Version 2018.4.1 known limitations

This page describes known limitations for IBM® API Connect Version 2018.4.1.

Note: The limitations that are documented on this page will be removed as they are addressed in the IBM API Connect product. For the most up-to-date list of product limitations, visit the English version of this page.
You cannot upgrade to API Connect 10.0.6.0 or later from from any version of 2018.
A direct upgrade from any version of 2018 to API Connect 10.0.6.0 or later is not supported. You must upgrade to 10.0.5.x as an interim step before upgrading to 10.0.6.0.

VMware only: You must upgrade to 2018.4.1.20 before upgrading to 2018.4.1.24
On VMware, the only upgrade that is supported for version 2018.4.1.24 is from 2018.4.1.20; you cannot upgrade directly from older releases.

Override plan rate limits are not displayed in the Endpoint tab
Any override plan rate limits that have been added to your API for individual operations are not displayed in the API Endpoint tab in the UI. Only the plan rate limit is displayed.

Updates to members in the UI might not automatically refresh
Updates to members in the Cloud Manager and API Manager UIs might not automatically refresh. However, you can click the Refresh icon Refresh icon in the UI navigation pane to manually refresh your browser.

APIC repair job fails when streaming-connection-idle-timeout is set to 0
The recommended timeout value is 1 hour. The value is set in the kubelet config file. For information on configuring this setting, see the Kubernetes kubelet documentation at https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/.
Viewing multiple dashboards in a non-incognito browser is not supported
Either an incognito (private) browser tab, a separate browser instance, or a full page refresh is required for viewing dashboards in multiple Analytics services simultaneously.
Default vanity API endpoints are not displayed for a Catalog with Spaces enabled
If you enable Spaces in a Catalog then, on the Settings > API Endpoints page for the Catalog, the default vanity API endpoints are not displayed.
Limitations in the analytics record of request_body
Logging the API request_body in Analytics is subject to the following limitations:
  • A non-xml request body is not supported in the analytics record
  • A non-json request body is not supported in the analytics record
  • A multipart request body is not supported in the analytics record

An API returns a Content-Type header of unknown
If an API contains a GatewayScript policy that executes an apim.setvariable function call that manipulates message.body, the Content-Type header is set to unknown. This might cause issues with invoke policy target servers, or the API client. To resolve this problem, you must immediately follow the apim.setvariable function call with an apim.output function call that specifies the content type of the payload that was written to message.body by apim.setvariable.
User interfaces behave incorrectly after upgrading to a new fix pack
After upgrading to new fix pack release, the user interfaces might exhibit incorrect behavior such as missing icons, errors when attempting an action, and looping situations. To resolve this problem, first clear your browser cache before using a user interface, then if the problem persists disable your browser cache.
An OpenAPI definition that contains regular expression syntax fails validation
IBM API Connect supports the GO regular expression syntax. When you import an OpenAPI definition into the API Designer or API Manager user interfaces, or validate one with the apic validate, the validation will fail if the OpenAPI source contains unsupported regular expression syntax, with errors that include Does not match format 'regex'; for example:
- Must validate at least one schema (anyOf) (context: (root).paths./example/types.post.parameters.0.schema.properties.items, line: 0, col: 0)
- Must validate one and only one schema (oneOf) (context: (root).paths./example/types.post.parameters.0, line: 46164, col: 21)
- paths./example/types.post.parameters.0.schema.properties.items.properties.pattern Does not match format 'regex' (context: (root).paths./example/types.post.parameters.0.schema.properties.items.properties.pattern, line: 0, col: 0)
When scaling down a Kubernetes cluster of DataPower gateways, the cluster might enter an unrecoverable state if the peering primary instance is lost
If you are scaling down a Kubernetes cluster of DataPower gateways, you must first complete the following steps to ensure that the peering primary instance is not lost:
  1. List the pods in the cluster; for example:
    $ kubectl get pods -n default --selector app=dynamic-gateway-service
NAME                                    READY   STATUS    RESTARTS   AGE
rbeb67b8620-dynamic-gateway-service-0   1/1     Running   0          3h31m
rbeb67b8620-dynamic-gateway-service-1   1/1     Running   0          3h32m
rbeb67b8620-dynamic-gateway-service-2   1/1     Running   0          3h34m
  2. Enter the DataPower admin CLI for gateway 0, by entering the following command and logging in at the prompt; for example:
    $ kubectl attach -n default -it rbeb67b8620-dynamic-gateway-service-0
  3. Switch to the API Connect domain and enter config mode:
    idg# switch apiconnect
idg[apiconnect]# config
Global mode
  4. Show the gateway peering status; for example:
    idg[apiconnect](config)# show gateway-peering-status

