What's new: 2022

New features are added and updates are made to improve the IBM® API Connect V10 Reserved service.

This page details the latest enhancements to IBM API Connect V10 Reserved.

From November 2022

Usage dashboard now available
You can now review information about your API Connect Reserved plan and API use. The information lets you track overall usage against your plan, and displays a graph showing your monthly usage rate. For more information, see Reviewing your plan and usage in the V10 Reserved documentation on IBM Cloud.

From September 2022

Changes to API Connect Analytics service
Important: The Analytics service was replaced in API Connect 10.0.5, and the changes impact any existing use of the dashboards and API as noted here.
  • New name for the Analytics service: ibm-managed-analytics-service-v2

  • New ingress URL for the Analytics service: analytics-v2-ai-endpoint==aiv2.customer.domain

  • New analytics dashboards

    New analytics dashboards are implemented in the API Manager UI, replacing the use of Kibana. Due to this change, users can no longer create (or import and export) custom visualizations and dashboards. Any existing visualizations and dashboards are no longer available.

  • New REST API for accessing Analytics data

    The Analytics REST API was replaced in API Connect 10.0.5 and the new Analytics REST API is not backwards-compatible. If you are using a previous version of the REST API, update calls to use the new REST API. For more information, see Accessing analytics data with the REST API.

Certificates Manager replaced with Secrets Manager
API Connect V10 Reserved now requires you to manage certificates for remote gateways with IBM Cloud Secrets Manager. If you previously used IBM Cloud Certificates Manager, you can migrate the existing certificates to Secrets Manager as explained in Migrating certificates to Secrets Manager in this documentation.

Support for more granular IAM access policies in API Connect V10 Reserved
IBM Cloud Identity and Access Management (IAM) access policies, and the procedure for creating them, for your API Connect V10 Reserved instance have been expanded to support access policies at the Catalog and Space level, in addition to the existing provider organization level support. For information on creating access policies and assigning them to users, see Managing Users in the API Connect V10 Reserved documentation on IBM Cloud. For the list of available IAM access roles, see Managing access in the API Connect V10 Reserved documentation on IBM Cloud.

Increased OpenAPI 3.0 support
The following updates have been made to the Open API 3.0 support for APIs that are enforced by the DataPower® API Gateway:
  • All assembly policies are now supported, including the validate and map policies.
  • The OAuth2 with multiple flows security scheme is now supported.
For more information, see OpenAPI 3.0 support in IBM API Connect.

New publish validation option when publishing your products
You can now select from the following publish validation options when configuring Catalogs in the API Manager UI:
  • Publishing APIs with empty paths is not allowed
  • Validate custom policy schema in an assembly
  • Validate the references inside the API and perform additional OpenAPI validations
  • Publishing APIs with duplicate base paths is not allowed
To configure these options, in the Catalog that you want to work with click the Catalog settings tab, and then click Publish validations > Edit. For more information about configuring Catalogs, see Creating and configuring Catalogs.

Override the timeouts set by consumer organization invitations
You can now override the consumer organization timeout with the timeout that is set in the Catalog. For more information, see Creating and configuring Catalogs.

Mixed-case resource names now supported
You can now create resource names with mixed-case text, including names for users, APIs, Products, Catalogs, organizations, and so on. However, you cannot have duplicate names of resources where the only difference is the case. For example, while MyAPI and myapi are both supported names, they cannot both exist in the same namespace. Also, note that Developer Portal endpoints must be only lower-case.

The API policy version must match the gateway policy version
The way that API Connect validates the API policy version has changed. In earlier releases, API Connect published the API if its policy version was considered to be compatible with the gateway's version. If no version was specified, the policy version defaulted to 1.0.0. However, the published API might then fail at the gateway if the API policy version didn't match the gateway policy version.

Now, API Connect mitigates the problem by validating the API policy version prior to publishing the API. This new behavior means that API Connect only publishes an API to the gateway if the API policy version exactly matches the version that is present on the gateway. In addition, if a policy version isn't specified, it no longer defaults to 1.0.0. If the version is incompatible with the gateway, a validation error is thrown that specifies the available versions.

Note that this change in behavior does not affect APIs that are already published.

For more information about adding policies to your assembly, see Adding OpenAPI 2.0 elements to your assembly or Adding OpenAPI 3.0 elements to your assembly.

