API Gateway and API Manager 7.7 May 2020 Release Notes

25 minute read

Summary

API Gateway is available as a software installation or a virtualized deployment in Docker containers. API Manager is a licensed product running on top of API Gateway, and has the same deployment options as API Gateway.

The software installation is available on Linux. For more details on supported platforms for software installation, see System requirements.

Docker deployment is supported on Linux. For a summary of the system requirements for a Docker deployment, see Set up Docker environment.

New features and enhancements

Updated OS Support

The operating systems CentOS 7, CentOS 8, RedHat 7, and RedHat 8 have been tested and validated.

Improved upgrade experience

• You can use the script update_apigw.sh for updating API Gateway and API Manager installations, replacing the post installation script apigw_sp_post_install.sh. This automates some of the previous manual steps. It supports backups and can run in unattended mode. For more information about the usage of the script see the installation steps and the --help output
• Automation of some manual steps for update.
• The update_apimanager.sh script still required.
• The update is still applied manually to each node in the topology.
• There are new scripts to apply updates for Policy Studio and Configuration Studio.

Important changes

It is important, especially when upgrading from an earlier version, to be aware of the following changes in the behavior or operation of the product in this update.

TLS v1.3 support

This update supports TLS v1.3 protocol for HTTPS listeners and connection filters. All communication between Node Managers, API Gateways, and other services now uses TLS v1.3 protocol by default.

Filebeat v6.2.2

This update uses Filebeat v6.2.2. Before installing this update, you must delete the Filebeat folder /apigateway/tools/filebeat-5.2.0. When using Filebeat, follow the official Filebeat documentation.

OpenJDK JRE

API Gateway and API Manager 7.7 and later support OpenJDK JRE, and this update includes Zulu OpenJDK 1.8 JRE instead of Oracle JRE 1.8.

OpenSSL and FIPS support

This update uses OpenSSL 1.1.1, as OpenSSL 1.0.2 is EOL.

OpenSSL 1.1.1 does not support FIPS, and running API Gateway in FIPS mode is not supported in this update. OpenSSL 3.0 (when available) will support FIPS, and FIPS support will be available again in a future update.

References to FIPS in the documentation will not be removed, but this does not mean that FIPS is still supported and the references should be ignored.

Log4j 2 changes

The Log4j 2 version has been updated from 2.8.2 to 2.13.2. In addition, the Log4j 2 file format has been changed to YAML.

7.7 releases prior to May 2020	7.7 May 2020 and later
$VDISTIR/system/conf/loggers/eventLog.xml	$VDISTIR/system/conf/loggers/eventLog.yaml
$VDISTIR/system/conf/loggers/openTrafficLog.xml	$VDISTIR/system/conf/loggers/openTrafficLog.yaml
$VDISTDIR/system/conf/loggers/topologyLog.xml	$VDISTDIR/system/conf/loggers/topologyLog.yaml
$VDISTDIR/system/conf/log4j2.xml	$VDISTDIR/system/conf/log4j2.yaml
$VDISTDIR/rcplatform/plugin-filter-base/lib/log4j2.xml	$VDISTDIR/rcplatform/plugin-filter-base/lib/log4j2.yaml

If you have made any customizations to these XML files you must translate them to the equivalent YAML files.

Swagger parser

The Swagger parser libraries have been updated as follows.

Parser	Previous version	New version
Swagger Legacy Parser	1.0.48	1.0.50
OpenAPI 3 Parser	2.0.16	2.0.19

Deprecated features

As part of our software development life cycle we constantly review our API Management offering.

The following capabilities have been deprecated.

Antivirus scanners

API Gateway already supports the industry standard Internet Content Adaption Protocol (ICAP). From the November 2020 update the following embedded antivirus scanners will be removed:

• McAfee
• Sophos
• Clam AV

Content scanning is still supported using the ICAP filter, which provides out-of-the-box integration with ICAP-capable servers provided by Symantec, McAfee, OPSWAT and others, promoting ease of deployment and operational control.

Deprecated libraries

From the July 2020 update the following API Gateway libraries will be replaced by the listed artifacts under the system/lib folder.