 Address        Configuration name Pending updates Replication offset Link status Primary
 -------------- ------------------ --------------- ------------------ ----------- -------
 1.2.3.1        gwd                0               18331896           ok          no
 1.2.3.1        rate-limit         0               3091219            ok          no
 1.2.3.1        subs               0               3150127            ok          no
 1.2.3.1        tms                0               3063575            ok          no
 1.2.3.2        gwd                0               18330948           ok          no
 1.2.3.2        rate-limit         0               3091067            ok          no
 1.2.3.2        subs               0               3149975            ok          no
 1.2.3.2        tms                0               3063257            ok          no
 1.2.3.3        gwd                0               18330948           ok          yes
 1.2.3.3        rate-limit         0               3091067            ok          yes
 1.2.3.3        subs               0               3149975            ok          yes
 1.2.3.3        tms                0               3063257            ok          yes
  5. For each of the configuration names, set gateway 0 to be the peering primary instance:
    idg[apiconnect](config)# gateway-peering-switch-primary gwd
The instance is now the primary in the peer group.
idg[apiconnect](config)# gateway-peering-switch-primary rate-limit
The instance is now the primary in the peer group.
idg[apiconnect](config)# gateway-peering-switch-primary subs
The instance is now the primary in the peer group.
idg[apiconnect](config)# gateway-peering-switch-primary tms
The instance is now the primary in the peer group.
  6. Show the gateway peering status to confirm the changes; for example:
    idg[apiconnect](config)# show gateway-peering-status

 Address        Configuration name Pending updates Replication offset Link status Primary
 -------------- ------------------ --------------- ------------------ ----------- -------
 1.2.3.1        gwd                0               19067953           ok          yes
 1.2.3.1        rate-limit         0               3218172            ok          yes
 1.2.3.1        subs               0               3277032            ok          yes
 1.2.3.1        tms                0               3189160            ok          yes
 1.2.3.2        gwd                0               19067953           ok          no
 1.2.3.2        rate-limit         0               3218172            ok          no
 1.2.3.2        subs               0               3277200            ok          no
 1.2.3.2        tms                0               3189160            ok          no
 1.2.3.3        gwd                0               19069241           ok          no
 1.2.3.3        rate-limit         0               3218172            ok          no
 1.2.3.3        subs               0               3277508            ok          no
 1.2.3.3        tms                0               3189312            ok          no
Truststore and keystore settings in a shared TLS client profile are not reflected in API Manager
If you create a shared TLS client profile in the Cloud Manager user interface and assign a truststore and a keystore, these truststore and keystore settings are not reflected in that TLS client profile in the API Manager user interface and cannot be set there. Furthermore, the TLS client profile list views display the value shared for the truststore and keystore rather than the correct values. To workaround this problem, create the truststore, keystore, and TLS client profile separately for each provider organization in the API Manager user interface, then enable the TLS client profile in your Catalogs as required.
An invited Space owner cannot work with consumer organization groups
If you enable Spaces in a Catalog and invite a user with Space Owner permission, the invited user cannot create, edit, or manager consumer organization groups, and cannot add consumer organizations to an existing consumer organization group.
Install Assist utility not supported on Windows when upgrading to v2018.4.1.10
A known limitation prevents successful use of the Windows platform version of the Install Assist utility, when upgrading to v2018.4.10. The workaround is to use a Linux or macOS version of the binary to complete the upgrade.
The apic cloud-settings:topology command doesn't return a topology object
If you use the apic cloud-settings:topology command without a --format parameter, it returns only the string CloudTopology rather than the cloud topology. To retrieve the topology object, include the --format parameter, with a value of either yaml or json as required.
The apic cloud-settings:mail-server-configured command response is incorrect
If you use the apic cloud-settings:mail-server-configured without a --format parameter, it returns only the string MailServerConfigured rather than a boolean value to indicate whether an email server has been configured in the cloud settings. To retrieve the correct response, include the --format parameter, with a value of either yaml or json as required.
API Designer user interface might not open correctly if there are badly formed OpenAPI YAML files in the startup directory
If, when launching the API Designer user interface, the startup directory that you select contains one or more badly formed OpenAPI YAML files, the interface might fail to load correctly, with an error such as the following:
Cannot read property 'type' of null

