Axway API Portal 7.6.2 Release Notes

Document version: 23 November 2018

Summary

API Portal provides an API consumer-facing interface that you can customize to match your corporate brand. API Portal is a layered product linked to API Manager, and requires both API Manager and API Gateway. For more information, see the API Gateway and API Manager documentation.

API Portal is available as a software installation or a virtualized deployment in Docker containers. For more information, see the API Portal Installation and Upgrade Guide.

New features and enhancements

The following new features and enhancements are available in this release.

Repackaged Docker

This release comes with a repackaged Docker form-factor that can be pulled and started in a few seconds with a single command.

  • Choose between docker build or docker-compose to build your image from our sample scripts.
  • Alternatively, use our prebuilt Docker image (for non-production environments only).
  • Specify the API Manager connection information when starting an API Portal container so that you can get up and running quickly without having to use the Joomla administration interface (JAI).
  • Orchestrate the deployment of API Gateway, API Manager, and API Portal with Kubernetes.

For more details, see the API Portal Installation and Upgrade Guide.

New API Detail view

A new API Detail view (called AMPLIFY SwaggerUI) has been added.

  • It brings a new visual with more information displayed and additional Swagger 2.0 constructs supported (nested objects, array models, example fields).
  • The inline Try-it feature now adds support for OAuth Authorization Code Grant (3-legged flow). RFC7636 - PKCE by OAuth Public Clients is also supported in this context.
  • Code snippets (in Curl, node.js, web.js and Titanium) can be copied directly from the API Detail view to enable to enable app developers to get started with your APIs quickly and easily.

The previous API Detail view (called Swagger.io SwaggerUI) is still available. It is used to render SOAP APIs but can also be used for REST APIs by configuration if required.

For more details, see the API Portal Administrator Guide.

New customization options

To increase the flexibility when customizing API Portal, new standard options are available:

  • You can specify the page to redirect users to after a successful login (for example, redirect them to a custom welcome page, a guide, and so on).
  • The color of each type of method (GET, POST, and so on) can be customized in the new AMPLIFY SwaggerUI.
  • In the Application Menu Entry, you can show or hide controls and fields, and also set some fields as read-only.

Using these standard customization options ensures a smooth upgrade process and will enable you to preserve your customizations when you upgrade to future API Portal releases.

For more details, see the API Portal Administrator Guide.

Improved security

This release includes the following security improvements:

  • The API Portal login page can be protected by:
    • Displaying re-captcha after a configurable number of failed login attempts.
    • Locking user accounts for a configurable amount of time after a configurable number of failed login attempts.
  • The password of the Public API user is now encrypted at rest.
  • There are known security vulnerabilities in the versions of jQuery (used by Joomla!) and bootstrap (used by third-party Joomla! extension T3). These vulnerabilities are mitigated in API Portal with the following approaches:
    • jQuery 1.12.4 (CVE-2015-9251) - all Ajax requests have been modified to add the dataType option to prevent eventual code execution.
    • bootstrap 3.3.6 (20160627) - the data-target attribute is not used with user input.

For more details, see the API Portal Administrator Guide and the API Management Security Guide.

Limitations of this release

This release has the following limitations.

  • This release is not available as a virtual appliance, or as a managed service on Axway Cloud.
  • Upgrade to API Portal 7.6.2 is supported from API Portal 7.5.5 only.
  • API Portal 7.6.2 is compatible with API Gateway and API Manager 7.6.2 only.