May 2020 library	July 2020 artifact
anttasks.jar	vordel-core-7.7.0.*.jar
apiportal.jar	vordel-core-7.7.0.*.jar, vordel-apigateway-7.7.0.*.jar, vordel-apibroker-7.7.0.*.jar, vordel-apimanager-7.7.0.*.jar, vordel-api-io-7.7.0.*.jar, vordel-api-model-7.7.0.*.jar, vordel-core-api-7.7.0.*.jar, vordel-core-controller-7.7.0.*.jar, vordel-core-model-7.7.0.*.jar, vordel-metrics-7.7.0.*.jar, vordel-persistence-7.7.0.*.jar, vordel-swagger-builder-7.7.0.*.jar, vordel-swagger-model-7.7.0.*.jar, plugins/vordel-common-7.7.0.*.jar
circuit.jar	vordel-core-circuit-7.7.0.*.jar, vordel-core-precipitate-7.7.0.*.jar, vordel-core-runtime-7.7.0.*.jar
client.jar	vordel-core-circuit-7.7.0.*.jar
common.jar	vordel-apibroker-7.7.0.*.jar, vordel-apimanager-7.7.0.*.jar, vordel-apigateway-7.7.0.*.jar, vordel-api-model-7.7.0.*.jar, vordel-core-7.7.0.*.jar, vordel-core-api-7.7.0.*.jar, vordel-core-circuit-7.7.0.*.jar, vordel-core-circuit-format-7.7.0.*.jar, vordel-core-controller-7.7.0.*.jar, vordel-core-model-7.7.0.*.jar, vordel-core-runtime-7.7.0.*.jar, plugins/vordel-common-7.7.0.*.jar
com.vordel.jms.jar	vordel-core-circuit-7.7.0.*.jar
jwkjose.jar	vordel-core-7.7.0.*.jar
jwsdl-emf-impl.jar	vordel-xml-utils-7.7.0.*.jar
logger.jar	vordel-core-7.7.0.*.jar, vordel-apigateway-7.7.0.*.jar, vordel-core-runtime-7.7.0.*.jar
manager.jar	vordel-apibroker-7.7.0.*.jar, vordel-core-circuit-7.7.0.*.jar
oauthclient.jar	vordel-core-circuit-7.7.0.*.jar
openidconnect.jar	vordel-core-7.7.0.*.jar
precipitate.jar	vordel-core-precipitate-7.7.0.*.jar
security.jar	vordel-core-7.7.0.*.jar, vordel-apigateway-7.7.0.*.jar, vordel-core-circuit-7.7.0.*.jar, vordel-core-http-7.7.0.*.jar, plugins/vordel-common-7.7.0.*.jar
server.jar	vordel-core-7.7.0.*.jar, vordel-apibroker-7.7.0.*.jar, vordel-apigateway-7.7.0.*.jar, vordel-api-model-7.7.0.*.jar, vordel-common-db-7.7.0.*.jar, vordel-core-circuit-7.7.0.*.jar, vordel-core-http-7.7.0.*.jar, vordel-core-model-7.7.0.*.jar, vordel-core-precipitate-7.7.0.*.jar, vordel-core-runtime-7.7.0.*.jar, vordel-core-servletcontainer-7.7.0.*.jar, vordel-kps-7.7.0.*.jar, vordel-metrics-7.7.0.*.jar, vordel-nodemanager-client-7.7.0.*.jar, vordel-persistence-7.7.0.*.jar, vordel-xml-utils-7.7.0.*.jar, plugins/vordel-common-7.7.0.*.jar
upgrade.jar	vordel-apigateway-7.7.0.*.jar
wspolicy.jar	vordel-core-circuit-7.7.0.*.jar, vordel-xml-utils-7.7.0.*.jar
xmlutils.jar	vordel-xml-utils-7.7.0.*.jar
embeddedAMQ/embeddedAMQ.jar	vordel-core-7.7.0.*.jar, vordel-apigateway-7.7.0.*.jar

Renamed artifacts

From the July 2020 update the following artifacts under the system/lib folder will be renamed.

May 2020 artifact	July 2020 artifact
com.vordel.circuit.cache-7.7.0.*.jar	vordel-core-circuit-cache-7.7.0.*.jar
com.vordel.circuit.format-7.7.0.*.jar	vordel-core-circuit-format-7.7.0.*.jar
com.vordel.circuit.smtp-7.7.0.*.jar	vordel-core-circuit-smtp-7.7.0.*.jar

SDK libraries

From the July 2020 update the SDK libraries will be updated.

