What's new in Version 10.0.5.5

This page details the enhancements in IBM® API Connect Version 10.0.5.5 since the previous release.

For details on the specific APARs that are included in this release, links to downloads, and additional blogs and conference notices, see the IBM API Connect 10.0.5.5 Support Announcement page.

Key updates in 10.0.5.5:
  • Direct upgrade from Version 2018 is no longer supported. To upgrade from 2018, upgrade to 10.0.5.4 (or another version of 10.0.5.x prior to 10.0.5.5), and then upgrade to 10.0.5.5 or later versions.
  • Cert-manager update required for Kubernetes deployments. API Connect 10.0.5.5 uses cert-manager 1.11.5. If you are upgrading a deployment on Kubernetes, be sure to update the cert-manager as explained in the procedure for Upgrading subsystems on native Kubernetes.
  • The following Drupal modules are now unsupported and their installation is blocked in the Developer Portal:
    • All of the advanced aggregation modules; advagg, advagg_mod, advagg_js_minify, advagg_css_minify, advagg_ext_minify, advagg_validator, and advagg_bundler. These modules are blocked due to incompatibility with the current Drupal version.
    • statistics module. This module is being deprecated by Drupal.
    • tfa module. Two-factor authentication isn't available within the Developer Portal. If multi-factor authentication is required, it can be configured within an OpenID Connect (OIDC) user registry; see Creating an OIDC user registry.

What's new for Developers

LDAP updates
  • The UI for creating an LDAP registry now provides options for specifying the scope for "Search DN" (subtree, one level, and base) as you can in the CLI.
  • You can now specify whether your LDAP is Microsoft Active Directory in the UI and with the CLI, to ensure that the directory is handled correctly in API Connect.
For more information, see Creating an LDAP user registry and Using the CLI to create an LDAP user registry.

What's new for API product managers

Analytics Monitoring Data Dashboard
The Cloud Manager and API Manager analytics view have a new dashboard called Monitoring Data Dashboard. The new dashboard provides information on which applications, plans, consumer organizations, and APIs are sending and receiving the most data.

New analytics API event fields
From API Connect 10.0.5.5 and later, when using IBM DataPower® 10.5.0.8 or later with the DataPower API Gateway, two new fields are now included in the API event records:
  • api_resource_id: String containing the resource ID for the API used by the gateway. Format is api_name:api_version:method:path.
  • gateway_service_name: The name of the gateway service, as configured in the Cloud Manager UI.
Note that these updates don't apply to the DataPower Gateway (v5 compatible).

Analytics event query_string fields are now stored as text
API event query_string fields are now stored in Analytics as text for improved indexing.

Top 20 analytics charts
New analytics charts that show the top 20 APIs, applications, and consumer organizations.

Analytics scroll API responses sorted by datetime
Calls to the analytics REST API events/scroll operation return results sorted by datetime.

Analytics charts variable length time axis
The time axis on analytics charts is sized appropriate to the available data points and selected time period.

Analytics time range options in UI
New time range options for viewing API event data in the UI:
  • Last minute of API event data.
  • Last 5 minutes of API event data.

What's new for API consumers

Download your APIs in JSON format
You can now download your OpenAPI documents from the Developer Portal UI in JSON format, as well as YAML format. You can select your required download option from the Overview section of the API.

What's new for Developer Portal site administrators

Ability to configure the analytics chart views in the Developer Portal
You can now configure which analytics charts of API data are displayed to API consumers in the Developer Portal. Previously, if access to analytics data is granted, API consumers see all of the default charts of application and organization analytics data, including API statistics, response times, and error information. Now, you can configure which charts are displayed to your API consumers, by using the Configuration > System > IBM API Developer Portal Consumer Analytics menu in the Developer Portal UI.

Updates to the Developer Portal content commands

The content command now enables you to export and import your Developer Portal site content. The following content commands are added:

  • content:create-export

    Creates a task to export a .tgz file of your site content.

  • content:create-import

    Creates a task to import an archive of your site content.

  • content:delete-export

    Cancels any currently running content:create-export tasks, and deletes any related artifacts.

  • content:delete-import

    Cancels any currently running content:create-import tasks, and deletes any related artifacts.

  • content:get-export

    Streams the content of a specific completed export task to a .tgz file.

  • content:get-export-status

    Returns the status of a specific export task.

  • content:get-import-status

    Returns the status of a specific import task.

