API Portal 7.7 November 2020 Release Notes
7 minute read
API Portal provides an API consumer-facing interface that you can customize to match your corporate brand. API Portal is a layered product linked to API Manager, and requires both API Manager and API Gateway. For more information, see the API Gateway and API Manager documentation.
API Portal is available as a software installation or a virtualized deployment in a Docker container. For more information, see the following options:
- If you are installing API Portal for the first time using this update, see Install API Portal.
- If you are already using API Portal (7.5.x, 7.6.x, 7.7.x) and want to install this update, see Upgrade API Portal.
- You can use the cumulative upgrade script to upgrade directly from earlier versions (for example, 7.5.5, 7.6.2) to API Portal 7.7 November.
- See API Portal single version upgrade to upgrade versions incrementally.
- To deploy API Portal in Docker containers, see Deploy API Portal in containers.
New features and enhancements
Production-ready Docker container
In this update, we are releasing the phase 1 of API Portal production-ready Docker container image, which involves the following:
- Internal security review completed.
- Support for CentOS 8.
- Build and run docker as non-root user.
- The container is upgradable.
Red Hat Enterprise 8 support
- Official support added for RHEL 8 for the standalone (non-docker) API Portal.
- Supported platform matrix updated to include RHEL 8.
- Virus scanning of uploaded files via API Portal interface.
- Personally identifiable information (PII) is now protected using Global Unique Identifiers (GUIDs) in all log files generated by API Portal. Each user in API Portal is associated to a GUID, which is used instead of the user name to protect the user data in compliance with General Data Protection Regulation (GDPR).
Cumulative upgrade script
We had previously released a cumulative upgrade script to help customers to upgrade from 7.5.5 and 7.6.2 to the 7.7 July 2020 update. This script has been updated to upgrade customers to the 7.7 November 2020 update in line with the end of support for the 7.5.x and 7.6.x product lines in November 2020.
For more information, see Upgrade API Portal using the cumulative upgrade script.
User experience improvements
Sort API catalog by newest or oldest APIs in the API Catalog.
Configuration setting in the Joomla Administration Interface (JAI) to show or hide APIs, by status, in the catalog.
Limitations of this update
This update has the following limitations:
- API Portal 7.7.20201130 is compatible with API Gateway and API Manager 7.7.20201130 only.
- Upgrade to API Portal 7.7.20201130 is supported from API Portal 7.7 only.
- This update is not available as a virtual appliance or as a managed service on Axway Cloud.
- Upgrading from previous API Portal Docker image is not supported.
There are no major changes in this update.
As part of our software development life cycle we constantly review our API Management offering. In this update, the following capabilities have been deprecated:
- API Portal versions 7.5.x and 7.6.x reached end of support (EOS) in November 2020.
Enable user listing configuration
After a recent security fix in API Manager, the Enable user listing option is no longer needed in API Portal, and has been removed.
For previous versions of API Portal, which still use the Enable user listing option, see API Portal - Customize application sharing settings.
Related Issues: IAP-3616, RDAPI-17343
This version of API Portal includes:
- Fixes from all 7.5.5, 7.6.2, and 7.7 service packs released prior to this version. For details of all the service pack fixes included, see the corresponding SP Readme attached to each service pack on Axway Support.
- Fixes from all 7.7 updates released prior to this version. For details of all the update fixes included, see the corresponding release note for each 7.7 update.
Fixed security vulnerabilities
|Internal ID||Case ID||CVE Identifier||Description|
|IAP-3180||Issue: PII (Personally identifiable information) appearing in log files. Resolution: PII such as user name is replaced with associated GUID in log files.|
|IAP-3179||Issue: Insufficient logging for successful logins, access control failures, failed input validation attempts. Resolution: Now each log entry includes the necessary information that would help in a detailed investigation of the timeline when an event has happened.|
|IAP-3579||1195741||Issue: XSS was possible on TryIt page. Resolution: The `apiId` query param is now sanitized before outputted.|
|IAP-3175||Issue: When SSO is configured, log information coming from untrusted sources is not sanitized in any way, making it possible for an attacker to inject new lines in the logs. Resolution: The data now is sanitized.|
|IAP-3652||1195741||Issue: HTTP Host header can be controlled by an attacker. Resolution: Documentation was update whith information on how to prevent this. For more information, see Prevent host header attack.|
|IAP-3178||Issue: Passwords containing leading or trailing spaces were trimmed. Resolution: Leading or trailing spaces are considered as legitimate characters in password.|
Other fixed issues
|Internal ID||Case ID||Description|
|IAP-3559||1190447||Issue: Generated authentications do not appear when Applications page is disabled. Resolution: Generated authentications are now displayed regardless Applications page status.|
|IAP-3564||1190447||Issue: ‘Create Application’ button remains on Try-It page even when it is disabled in JAI. Resolution: JAI config option is taken into account.|
|IAP-3730||1207734||Issue: SQL query that is supposed to run only on upgrade, was also executed on installation. Resolution: The query is now executed only on upgrade.|
The following are known issues for this update.
When Multi Manager feature is configured, API Portal users are no longer able to login
After a recent bug fix in API Manager (RDAPI-20021), the
Authenticate to Master policy is no longer working in releases earlier than API Portal July 2020. To fix this, perform the following steps:
- Open all slave managers configurations in Policy Studio, and click to Edit the
- Click the Login to Master (Connect to URL) filter, and enter
Accept: */*for the Request Protocol Header.
- Click the Enter key twice to create two blank lines after
Page layout and alignment for Arabic language
Changing the API Portal language to Arabic (or any other right to left language) results in issues with page layout and alignment on the API Portal Home and Pricing pages, and some buttons are not visible. As a workaround, you can turn on the development mode in JAI. Follow these steps:
- Log in to Joomla! Admin Interface (JAI).
- In the JAI top navigation bar, click Extensions > Templates.
- Click your template style (for example,
purity_III * Default) to open it.
- Click the General tab.
- Change Development Mode to
- Click Save and click Close to close the template style.
Related Issue: IAP-308
This section describes documentation enhancements and related documentation.
The latest version of API Gateway, API Manager, and API Portal documentation has been migrated to Markdown format and is available in a public GitHub repository to prepare for future collaboration using an open source model. As part of this migration, the documentation has been restructured to help users navigate the content and find the information they are looking for more easily.
Documentation change history is now stored in GitHub. To see details of changes on any page, click the link in the Last modified section at the bottom of the page.
To find all available documentation for this product version:
- Go to Manuals on the Axway Documentation portal.
- In the left pane Filters list, select your product or product version.
Customers with active support contracts need to log in to access restricted content.
The following reference documents are also available:
- Supported Platforms - Lists the different operating systems, databases, browsers, and thick client platforms supported by each Axway product.
- Interoperability Matrix - Provides product version and interoperability information for Axway products.
The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
See Get help with API Gateway for the information that you should be prepared to provide when you contact Axway Support.