Java package	Old JAR	New JAR
com.vordel.api.adminusers.client	server.jar	vordel-apigateway-7.7.0.*.jar
com.vordel.api.adminusers.model	server.jar	vordel-apigateway-7.7.0.*.jar
com.vordel.api.configuration.model	server.jar	vordel-apigateway-7.7.0.*.jar
com.vordel.api.deployment.client	server.jar	vordel-apigateway-7.7.0.*.jar
com.vordel.api.deployment.model	server.jar	vordel-apigateway-7.7.0.*.jar
com.vordel.api.monitoring.model	server.jar	vordel-apigateway-7.7.0.*.jar
com.vordel.api.nm	server.jar	vordel-apigateway-7.7.0.*.jar, vordel-nodemanager-client-7.7.0.*.jar
com.vordel.api.topology.client	server.jar	vordel-nodemanager-client-7.7.0.*.jar
com.vordel.api.topology.model	server.jar	vordel-core-model-7.7.0.*.jar
com.vordel.circuit	circuit.jar	vordel-core-circuit-7.7.0.*.jar, vordel-core-precipitate-7.7.0.*.jar, vordel-core-runtime-7.7.0.*.jar
com.vordel.circuit.oauth.token	com.vordel.circuit.oauth.jar	vordel-core-circuit-7.7.0.*.jar
com.vordel.config	vordel-config-7.7.0.*.jar	vordel-config-7.7.0.*.jar
com.vordel.dwe	server.jar	vordel-core-7.7.0.*.jar
com.vordel.env	vordel-env-7.7.0.*.jar	vordel-env-7.7.0.*.jar
com.vordel.mime	server.jar	vordel-core-circuit-7.7.0.*.jar, vordel-core-runtime-7.7.0.*.jar
com.vordel.oauth.client.providers	oauthclient.jar	vordel-core-circuit-7.7.0.*.jar
com.vordel.reporting.rtm.api	server.jar	vordel-metrics-7.7.0.*.jar
com.vordel.statistics	server.jar	vordel-core-runtime-7.7.0.*.jar

Removed features

To stay current and align our offerings with customer demand and best practices, Axway might discontinue support for some capabilities. As part of this review, no capabilities have been removed.

Fixed issues

This version of API Gateway and API Manager includes:

• Fixes from all 7.5.3, 7.6.2, and 7.7 service packs released prior to this version. For details of all the service pack fixes included, see the corresponding SP Readme attached to each service pack on Axway Support.
• Fixes from all 7.7 updates released prior to this version. For details of all the update fixes included, see the corresponding release note for each 7.7 update.

Fixed security vulnerabilities

Internal ID	Case ID	Cve Identifier	Description
RDAPI-18123	01100683 01094763		Issue: Forgot password functionality generates a temporary password, but never forces the user to change it. Resolution: Generated passwords are now marked as temporary and users are forced to change the password on first login.
RDAPI-18383	01147927		Issue: Session timeout currently configured is absolute timeout of the session, but idle session timeout is also needed for API Gateway Manager. Resolution: New environment variable introduced env.WEBMANAGER.SESSION.IDLE.TIMEOUT that defines 30 minutes default idle session timeout.
RDAPI-19525	01115803		Issue: In API Gateway, a header with an empty value was incorrectly subjected to RFC 7230 “obs-fold” parsing, concatenating it with the next header. Resolution: API Gateway now conforms to RFC 7230 and empty headers are left unchanged.
RDAPI-19895	01155074		Issue: Proxy authorization appears in product traces. Resolution: Authentication information has been removed from traces.
RDAPI-20011	01159022 01116092 01160978 01033168 01080239		Issue: The request body was being reflected in the response. Resolution: Added property com.axway.apimanager.fault.removeContentBody that removes the body from the response.
RDAPI-20086			Issue: Token Information Services allow GET request meaning that access_token can be sent as a query string parameter in the URL. This is a security issue as sensitive information should never be included in the URL. Resolution: Only a POST request with access_token sent in the body of the POST request are now accepted.