Also, the content:list entity type flag name is changed from --content_type to --entity_type. There is no change to the content:list-types command.

For more information about the content commands and how to use them, see Using the content commands .

New Developer Portal export-entity commands
The following export-entity commands are added, which enable you to export assorted entity content from your Developer Portal site.
  • export-entity:create

    Creates a new export entity, which is the container for the entity content that you want to export.

  • export-entity:add-content

    Adds content to an existing export entity.

  • export-entity:get

    Returns a list of the content of a specific export entity.

  • export-entity:remove-content

    Removes certain content from a specific export entity.

  • export-entity:delete

    Deletes a specific export entity.

  • export-entity:launch

    Launches an export entity polling task that creates a .tgz file of all of the entities that are contained in a specific export entity. Can be run with a --no-poll option, in which case the task doesn't return a .tgz file, but just returns the task ID.

  • export-entity:get-launch-export

    Streams the content of a specific completed export-entity:launch task to a .tgz file.

  • export-entity:delete-launch-export

    Cancels a currently running export-entity:launch task, and deletes any related artifacts.

  • export-entity:get-launch-export-status

    Returns the status of a specific export-entity:launch task.

  • export-entity:list

    Returns a list of all of the export entities within a specific Developer Portal. Each export entity contains a defined list of all of the entity content that will be exported if export-entity:launch is run.

For more information about the export-entity commands and how to use them, see Using the export-entity commands.

Note that you can now also export and import entities from the Developer Portal UI. When you're editing a content entity type in the UI, you can click Export in the side navigation bar. To create an export entity container and export that entity, including any required embedded entities, click Export entity. Or, if you have an existing export entity container, you can select the required container, and click Add to the export. You can also view and manage all of your export entities by clicking Content > Content synchronizer > Exports, and all of your import entities by clicking Content > Content synchronizer > Imports.

Updates to the Developer Portal site commands

The site command now enables you to export and import the entire configuration for a Developer Portal site, including custom modules, custom themes, site configuration, and site content. The added commands mean that you can easily replicate a Developer Portal site, for example replicating a test site into a production site. The following site commands are added:

  • site:create-export

    Creates a task to export a .tgz archive file of your entire site configuration. You can then use this archive to create an identical Developer Portal site.

  • site:create-import

    Creates a task to import an archive of your entire site configuration, completely overriding the original site configuration, including content, custom modules, and custom themes.

  • site:delete-export

    Cancels any currently running site:create-export tasks, and deletes any related artifacts.

  • site:delete-import

    Cancels any currently running site:create-import tasks, and deletes any related artifacts.

  • site:get-export-status

    Returns the status of a specific export task.

  • site:get-export

    Streams the content of a specific completed export task to a .tgz file.

  • site:get-import-status

    Returns the status of a specific import task.

Important: If you want to import a site export configuration file, the export file must have been created on the same version of API Connect as the version that you want to import to.

For more information about the site commands and how to use them, see Using the site commands.

Updates to the list of blocked Drupal modules
The following Drupal modules are now unsupported and their installation is blocked in the Developer Portal:
  • All of the advanced aggregation modules; advagg, advagg_mod, advagg_js_minify, advagg_css_minify, advagg_ext_minify, advagg_validator, and advagg_bundler. These modules are blocked due to incompatibility with the current Drupal version.
  • statistics module. This module is being deprecated by Drupal.
  • tfa module. Two-factor authentication isn't available within the Developer Portal. If multi-factor authentication is required, it can be configured within an OpenID Connect (OIDC) user registry; see Creating an OIDC user registry.
For more information about custom modules, see Installing custom modules.

Ability to identify the realm parameter when logging in as a consumer to the toolkit CLI
You can now find out which realm parameter you need to use when logging in to the Developer Portal with the toolkit CLI, by running the following command:
apic identity-providers:list --server consumer_endpoint_api --mode consumer --catalog catalog_name_or_id --org <provider_org_name_or_id> --fields registry_type,realm
For more information, see Logging in as a consumer to the Developer Portal by using the CLI.

What's new for DevOps

Migrate v5-compatible APIs to the DataPower API Gateway
If your deployment includes v5-compatible APIs, they can only be used with the DataPower v5-compatible Gateway (also known as the v5c gateway). To use the v5-compatible APIs with the DataPower API Gateway, you must migrate the APIs to the newer format. For more information, see Migrating v5-compatible APIs to API Gateway.

