What's new in the latest release (version 10.0.8.0)
Find out about the newest features and the latest updates in API Connect.
IBM® API Connect 10.0.8.0 is a Support Cycle-2 release, and is the follow-on release to the prior Continuous Delivery (CD) releases 10.0.7.0 and 10.0.6.0. Support Cycle-2 (SC-2) is the new name for Long Term Support (LTS), such as the 10.0.5.x and 10.0.1.x. releases.
Product files and release notes
- Access the latest files from IBM Fix Central by searching for the API Connect product and your installed version. Full installation files for IBM API Connect can be downloaded from Passport Advantage.
- For details on the specific APARs that are included in this release, and links to downloads, blogs, and conference notices, see the IBM API Connect 10.0.8.0 Support Announcement page.
- For more details about support lifecycle policies at IBM, such as Support Cycle-2, see IBM Software Support Lifecycle Policies.
Upgrading from API Connect 10.0.5.x
If you're upgrading to 10.0.8.x from 10.0.5.x, you should also note the major updates that were delivered to API Connect in versions 10.0.6.0 and 10.0.7.0. For a list of the key changes, see Upgrading to 10.0.8.x from 10.0.5.x.
IBM API Connect 10.0.8.0 includes the following enhancements.
What's new for Developers
- Support for OIDC discovery
- API Connect now provides native support for OIDC discovery, which allows a client to query attributes of the provider itself. You can supply the provider's URL as the OpenIDConnect Discovery path while Configuring the OIDC parameters for a native OAuth provider.
- The Automated API behavior testing application is now available from the API Manager home page
- If your cloud administrator installed the Automated API behavior testing application, you can access it by clicking the Test tile on the API Manager home page. For information on using the test application, see Testing an API with Automated API behavior testing.
- New API discovery capability
- Now, you can quickly discover the APIs in your organization, and pull them automatically into
your API
Manager, by using
GitHub, DataPower® API Gateway proxy, and OpenTelemetry collectors. For more information, see API discovery.
- Governance service updates
- The following updates to the governance service are now available:
- The governance service is now available from the main navigation bar by clicking the Governance icon . Previously, the governance service was accessed from the Resources section.
- You can now run scans on your catalogs and spaces to validate the APIs that they contain by using Spectral rulesets. For more information, see Scanning your catalogs and spaces.
- The ability to create and manage product rulesets, as well as API rulesets, is now available; see Configuring governance in the Cloud Manager, and Configuring governance in the API Manager.
- You can now also run validation scans on your product documents, as well as on your API documents. For more information, see Validating an API or product document by using the governance service.
- Spectral 2.0.1 is now supported.
- LoopBack is no longer supported
-
Beginning with API Connect 10.0.8.0, LoopBack is no longer supported. LoopBack is not included with the toolkit, and is not discussed in this documentation.
- Toolkit CLI documentation relocated
-
The toolkit CLI documentation is now published at https://ibm-apiconnect.github.io/clidocs, instead of in the reference section of this collection.
- Importing AsyncAPI with Event Endpoint Management
-
You can now import an AsyncAPI that was exported from Event Endpoint Management. For more information, see Importing an AsyncAPI from Event Endpoint Management.
- Creating AsyncAPI with Event Endpoint Management
-
You can now create AsyncAPI by using Event Endpoint Management. AsyncAPI managed in Event Endpoint Management is read only in API Connect. For more information, see Creating an AsyncAPI with Event Endpoint Management.
- View the subscription task approval history
-
You can now view the complete history of subscription task approvals. For more information, see Approving product lifecycle and subscription requests.
- Download event logs from the gateway service
-
You can now download event logs from the gateway service. For more information, see Reviewing processing status and downloading event logs for gateway.
- Added OAuth authorization support for four grant types
-
Added OAuth authorization support for the following four grant types:
- Access Code
- Application
- Implicit
- Password
What's new for API product managers
- API Connect Backstage plug-in
-
The plug-in provides a centralized view of APIs and products across multiple API Connect clouds, organizations, and catalogs. It enables API teams to manage and monitor their API assets efficiently. For more information, see [Technology Preview] Using API Connect Backstage plug-in.
- New Consumer Catalog for testing and subscribing to APIs
- You can now use a Consumer Catalog for testing and subscribing to APIs. The Consumer Catalog is a non-customizable, self-service, web-based site for application developers to test and subscribe to the APIs that are published in your catalog. The site uses less resources when compared to the Developer Portal, and offers quick and basic credential access. The Consumer Catalog is ideal for smaller API catalogs and internal users, who are looking for a lightweight consumer experience with basic functionality. A customer can have either a Developer Portal or a Consumer Catalog to test and subscribe to the APIs that are published in your catalog.