More flexibility when customizing the preflow policies
You can now use the mode property to control how the preflow policies are applied. For more information, see Customizing the preflow policies.

Configure the visibility of Products at a Catalog or Space level
You can now modify your Catalog settings to define a visibility property at a Catalog or Space level. This setting then becomes the maximum level of visibility that is allowed for any Product that is published to that Catalog or Space. It can also be used as the default visibility setting for that Catalog or Space. For more information, see Configuring Product visibility in a Catalog.

Note that this is an additional feature that is disabled by default, so current Product visibility behavior is not affected. The new feature also doesn't affect any Products that are already published.

New commands are available in the Developer Portal command-line tool
The following commands for managing forums are now available in the Developer Portal command-line tool:
  • forums:disable - Deletes any existing forums taxonomy terms, and then disables the Forum module for a given site.
  • forums:enable - Enables the Forum module for a given site.
For more information, see Using the forums commands.

From May 2022

Drupal 9 upgrade compatibility check now added to the Developer Portal upgrade process
A compatibility check has been added to the Developer Portal upgrade process to verify that any additional contributed modules, or custom modules, or sub-themes, declare that they are compatible with Drupal 9. Any Developer Portal sites that contain modules or sub-themes that don't have this version declaration will fail to upgrade. For information about how to make the Drupal 9 version declaration in custom modules or sub-themes, see Installing Drupal 8 based custom modules or sub-themes into the Drupal 9 based Developer Portal. For more information about Drupal 9, see About Drupal 9 on the drupal.org website.

Upgrade from php 7.4 to php 8.0
Php has been upgraded to version 8.0. If you are using additional contributed modules, or custom modules, check that they are compatible with php 8; also check the php release notes for any breaking changes.

From January 2022

Ability to monetize your Products
IBM API Connect V10 Reserved now includes a subscription billing feature that allows API providers to define pricing Plans in their API Products, and monetize their API offerings, by integrating with the Stripe Subscription Billing service. For more information, see Monetizing your Products.
New application for quickly testing APIs: Automated API behavior testing
The Automated API behavior testing application provides a simple set of fields where you can quickly invoke your API. You can automate tests and define schedules for running them. For more information on using the application, see Testing an API with Automated API behavior testing.
HTTP Bearer supported as the security scheme for OpenAPI 3 APIs
The HTTP Bearer security scheme (as specified in the OpenAPI 3 Specification) is now supported for OpenAPI 3 API definitions. For more information, see Defining an HTTP bearer security scheme.
Import a REST API from a URL
When you create a REST API by importing the YAML file definition, you can specify the URL where the file is hosted. This saves you the intermediate step of downloading the file to your local storage before importing it. For more information, see Adding a REST API by importing an OpenAPI definition file.
Test tab no longer includes websocket subscription in payload while invoking a GraphQL API when "by URL parameter" option is selected
When working with GraphQL APIs in the Test tab, invoking a websocket subscription with "by URL parameters" option will no longer include the subscription in the payload. The subscription will only be included in the URL parameters, matching the approach used by queries and mutations.

This change applies only to the Test tab (API Manager, API Designer) and does not affect third-party clients.

Test and debug support for non-Sandbox catalogs
You can now choose which catalog an API can be published to, directly from the API editor header. When selecting any catalog, the Test tab is enabled so you can click it to test your API. The test feature is no longer limited to the Sandbox catalog.
Added JSONata extension functions to support GraphQL APIs
When you use JSONata notation in assembly actions, you can use extension functions to retrieve elements from GraphQL messages. For more information, see Constructing JSONata expressions to redact fields.
Enhanced support for GraphQL APIs
The custom scalar type Long allows use of integers that are lesser or greater than those handled by the default scalar type Int. For more information, see Long custom scalar.
You can use the @scalarParam directive to customize custom scalar types. Extensions to GraphQL.
CORS support for customizing an Access-Control-Expose-Headers response header
You can now customize the Access-Control-Expose-Headers response header in your CORS support for an API. For more information, see Enabling CORS support for an API.
Apply Catalog actions to Spaces

Certain Catalog actions can now be applied across Spaces. For example, you can replace or supersede Products hosted in the same Space, and as well as Products hosted in different Spaces. Review the following list for a summary of the Catalog actions that can be used when Spaces are enabled:

  • Product gateway update: Space scope only
  • Product lifecycle actions:
    • Stage/publish from draft or direct stage/publish from multipart Product: Space scope only
    • Other lifecycle actions can be at Space or Catalog scope
  • Product composite lifecycle actions:
    • At the Space scope, both Products must be hosted in the same Space
    • At the Catalog scope, Products can be in different Spaces
  • API update to online/offline status: Both Space and Catalog scopes are supported
Ability to select which gateway to publish to is now available in the Product create wizard
When you create a new draft Product in the API Manager UI, you can now select which gateway to publish your Product to. For more information, see Creating a draft Product.
Create custom Plan metadata to display in the Developer Portal
Along with the Product and API custom metadata, you can now create custom metadata for your Plans. By adding the custom attribute x-name: value to the Plan OpenAPI source, you can specify custom metadata to display with your Plans in the Developer Portal. For more information, see Editing a draft Product.
Custom email styling is now available for the emails that are sent from the API Manager
You can now apply custom styling to the content of the emails that are sent from the API Manager, such as invitations, product lifecycle events, and emails to consumer organization owners. For more information, see the following topics:
Migrate subscriptions between Plans within a Product
You can now migrate subscriptions between Plans within a single Product, in addition to migrating them to a Plan within a different Product. When you migrate the subscriptions between Products, the Products can reside in the same Space or in different Spaces. For more information, see Migrating application subscriptions.
Custom email styling is now available for the emails that are sent by the Developer Portal
API consumers can now receive emails from the Developer Portal that are custom styled to match your business theme. For more information, see How to style the Developer Portal emails.
New commands are available in the Developer Portal command-line tool
The following commands are now available in the Developer Portal command-line tool:
  • api:get-document and product:get-document - Get a specific entire document for a given API or product on a specific Developer Portal site; see Using the api commands and Using the product commands.
  • custom-translation - Create an import or export task that will import or export a .tgz of custom translations for a Developer Portal site; see Using the custom-translation commands.
  • drupal-config - Manage the Drupal configuration objects on your Developer Portal service, for example to disable CSS and JS aggregation; see Using the drupal-config commands.
  • site:cache-rebuild - Rebuild the Drupal cache on your Developer Portal site; see Using the site commands.
  • site:state - Obtain the current state of a Developer Portal site, for example to understand the general health of the site; see Using the site commands.
  • twig - Enable, disable and list the state of the twig debugging on a specific Developer Portal site; see Using the twig commands.
The Legal module is now included in the list of core modules
The Legal module is now included in the list of core Developer Portal modules. This module provides more options for configuring your site terms and conditions. For more information, see Forcing new users to accept terms and conditions.
Additional email address settings for all user registries
The following two new settings are now available on all user registries to manage the use of email addresses when onboarding new users:
  • Email required - Select this checkbox if an email address is required as part of the user onboarding process.
  • Unique email address - Select this checkbox if email addresses must be unique within the user registry.
Note:
  • An email address is not required by default for onboarding to the API Manager, but it is required for onboarding to the Developer Portal.
  • Every account in the Developer Portal, including across different user registries for the same site, must have a unique email address, including the site Admin account.
  • If Email required is selected, the source identity provider must supply the email address as part of the authentication process, or the user will fail to onboard.
  • For new Local User Registries, the Unique email address setting is always selected; so if email addresses are contained in the user record, they must be unique. However, for existing Local User Registries this setting can be edited.
For more information, see Working with user registries in the API Manager, and select the required user registry type.
Increased OpenAPI 3.0 support
The following updates have been made to the Open API 3.0 support for APIs that are enforced by the DataPower API Gateway:
  • All assembly policies are now supported, except for the validate and map policies.
  • The HTTP JWT Bearer security scheme is now supported.
For more information, see OpenAPI 3.0 support in IBM API Connect.

