exclusiveMinimum
    • maxLength
    • minLength
    • pattern
    • allowEmptyValue
    • collectionFormat
    • maxItems
    • minItems
    • uniqueItems
    • enum
    • multipleOf
  • For each response code:
    • headers
Note   Some of these elements are also used in the model definitions section in the Swagger 2.0 specification, and API Manager imports these elements when contained in that section. API Manager supports all elements in the Swagger model definitions section.

Supported Swagger 2.0 elements

The following elements are supported and imported into the API Catalog:

  • description
  • version
  • host
  • schemes
  • basePath
  • Global parameter
  • produces
  • Model definitions

For each path/API:

  • Path
  • HTTP method
  • Path parameter and reference to global parameter
  • For each method:
    • operationId
    • summary
    • description
    • consumes
    • produces
  • For each parameter:
    • name
    • in
    • description
    • required
    • type
    • schema
    • format
    • Reference to global or path parameter
  • For each response code:
    • Response code
    • description
    • schema

Documentation

You can find the latest information and up-to-date user guides at the Axway Documentation portal at http://docs.axway.com.

This section describes documentation enhancements and related documentation.

Documentation enhancements

See What's new in documentation for a summary of the documentation changes in this release.

API Manager is a layered product running on API Gateway, which provides the underlying gateway capabilities. API Gateway is a prerequisite product for API Manager.

Axway API Gateway and Axway API Manager are accompanied by a complete set of documentation, covering all aspects of using the products. Go to the Axway Documentation portal at http://docs.axway.com to find documentation for this product version. Additional documentation may be available at Axway Support at https://support.axway.com.

The API Management Plus solution enables you to create, publish, promote, and manage Application Programming Interfaces (APIs) in a secure and scalable environment. For more information, see the API Management Plus Getting Started Guide.

The following reference documents are available on the Axway Documentation portal at http://docs.axway.com:

  • Supported Platforms
  • Lists the different operating systems, databases, browsers, and thick client platforms supported by each Axway product.
  • Interoperability Matrix
  • Provides product version and interoperability information for Axway products.

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.

Email support@axway.com or visit Axway Support at https://support.axway.com.

See Get help with API Gateway in the API Gateway Administrator Guide for the information that you should be prepared to provide when you contact Axway Support.

Related Links