Other fixed issues

Internal ID	Case ID	Description
RDAPI-16183	01055370	Issue: KPS cache does not include the table name in the cache key, causing collisions for entries with the same column name and value pair. Resolution: Include the KPS table name in the cache key.
RDAPI-18376	01141105 01111969	Issue: A user with the user role encounters a permission error when creating an application. Resolution: A user with the user role no longer encounters unexpected errors when creating an application.
RDAPI-18379	01105501	Issue: Editing of application sharing details prevents further editing of other application details. Resolution: Editing of application details works as expected.
RDAPI-18876	01049408	Issue: API Manager actions requiring many writes are too slow when the Cassandra node CPU usage is too high. Resolution: Reduced the number of reads when writing new objects into Cassandra.
RDAPI-19005	01131477	Issue: Misspelled word in API Manager UI. Resolution: Misspelled word is corrected.
RDAPI-19119	01132142	Issue: Cannot create a HTTP traffic monitoring transaction leg record from a script filter or the Java layer. Resolution: Missing HTTP monitoring fields have been added to the Java layer.
RDAPI-19142	01136068 01134950 01097471	Issue: When the Skip Authorization checkbox in the Authorization Request filter is used, scopes already authorized and stored in the Authorizations DB for this application and user are accepted in addition to the requested scopes. Resolution: When the Skip Authorization checkbox in the Authorization Request filter is used, only requested scopes are accepted.
RDAPI-19190	01136100	Issue: Running the update-apimanager script with the --fed option fails for a fed with a missing type. Resolution: A flag has been added that checks for the type first before attempting to access it.
RDAPI-19220	01110388	Issue: kpsadmin tool was unable to delete rows. Resolution: kpsadmin tool is now able to delete rows.
RDAPI-19254	01138607 01139565 01139664	Issue: Large number of open socket descriptors on Linux 64-bit can cause API Gateway to crash. Resolution: API Gateway can now handle a large number of socket descriptors on Linux 64-bit.
RDAPI-19295	01140630	Issue: OAuth credentials are always enabled when an application is imported and the original state of the credentials when the application was exported is lost. Resolution: OAuth credentials state is preserved when the application is exported.
RDAPI-19319	01139929	Issue: Connect To URL filter treats 304 requests as redirect and performs the request twice. Resolution: 304 status code is no longer treated as a redirect.
RDAPI-19435	01139572	Issue: The SFTP File Upload filter was not retrieving the correct selector value for the host finger print field. Resolution: Updated the filter to retrieve the correct selector value.
RDAPI-19450	01143338 01143298	Issue: API Gateway documentation incorrectly states that certificates from Java keystore can also be loaded and trusted by setting the javax.net.ssl.trustStore Java system property. Resolution: The statement has been removed from the Import certificates and keys to the API Gateway trusted certificate store section of API Gateway documentation.
RDAPI-19459	01120523	Issue: In Policy Studio, there was a broken link when clicking Jump to Configuration on an environmentalized API Manager setting. Resolution: Clicking Jump to Configuration on an environmentalized API Manager setting correctly redirects to the API Manager settings.
RDAPI-19463	01144528 01137208	Issue: Query parameters are not validated correctly by API Manager. Resolution: Query parameters are now validated correctly.
RDAPI-19480	01121284	Issue: Event logging was not writing the required application ID to the service context client field when using OAuth. Resolution: A new attribute authentication.application.id has been added, which you can use to set the client value correctly in the event logs for OAuth. You must also add a Java system property to the jvm.xml file in the conf/ directory of the instance to disable writing username to the service context in the event logs, which is a requirement for Embedded Analytics for API Manager to work correctly. For example: <ConfigurationFragment> <VMArg name="-Dcom.axway.coreapi.method.servicecontext.clientattr=true" /></ConfigurationFragment>.
RDAPI-19491	01102542	Issue: Running kpsadmin with the diagnostic option was outputting a 410 GONE error message when attempting to retrieve data that did not exist. Resolution: The kpsadmin script has been updated to exit when all data is retrieved.
RDAPI-19499	01151544 01151502 01161250 01142544 01156544	Issue: Upgrading a fed file from version 7.6.2 to version 7.7 using Policy Studio is very slow on Windows. Resolution: Policy Studio has been updated to reduce upgrade time on Windows.
RDAPI-19526	01142179	Issue: In Policy Studio, if a field was environmentalized, a database connection test failed to use the environmentalized value. Resolution: If a field is environmentalized, a database connection test uses the environmentalized value.
RDAPI-19572	01129719 01128960	Issue: Large numbers of Oauth authorizations (oauth_authorizations table) cause API Manager to become unresponsive. Resolution: Support for pagination headers has been implemented in the api/portal/v1.3/authorizations API and API Manager UI.
