API Portal 7.7 July 2020 Release Notes
8 minute read
API Portal provides an API consumer-facing interface that you can customize to match your corporate brand. API Portal is a layered product linked to API Manager, and requires both API Manager and API Gateway. For more information, see the API Gateway and API Manager documentation.
API Portal is available as a software installation or a virtualized deployment in a Docker container. For more information, see the following options:
- If you are installing API Portal for the first time using this update, see Install API Portal
- If you are already using API Portal (7.5.x, 7.6.x, 7.7.x) and want to install this update, see Upgrade API Portal
- If you want to deploy API Portal in Docker containers, see Deploy API Portal in containers
New features and enhancements
To expand compliance with many customers internal security guidelines, which discourage or disallow root access, we have added the ability to install and run API Portal using
sudo commands. To learn more, watch How to install API Portal without being a root user.
CentOS 8 support
We have expanded official support to include CentOS 8 for the standalone (non-docker) installation of API Portal.
Supporting CentOS8 in a docker container is not yet supported.
User interface (UI) and user experience (UX) improvements in this release:
- Better filtering options available to User roles on the applications catalog to allow easier searching and management of large catalogs.
- New API state indicators for Published and Unpublished to make the current status of the endpoint clearer.
- Improved visibility of Deprecated APIs.
Limitations of this update
This update has the following limitations:
API Portal 7.7.20200730 is compatible with API Gateway and API Manager 7.7.20200730 only.
Upgrade to API Portal 7.7.20200730 is supported from API Portal 7.7.x only. You can use the cumulative upgrade script to upgrade directly from earlier versions (for example, 7.5.5, 7.6.2) to API Portal 7.7 July, or see API Portal single version upgrade to upgrade versions incrementally.
The ready-made API Portal Docker image 7.7.20200730 is strictly for development environments only, and it is not recommended for use in production environments.
It is not recommended to use the image in production environments because the image is built with CentOS as a base OS, and our Axway security scans have detected multiple security concerns with this OS. We continue to monitor the latest versions of this base OS to determine if these issues have been resolved, but until we can ship a hardened image that passes our security concerns, we cannot advise customers to use this image in a production environment. A Docker image for production use is already planned in the API Portal 2020 roadmap.
Upgrading from previous API Portal Docker image is not supported.
This update is not available as a virtual appliance or as a managed service on Axway Cloud.
As part of our software development life cycle we constantly review our API Management offering. As part of this review, no capabilities have been deprecated.
To stay current and align our offerings with customer demand and best practices, Axway might discontinue support for some capabilities. As part of this review, no capabilities have been removed.
This version of API Portal includes:
- Fixes from all 7.5.5, 7.6.2, and 7.7 service packs released prior to this version. For details of all the service pack fixes included, see the corresponding SP Readme attached to each service pack on Axway Support.
- Fixes from all 7.7 updates released prior to this version. For details of all the update fixes included, see the corresponding release note for each 7.7 update.
Fixed security vulnerabilities
|Internal ID||Case ID||CVE Identifier||Description|
|IAP-1934||Issue: Servers should be synchronize to an internal or external NTP server in order to correlate logs and data from different internal and external systems. Resolution: Documentation was updated with this best practice. See Utilize synchronized time source.|
|IAP-1929||Issue: User sessions were not revoked on application level even when the user was active. Resolution: Added a configuration option in JAI to invalidate all user sessions with the application after defined time period.|
|IAP-3315||Issue: Auto completion in JAI login was enable and this is against best practice in security. Resolution: Disable auto completion in JAI login.|
|IAP-1732||Issue: API Portal HTTPS request to API Manager REST API wasn’t protected with certificate verification option. Resolution: As per Security practice we have introduced mutual authentication between API Portal and API Manager.|
|IAP-3282||1157947||Issue: There is no recommendation in the documentation that
|IAP-3283||1157947||Issue: There is no recommendation in the documentation how to set
Other fixed issues
|Internal ID||Case ID||Description|
|IAP-3086||Issue: While changing the password, if wrong current password is filled out an empty page is displayed. Resolution: When wrong current password is filled out, the user sees the error message along with the edit user form.|
|IAP-3313||Issue: When trying an API and the response is 500, that response code is not shown. Resolution: The response code was shown.|
|IAP-3331||Issue: DB password encryption script is not executable. Resolution: Proper permission were given to the script so it could be executed.|
|IAP-3333||Issue: The passphrase for the encryption of the database password is not respected while installing API Portal via unattended mode. Resolution: The passphrase is now respected if it is provided at unattended mode installation.|
|IAP-3368||1165789||Issue: While performing Try-It requests API Portal sends Cookie header which is not needed in API Manager. Resolution: Cookie header is not longer sent along with the requests.|
|IAP-3371||Issue: Global Configuration in JAI cannot be saved when MySQL password encryption or MySQL SSL modes are enabled. Resolution: Global Configuration persists with no errors.|
|IAP-3387||Issue: Global Configuration in JAI cannot be saved when encryption key for database cache is not generated. Resolution: Cache is not invalidated on save when encryption key is not generated.|
|IAP-3404||1172998||Issue: An error is shown on API Try it page when the default language of API Portal is changed. Resolution: API Try it page is successfully loaded when the default language of API Portal is changed.|
|IAP-3416||1174950||Issue: The values of the custom properties are not displayed for SOAP APIs. Resolution: As we can not get these values, we have hidden the labels. This is noted in the documentation, see API Manager custom properties support.|
|IAP-3419||Issue: API Portal text is shown in the header after the logo image when upgrading from version 7.6.2. Resolution: There’s no API Portal text in the header after the logo image when upgrading from version 7.6.2.|
The following are known issues for this update.
When Multi Manager feature is configured, API Portal users are no longer able to login
After a recent bug fix in API Manager (RDAPI-20021), the
Authenticate to Master policy is no longer working. To fix this, perform the following steps:
- Open all slave managers configurations in Policy Studio, and click to Edit the
- Click the Login to Master (Connect to URL) filter, and enter
Accept: */*for the Request Protocol Header.
- Click the Enter key twice to create two blank lines after
Page layout and alignment for Arabic language
Changing the API Portal language to Arabic (or any other right to left language) results in issues with page layout and alignment on the API Portal Home and Pricing pages, and some buttons are not visible. As a workaround, you can turn on the development mode in JAI. Follow these steps:
- Log in to Joomla! Admin Interface (JAI).
- In the JAI top navigation bar, click Extensions > Templates.
- Click your template style (for example,
purity_III * Default) to open it.
- Click the General tab.
- Change Development Mode to
- Click Save and click Close to close the template style.
Related Issue: IAP-308
This section describes documentation enhancements and related documentation.
The latest version of API Gateway, API Manager, and API Portal documentation has been migrated to Markdown format and is available in a public GitHub repository to prepare for future collaboration using an open source model. As part of this migration, the documentation has been restructured to help users navigate the content and find the information they are looking for more easily.
Documentation change history is now stored in GitHub. To see details of changes on any page, click the link in the Last modified section at the bottom of the page.
To find all available documentation for this product version:
- Go to Manuals on the Axway Documentation portal.
- In the left pane Filters list, select your product or product version.
Customers with active support contracts need to log in to access restricted content.
The following reference documents are also available:
- Supported Platforms - Lists the different operating systems, databases, browsers, and thick client platforms supported by each Axway product.
- Interoperability Matrix - Provides product version and interoperability information for Axway products.
The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
See Get help with API Gateway for the information that you should be prepared to provide when you contact Axway Support.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.