API Portal 7.7 September 2020 Release Notes
7 minute read
Summary
API Portal provides an API consumer-facing interface that you can customize to match your corporate brand. API Portal is a layered product linked to API Manager, and requires both API Manager and API Gateway. For more information, see the API Gateway and API Manager documentation.
Installation
API Portal is available as a software installation or a virtualized deployment in a Docker container. For more information, see the following options:
- If you are installing API Portal for the first time using this update, see Install API Portal
- If you are already using API Portal (7.5.x, 7.6.x, 7.7.x) and want to install this update, see Upgrade API Portal.
- You can use the cumulative upgrade script to upgrade directly from earlier versions (for example, 7.5.5, 7.6.2) to API Portal July 20, then apply this package to update your API Portal to the September 20 release.
- See API Portal single version upgrade to upgrade versions incrementally.
API Portal in Docker containers is available for production environment from API Portal 7.7 November 2020 update. For more information, see Production-ready Docker container.
This section was updated to amend the information about API Portal in Docker containers.
New features and enhancements
Multiple organizations membership
Building on the support now added in API Manager for a user being a member of multiple organizations, the user profile in API Portal will reflect all of their organization memberships, and the user will be able to see all APIs and all applications from all organizations that they are a member of. For more information, see Users membership to multiple organizations.
GDPR compliance
Users can request a copy of their API Portal and Joomla! data to be sent to a nominated email address. They can also request that their data is deleted from API Portal and Joomla!, including data recorded in audit logs. For more information, see Manage privacy and personal data.
Security
Users can enable two-factor authentication (2FA) for both API Portal website and Joomla! Administrator Interface.
UI/UX improvements
User interface (UI) and user experience (UX) improvements in this release:
- You can search APIs by custom properties in the API catalog.
- Date and time are displayed in the users time zone.
Limitations of this update
This update has the following limitations:
- API Portal 7.7.20200930 is compatible with API Gateway and API Manager 7.7.20200930 only.
- Upgrade directly to API Portal 7.7.20200930 is supported from API Portal 7.7 only.
- This update is not available as a virtual appliance or as a managed service on Axway Cloud.
This section was updated to remove the information about API Portal in Docker containers.
Important changes
It is important, especially when upgrading from an earlier version, to be aware of the following changes in the behavior or operation of the product in this update.
API version update
To support User membership in multiple organizations (multi-orgs), a new version of the API v1.4 was introduced. The multi-orgs feature is available with the 1.4 version of the API only, meaning that any third-party portals or integrations (for example, SSO) must be updated to use version 1.4. The API Manager UI uses the API 1.4 by default.
This feature is forward compatible, the API 1.4 will work with single-org users, but not backward compatible, you cannot configure multi-orgs in the API 1.4, then revert it to the API 1.3.
The new API Manager 7.7 API 1.4 is available in OAS3 format on the Axway Documentation portal.
Deprecated features
As part of our software development life cycle we constantly review our API Management offering. As part of this review, no capabilities have been deprecated.
Removed features
To stay current and align our offerings with customer demand and best practices, Axway might discontinue support for some capabilities. As part of this review, no capabilities have been removed.
Fixed issues
This version of API Portal includes:
- Fixes from all 7.5.5, 7.6.2, and 7.7 service packs released prior to this version. For details of all the service pack fixes included, see the corresponding SP Readme attached to each service pack on Axway Support.
- Fixes from all 7.7 updates released prior to this version. For details of all the update fixes included, see the corresponding release note for each 7.7 update.
Fixed security vulnerabilities
| Internal ID | Case ID | CVE Identifier | Description |
|---|---|---|---|
| IAP-3188 | Issue: Audit log and its exporting functionality was missing. Resolution: API Portal now has rich audit log, which can be exported to a file or email to the requester. | ||
| IAP-3171 | Issue: Documentation was not raising the awareness about the risk of using self-signed certificate in production. Resolution: Documentation about HTTPS connection with self-signed certificate was updated. For more info see Configure API Portal to run with HTTP or HTTPS. | ||
| IAP-1933 | Issue: API Portal does not officially support 2FA. Resolution: Official support of 2FA was added on both admin and site sections. | ||
| IAP-3186 | Issue: A privacy communication channel for requesting export or removal of user data was missing. Resolution: A privacy communication channel for requesting export or removal of user data is supported in API Portal. For more information see, Manage privacy and personal data. |
Other fixed issues
| Internal ID | Case ID | Description |
|---|---|---|
| IAP-3388 | 1173080 | Issue: Control buttons for removing array items in Swagger UI were appearing on a new line. Resolution: The controls now appear next to the array item. |
| IAP-3517 | 1188465 | Issue: In API Portal all header names sent along with Try-It requests are Pascal-Case, but when there is no dash, like in KeyId, the transformation results to Keyid. Resolution: Headers are Pascal-Case only if there is a dash. |
| IAP-3518 | Issue: Manual password is not set when org admins create users because of invalid password argument passed. Resolution: Correct password argument is passed. |
Known issues
The following are known issues for this update.
When Multi Manager feature is configured, API Portal users are no longer able to login
After a recent bug fix in API Manager (RDAPI-20021), the Authenticate to Master policy is no longer working in releases earlier than API Portal July 2020. To fix this, perform the following steps:
- Open all slave managers configurations in Policy Studio, and click to Edit the
AuthenticateToMasterpolicy. - Click the Login to Master (Connect to URL) filter, and enter
Accept: */*for the Request Protocol Header. - Click the Enter key twice to create two blank lines after
Accept: */*.
Related Issue:IAP-3435
Page layout and alignment for Arabic language
Changing the API Portal language to Arabic (or any other right to left language) results in issues with page layout and alignment on the API Portal Home and Pricing pages, and some buttons are not visible. As a workaround, you can turn on the development mode in JAI. Follow these steps:
- Log in to Joomla! Admin Interface (JAI).
- In the JAI top navigation bar, click Extensions > Templates.
- Click your template style (for example,
purity_III * Default) to open it. - Click the General tab.
- Change Development Mode to
ON. - Click Save and click Close to close the template style.
Related Issue: IAP-308
Documentation
This section describes documentation enhancements and related documentation.
Documentation enhancements
The latest version of API Gateway, API Manager, and API Portal documentation has been migrated to Markdown format and is available in a public GitHub repository to prepare for future collaboration using an open source model. As part of this migration, the documentation has been restructured to help users navigate the content and find the information they are looking for more easily.
Documentation change history is now stored in GitHub. To see details of changes on any page, click the link in the Last modified section at the bottom of the page.
Related documentation
To find all available documentation for this product version:
- Go to Manuals on the Axway Documentation portal.
- In the left pane Filters list, select your product or product version.
Customers with active support contracts need to log in to access restricted content.
The following reference documents are also available:
- Supported Platforms - Lists the different operating systems, databases, browsers, and thick client platforms supported by each Axway product.
- Interoperability Matrix - Provides product version and interoperability information for Axway products.
Support services
The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit Axway Support.
See Get help with API Gateway for the information that you should be prepared to provide when you contact Axway Support.