To resolve this problem, remove any invalid OpenAPI YAML files from the startup directory, then restart the API Designer user interface.

Pagination setting is global across the API Connect user interfaces
If you set the Items per page value on any page in either the Cloud Manager or API Manager user interface, that setting is then applied to all pages in both user interfaces in the same browser session. If you want to set the value separately for a specific page, open it in a private browser window. Such a setting in a private browser window is specific to that window and is lost when the window is closed.
In Catalina, testing the WSDL-SOAP flow in designer assembly editor has no dependencies

In Catalina, for designer, if you want to use test functions inside the assembly editor for the WSDL-SOAP flow, the Invoke button is disabled. Also, you cannot generate the parameter body.

To resolve this situation, you can directly publish the WSDL-SOAP APIs to the API Manager UI. Then, use the test function inside the API Manager UI - Assembly Editor. However, when you generate the body you must remove the comments <-- ... -->, as in some cases the comments are not processed correctly.

The User Security policy in API Designer does not make user registries available for selection

If, in the API Designer user interface, you add a User Security policy to an API assembly, the User registry list in the policy configuration window does not contain any user registries to select from. To work around this problem, add the user registry to the policy directly on the Source tab; define the following property in the - user-security: policy configuration:

user-registry: user_registry_name
where user_registry_name is the value of the name property of the required user registry.
Ingress timeout settings might need adjustment to enable improved synchronization in Version 4.1.8

API Connect Version 4.1.8 contains a set of core updates designed to improve synchronization, and to strengthen stability and data integrity. Due to the changes, we recommend increasing the ingress time-out settings if you see 504 or 409 errors when trying to create or delete a provider organization or catalog. The increased stability also means that APIs and Products take longer to process, compared to versions prior to 2018.4.1.8.

To change ingress timeout settings, see the section Kubernetes/ingress-nginx ingress controller config.map settings in the topic Kubernetes ingress controller prerequisites.

Upgrade of management server to Version 2018.4.1.8 can take longer than during previous upgrades
The upgrade of the management server from prior versions to Version 2018.4.1.8 may take longer than during previous fix pack upgrades. The extended time is due to underlying schema changes, and can be as long as several hours for long established deployments with a large amount of data.
Manual backup required when upgrading to Version 2018.4.1.8 iFix 2 or later
When upgrading to Version 2018.4.1.8 iFix 2 or later, you must complete a manual backup just prior to starting the upgrade. The manual backup is required because the upgrade can take an extended period of time. See Requirements for upgrading on VMware and Requirements for upgrading on Kubernetes.
Manual backup required when increasing memory allocation for the management database on Version 2018.4.1.8 iFix 2 or later
When changing memory allocation for the management database on Version 2018.4.1.8 iFix 2 or later, you must complete a manual backup just prior to changing the allocation. See Increasing the memory allocation for the management database on VMware and Increasing the memory allocation for the management database on Kubernetes.
If you are using API Connect v2018.4.1.8 or later, there can be a temporary delay in data sync between Management server and other services
Because of changes to improve stability, certain conditions can cause a temporary delay in the syncing of data between the Management server and other services such as the Gateway or Developer Portal. For example, there can be a temporary delay before a newly published Product runs on the Gateway, or is displayed on the Developer Portal. No action is needed to resolve the delay. Wait a few minutes and the Gateway and Developer Portal should be back in sync.
Deletion of organizations, catalogs, and applications can fail