RDAPI-19573	01156521 01143940	Issue: Upgrade of Nimbus JWT library to version 8.5 caused the JWT Verify filter to stop working when verifying JWT sets. Resolution: JWT Verify filter is compatible with Nimbus JWT 8.5 and properly verifies JWT sets.
RDAPI-19603	01142622	Issue: When redaction is enabled, the HTTP response stored in Traffic Monitor is truncated after the first “100 Continue” header. Resolution: “100 Continue” support has been added to the HTTP redaction layer and fully redacted HTTP responses are stored in Traffic Monitor.
RDAPI-19691	01100006 01130690	Issue: API Gateway Analytics throws an error when values greater than the limit for a signed integer are returned by the database. Resolution: Analytics now handles database response values as long data types.
RDAPI-19730	01041571	Issue: User’s mobile number is not synchronized when sent in a policy during API Manager master/slave synchronization. Resolution: User’s mobile number is gathered and saved in slave.
RDAPI-19753	01151768	Issue: HTTP response stored by Open Traffic Logger is truncated after first “100 Continue” header. Resolution: “100 Continue” support has been added to Open Traffic Logger layer and all headers are correctly stored.
RDAPI-19757	01096753 01111767 01094639	Issue: In Policy Studio or Configuration Studio, the KPS Table Structure view shows black checkboxes for table rows on Windows. Resolution: The KPS Table Structure view correctly shows checkboxes for table rows.
RDAPI-19759	01111766	Issue: A generic “Invalid Data” error message is displayed upon entering an invalid Security Certificate URL. Resolution: A detailed error message is displayed in this scenario.
RDAPI-19774	01152955 01153905 01149611	Issue: In API Gateway requests to a virtual host are confined to the virtual host. Matching is not attempted against the parent listener if not found in the virtual host configured handlers. Resolution: Requests to a virtual host are now matched against the parent listener if a handler is not found in the virtual host configuration.
RDAPI-19776	01153049	Issue: $INSTALL_DIR/apigateway/posix/bin/jython script is not provided as part of API Gateway Package and Deploy Tools installer. Resolution: jython script is now part of the Package and Deployment Tools distribution.
RDAPI-19791	01090929	Issue: Failed login attempts to API Manager are not stored in audit log. Resolution: Failed login attempts to API Manager are properly logged in audit log.
RDAPI-19795	01136358 01153566	Issue: Incorrect naming in UI of Base path and Base path URL for values that are not Base Path according to swagger 2.0 and later. Resolution: Naming in UI is fixed to comply with Swagger 2.0 and later.
RDAPI-19803	01139463	Issue: When all methods of an API have their inbound security profile overridden, an invocation of an non-exiting method returns 500 Authentication Not Configured. This can allow a malicious user to guess the methods of a secure API. Resolution: Invoking a non-existing method of an API uses the default API inbound security profile defined in that API to validate the caller.
RDAPI-19812	01153995 01142801	Issue: The API image was not displaying in API Catalog view. Resolution: The API image is correctly displayed.
RDAPI-19813	01103156	Issue: In API Gateway, using the method getContent from a NodeImpl object results in a crash when content is null. Resolution: The method has been fixed to handle null content.
RDAPI-19855	01145864 01148092	Issue: The kps composite key query endpoint was not decoding query parameters. Resolution: The kps composite key query endpoint now decodes query parameters.
RDAPI-19899	01114864 01116592	Issue: The backend was not validating int query parameters. Resolution: The backend now validates int query parameters.
RDAPI-19926	01096567	Issue: Content-types in API requests cause incorrect path matching for multiple ambiguous API matches. Resolution: Path matching now determines the best path by comparing API matches with and without content-type equally.
RDAPI-19939	01102029 01104054	Issue: Invocation of Store Message and Restore Message filters might result in an empty message body when the message body content is too large. Resolution: The filters correctly process large message body content.
RDAPI-19969	01155966 01151956 01155475 01155982 01146306 01156860 01156316 01141111 01160432	Issue: In API Gateway, when using a Connect or Connect to URL Filter in a REST API, if an exception occurs in the backend, the API Gateway overrides any fault handler configured in the policy and overwrites the response body. This does not apply for global fault handlers. Resolution: API Gateway respects any fault handler configured in the policy.
RDAPI-19990	01064458 01064765	Issue: In a Policy Studio project, when error response codes are added to a REST API method, the method cannot be edited after the project is closed and reopened. Resolution: The method can be edited as expected after the project is closed and reopened.
RDAPI-20015	01156482	Issue: API Manager configuration can only be updated on a live installation. Resolution: Additional options have been added to update-apimanager so that a project directory, federated files, or policy and environment files can be updated.