From August 2021 - for Developers

New OpenAPI 2.0 editor
A new API editor is provided for OpenAPI 2.0 APIs. This editor is based on the design of the OpenAPI 3.0 editor that was introduced in IBM API Connect Version 10.0.1.1. For more information, see Editing an OpenAPI 2.0 API definition.
Search expanded to all list pages
The Search feature in lets you search the items displayed in list pages in API Manager and API Designer. Previously this feature was limited to a subset of list pages, but is now available in API Manager and API Designer all pages that display lists. For information on the Search feature, see Searching list pages.
Specify the HTTP status code and reason phrase when throwing an error
When configuring a Throw policy in the catch block of an API assembly, you can now specify the HTTP status code and reason phrase. For more information, see throw.
Enable persistent connections to a target endpoint
A new Persistent Connection option has been added to the Invoke policy that, when selected, enables persistent connections to the target endpoint, allowing connection re-use. For more information, see Invoke.
Specify the type of content to log for the Log policy
When configuring a Log policy in an API assembly, a new Log Level property allows you to specify the type of content to log. For more information, see Log.
Designate an error global policy
You can now deploy an error global policy to a gateway service, to be called whenever an error is thrown. For more information, see Working with global policies.
Expanded support for the GraphQL send type property on the Invoke policy
The Invoke policy now additionally supports the GraphQL send type property when the Backend type is Detect, or the HTTP Method is Keep. For more information, see Invoke.
Enhancements to GraphQL support
  • GraphQL subscriptions are now supported in the payload, in addition to being supported in query requests.
  • GraphQL requests can now be sent by using the GET method, in addition to the POST method.
  • Two-phase introspection is now supported.
  • Negative weights are now supported in analysis configurations.
  • The default @deprecated directive now supports the reason argument for stating the reason why a field or type is marked as being deprecated.
  • Query validation now checks to determine whether all @directives are known by the schema and legally positioned.
  • The assembly validate action now correctly processes GraphQL responses that contain an error and no data or partial data.
For details of current limitations in GraphQL support, see GraphQL limitations.
Specify the testing preferences for an API
By default, when you test an API with the Test tab, a range of test parameters are configured by default. For example, a default Product is automatically generated, to which the API is added, and that Product is published to the Sandbox Catalog. However, you can now configure testing preferences for each of your APIs, including the required Product and target Catalog. For more information, see Specifying the testing preferences for an API.
Preserve headers for logging to analytics
When configuring activity logging for an API, you can now specify custom request and response headers that are preserved for logging to analytics. For more information, see Configuring activity logging.
Update a SOAP API from a WSDL file or a .zip archive
You can now use the Update WSDL option in the API Manager UI, or run the apic draft-apis:update-wsdl command in the developer toolkit, to update the configuration of an existing SOAP API. For more information, see Updating a SOAP API for the API Manager instructions, or API development and management commands for the developer toolkit CLI instructions.
Testing an API by using the Explorer tab in the API editor
You can now use the Explorer tab in the API editor of the API Manager and API Designer UIs, to see how your APIs look to a consumer in the Developer Portal. You can check the descriptions of the different artifacts, and review any schemas or examples, and you can also use the Try it tool to test the behavior of the API. For more information, see Testing an API with the Explorer tab.
Modify the headers and parameters of an API request
You can now use the following API context variables to modify the headers and parameters of an API request by customizing the preflow policies:
  • request.headers.name
  • request.original.headers.name
  • request.parameters.name.values
  • request.original.parameters.name.values
For more information, see API Connect context variables.
Extend the OpenAPI specification by using the user interface
In addition to the CLI support that was available in previous releases, you can now use the user interface to extend the OpenAPI specification, by adding either a JSON or YAML extension schema to an API. An extension is imported into a Catalog, or as Space in a Catalog, then added to the API schema. For more information, see Importing an OpenAPI extension into a Catalog and Adding an OpenAPI extension to an API.
Enhanced SwaggerDoc (OpenAPI 2.0) and OpenAPI 3.0 validation
Validation of SwaggerDoc (OpenAPI 2.0) and OpenAPI 3.0 documents by is now done by the API Dev Tools Swagger Parser at stage or publish time. This also includes de-referencing of documents to ensure that included local references (that is, $ref properties) are valid. For more information on staging and publishing APIs, see the following topics:
Directly navigate to specific APIs and operations in the Open API Explorer Documentation
You can now use the URL to navigate directly to specific APIs and operations in the OpenAPI Explorer Documentation for the API Connect REST APIs. You can also select the APIs for a specific version by using the drop-down menu in the header bar. See Open API Explorer Documentation for Version 10 and later.