The deletion of organizations, catalogs, or applications can fail, if they or resources inside them (like draft APIs inside provider organizations) were created with Version 2018.4.1.6 or earlier. This problem does not exist if organizations, catalogs or applications, and resources inside them were created with Version 2018.4.1.7 or later. For Version 2018.4.1.6 or earlier, internal locks can remain in place and prevent successful deletion. If you encounter this problem, please contact IBM Support and open a support ticket. IBM Support can help you to clear the locks so that the deletions complete successfully.

Management of refresh tokens not available in the UI
You must use the command line interface (CLI) to enable and manage refresh tokens. The use of refresh tokens is supported in API Manager, API Designer, the Developer Portal, and the CLI Toolkit, provided that the user logs in with a non-OIDC Provider user registry. If the registry type used for user login is OIDC, then the refresh setting is ignored. When the token expires, the user is always redirected to the login page. For more information, see Specifying cloud settings for refresh tokens.
The Applications page doesn't indicate how many applications there are in the list
On the Applications page in a Catalog, there is no indication of how many applications there are in total. Therefore, if the total number of applications exceeds the Items per page setting, the list is incomplete with no indication that there are further applications that aren't displayed. To ensure that you view all applications, set the Items per page setting to the maximum value, then use the next page arrow to scroll through the complete list.
The API republish icon isn't enabled after an API update
If you make a change to an API definition in the Assemble view and save your changes, the API republish icon might not be enabled automatically, preventing you from republishing your updates. In such situations, enable the republish icon by refreshing the page, or by navigating to another view and then returning to the Assemble view.
Upgrade of DataPower API Gateway to Version 2018.4.1.7 or later requires installation of the DataPower monitor pod
API Connect Version 2018.4.1.7 introduces a new monitor pod for DataPower API Gateway. The monitor pod is required for all deployments of Version 2018.4.1.7 on Kubernetes. Installation of the monitor pod is required when upgrading DataPower Gateway from prior versions to version 2018.4.1.7 or later. For upgrade instructions, see Upgrading API Connect in a Kubernetes environment.
Enablement of DataPower Gateway high performance peering on a currently deployed system requires interruption to API transaction processing.
API Connect Version 2018.4.1.7 introduces high performance peering to DataPower API Gateway. If you do not enable high performance peering during initial installation, you can reconfigure to enable it later. Note that the reconfiguration process requires an interruption to API transaction processing, so you should plan accordingly. For Kubernetes, see Enabling high performance peering for DataPower API Gateway on Kubernetes. For VMware environments, see Enabling multiple peering objects on gateway services external to Kubernetes.
Setting resource limits in Kubernetes can cause containers to behave oddly at run time
In Kubernetes, you can set resource limits for each container. However, limiting CPU means that the container processes might slow down if they try to use too much. Limiting memory means that the Kubernetes code kills processes that try to allocate memory that would take the container over its limit. These limits can result in odd behavior such as the containers continually trying to start a daemon process, such as nginx or node, and exiting with success immediately.
Field validation for the Client security policy is incorrect
When configuring a Client Security policy in an API assembly in the API Designer or API Manager user interfaces, there is the following incorrect validation behavior:
  • The ID Name field is required, but the API definition can be saved without entering a value in the field.
  • The Secret Name field is required only when the Secret Required option is selected, but the user interface indicates that the Secret Name field is required regardless. Furthermore, when the field is required, the API definition can be save without entering a value.
  • If the Authenticate Client Method is set to Third party, the User Registry Name field is required, but the API definition can be saved without entering a value in this field.
The title of a WSDL API can't be changed
If, when editing a WSDL API definition, you attempt to change the Title field, an error is returned. You can, however, change the title by modifying the title property in the OpenAPI source on the Source tab.
A WSDL API cannot be saved as a new version
If, when editing a WSDL API definition, you attempt to change the Version field, or use the Create new version option, an error is returned.
User interface URL returns 404 error on OpenShift
If IBM API Connect is deployed to an OpenShift environment, attempts to open the API Manager user interface at the URL https://api_manager_ui_endpoint returns a 404 error because the redirect to the full URL fails. To avoid this problem, use the full URLs for the user interfaces, as follows:
  • API Manager user interface: https://api_manager_ui_endpoint/manager
  • Cloud Manager user interface: https://cloud_admin_ui_endpoint/admin
User interface does not provide the option to assign roles when inviting Space members
When you invite a user to join as a member of a Space by using the API Manager user interface, it is not possible to assign roles to the user. This means that when the user receives the invitation, activates their account, and logs in, they have no permissions. To resolve this problem, assign the required roles to the user after they have activated their account, by selecting the roles alongside the user on the Members page in the Space.

