API Portal 7.7 May 2020 Release Notes
8 minute read
API Portal provides an API consumer-facing interface that you can customize to match your corporate brand. API Portal is a layered product linked to API Manager, and requires both API Manager and API Gateway. For more information, see the API Gateway and API Manager documentation.
API Portal is available as a software installation or a virtualized deployment in a Docker container. For more information, see the following options:
- If you are installing API Portal for the first time using this update, see Install API Portal
- If you are already using API Portal (7.5.x, 7.6.x, 7.7.x) and want to install this update, see Upgrade API Portal
- If you want to deploy API Portal in Docker containers, see Deploy API Portal in containers
New features and enhancements
The following new features and enhancements are available in this update:
Integration with AMPLIFY Unified Catalog
This integration between API Portal and the Unified Catalog is a proof of concept feature, and it is being released separately in a docker container as it is not general availability (GA) quality approved just yet. We are releasing it early to gather feedback.
This is the first client implementation of the Unified Catalog API.
API Portal connects to the Unified Catalog by way of a DevOps service account from AMPLIFY, and it exposes the APIs published on the catalog, alongside APIs already exposed via any connected API Manager instances.
Target use cases include:
- AMPLIFY customers that want a more customizable and extendable API developer portal.
- Existing API Portal customers who also have APIs published into the Unified Catalog can now see and interact with those assets in their current API Portal.
For more information on how to integrate API Portal and AMPLIFY Unified Catalog, see Expose APIs published from the Unified Catalog.
Check out the demo video available at How to show APIs from AMPLIFY Unified Catalog.
Database password encryption
We have added the ability to encrypt the database password that is stored in a configuration file. You can choose to encrypt the password during the installation, or any time later.
- Removal of unused templates (
Protostar) from the Joomla! Admin Interface (JAI).
- Various security fixes, including better validation on input fields to prevent potential attacks.
Limitations of this update
This update has the following limitations:
API Portal 7.7.20200530 is compatible with API Gateway and API Manager 7.7.20200530 only.
Upgrade to API Portal 7.7.20200530 is supported from API Portal 7.7.0 only. To upgrade from earlier versions (for example, 7.5.x, 7.6.x) you must first upgrade to API Portal 7.7.
The ready-made API Portal Docker image 7.7.20200530 is strictly for development environments only, and it is not recommended for use in production environments.
It is not recommended to use the image in production environments because the image is built with CentOS as a base OS, and our Axway security scans have detected multiple security concerns with this OS. We continue to monitor the latest versions of this base OS to determine if these issues have been resolved, but until we can ship a hardened image that passes our security concerns, we cannot advise customers to use this image in a production environment. Delivery a Docker image for production use is already planned in the API Portal 2020 roadmap.
Upgrading from previous API Portal Docker image is not supported.
This update is not available as a virtual appliance or as a managed service on Axway Cloud.
As part of our software development life cycle we constantly review our API Management offering. As part of this review, no capabilities have been deprecated.
To stay current and align our offerings with customer demand and best practices, Axway might discontinue support for some capabilities. As part of this review, no capabilities have been removed.
This version of API Portal includes the fixes from all 7.5.5, 7.6.2, and 7.7 service packs or updates released prior to this version. For details of all the service pack fixes included, see the corresponding SP Readme attached to each service pack on Axway Support.