- New graphical representation of API event latency
- The API latency visualizer has a new horizontal bar that highlights where most of time is spent in the processing of an API call.
- Analytics
event_id
generation -
The auto-generated
event_id
for analytics API events is now generated based on a hashed version of thedatetime
,transaction_id
, andclient_id
fields combined by using the SHA1 algorithm.This change prevents the analytics subsystem from ingesting duplicated API events, which can be caused by gateway failure.
- New
gateway_type
field in analytics API events - The API event records have a new field
gateway_type
that indicates the type of gateway and version that processed the API call. For example,apigw/10.5.3.0
. API event record fields are listed in API event fields.All gateway types except for the V5 compatible gateway (
v5c
), set the newgateway_type
field when they generate API events. - New
log_policy
filter option to select API events by logging type - Filter the view of your API events by log policy. An example use case is when your analytics persistent storage is near its limit and you want to identify all APIs that are set to payload logging. Disabling payload logging on your APIs reduces persistent storage use.
- New analytics chart that shows the distribution of API calls across catalogs
-
If the same API is published to multiple catalogs, the new chart shows how calls to that API are distributed across your catalogs.
- Analytics consumer's user agent string parsed to provide more details about the user
-
To provide more information on who is calling your APIs, the consumer's
http_user_agent
string is parsed into individual fields in the API event record, such asuser_agent.os_version
. The full list ofuser_agent
fields is documented in API event fields. - Analytics reports can be exported from the UI as PDF
- The detailed reports in Cloud Manager and API Manager UIs can be exported to PDF.
- Analytics dashboards updated
- The following analytics dashboards are updated and the charts are redistributed across the
updated dashboards to eliminate duplication:
- New dashboards: Summary, Applications, Client information, Consumers.
- Removed dashboard: Usage.
- Renamed dashboards:
- Monitoring Latency => Latency.
- Monitoring Data => Data Transfer.
- Monitoring Status => Status.
- Analytics deprecated product report
- The new report identifies which deprecated products are still being called. With this information, you can identify the consumers who are still using the deprecated APIs and encourage them to switch the new APIs.
- Analytics reports available at space scope
-
All analytics reports are now available at the space scope, in addition to the existing cloud, provider organization, and catalog scopes.
- Links to live analytics data from analytics reports
- New Jump to live data button in the detailed analytics reports. Click Jump to live data to switch to the Discover view and see the current live data at the scope of the report.
- Bookmark and share links to specific analytics pages, reports, and dashboards
-
You can bookmark and share analytics pages, reports, and dashboard views that include your filters.
- Analytics CLI bucket_interval query parameter
- The analytics CLI dashboards query has a new query parameter:
bucket_interval
. Thebucket_interval
parameter allows you to specify the interval between data points. For example, if you are querying for analytics data for the last week (specified with the--timeframe
parameter), and you want 4 data points per day, then setbucket_interval
to 6 hours (6h
).The CLI
apic dashboards
operations are documented here: https://ibm-apiconnect.github.io/clidocs/docs/v1008/analytics/apic_dashboards - Analytics GeoIP is enabled by default
- The analytics
ingestion.geoIPEnabled
property is set to true by default.When
ingestion.geoIPEnabled
is set to true, geographical information that is related to the callers IP address is included in API event records. - New links to analytics data from API Manager UI
- The Manage Catalog and Manage Space views now have links to the analytics data and reports.
- Consumer organization reports include a table of applications that are owned by the consumer
-
The detailed reports for consumer organizations now include a table that shows the applications that are in the consumer organization, and how many API calls each application made. Clicking the application name in this table takes you to the detailed report for the application. The application reports also include a link to the owning consumer organization report.
- Analytics Logstash gelf output plug-in removed.
-
The output plug-in https://www.elastic.co/guide/en/logstash/current/plugins-outputs-gelf.html is removed from the analytics subsystem.
What's new for API consumers
- New Consumer Catalog for testing and subscribing to APIs
- API consumers can now use a Consumer Catalog for testing and subscribing to APIs. The Consumer Catalog is a non-customizable, self-service, web-based site for application developers to test and subscribe to APIs. The site uses less resources when compared to the Developer Portal, and offers quick and basic credential access. The Consumer Catalog is ideal for smaller API catalogs and internal users, who are looking for a lightweight consumer experience with basic functionality. You can have either a Developer Portal or a Consumer Catalog to test and subscribe to the APIs that are published in a catalog.
