API Builder Standalone - 26 October 2018

API Builder Standalone - Halifax


This release includes:


  • #4043: Add dropdown for string and number enum parameters in flows
  • #5126: Left side menu should be expanded by default


  • #4810: JSONSelect CVE-2011-4969
  • #4818: UI Incorrectly counts parameters definition as an endpoint in APIs list

Release Notes

  • #4043: Previously, flow-node input parameters of type string and number described as enums would require the values to be typed manually. Now, a dropdown selection is available to allow an easy selection of allowed inputs.

  • #4810: Previously, jsonselect@0.4.0 was used indirectly by @axway/api-builder-runtime and had three CVEs against it: CVE-2011-4969 - XSS with location.hash, CVE-2012-6708 - Selector interpreted as HTML, and CVE-2015-9251 - 3rd party CORS request may execute. Now, this module is no longer a runtime dependency.

  • #4818: Previously, the total number of the endpoints in the API Docs view in the UI was counted incorrectly in the occasions where the parameters were attached to the root level of the endpoint in the swagger definition. Now, the total number is calculated correctly.

  • #5126: Previously, the side navigation menu was collapsed by default and it wasn't remembering the user's preference. Now, the side navigation menu is expanded by default and it will remember the user's last choice and be consistent.

Updated Modules

Updated Plugins

Known Issues

  • #3825: Filtering the API Builder Console administrator access using IPv6 addresses may cause ENOTFOUND errors.

  • #3867: When attempting to create and save a flow for an imported Swagger endpoint that contains a path or paths defined by references the save will fail.

  • #3960: API Builder has issues with recognizing a required consumes value if anything is appended to it, for example multipart/form-data; charset=utf-8.

  • #3979: Attempting to delete an endpoint in the UI that was created as a result of dereferencing a JSON $ref will yield a 404. API Builder will fail to locate the method since it only exists when the whole Swagger document is dereferenced. An example of a Swagger document using $ref:

    	"swagger": "2.0",
    	"paths" {
    		"x-path": {
    			"get": {}
    		"/find": {
    			"$ref": "#/paths/x-path"
    		"/search": {
    			"$ref": "#/paths/x-path"
  • #4280: Editing large object parameters on the API Orchestration page in the API Builder Console may cause multiple, confusing flow-node configuration panel scroll bars to appear.

  • #4528: Initializing new project with api-builder init 1234 where 1234 is any number, will throw an ERR_INVALID_ARG_TYPE error rather than "invalid npm package name".

  • #4595: When using a distinct API backed by the Memory connector and passing a field which does not exist on the model, the first record is returned instead of an error.

  • #4735: Invoking Upsert will fail for all data connectors when creating a composite model from an existing model and renaming one of the fields.

  • #4736: Given a swagger with an extension, for example, on the path item object, the Swagger flow-node plugin can fail to load the swagger file, resulting in an error:

    Error loading plugin: @axway/api-builder-plugin-fn-swagger. Cannot convert undefined or null to object
  • #4749: A query on a distinct API created from the Mongo plugin (@axway/api-builder-plugin-dc-mongo) doesn't honor the value of the order parameter.

  • #4750: Methods Upsert or FindAndModify are not present in APIs generated from a mongo/mysql connector based model.

  • #4751: The FindAndModify method from APIs created using the Mongo plugin (@axway/api-builder-plugin-dc-mongo) responds with a 404 rather than creating a new entry when upsert parameter is true.

  • #4752: The format of a distinct query's response depends on the type of the connector.

  • #4759: Calling Update or FindAndModify on a Model that uses the composite connector and contains required fields may fail and cause the server to terminate.

  • #4795: The MongoDB plugin @axway/api-builder-plugin-dc-mongo does not correctly support primary keys that are not object identifiers. The MongoDB specification allows for primary keys of other types. As a result, trying to use the plugin will result in errors:

     { "message": "Invalid Value for Find By ID: "YOUR_STRING_PK_NAME", "success": false, "request-id": "c118f187-2090-4a68-b939-37367ac55b80" }
  • #4813: If the endpoint swagger file in /endpoints contains special characters in its name, for example [test].json, the endpoint is not rendered correctly in the UI.

  • #4856: Passing in an invalid column name as a parameter to certain APIs generated from data connectors will result in an exception being thrown rather than executing their callback with an error. A similar error may occur when using model flow-nodes, resulting in an error which cannot be handled by the flow.

  • #4859: When endpoints are generated from a model, the endpoint descriptions do not use the correct plurals defined by the model.

  • #4865: The Swagger flow-node plugin strips characters from valid object definition names which can result in schema ID collisions.

  • #4865: The Swagger flow-node plugin does not handle valid object definition names with ~ or / in their name and can result in an invalid schema references in swagger flow-nodes.

  • #4951: When endpoint or flow files with URL encoded characters in the filename are present in a project, unexpected things may occur. For example, the wrong flow or endpoint could be modified. Using files with these types of names is not recommended.

  • #4961: Having the '%' symbol in various file names can cause problems in the API Builder Console and with direct linking. It is therefore advisable to avoid using '%' in API, Endpoint, Flow, Model, and Configuration file names. This is a result of an issue in react-router/history. https://github.com/ReactTraining/history/issues/505

  • #4966: API Builder will generate invalid Swagger for programmatic API in ./apis that bind to a path other than the apiPrefix defined in the configuration. These API must be bound to the same root path as is defined by apiPrefix.

Related Links