What's new in the latest release (Version 10.0.7.0)
Find out about the newest features and the latest updates in API Connect.
IBM® API Connect 10.0.7.0 is the latest 10.0.x Continuous Delivery (CD) release, following-on from the previous 10.0.6.0 CD release. IBM API Connect 10.0.7.0 CD includes the following enhancements.
Product files and release notes
- Access the latest files from IBM Fix Central by searching for the API Connect product and your installed version. Full installation files for IBM API Connect can be downloaded from Passport Advantage.
- For details on the specific APARs that are included in this release, links to downloads, and additional blogs and conference notices, see the IBM API Connect 10.0.7.0 Support Announcement page.
What's new for Developers
- LoopBack is deprecated
- LoopBack is now deprecated and support will be removed in an upcoming release.
- New toolkit command to execute API tests stored in a YAML file
- The API Connect developer toolkit includes a new command
apic test
that uses the automated API behavior testing application to execute API tests. You can include one or more YAML files in the command, and each file can contain one or more API tests to be executed. For more information, see Using the toolkit CLI to execute API tests. - LDAP updates
- The UI for creating an LDAP registry now provides options for specifying the scope for "Search DN" (subtree, one level, and base) as you can in the CLI.
- You can now specify whether your LDAP is Microsoft Active Directory in the UI and with the CLI, to ensure that the directory is handled correctly in API Connect.
- Updates to the assembly authoring experience in the API editor
- The API editor for viewing and editing the assembly section of APIs in the API Manager and API Designer is updated with a new
user experience. The overall capability remains the same, but the visual components for working with
the flow canvas, the policy palette, and the policy properties are updated. For more information,
see Including elements in your API assembly.
- New rate limit and GraphQL built-in policies
- The following rate limit and GraphQL policies are added to the API assembly editor:
ratelimitinfo
graphql-execute
- Improvements to the API testing experience in the API editor
- The Test tab section of the API editor is updated to allow API testing independently of the auto-publish setting, and to make important selections more visible. For more information, see Using the Test tab to debug your API.
What's new for API product managers
- New timeout setting available for the self service onboarding task
- You can now configure the timeout period for the self service onboarding task of API consumers
into a catalog, and the associated Developer Portal.
Previously, the self service onboarding task timeout was set at 72 hours, and couldn't be changed.
Now you can update this setting by using the Self service onboarding task
timeout setting in the Onboarding section of the
Catalog settings tab. Note that this timeout setting includes the activation
link and, if Self service onboarding approval is selected, the approval
process as well. For more information, see Creating and configuring
catalogs.
- API governance service updates
- The following updates to the API
governance service are now available:
- Validating API documents is now available in API Designer when the UI is online, and is connected to a cloud instance that has the API governance microservice enabled on it.
- When creating and editing rulesets, you can now add your own version number
information, and can have rulesets with the same name but with different version numbers. Note that
version numbers must be of the format
major.minor.patch
, for example1.0.0
. - The ruleset Name field is now auto-generated based on the Title field.
- The version of the Spectral rulesets now matches the version of that ruleset that's available in Spectral. Spectral ruleset names are prefixed by spectral-.
- You can now use the toolkit CLI to configure API
governance in the Cloud
Manager
and the API Manager. You
can also use the commands to validate an API document. For a complete list of the commands, and
information about how to run them, run the following commands in the toolkit CLI:
apic --mode governance rulesets --help
- displays the commands that are available for creating and managing rulesets.apic --mode governance rules --help
- displays the commands that are available for creating and managing rules.apic --mode governance compliance --help
- displays the commands that are available for running validation on API documents.
- Provider organization analytics data is not shared with cloud admin users
- In previous releases of API Connect, Provider organization-specific analytics data was available to Cloud Admins by default. Beginning with version 10.0.7.0, the data is not shared with Cloud Admins by default; the owner of a Provider organization can optionally enable the sharing of analytics data with Cloud Admins. The new setting does not apply to total API call volume data; Cloud Admins can still see total API calls across the API Connect deployment. For more information, see Allowing cloud admins to view provider organization analytics data.
- Analytics Monitoring Data Dashboard
- The Cloud Manager and API Manager analytics view have a new dashboard called Monitoring Data Dashboard. The new dashboard provides information on which applications, plans, consumer organizations, and APIs are sending and receiving the most data.
- New analytics API event fields
- When using API Gateway v10.5.3 or higher, two new fields are included in API event records:
api_resource_id
: String containing the resource ID for the API used by the gateway. Format isapi_name:api_version:method:path
.gateway_service_name
: The name of the gateway service, as configured in the Cloud Manager UI.