Fixed issues

Internal ID Case ID Description
IAP-659 00917892 Issue: It was not possible to install API Portal in unattended mode.
Resolution: You can now install API Portal in unattended mode by specifying command line options to the apiportal_install.sh script.
IAP-916 Issue: When viewing quotas for a selected API in the API Portal Applications view, the message shown was "No restrictions" regardless of quota restrictions set for the API in API Manager.
Resolution: The correct quota restriction message is shown.
IAP-956 Issue: When viewing an API in API Portal, the model was not displayed when it was an array of elements.
Resolution: In the new AMPLIFY SwaggerUI view, the model is displayed when it is an array of elements.
IAP-1059 00964050 Issue: In API Portal 7.5.5 and later, the option to enable application developers to generate and download an SDK for an API exposed in the API Catalog was moved, and it is not enabled by default.
Resolution: The documentation has been updated to explain this and to describe how to enable the feature.
IAP-1190 00978633 Issue: API Portal not installed successfully when MySQL password includes a forward slash character (/).
Resolution: API Portal installs successfully when the MySQL password includes any allowed characters. Note that the single quote character (') is forbidden for MySQL passwords.
IAP-1264 Issue: API Manager password complexity settings were not being applied to users when signing up to API Portal.
Resolution: The password complexity settings configured in API Manager are now applied in API Portal.
IAP-1265 Issue: In multiple API Manager setup, the error message displayed when there was a problem with login was incorrect.
Resolution: The standard error message 'User name and password do not match, or you do not have an enabled account' is now displayed.
IAP-1267 00984558 Issue: Links in API Portal Help Center pages result in '404 - Page Not Found' error.
Resolution: Links in Help Center pages are working as expected.
IAP-1284 Issue: When a user does not have access to any APIs (APIs list is empty) the API Catalog page results in a 'HTTP 500 Error'.
Resolution: The cause of the issue (incorrect handling of Redis connection check) has now been fixed and the 500 error no longer occurs.
IAP-1294 Issue: In multiple API Manager setup, the link to the 'Created By' user for an application on the Applications page resulted in 'Error:102: The entity could not be found' if the application was created on a slave API Manager.
Resolution: If the application is created on a slave API Manager, the 'Created By' user link for the application is now disabled.
IAP-1296 Issue: When editing an application, you can edit the Javascript origins field (removing the * to make it empty) for OAuth client authentication, which results in a 403 error if you use the Try-It feature for an API with this OAuth inbound security authentication.
Resolution: Validation has been improved and an empty Javascript origins field is no longer allowed.
IAP-1338 Issue: API Portal Joomla! extensions were showing with incorrectly formatted date in JAI (Extensions > Manage > Manage).
Resolution: API Portal extensions now use the date format DDth Mmm YYYY.
IAP-1340 00977636 Issue: User input was displayed in head page title and APIs list button, making API Portal vulnerable to phishing.
Resolution: The head page title and APIs list button are now filled from the Swagger definition, and API Portal is no longer vulnerable.

Known issues

The following are known issues in this version of API Portal.

API Portal options not visible in JAI top navigation after Docker upgrade

When upgrading to API Portal 7.6.2 on Docker, the API Portal configuration options (Components > API Portal) are not visible in the JAI top navigation bar. However, the options are available in the JAI left navigation bar and you can access them from there.

Related Issue: IAP-1162

Page layout and alignment for Arabic language

If you change the API Portal language to Arabic (or any other right to left language) there are issues with page layout and alignment on the API Portal Home and Pricing pages, and some buttons are not visible. As a workaround, you can turn on development mode in JAI. Follow these steps:

  1. Log in to Joomla! Admin Interface (JAI).
  2. In the JAI top navigation bar, click Extensions > Templates.
  3. Click your template style (for example, purity_III - Default) to open it.
  4. Click the General tab.
  5. Change Development Mode to ON.
  6. Click Save and click Close to close the template style.

Related Issue: IAP-308

Documentation

This section describes documentation enhancements, known issues, and related documentation.

Documentation enhancements

See What's new in documentation for a summary of the documentation changes in this release.

To find all available documents for this product version:

  1. Go to https://docs.axway.com/bundle.
  2. In the left pane Filters list, select your product or product version.
Note   Customers with active support contracts need to log in to access restricted content.

The AMPLIFY API Management solution enables you to create, publish, promote, and manage Application Programming Interfaces (APIs) in a secure and scalable environment. For more information, see the AMPLIFY API Management Getting Started Guide.

The following reference documents are also available:

  • Supported Platforms
  • Lists the different operating systems, databases, browsers, and thick client platforms supported by each Axway product.
  • Interoperability Matrix
  • Provides product version and interoperability information for Axway products.

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.

Email support@axway.com or visit Axway Support at https://support.axway.com.

See Get help with API Gateway in the API Gateway Administrator Guide for the information that you should be prepared to provide when you contact Axway Support.

Related Links