You can, however, assign roles when adding a member to a Space, and when adding or inviting members to a Catalog.

Requests that take longer than the value of the nginx timeout cause a 409 error
Requests that take longer than the value of the nginx timeout can cause a 409 error, such as:
Another request is operating on portal-subsystem-03729230-4df7-4419-94c9-e7691b616382 with the same name, 
please try again.
The error occurs because the ingress controller is sending a repeat request when the previous one timed out. Your request will still continue processing in the background.
In some scenarios, applications crash due to lack of sufficient memory for Cassandra
Some applications that consume extensive amounts of memory can crash because the memory requirements exceed the memory allocation for Cassandra. For example, a large number of subscription tables, or upgrade requirements. Sample error from Cassandra logs:
r7430a60641-apiconnect-cc-0.log:io.netty.util.internal.OutOfDirectMemoryError: 
failed to allocate 16921 byte(s) of direct memory (used: 67100185, max: 67108864)
Workaround: Choose one of the following:
Adding members to a provider organization might fail
When adding members to a provider organization, the Cloud Manager user interface lists the current owner and members as well. If existing members are selected, the add action will fail.
Upgrading with new certificates breaks analytics ingestion
If the analytics subsystem certificates are modified after installation ( by using the apicup certs set command , followed by the apicup install command to deploy the change to the cluster), the analytics ingestion ingress will no longer be recognized by the Gateway. The analytics service must be re-registered in the Cloud Manager interface so that the new certificates are recognized.
Publishing a large Product might result in an out of memory error
Publishing a Product that contains large numbers of APIs might result in an out of memory error. To resolve this problem, divide the Product into multiple Products with fewer APIs, or increase or tune the memory settings for API Connect/Cassandra.
Users are not logged out of the user interfaces after tokens expire
If an API Manager or Cloud Manager user interface session times out, the user does not get redirected to the login page and might see an error. To redirect to the login page, refresh the browser window.
User interfaces are not supported in Microsoft Edge
The API Manager and Cloud Manager user interfaces are not supported in the Microsoft Edge web browser. To work in the user interfaces, use a different browser.
New gateways cannot connect to existing gateways after the gateway peering certificates are changed
Changing the gateway peering SSL certificates after gateway installation causes new gateways to be unable to connect to existing gateways, resulting in an outage. A full restart of the gateway StatefulSet (by deleting all the StatefulSet pods) is required for the gateways to come back online.
Changes to an OAuth provider are not reflected in the consuming APIs
If you modify the endpoints, scopes, or grants for an OAuth provider, the APIs that consume that OAuth provider will be affected. You might need to update the consuming APIs accordingly.
Deletion of a non-empty provider organizations, Catalogs, or Spaces might fail
The deletion of provider organization, Catalog, or Space that contains a large number of resources might fail. Before deleting provider organizations, Catalogs, or Spaces, first delete the contained resources.
No option to bulk delete APIs or Products
In the API Designer and API Manager user interfaces, there is currently no option to delete multiple APIs or Products in a single operation; in the user interfaces, APIs and Products must be deleted individually. However, you can bulk delete APIs and Products by using the REST API or CLI interfaces.
Cannot publish an imported API that was generated with IBM API Connect Version 5.0 LoopBack®
If you import an API YAML file that was generated with IBM API Connect Version 5.0 LoopBack, attempts to publish the API fail. Before publishing, remove the catalogs section, and the invoke policy named tls-invoke-profile, from the YAML source of the API definition; for example: 
catalogs:
    apic-dev:
      properties:
        runtime-url: $(TARGET_URL)
    sb:
      properties:
        runtime-url: 'http://localhost:4001
Can't publish an API that has duplicate security definition entries
The API Designer and API Manager user interfaces allow you to add duplicate security definitions to an API. However, attempts to publish the API will fail with OpenAPI validation errors. Ensure that the security definitions in an API are unique.
API import can fail if there are validation errors
Validation errors in the OpenAPI definition of an API can cause the importing of the API to fail. The errors must be corrected in the OpenAPI source before the API can be imported successfully. You can use the apic validate CLI command to validate the OpenAPI definition before importing.
Kubernetes might excessively evict pods
In Kubernetes, if insufficient memory, CPU, or storage resources are provided then pods are evicted randomly. To avoid this problem, allocate sufficient resources to the pods. In addition, there are known issues with log rotation in Kubernetes that are documented here: https://github.com/kubernetes/kubernetes/issues/59902. The lack of log rotation can cause logs to grow, limited only by the amount of storage on the node, eventually causing pods to restart. Therefore ensure that appropriate log levels are configured for all API Connect components.