- Analytics event
query_string
fields are now stored as text - API event
query_string
fields are now stored in analytics as text for improved indexing. - Top 20 analytics charts
- New analytics charts that show the top 20 APIs, applications, and consumer organizations.
- Analytics scroll API responses sorted by datetime
- Calls to the analytics REST API
events/scroll
operation return results sorted by datetime. - Analytics inactive product report
- New report in the API Manager UI that highlights products that have no subscriptions, no recent traffic, or no traffic at all.
- Analytics inactive consumer report
- New report in the API Manager UI that highlights consumers that have no applications, no subscriptions, no recent traffic, or no traffic at all.
- Various analytics UI enhancements
-
- UI Dashboards and Discover view has auto-refresh option to refresh the UI every 30 seconds automatically.
- The columns displayed in the Analytics UI Discover view are now configurable and can be saved as part of a saved/shared query.
- Calendar widget for easier date selection.
- Display total option on specific charts. For example, when the option is enabled, the Top APIs chart shows the total API calls, so the comparison of calls to a single API against the total API calls is clear.
- Shared and saved query table includes column showing filters used, for easier identification of the desired query.
- New time range options for viewing API event data in the UI:
- Last minute of API event data.
- Last 5 minutes of API event data.
- The time axis on analytics charts is sized appropriate to the available data points and selected time period.
- Analytics API call volume leaderboards
- The reports tab in the analytics view includes a leaderboard of the top APIs, products, plans, applications, and consumer organizations.
- Analytics consumer trend report
- The reports tab in the analytics view includes a new consumer trend report that shows changes to the number of applications and subscriptions in consumer organizations over time.
- Detailed API, Product, Plan, Application, and consumer organization analytics reports
- Detailed analytics information about specific APIs, products, plans, applications, and consumer organizations. For example, for an API, details of all the consumer organizations that use it. The detailed reports are accessible from the leaderboards in the reports view.
What's new for Developer Portal site administrators
- New Developer Portal service command
- The service command enables you to list the Developer Portal service that is currently installed. For more information, see Using the service command.
- New Developer Portal content commands
-
The new content commands allow you to list, export and import your Developer Portal site content. The following content commands are now available:
content:create-export
Creates a task to export a .tgz file of your site content.
content:create-import
Creates a task to import an archive of your site content.
content:delete-export
Cancels any currently running
content:create-export
tasks, and deletes any related artifacts.content:delete-import
Cancels any currently running
content:create-import
tasks, and deletes any related artifacts.content:get-export
Streams the content of a specific completed export task to a .tgz file.
content:get-export-status
Returns the status of a specific export task.
content:get-import-status
Returns the status of a specific import task.
content:list-types
Lists the exportable content types on your site.
content:list
Lists all of the entities on your Developer Portal site for the given content type and bundle.
- New Developer Portal export-entity commands
- The following export-entity commands are added, which enable you to export
assorted entity content from your Developer Portal
site.
export-entity:create
Creates a new export entity, which is the container for the entity content that you want to export.
export-entity:add-content
Adds content to an existing export entity.
export-entity:get
Returns a list of the content of a specific export entity.
export-entity:remove-content
Removes certain content from a specific export entity.
export-entity:delete
Deletes a specific export entity.
export-entity:launch
Launches an export entity polling task that creates a .tgz file of all of the entities that are contained in a specific export entity. Can be run with a
--no-poll
option, in which case the task doesn't return a .tgz file, but just returns the task ID.export-entity:get-launch-export
Streams the content of a specific completed
export-entity:launch
task to a .tgz file.export-entity:delete-launch-export
Cancels a currently running
export-entity:launch
task, and deletes any related artifacts.export-entity:get-launch-export-status
Returns the status of a specific
export-entity:launch
task.export-entity:list
Returns a list of all of the export entities within a specific Developer Portal. Each export entity contains a defined list of all of the entity content that will be exported if
export-entity:launch
is run.
For more information about the export-entity commands and how to use them, see Using the export-entity commands.
Note that you can now also export and import entities from the Developer Portal UI. When you're editing a content entity type in the UI, you can click Export in the side navigation bar. To create an export entity container and export that entity, including any required embedded entities, click Export entity. Or, if you have an existing export entity container, you can select the required container, and click Add to the export. You can also view and manage all of your export entities by clicking , and all of your import entities by clicking .