Known issues

The following are known issues for this update.

Internal ID	Description
RDAPI-20320	Analytics PDF report generation fails with UnknownContentError on Ansible OS
RDAPI-20292	Special character in API name causes filename issue when saving swagger
RDAPI-20234	update-apimanager re-enables the Oauth HTTPS port if disabled
RDAPI-20218	apimanager-promote does not remove API Access from application
RDAPI-20127	Selector ${content.body.getJSON().get(0)} not working
RDAPI-20091	In Policy Studio, when importing a policy fragment, deselected items are imported anyway
RDAPI-20055	Sentinel filter - “Use the following tracked object” option not working
RDAPI-20017	Incorrect semantics of negated match types like IS_NOT in Compare Attribute filter
RDAPI-19838	Manager rejects valid OAS documents that use space characters in the keys of an “examples” object
RDAPI-19833	Okta SSO integration and email mapping
RDAPI-19788	Issue with pagination across multiple sections
RDAPI-19598	Session resumption does not work for TLSv1.3 when API Gateway acts as a client
RDAPI-19580	Trial option in the Organization does not work
RDAPI-19490	Modifying the email template $subject variable does not work
RDAPI-19453	Uploading an invalid image type when creating an application leads to an internal server error
RDAPI-19433	Line breaks in outbound parameter (type header) value not escaped
RDAPI-19418	api.error.source not available in APIManager fault handler
RDAPI-19334	Access to retired APIs is not removed from other organizations as expected
RDAPI-19293	API Catalog Try It shows only the first security device of a security profile
RDAPI-19292	When an admin user’s login name is changed, the user is directed to a blank page
RDAPI-19262	X-Rate-Limit header shows inconsistent values in a multi-node API Manager environment
RDAPI-19258	OAS 3.0: Default parameter serialization data seems redundant and bloats API exports
RDAPI-19240	Users in “pending approval” state are visible in the Sharing tab
RDAPI-19217	Inconsistency between Application Developers and Account Settings pages in API Manager
RDAPI-19216	Applications in pending approval state cannot be exported, but the UI is unclear
RDAPI-19150	Try It in API Manager only shows first 10 API keys
RDAPI-19132	Issue with selection of Retirement date when deprecating API
RDAPI-19126	API Manager echoes request and headers on “404 Not found”
RDAPI-19006	Delete API “not found” after changing Application Org
RDAPI-18990	“Failed to delete undefined” pop-up pops up unexpectedly when attempting to delete application
RDAPI-18777	Overriding the quota for an application and then removing the setting causes incorrect behavior
RDAPI-18674	Insufficient data validation when importing an Application
RDAPI-18649	Updated SSO role does not display properly in dev users view
RDAPI-18431	HTTP 409 Resource already exists in Applications - External Credentials
RDAPI-18294	KPS REST API documentation missing info
RDAPI-18198	CORS preflight fails for WSDL based API Manager APIs, and Try-It fails
RDAPI-18082	Regression: Policy Shortcut filters no longer automatically renamed in 7.7
RDAPI-17282	Connector for Salesforce APIs in API Manager does not work or is impossible to configure
RDAPI-16486	Changes in the mapper always require a reload in the Execute Data Maps filter and once reloaded then providing values for the required parameters must be repeated
RDAPI-15981	Scopes fields for API Key remain visible even if Application Scopes are disabled
RDAPI-11143	Discrepancy with API retirements dates
RDAPI-23063	Policy Studio 2020 May release can open projects from future releases

Policy Studio help documentation

This update includes changes to the Policy Studio documentation, but the version of the documentation (Eclipse Help) shipped with Policy Studio is out of sync with the online documentation and does not include these changes.

We are working to rectify this issue in a future update. In the meantime, you can find the up to date documentation online at Develop in Policy Studio.

Update a classic (non-container) deployment

These instructions apply to API Gateway and API Manager classic deployments only. For container deployments, see Update a container deployment.

Prerequisites

This update has the following prerequisites in addition to the System requirements.

1. Shut down any Node Manager or API Gateway instances on your existing installation.

2. Back up your existing installation. You can use the update_apigw.sh script to take a backup of your entire API Gateway installation directory as detailed in the API Gateway server install steps, or you can manage your own backups as detailed in API Gateway backup and disaster recovery. Ensure that you back up any customized files. You should merge updated files instead of copying them back directly to avoid any regex matching issues, whether you manage your own backups or not. For example, the following directories might contain customized files:

   webapps/apiportal/vordel/apiportal
   webapps/emc/vordel/manager/app
   webapps/emc
   system/conf/apiportal/email
   system/conf
   samples/scripts/
   tools/filebeat-VERSION-PLATFORM
   

3. If you have an existing Apache Cassandra installation, ensure that you back up your data (Cassandra and kpsadmin), and that the JAVA_HOME variable is set correctly in cassandra.in.sh and cassandra.in.bat.

4. Remove the old Filebeat folder /apigateway/tools/filebeat-5.2.0. Check any customized files to see if they are compatible with the new version. See Filebeat for more information.

5. On Linux, remove existing capabilities on product binaries (which might prevent overwriting files):

   setcap -r INSTALL_DIR/apigateway/platform/bin/vshell
   

6. Remove any subdirectories in INSTALL_DIR/groups/group-id/conf that do not contain extracted federated entity stores. For example, if a policy-archives directory exists, remove it.

FIPS mode only

If FIPS mode is enabled, you must also perform the following steps to install the update:

1. Run togglefips --disable to turn FIPS mode off.
2. Start the Node Manager to move the JARs.
3. Stop the Node Manager.
4. Install the API Gateway update as described in the Installation section.
5. Start the Node Manager.

