API Platform 4.6.1.0

Improvements

Tokens and OAuth flows

  • The OAuth Authorization Code flow for obtaining tokens supports PKCE now. You can find more information about the usage of PKCE here.

The PKCE support doesn’t break backward compatibility, since it isn’t mandatory to use it in the Authorization Code. The use of PKCE as an extra security measure is left up to the client that is requesting a token.

  • We have improved the access token query by the API Token Manager 3.0.0. Now, the responses from access token queries that contain refresh tokens report the status and time-to-live of the refresh token. You can find more information about available queries here.

APIs timeout

  • Previously, any timeout value could be registered in the destination section of an API (as long the gateway limit value was always respected). To clarify the timeout limit value (60 seconds by default), we have included a validation in the timeout registration field and the timeout limit information from the customer’s gateway.

timeout
Timeout setting in the "API Destination" tab now includes limit validation and tooltip
It is still possible to set the timeout by referring to an environment variable (which must always be entered after $).

Interceptor Additional Info - improved information security

  • When the user used the Additional Info interceptor to display specific information retrieved from a call, the environment variables involved in the call were also displayed. To prevent potentially sensitive information from being displayed, the interceptor now only displays fields that are configured for retrieval.

If you used additional info to retrieve the environment variables involved in a call, note that this is no longer possible.

API Metrics

  • The operationName field has been added to the kpis/calls resource of the API Metrics 3.0.0.

Navegability and layout

  • In order to make the flow of the APIs clearer, suffixes have been added to the IP Filtering and Restrict Access. The suffix identifies whether the interceptor has been configured as an "Allow list" or a "Block list" type.

interceptors suffix
The suffixes "(Allow)" and "(Block)" identify the configuration type of the IP Filtering and Restrict Access interceptors

Adaptive Governance

  • It is possible to clone an existing Team Workflow by copying its settings into a new one. This can be done through a button located in the lower left corner of the card of the workflow to be cloned, shown in the figure below:

workflows cards
Button for cloning the corresponding Team Workflow

  • In the detailed search field Keywords of the APIs screen, we added a button that allows you to add more than one attribute filter to this search field, as shown in the image below:

adgov attributes
Button to add more than one attribute filter in the "Keywords" field of the APIs screen

Fixed bugs

API Gateway

  • We have fixed a bug in the XSLT interceptor that was causing processing to fail.

  • We have fixed the bug in the Custom Java interceptors update.

APIs paths

  • We have adjusted API path validation so that hyphens are accepted in path parameters.

Interceptor Additional Info

  • Some fields that were configured as STRING in the Type field of the Additional Info interceptor configuration window were being displayed as DATE in Kibana.

API Authorization (for OAuth flows)

  • In case of "Bad Request" errors, the exception was not being forwarded correctly and the handling was adjusted.

  • We have adjusted the error returned when a request is made to the API Authorization without the correct parameters because it included unnecessary information.

Plan export

  • The export plan selection screen was only showing 10 items.

Messages and warnings on screens

  • To improve security when accessing the Platform, the users' password needs to be reset after a period (by default 90 days). However, the warning displayed to the user when his password expired didn’t make it clear that a new password needed to be created, and it has been adjusted.

  • A user cannot access an API without the permission to view Workflows. This is expected, but there wasn’t any message to inform the user that he couldn’t access it due to the lack of permission.

Adaptive Governance

  • The paging of the Workflows screen only allowed you to list up to 10 elements.

  • In the search field API of the Impact Analysis screen, sometimes the list of APIs displayed as search results overlapped the typed text, making it impossible to see.

  • Sometimes an existing API searched on the Impact Analysis screen was not found.

  • In the detailed search of the Keywords field on the APIs screen, the field for selecting the value of an attribute sometimes displayed empty options.

  • If there were more than one API with a linked workflow, Adaptive Governance could use a workflow from another API to validate the requirements of a specific API’s stage.

  • Scrolling the window with metrics for API nodes and operations from the impact analysis graph of the Impact Analysis screen was not performed with a mouse scroll. Now, this window is displayed for the node clicked on the right side of the graph.

  • The progress line of API Maturity on the setting screen of a Workflow stage wasn’t updated according to the stage being edited. This happened when the stages were changed without closing the current stage’s screen first.

  • When editing an API on the APIs screen, the interface allowed saving the new settings without having a stage selected in the Workflow Stage field.

  • The impact analysis graph on the Impact Analysis screen always considered the latest revision of the API entered, even if this revision was not deployed in any environment yet. Due to this behavior, the necessary information was not displayed.

Security

  • Internal security enhancements were applied.

Services changed

Application Module Version

API Platform

API Manager Front

4.6.1.1

API Platform

API Governance

4.1.0.0

API Platform

API Finder

4.2.0.0

API Platform

API Authorization

4.3.0.0

API Platform

API Token Manager

4.2.0.1

API Platform

API Metrics

4.3.0.0

API Platform

API Manager

4.7.0.0

API Platform

API Gateway

4.6.0.0
Thanks for your feedback!
EDIT

Share your suggestions with us!
Click here and then [+ Submit idea]