API Platform 4.3.4.0

The APIs list wasn’t completely obeying ordering filters.

When an app’s extraInfo was changed using a Custom JavaScript interceptor with the method $call.app.extraInfo, the change was valid not only in the context of the call, but within the application’s scope (that is, the change remained in following calls that retrieved the extraInfo value). Now, the change will be restricted to the context of the call, without modifying the app’s data on the Manager.

If an API’s flow contained a JWT Validation interceptor configured without the encryption option flagged ("Use JWE-JSON Web Encryption") and if there was a call to this API with an encrypted JWT token, an error was returned with a 500 status code (server error). The status code was changed to 401 (Unauthorized).

An issue was preventing an API from being detached from an API Identity (even after the link’s removal, a token could still be generated for the API). This was fixed and now both can follow their own ways (George Michael would be glad).

The field "URI" on the Trace pages was exhibiting improper values because of the method used to return an address (when there were multiple URLs in a JSON, the first one was returned and exhibited in the field). This led to some confusion, making it seem that the Trace feature could be mixing different APIs (which was not the case). We changed the method and the field now shows the correct value.

When an API’s visibility option was changed, this modification was not reflected on the Manager, which led to unwanted behaviour (such as the impossibility of deleting the owner of an API).

There was no warning when a user tried to deleted an environment with at least one API. We added a message and the user has to confirm the deletion.

Searches with the character / on the APIs screen were retuning an error.

Users who were not Super Admin couldn’t create API Identities.

We added a warning message when users try to use unsupported characters on the login page (such as blank spaces).

In some cases, the environment visibility and deployment permissions weren’t treated independently (and so a modification on just one of them was not maintained).

The export feature for the General Trace through the download of a JSON file was broken.

An API’s screen allows searching for users and/or teams in order to select who is responsible for an API, but the Manager was only showing 10 query results. Now, all active users (that is, not blocked) and existing teams are shown and can be selected.

On the modal window where you can create a new user, you could type in an email address including capital letters, but that led to an unspecified error (without clear warning). Now, it’s no longer possible to include capital letters — the Manager automatically turns them into small caps.

We have included in the documentation the information that it is not possible to use the Internal API Call interceptor to invoke an API deployed in an environment other than the source API.

We fixed an issue related to opening connections that was leading to inconsistency on the Manager.

[Connectors] Calls using connectors were returning errors if a JWT was informed in the Authorization header.

[Connectors] The section "Docker Run" (API Connectors  Create Connector  COMMAND IMAGE) didn’t contain the info "SERVER_PORT", which was added.

[Connectors] There was an issue related to searches by keyword in the database when an operation was created from a connector.

At last, some fixes are meant to satisfy those that care about grammatical and aesthetic issues:

We added a sysconfig option to set up the minimum password length allowed to log in to the Manager.

We created a scenario validation based on TimeStamps to prevent outdated scenarios from being consumed.

It’s now possible to send data about origin certificates via header in mTLS connections. When this is enabled, these are the pieces of information sent: By, Hash, Cert, Chain, Subject, URI, and DNS. See more about it here.

[Connectors] We have implemented a new rule for Connectors: all new connectors are to be release as Beta and will be upgraded to a stable version after a maturation period.

The link to access our products' Online Help was updated to Sensedia Docs (this website!).