From August 2021 - for API product managers

Transfer ownership of a Catalog or Space
You can now transfer the ownership of a Catalog or Space to another user. Optionally, you can also have the ownership of all Spaces in a Catalog transferred to the new organization owner. For more information, see Creating and configuring Catalogs and Creating, modifying, and deleting Spaces.
Transfer ownership of a Consumer organization
You can now transfer the ownership of a consumer organization to another user. For more information, see Editing a consumer organization.
Add member option now available when adding users to a provider organization
When you add a user to a provider organization, you can now use the Add member option to have a new or existing user added immediately without sending an activation email. For more information, see Adding provider organization users and assigning roles.
Send email messages to consumer organization owners
You can now send an email message to the owners of selected consumer organizations, or to the owners of all the organizations in a consumer organization group. For more information, see Sending messages to consumer organization owners and Working with consumer organization groups.
Toggle the visibility and subscribability of a Product
You can now control whether or not a Product in a Catalog is visible or subscribable with a single check box. For more information, see Changing the availability of a Product.
Retain Version 5 vanity endpoint behavior in a Catalog by using the API Manager user interface
In addition to the developer toolkit CLI support, you can now modify your Catalog settings to retain the Version 5 vanity endpoint behavior by using the API Manager user interface. For more information, see Retain Version 5 vanity endpoint behavior in a Catalog.
Migrate application subscriptions
You can now migrate application subscriptions from one Product to another Product. For more information, see Migrating application subscriptions to another Product.
Additional configuration options for onboarding API consumers into a Catalog
You can now require approval for all new self service onboarding to the Developer Portal, and configure the ability for API consumers to invite collaborators and assign them to roles in the Developer Portal. For more information, see Creating and configuring Catalogs.
View and edit the email notification templates in different languages
You can now view and edit the email notification templates in different languages. For more information, see Configuring notifications in the API Manager UI.
Retain the OAuth Authorization header for a third-party OAuth provider
When configuring a third-party OAuth provider, you can now select to retain the Authorization header for a bearer token. For full details on configuring a third party OAuth provider, see Configuring a third-party OAuth provider.
Modify Product visibility and subscribability settings when publishing
Product visibility and subscribability settings are initially configured in the draft Product definition. However, you can now modify these settings when publishing the Product. For more information, see Publishing a draft Product.

From August 2021 - for API consumers

New activity feed for Consumer organizations on the Developer Portal
The Developer Portal now includes an activity feed that shows Consumer organization users the details of events that occur on the organization, such as application creation, subscriptions, and so on. This activity feed is displayed by default on the navigation bar of the organization, and as an additional tab on the organization page and the application page.

From August 2021 - for Developer Portal administrators

Directly navigate to a specific Product or API in the Developer Portal
You can navigate directly to a specific Product or API in the Developer Portal by using x-ibm-name:version in the URL. For more information, see How to use a URL to navigate directly to a Product or API in the Developer Portal.
Upgrade from Drupal 8 to Drupal 9 content management system
The Developer Portal is now based on the Drupal 9 content management system. This is an in-place upgrade, so no specific steps need to be taken. However, if you are using additional contributed modules, or custom modules or sub-themes, you should check that they are compatible with Drupal 9, and not using any deprecated APIs for example. There are tools available for checking your custom code, such as drupal_check on GitHub, which checks Drupal code for deprecations. For information about how to make the core version of custom modules or sub-themes compatible with Drupal 9, see Installing Drupal 8 based custom modules or sub-themes into the Drupal 9 based Developer Portal. For more information about Drupal 9, see About Drupal 9 on the drupal.org website.
New security command available in the Developer Portal command-line tool
The following command is now available in the Developer Portal command-line tool to help you manage IP addresses:
  • apic security:clear-bans - Clear all of the banned user/IP addresses on a portal site. For more information, see Using the security command.
Configure the notifications event log settings for your Developer Portal
The Developer Portal now includes an activity feed that shows Consumer organization users the details of events that occur on the organization, and you can configure the amount of days that the events are kept for. For more information, see Configuring the notifications event log settings.

From August 2021 - for Security practitioners

Log in to the toolkit with an IAM API key
You can now log in to the IBM API Connect management server with the toolkit by using your Identity Access Management (IAM) API key. For more information, see Setting up the toolkit for V10 Reserved.