What's new for Developer Portal site administrators
- Updates to the
custom-module
andcustom-theme
Developer Portal commands - The
custom-module:create-import
andcustom-theme:create-import
commands now include a--wait
flag to give you more control over the command completion time. Previously, the cache rebuild was automatically included as part of the task. Now, if you want to include the cache rebuild as part of the task, you must include the--wait
flag. If you run the commands without the--wait
flag, the cache is rebuilt in the background after the task is complete. For more information, see Using the custom-module commands and Using the custom-theme commands. - New Developer Portal maintenance commands
- The following maintenance commands can be used to manage the maintenance
operations on your Developer Portal:
apic maintenance:disable
- Disable your maintenance operations.apic maintenance:enable
- Enable your maintenance operations.apic maintenance:rebuild_node_access
- Rebuild the node access table for your maintenance operations.apic maintenance:search_api_index_rebuild
- Rebuild and re-index the search API index of your maintenance operations.apic maintenance:search_api_index_status
- Print the search API index of your maintenance operations.apic maintenance:status
- Get the current mode of your maintenance operations.
For more information, see Using the maintenance commands.
- New Developer Portal memcache commands
- The following memcache commands can be used to manage the default caching
store operations on your Developer Portal:
apic memcache:disable
- Disable your default caching store operations and set Drupal to use database as its cache.apic memcache:enable
- Enable your default caching store operations and set Drupal to use RAM as its cache.apic memcache:get
- Get the status of yourmemcache enabled
operations.
For more information, see Using the memcache commands.
- New Developer Portal role commands
- The following role commands can be used to complete some Drupal role
management tasks on your Developer Portal:
apic role:create
- Create a new user role.apic role:delete
- Delete an unwanted user role.apic role:add-permission
- Add one or more permissions to a user role.apic role:remove-permission
- Remove one or more permissions from a user role.apic role:get
- Get the details of a specific user role as well as the permissions available.apic role:list
- List the roles based on a specific role or permission.
For more information, see Using the role commands.
- New Developer Portal
sites
command - You can now use a
sites:reset-upgrade-attempts
command to reset the upgrade attempt counter within the Developer Portal, so that failed upgrades can be retried. For more information, see Using the sites commands. - New Developer Portal queue commands
- Use the queue commands to list the queued and locked platform tasks on your
Developer Portal
site. For more information, see Using the
queue commands.
- New Developer Portal user commands
- The following user commands can be used to complete some Drupal user
management tasks on your Developer Portal:
apic user:add-role
- Add one or more roles to one or more specified user accounts.apic user:block
- Block one or more users.apic user:information
- Retrieve information about your users.apic user:remove-role
- Remove one or more roles from one or more specified user accounts.apic user:unblock
- Unblock one or more users.
- Removing keys that begin with
x-ibm
from the OpenAPI document download - By removing the keys that begin with
x-ibm
from the OpenAPI document download, you can download the OpenAPI documents without any key-value pairs that are IBM specific. Enabling this configuration setting removes the information about the API Management provider from the OpenAPI document that is downloaded in the Developer Portal.
What's new for DevOps
- Upgrading the Management subsystem from 10.0.7.0 on VMware requires maintenance mode
- If you are upgrading from 10.0.7.0 to 10.0.8.0, you must enable maintenance mode for the Management subsystem before you begin the upgrade. For more information, see step Upgrading management, portal, and analytics on VMware.
- New cluster management operations in the analytics API for monitoring analytics ingestion
- The Logstash APIs can now be
run from the analytics REST API and toolkit CLI to provide more information on analytics ingestion.
Logstash API reference: https://www.elastic.co/guide/en/logstash/current/monitoring-logstash.html.
- VMware apicup certs list command checks for certificate expiry
- The apicup certs list command that is used on VMware now checks the expiry
date of all certificates that are managed by apicup. A warning is output for any
certificates that are expired or close to expiry.
For more information about checking certificate expiry on VMware, see Certificate expiry and renewal.
- Analytics database backup updates
- The analytics database backups can now be directed to a remote SFTP server, or stored
locally.The configuration of analytics backups and the restore procedures is simplified to two restore options:
- Repair. Restores indexes that are corrupted or missing.