Cert-manager update required for Kubernetes deployments
API Connect 10.0.5.5 uses cert-manager 1.11.5. If you are upgrading a deployment on Kubernetes, be sure to update the cert-manager as explained in the procedure for Upgrading subsystems on native Kubernetes.

After upgrading on Kubernetes or OpenShift, optionally regenerate DataPowerService CRs to use random passwords for gateway-peering

Starting with API Connect 10.0.5.5, GatewayCluster pods are configured by default to secure the gateway-peering sessions with a unique, randomly generated password. However, GatewayCluster pods created prior to API Connect 10.0.5.5 are configured to use a single, hard-coded password and upgrading to 10.0.5.5 or later does not replace the hard-coded password.

After upgrading to API Connect 10.0.5.5 or later, you can choose to secure the gateway-peering sessions by running the following command to delete the DataPowerService CR that was created by the GatewayCluster:

  • Kubernetes: kubectl delete dp <gateway_cluster_name>
  • OpenShift: oc delete dp <gateway_cluster_name>

This action prompts the API Connect Operator to recreate the DataPowerService CR with the unique, randomly generated password. This is a one-time change and does not need to be repeated for subsequent upgrades.

Note: This operation results in an API outage until the new GatewayCluster pods start up and are configured by API Connect. If you do not regenerate the CRs during the upgrade procedure, you can schedule this task for planned downtime. There is no need for unscheduled downtime to regenerate the CRs because the gateway-peering sessions are also secured by mutual TLS, so there is very little risk of data exposure/corruption on the pre-10.0.5.5 GatewayClusters.

Regenerating the DataPowerService CRs to use random passwords for gateway-peering is included as an optional step in the Upgrading subsystems on Kubernetes, Upgrading on OpenShift in an online environment, and the OpenShift Air-gapped upgrade topics.

New annotation suppresses Zen behavior in Cloud Pak for Integration
In previous releases of API Connect, you could only deploy it as the API Management capability in Cloud Pak for Integration by using a single, top-level CR, and the Cloud Pak for Integration Zen features were also installed.

Beginning with API Connect 10.0.5.3, you can install the API Management capability with a special annotation in the CR that suppresses the Zen features and allows you to deploy by using either the top-level CR or a set of subsystem-level CRs, even when your deployment includes the Automation UI. The new annotation is supported for all fresh installations of API Connect 10.0.5.3 and later (Cloud Pak for Integration 2022.2.1 and 2022.4.1), and for upgrades from 10.0.1.7-eus (Cloud Pak for Integration 2020.4). For more information, see the sections on Deploying on OpenShift and Cloud Pak for Integration and Upgrading on OpenShift and Cloud Pak for Integration.

Analytics ingestion resiliency
Analytics persistent queue feature updated for better resiliency when both internal storage and offload is configured. The offload processes are now separated from the internal storage processes.

Direct upgrade from Version 2018 is no longer supported
Beginning with 10.0.5.5, a direct upgrade from version 2018 is no longer supported. To upgrade from 2018, upgrade to v10.0.5.4 (or another version of 10.0.5.x prior to 10.0.5.5), and then upgrade to 10.0.5.5 or later versions.

Updates to analytics deployment profile storage and ingestion pods
The memory requests and limits of the storage pods is reduced for the following profiles:
  • n1xc6.m48: Reduced from 38 Gi to 37 Gi.
  • n3xc6.m48: Reduced from 38 Gi to 37 Gi for shared storage, and from 36 Gi to 35 Gi for dedicated storage.
  • n3xc8.m64: Reduced from 54 Gi to 53 Gi for shared storage, and from 50 Gi to 49 Gi for dedicated storage.
The default PVC size for the ingestion pod is increased from 5 Gi to 50 Gi in all profiles.

Upgrade improvements
Updates to the analytics microservices are redesigned, leading to reduced downtime during upgrades.

LDAP updates
  • The UI for creating an LDAP registry now provides options for specifying the scope for "Search DN" (subtree, one level, and base) as you can in the CLI.
  • You can now specify whether your LDAP is Microsoft Active Directory in the UI and with the CLI, to ensure that the directory is handled correctly in API Connect.
For more information, see Configuring an LDAP user registry in the Cloud Manager and Using the CLI to configure a shared LDAP user registry .

API key now supports multiple uses
When defining the API key timeout in Cloud Manager, you can additionally choose whether to allow the an application to exchange the API key for an access token multiple times. For more information, see Configuring API key timeouts.