- Updates to the Developer Portal site commands
-
The site command now enables you to export and import the entire configuration for a Developer Portal site, including custom modules, custom themes, site configuration, and site content. The added commands mean that you can easily replicate a Developer Portal site, for example replicating a test site into a production site. The following site commands are added:
site:create-export
Creates a task to export a .tgz archive file of your entire site configuration. You can then use this archive to create an identical Developer Portal site.
site:create-import
Creates a task to import an archive of your entire site configuration, completely overriding the original site configuration, including content, custom modules, and custom themes.
site:delete-export
Cancels any currently running
site:create-export
tasks, and deletes any related artifacts.site:delete-import
Cancels any currently running
site:create-import
tasks, and deletes any related artifacts.site:get-export-status
Returns the status of a specific export task.
site:get-export
Streams the content of a specific completed export task to a .tgz file.
site:get-import-status
Returns the status of a specific import task.
Important: If you want to import a site export configuration file, the export file must have been created on the same version of API Connect as the version that you want to import to.For more information about the site commands and how to use them, see Using the site commands.
- Updates to the list of blocked Drupal modules
- The following Drupal modules are now unsupported and their installation is blocked in the Developer Portal:
- All of the advanced aggregation modules;
advagg
,advagg_mod
,advagg_js_minify
,advagg_css_minify
,advagg_ext_minify
,advagg_validator
, andadvagg_bundler
. These modules are blocked due to incompatibility with the current Drupal version. statistics
module. This module is being deprecated by Drupal.tfa
module. Two-factor authentication isn't available within the Developer Portal. If multi-factor authentication is required, it can be configured within an OpenID Connect (OIDC) user registry; see Creating an OIDC user registry.
- All of the advanced aggregation modules;
- Ability to identify the realm parameter when logging in as a consumer to the toolkit CLI
- You can now find out which realm parameter you need to use when logging in to the Developer Portal with
the toolkit CLI, by
running the following
command:
For more information, see Logging in as a consumer to the Developer Portal by using the CLI.apic identity-providers:list --server consumer_endpoint_api --mode consumer --catalog catalog_name_or_id --org <provider_org_name_or_id> --fields registry_type,realm
- Ability to configure the analytics chart views in the Developer Portal
- You can now configure which analytics charts of API data are displayed to API consumers in the
Developer Portal.
Previously, if access to analytics data is granted, API consumers see all of the default charts of
application and organization analytics data, including API statistics, response times, and error
information. Now, you can configure which charts are displayed to your API consumers, by using the
menu in the Developer Portal
UI.
For more information, see Configuring analytics in the developer portal.
What's new for DevOps
- Local and SFTP management database backup not available in v10.0.7.0
- In v10.0.7.0, the management database can be backed up to an S3 object-store only. Support for
SFTP and local backups will be provided in a future v10.0.x release. If you are on v10.0.6.0 and using SFTP or local backups for your management database, then to upgrade to v10.0.7.0 you have two options:
- Update your management database backup configuration to use an S3 object-store before you start the upgrade process.
- Enable an opt-out setting to allow upgrade to v10.0.7.0 without management database backups configured.
For more information, see the upgrade steps for your platform: - New analytics deployment profile
- A new analytics profile is available on all platforms: n3xc4.m32. Use this profile instead of the existing n3xc4.m16 profile if you have a high analytics load, since the 16 Mi of memory in the
n3c4.m16
profile can be insufficient. - Updates to analytics deployment profile storage and ingestion pods
- The memory requests and limits of the storage pods is reduced for the following profiles:
n1xc6.m48
: Reduced from 38 Gi to 37 Gi.n3xc6.m48
: Reduced from 38 Gi to 37 Gi for shared storage, and from 36 Gi to 35 Gi for dedicated storage.n3xc8.m64
: Reduced from 54 Gi to 53 Gi for shared storage, and from 50 Gi to 49 Gi for dedicated storage.
- Analytics ingestion resiliency
- Analytics persistent queue feature updated for better resiliency when both internal storage and offload is configured. The offload processes are now separated from the internal storage processes.
- Replacement of management database operator
- New Postgres operator on the management component: EDB.
EDB replaces the previous Postgres operator Crunchy.
The change to EDB results in some changes to the procedures for:- Install.
- Upgrade.
- Backup, restore, and disaster recovery.
- Form factor migration.
- Two data center disaster recovery.
- Management database maintenance and monitoring.
- Analytics persistent queue is enabled by default
- The persistent queue feature is enabled by default on new v10.0.7.0 installations. If you are upgrading from v10.0.5.x or v10.0.6.0, the feature is automatically enabled during upgrade.