In Policy Studio, If FIPS mode is enabled, you must also perform the following steps to install the update:

1. Open Policy Studio and select Window > Preferences.
2. Select the FIPS Mode setting.
3. Deselect the Enable FIPS Mode in Axway Policy Studio option and click OK.
4. Restart Policy Studio using the policystudio -clean command.

In Configuration Studio, If FIPS mode is enabled, you must also perform the following steps to install the update:

1. Open Configuration Studio and select Window > Preferences.
2. Select the FIPS Mode setting.
3. Deselect the Enable FIPS Mode in Axway Configuration Studio option and click OK.
4. Restart Configuration Studio using the configurationstudio -clean command.

Installation

This section describes how to install the update on existing 7.7 installations of API Gateway or API Manager.

• If you have installed an existing version of API Manager, installing the API Gateway server update automatically also installs the updates and fixes for API Manager.
• If you have installed a licensed version of API Gateway or API Manager 7.7, you do not require a new license to install updates.

Install the API Gateway server update

To install the update on your existing API Gateway 7.7 server installation, perform the following steps:

1. Ensure that your existing API Gateway instance and Node Manager have been stopped.

2. Remove any previous patches from your INSTALL_DIR/ext/lib and INSTALL_DIR/META-INF directories (or the ext/lib directory in an API Gateway instance). These patches have already been included in this update. You do not need to copy patches from a previous version.

3. Download and unpack the API Gateway 7.7 server Update file into a new directory. For example:

   mkdir 77update
   tar -xzvf APIGateway_7.7.YYYYMMDD_Core_linux-x86-64_BNnn.tar.gz -C 77update
   

   Note

   You must extract the file into a new directory and not into the existing API Gateway installation directory.

4. Run the update_apigw.sh script from the directory into which you extracted the Update file (for example, 77update) and specify your API Gateway installation directory using the --install_dir option. For example:

   ./update_apigw.sh --install_dir /opt/Axway-7.7/
   

5. Restart your Node Manager and API Gateway instances on the local machine.

update_apigw.sh script

Run the update_apigw.sh script with the --help option to see the available options:

./update_apigw.sh --help

The script generates a trace file in the update-output/trace directory. Use the --tracelevel option to change the level of tracing.

The script takes a backup of your entire API Gateway installation directory and places it in a tar file in the update-output/backups directory. Specify a different directory using the --backup_dir option. To manage your own backups, use the --no_backup option.

To run the script without user interaction, specify --mode unattended option.

Running the update_apigw.sh script performs the following steps:

1. Check that the installation directory is valid.
2. Check that the user who owns the API Gateway binaries is the same user running the update_apigw.sh script.
3. Check that the Node Manager and API Gateway instances that run on the local machine are not running.
4. Take a backup unless --no_backup has been specified.
5. Install the update content into the API Gateway installation directory.
6. Perform all of the steps that were performed by a post installation script in earlier updates. This includes JRE cleanup, system/lib/modules cleanup, third-party and Axway JAR cleanup, apply acl.json fix, apply passphrase obfuscation fix, and apply modifications to Node Manager entity store configuration. Fixes are only applied if they have not previously been applied.

Install the Policy Studio update

To install the update on your existing Policy Studio installation, an update script is provided. The update script is located inside the API Gateway 7.7 Policy Studio Update pack (for example, APIGateway_7.7.YYYYMMDD_PolicyStudio_linux-x86-64_BNnn.tar.gz).

Download and unpack the API Gateway 7.7 Policy Studio Update file into a new directory. For example:

mkdir 77update
tar -xzvf APIGateway_7.7.YYYYMMDD_PolicyStudio_linux-x86-64_BNnn.tar.gz -C 77update

Run the update_policy_studio.sh script from the directory into which you extracted the Update file (for example, 77update) and specify your API Gateway installation directory as an argument:

./update_policy_studio.sh INSTALL_DIR

INSTALL_DIR is the base API Gateway 7.7 installation directory that contains the policystudio directory.

For example:

./update_policy_studio.sh /opt/Axway-7.7/

If you had applied any modifications to the policystudio.ini file, you must reapply them after upgrade.

Running this script performs the following steps:

1. Back up your existing INSTALL_DIR/policystudio directory.
2. Remove old JRE versions by deleting the INSTALL_DIR/policystudio/jre directory.
3. Unzip and extract API Gateway 7.7 Policy Studio Update over the policystudio directory in your existing API Gateway 7.7 installation directory.
4. Start Policy Studio with policystudio -clean.

A backup of the installation is created at INSTALL_DIR/backups/policystudio/<date_time>.