You may also follow the instructions described here https://success.docker.com/article/how-to-setup-log-rotation-post-installation to set the maximum size of the log before it is rolled (max-size) and the maximum number of log files that can be present (max-files). More information about the Docker JSON File logging driver is available here: https://docs.docker.com/config/containers/logging/json-file/.

A Product that was defined in API Connect Version 5 might fail to publish
If you import a Product and it's referenced APIs, and the Product and APIs were defined in API Connect Version 5, attempts to publish the Product fail because the API references are lost from the Product. To resolve this situation, add the APIs to the Product, by using either the Product Design page or Source page, before publishing again.
API Manager pods might restart due to an out of memory condition
It is possible that during heavy workloads over long periods of time the API Manager pods might reach an out-of-memory condition causing them to restart. The multiple node design of the environment will handle the load while the pod restarts.
Changing the analytics association for a Gateway service might result in an error 504
If you change the analytics association for a Gateway service in the Cloud Manager user interface, and the Gateway service is enabled in multiple Catalogs, the user interface operation might timeout with an error 504. However, the operation itself completes successfully.
The migration of many subscriptions in a single operation might fail
If you use any of the following CLI commands, or their API Manager user interface equivalents where available, and the resulting number of application subscriptions that need to be migrated is large, the operation might fail:
  • apic products:replace
  • apic products:execute-migration-target
  • apic products:migrate-subscriptions
You can resolve the problem in either of the following ways:
  • Use the apic products:migrate-subscriptions to migrate the subscriptions in small batches. If you are replacing a Product, repeat the apic products:replace command after migrating all the subscriptions.
  • Set a migration target, by using either the apic products:set-migration-target command or the Set migration target operation on the Product in the API Manager user interface. to allow users to migrate their subscriptions individually.
The deletion of many subscriptions in a single operation might fail
If you use any of the following CLI commands, or their API Manager user interface equivalents where available, and they result in many consumer organizations needing to be deleted in turn, the operation might fail:
  • apic orgs:delete
  • apic catalogs:delete
  • apic catalogs:clear
  • apic spaces:delete
  • apic spaces:clear
  • apic consumer-orgs:clear
The operations might fail due to the large number of child resources that need to be deleted in conjunction with the resources you are trying to delete. As a workaround, delete the child resources, such as the consumer organizations, individually prior to deleting the parent resource.
Logging in to the API Connect user interfaces fails when using the Safari web browser
If you are using the Safari web browser and a Basic Authorization header exists for the same DNS domain in which API Connect is running, attempts to log in to the API Connect user interfaces, or to sign up by using an activation link, fail. To avoid this problem, use an alternative web browser.
Endpoints cannot be changed by using APICUP after they have been configured in Cloud Manager