- Replace. Restores all data from the backup, overwriting any existing data.
Object-store backups now support path-style hosts.
Note: Analytics database backups that were taken on an earlier release cannot be restored on V10.0.8.0. - Analytics
n3xc4.m16
profile is deprecated - If you are using the analytics
n3xc4.m16
component profile, then switch to then3xc4.m32
profile. You can switch to then3xc4.m32
profile before or after you upgrade to V10.0.8.0. If you continue with then3xc4.m16
profile on V10.0.8.0, then your analytics subsystem might encounter memory limits that inhibit how much analytics data you can retain. - Top-level CR deployment profiles n3xc16.m48 and n3xc12.m40 deprecated
-
The top-level CR deployment profiles
n3xc16.m48
andn3xc12.m40
are deprecated, and replaced with the profilesn3xc16.m64
andn3xc12.m56
. It's recommended that you switch to one of these new profiles after the upgrade to 10.0.8.0 is complete. For information about switching profile, see ../com.ibm.apic.install.doc/config_ocp_switch_profile.html. - Dedicated storage is the default storage type for analytics
- For three replica analytics deployments, the dedicated storage type is now the default type. Not applicable to one replica deployments where the only available storage type is shared.
- Backup and restore that uses OADP
- For Cloud Pak for Integration users, API Connect subsystem backups can be configured with Red Hat OpenShift API for Data Protection (OADP). For more information about OADP, see Administering backup and restore in Cloud Pak for Integration.
- Cloud Pak for Integration integration during installation
- The default value for
metadata.annotations.apiconnect-operator/cp4i
is now false in all installation scenarios except for installation with the Cloud Pak for Integration Platform UI.For more information about Cloud Pak for Integration and API Connect integration, see OpenShift: Deciding to use individual CRs, a top-level CR, or Cloud Pak for Integration.
- New API discovery optional add-on service
- API
discovery is an
optional add-on to API Connect that can be used
to quickly discover the APIs in your organization, and pull them automatically into your API
Manager. For information about
how to enable API
discovery,
see Enabling API
discovery on Kubernetes and Enabling API discovery
on VMware.
- Cert-manager is upgraded to version 1.12.10
- API Connect 10.0.8.0 uses cert-manager 1.12.10. If your environment requires a manual installation or upgrade of cert-manager, the instructions are included as part of the API Connect installation and upgrade procedures.
- Backup certificates requirement for VMware
- On VMware deployments, to fully backup API Connect you must run a script to extract the management subsystem certificates. For more information, see Backup management certificates.
- LDAP connection pooling for DataPower API Gateway
- API Connect now supports LDAP connection pooling for the DataPower API Gateway service. Connection pooling reduces overhead and improves performance by maintaining a pool of connections and assigning them as needed. For more information, see the options in step 4 of Registering a gateway service.
- SFTP management database backup support
- The management subsystem database can be backed up to a remote SFTP server. In V10.0.7.0, only S3-compatible object-store is supported.
- The CRD installation and upgrade processes now require additional parameters
- In 10.0.8.0, CRD sizes increased. To ensure successful updates to a CRD, include the
--server-side
and--force-conflicts
parameters in thekubectl
apply command during installation or upgrade of CRDs.The following topics now use the updated command to install or upgrade CRDs:
- Rollback scenarios for VMware upgrades
- If certain known problems are encountered during the upgrade process on VMware, a rollback is
performed automatically.
In all cases, contact IBM Support for help with resolving the underlying problem before you reattempt the upgrade. For more information, see Upgrade fails with an automatic rollback.
- New flag for
install
command when upgrading from 10.0.5.x on VMware - When running the
install
command to upgrade the management subsystem from 10.0.5.x on VMware, use the--force-operand-update
flag to bypass the Warning state that occurs due to the change from the Crunchy database to EDB. This new flag is included in the upgrade instructions in Upgrading management, portal, and analytics on VMware. - New OIDC registry option to return third-party tokens as separate claims
- By default, OIDC third-party tokens are returned as part of the access_token that is issued by API Connect. Returning the OIDC third-party tokens as separate claims prevents the access_token from growing too large. For more information, see Configuring an OIDC user registry in Cloud Manager.
- Event Gateway Service provides access to event endpoints managed by the Event Endpoint Management application
- You can configure your IBM Event Endpoint Management instance to be registered as an Event Gateway Service in API Connect. With the Event Gateway Service, application developers can discover event endpoints and configure applications to access them through the event gateway.