Fixed security vulnerabilities
|Key||Case Id||Release Note|
|IAP-3182||Issue: Users could create or delete applications even in the cases when this functionality is disabled from JAI. Resolution: An additional check verifies whether creating or deleting applications is added when the corresponding form is submitted.|
|IAP-3184||Issue: Email field when creating or editing applications was validated only on client side. Resolution: Email validation is added on back-end side.|
|IAP-3172||Issue: There is no Content-Security-Policy configured. Resolution: A new section, Define a restrictive Content Security Policy, in the documentation explains why and where to add this policy, which helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.|
|IAP-3181||Issue: Size of application/user images was verified only on client side. Resolution: Back-end validation was added.|
|IAP-3183||Issue: When there are configured custom properties it appears that they are not secured enough. Resolution: The custom fields are now properly escaped before outputting.|
|IAP-3163||Issue: Database password was stored in plain text in configuration file. Resolution: We have added the ability to encrypt the database password that is stored in the configuration file.|
Other fixed issues
|Key||Case Id||Release Note|
|IAP-2881||Issue: Joomla administrator is redirected to login page when trying to update a user, which has the same value for
|IAP-3037||Issue: After user is successfully logged in, the button on the home page is still called ‘Sign-in’. Resolution: New settings were added to the home page module in JAI to allow to rename this button and set where it redirects to.|
|IAP-3121||Issue: SwaggerUI cannot render when OAS 3.0 definitions has missing “component” key. Resolution: The “component” key is first checked for existence, and then used.|
|IAP-3145||Issue: Logged users do not see public APIs in the catalog when Public API Mode is enabled. Resolution: You must make sure that all organizations in API Manager are granted to access the Public APIs. To learn more, see Configure settings for Public API mode in API Manager in the Axway documentation.|
|IAP-3242||Issue: Logo is customizable from Home menu item instead of from Template menu. Resolution: Logo is customizable from Template menu. For more information, see Customize your logo.|
|IAP-3245||01136358, 01138114||Issue: On Swagger 2.0 base path is duplicating the host or it is shown several times. Resolution: The base path and the host are displayed separately.|
|IAP-3253||Issue: Error message is not clear to indicate that the scope is missing when the user is testing an API, and tries to authorize with OAuth without selecting any scope. Resolution: A specific error message is shown if the scope is missing while requesting OAuth token.|
|IAP-3256||1152557||Issue: The discovery Swagger file from API Manager contains defaults and examples for SOAPAction and SOAPBody, but these are not displayed in API Portal. Resolution: SOAPAction and SOAPBody values are correctly imported and displayed in API Portal.|
|IAP-3257||1155022||Issue: API Portal version downgrades after docker container restart. Resolution: Version comparison fixed in docker entry point so that API Portal version doesn’t downgrade on container restart.|
|IAP-3264||Issue: ‘Explore’ button should replace the ‘Sign In’ button in Home Page layout when Public API Mode is enabled. Resolution: ‘Sign In’ button is displayed in Home Page layout when Public API Mode is enabled.|
|IAP-3269||Issue: Home page is not shown correctly when having multiple languages installed. Resolution: All Home page sections are correctly displayed when having multiple languages installed.|
The following are known issues in this version of API Portal.
Page layout and alignment for Arabic language
Changing the API Portal language to Arabic (or any other right to left language) results in issues with page layout and alignment on the API Portal Home and Pricing pages, and some buttons are not visible. As a workaround, you can turn on the development mode in JAI. Follow these steps:
- Log in to Joomla! Admin Interface (JAI).
- In the JAI top navigation bar, click Extensions > Templates.
- Click your template style (for example,
purity_III * Default) to open it.
- Click the General tab.
- Change Development Mode to
- Click Save and click Close to close the template style.
Related Issue: IAP-308
API Portal label is shown in header when upgrading from version 7.6.2
Upgrading API Portal from 7.6.2 to 7.7 May release might result in scenario where additional text of ‘API Portal’ is displayed in the header.
Related issue: IAP-3419. Fixed in the 7.7 July release.
This section describes documentation enhancements and related documentation.
The latest version of API Gateway, API Manager, and API Portal documentation has been migrated to Markdown format and is available in a public GitHub repository to prepare for future collaboration using an open source model. As part of this migration, the documentation has been restructured to help users navigate the content and find the information they are looking for more easily.
Documentation change history is now stored in GitHub. To see details of changes on any page, click the link in the Last modified section at the bottom of the page.
To find all available documents for this product version:
- Go to https://docs.axway.com/bundle.
- In the left pane Filters list, select your product or product version.
Customers with active support contracts need to log in to access restricted content.
The following reference documents are also available:
- Supported Platforms - Lists the different operating systems, databases, browsers, and thick client platforms supported by each Axway product.
- Interoperability Matrix - Provides product version and interoperability information for Axway products.
The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
See Get help with API Gateway for the information that you should be prepared to provide when you contact Axway Support.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.