Install the Configuration Studio update

To install the update on your existing Configuration Studio installation, an update script is provided. The update script is located inside the API Gateway 7.7 Configuration Studio Update pack (for example, APIGateway_7.7.YYYYMMDD_ConfigurationStudio_linux-x86-64_BNnn.tar.gz).

Download and unpack the API Gateway 7.7 Configuration Studio Update file into a new directory. For example:

mkdir 77update
tar -xzvf APIGateway_7.7.YYYYMMDD_ConfigurationStudio_linux-x86-64_BNnn.tar.gz -C 77update

Run the update_configuration_studio.sh script from the directory into which you extracted the Update file (for example, 77update) and specify your API Gateway installation directory as an argument:

./update_configuration_studio.sh INSTALL_DIR

INSTALL_DIR is the base API Gateway 7.7 installation directory that contains the configurationstudio directory.

For example:

./update_configuration_studio.sh /opt/Axway-7.7/

If you had applied any modifications to the configurationstudio.ini file, you must reapply them after upgrade.

Running this script performs the following steps:

1. Back up your existing INSTALL_DIR/configurationstudio directory.
2. Remove old JRE versions by deleting the INSTALL_DIR/configurationstudio/jre directory.
3. Unzip and extract API Gateway 7.7 Configuration Studio Update over the configurationstudio directory in your existing API Gateway 7.7 installation directory.
4. Start Configuration Studio with configurationstudio -clean

A backup of the installation is created at INSTALL_DIR/backups/configurationstudio/<date_time>.

Install the API Gateway Analytics update

To install the update on your existing API Gateway Analytics 7.7 installation, perform the following steps:

1. Ensure that your existing API Gateway Analytics instance and Node Manager have been stopped.

2. Remove old third-party libraries by deleting the following directories:

   INSTALL_DIR/analytics/system/lib/modules
   

3. Remove old JRE versions by deleting the following directories:

   INSTALL_DIR/analytics/platform/jre
   

4. Verify the owners of API Gateway binaries before extracting the update.

   ls -l INSTALL_DIR/analytics/posix/bin
   

5. Using the same user who owns the API Gateway Analytics binaries, unzip and extract API Gateway 7.7 Analytics Update over the analytics directory in your existing API Gateway 7.7 installation directory. For example:

   tar -xzvf APIGateway_7.7.YYYYMMDD_Analytics_linux-x86-64_BNnn.tar.gz -C /opt/Axway-7.7/analytics/
   

6. Change to the analytics directory in your installation:

   cd INSTALL_DIR/analytics
   

7. Run the post-install script for API Gateway Analytics.

   apigw_analytics_sp_post_install.sh
   

You must also install an update for your existing API Gateway 7.7 server.

After installation

The following steps apply after installing the update.

API Gateway

To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:

1. Add the following line to the INSTALL_DIR/system/conf/jvm.xml file:

   <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
   

2. Run the command setcap 'cap_net_bind_service=+ep cap_sys_rawio=+ep' INSTALL_DIR/platform/bin/vshell to allow the API Gateway to listen on privileged ports.

API Manager

When API Manager is installed, you must run the update-apimanager script after the API Gateway post-install script to ensure that all paths are up-to-date. For details, see Run update-apimanager.

Update a container deployment

If a fed file is provided as part of building the API Manager container, you must follow these steps to update the fed with the configuration changes:

1. Install the update on a installation of the API Gateway.

2. Run the following command:

   /opt/Axway-7.7/apigateway/posix/bin/update-apimanager --fed <path to old file>.fed --oa <path to update file>.fed
   

You do not need to run any API Manager instances.

The fed now contains the updates for the API Manager configuration and can be used to build containers.

Documentation

You can find the latest information and up-to-date user guides at the Axway Documentation portal at https://docs.axway.com.

This section describes documentation enhancements and related documentation.

Documentation enhancements

The latest version of API Gateway, API Manager, and API Portal documentation has been migrated to Markdown format and is available in a public GitHub repository to prepare for future collaboration using an open source model. As part of this migration, the documentation has been restructured to help users navigate the content and find the information they are looking for more easily.

Documentation change history is now stored in GitHub. To see details of changes on any page, click the link in the last modified section at the bottom of the page.

Related documentation

To find all available documents for this product version:

1. Go to https://docs.axway.com/bundle.
2. In the left pane Filters list, select your product or product version.

Customers with active support contracts need to log in to access restricted content.

The following reference documents are also available:

• Supported Platforms - Lists the different operating systems, databases, browsers, and thick client platforms supported by each Axway product.
• Interoperability Matrix - Provides product version and interoperability information for Axway products.

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.

Email support@axway.com or visit Axway Support at https://support.axway.com.

See Get help with API Gateway for the information that you should be prepared to provide when you contact Axway Support.