- Cloud Pak endpoints are deprecated for API Connect
- Beginning with version 10.0.7.0, API Connect no longer uses the Cloud Pak
cpd
routes for endpoints when deployed as a component of Cloud Pak for Integration. Instead, the component uses the typical default API Connect routes (or the custom endpoints configured in the CR). This change affects both new installations and upgrades from previous versions of the API Connect component in Cloud Pak for Integration.If you want to deploy the API Connect component with Cloud Pak endpoints, or you need to preserve your existing endpoints (for example, to support existing bookmarks and automation features), you can enable the use of Cloud Pak endpoints when installing or upgrading the API Connect component in Cloud Pak for Integration 2023.4.1 or later. For more information, see Deploying on OpenShift and Cloud Pak for Integration or Upgrading on OpenShift and Cloud Pak for Integration.
- Technical Preview: New API Connect Config Sync utility to replicate consumer-side catalog data
- API Connect Config Sync is a utility that can be run either as a standalone binary, or as part of
a Kubernetes cronjob to facilitate the unidirectional replication of consumer-side data (consumer
organizations, members, apps, subscriptions, credentials) from a catalog in a source API Connect
cluster to a corresponding catalog in a separate, target API Connect cluster.
For more information, see Using API Connect Config Sync to replicate consumer-side catalog data.
- VMware: New apicup command to get node status from your local machine
- The new
apicup subsys status
command can be run locally to get a node's status without requiring you to first SSH into the node. - Cert-manager upgraded to version 1.11.5
- API Connect 10.0.7.0 uses cert-manager 1.11.5. If your environment requires a manual installation or upgrade of cert-manager, the instructions are included as part of the API Connect installation and upgrade procedures.
- Update to enabling API governance on VMware
- Previously, you had to enable the API
governance microservice by
updating an extra-values file. Now you can enable the microservice by running the following
command:
Whereapicup subsys set mgmt_subsystem_name governance-enabled=true
mgmt_subsystem_name
is the name of the management subsystem that you are configuring.The governance microservice is set to
false
by default. - Updates to the Developer Portal local backup process
- The Developer Portal now
displays local backups, as well as remote backups, when the following command is
run:
Previously, local backups were visible only inside the portal pod.kubectl get portalbackup
Note that the Developer Portal retains only three system backups, and three backups per site, for local backups. Running a new local backup will cause the oldest backup to be deleted.
- Enhancements to the Developer Portal caching process
- The Developer Portal now has enhanced in-memory caching, which increases the speed of the page accesses for the Developer Portal web sites. This improved site performance is particularly helpful for long running administrative tasks, such as enabling and disabling modules. However, it is possible to disable these enhancements if required; see Enabling Developer Portal feature flags on Kubernetes, Enabling Developer Portal feature flags on OpenShift and Cloud Pak for Integration, or Enabling Developer Portal feature flags on VMware for information.
- New backup, restore, and disaster recovery documentation
- For Kubernetes, OpenShift, and Cloud Pak for Integration, the disaster recovery section
is merged with the backup and restore section, and the requirement to backup the subsystem YAML
files and Kubernetes secrets is more prominent. See Backing up,
restoring, and disaster recovery.
For VMware, there is a new management subsystem backup section for v10.0.7.0. See Backing up and restoring the management subsystem.
- Upgrade improvements
- Updates to the analytics microservices are redesigned, leading to reduced downtime during upgrades.
What's new for security practitioners
- Support for new OIDC protocol in LinkedIn
- If you create a user registry for API Connect using LinkedIn as your OIDC provider, note that LinkedIn updated their OIDC protocol. The changes affect how you configure the OIDC registry in API Connect, and are explained in Creating an OIDC user registry in API Manager and Configuring an OIDC user registry in Cloud Manager.
- LDAP updates
- The UI for creating an LDAP registry now provides options for specifying the scope for "Search DN" (subtree, one level, and base) as you can in the CLI.
- You can now specify whether your LDAP is Microsoft Active Directory in the UI and with the CLI, to ensure that the directory is handled correctly in API Connect.
- API key now supports multiple uses
- When defining the API key timeout in Cloud Manager, you can additionally choose whether to allow an application to exchange the API key for an access token multiple times. For more information, see Configuring API key settings.
- OpenShift: Support for FIPS configuration on the API Connect cluster
- For new deployments, you can configure support for the Federal Information Processing Standards (FIPS) protocol on the cluster. You must configure FIPS support before installing the OpenShift cluster. For more information, see Configuring FIPS support.
- Cloud Pak for Integration replaces IAM with Keycloak as the OIDC provider and user accounts might require updates
-
Starting with 2023.4 (API Connect 10.0.7.0), Cloud Pak for Integration uses Keycloak as an OIDC provider to authenticate users instead of IAM (Identity and Access Management). Due to differences in how Keycloak and IAM treat user names, you might need to manually merge duplicate user accounts to ensure users can log in after the upgrade. For more information, see Resolving duplicate users before upgrading on Cloud Pak for Integration.