The changing of endpoints with APICUP after they have been configured in Cloud Manager is not supported. Any such endpoint changes will not be propagated to a running deployment.

If the name of an API is changed, Products that contain the API fail to publish
If you change the x-ibm-name field of an API in the Source tab, or you change the Title field of an API in the Design tab, thereby causing the x-ibm-name field to be updated, any Products that contain the API fail to publish because the API name reference in the Product is not updated. To resolve this problem, open the Source tab for the Product and update the API name references to match the new name.
If an API is deleted from a Product, it is not deleted from Plans in the Product
If an API is deleted from a Product, it is not deleted from any Plans in the Product that contain that API. After deleting an API from a Product you must manually delete the API from any Plans to which it was previously added.
The apicup utility appears to hang after executing a backup or restore command
On Version 2018.4.1, the apicup utility might appear to hang after you run a backup or restore command. You can verify that apicup is still running, or succeeded:
  • For a backup command, such as apicup subsys exec backup:
    • Verify that the backup job is created. Enter kubectl get jobs -n <namespace> and verify that the job successful status is 1.
    • Verify that the backup pod is created. Enter kubectl get pods -n <namespace> -a and verify that the pod status is either still running or completed.
  • For a restore command, such as apicup subsys exec restore:
    • Verify that the restore job is created. Enter kubectl get jobs -n <namespace> and verify that the job successful status is 1.
    • Verify that the restore pod is created. Enter kubectl get pods -n <namespace> -a and verify that the pod status is either still running or completed.
Unenforced APIs are not supported in the user interfaces
The setting of the Enforced API option to false, meaning that the API is to run on a gateway other than an API Connect gateway, is not currently supported in the API Designer or API Manager user interfaces. Attempts to publish, from the user interfaces, a Product that contains a non-enforced API will fail. To publish such a Product, use the developer toolkit CLI, or the REST APIs.
The API Designer user interface cannot be used with an OIDC user registry
You cannot use an OIDC user registry for logging in to the API Designer user interface. Either configure a non-OIDC registry for API Designer use, or use the equivalent capability in the API Manager user interface.
API Designer limitation when running on IBM Cloud
API Designer cannot establish a connection to the management server in order to create a cloud connection when the management server is running on the IBM Cloud platform.
Terms of use cannot be enforced for OIDC Developer Portal users.

You can configure terms of use for users of the Developer Portal so that the user must accept the terms and conditions before they can register or log in. This feature does not work if the user is using OIDC.

For more information, see Forcing new users to accept terms and conditions.

An OAuth provider fails if the resources that it references aren't enabled in the Catalog
If you enable an OAuth provider in a Catalog then any resources that it references, such as API user registries or TLS client profiles, must be enabled in the same Catalog; if not, then although the OAuth provider might publish successfully it will fail at run time. For information on enabling resources in a Catalog, see Creating and configuring Catalogs.
API Connect does not support resizing storage capacity or modifying storage class of the Cassandra database
If you updated cassandra-volume-size-gb or storage-class in apiconnect-up.yml prior to upgrading the management server, the upgrade completes successfully but the Cassandra servers are not upgraded. You can correct this problem by following the troubleshooting steps in Upgrading in a Kubernetes environment.