API Management v5

In February, we adjusted the behavior of the SQL Threat Protection interceptor to handle reserved words with URL-encoded characters. This change introduced an inconsistency, causing the interceptor to incorrectly block certain terms. Therefore, we have rolled back the regex to the previous configuration and are continuing to work on resolving the initial issue.

We fixed the error in the API Destination modal that ignored the cancel changes action and applied them anyway.

We fixed an error in which testing the connection of a connector without filling in the port field resulted in a console error on the frontend.

You can now configure custom traffic restrictions based on a specific header, addressing regulatory needs for Open Finance APIs.

We fixed the custom search function of General Trace to allow searching by terms present in the request body.

We have implemented logic to restrict API revision edits by users outside the deployment context. This feature aims to prevent unwanted changes in production environments.

We adjusted the regex in the Json Threat Protection interceptor to support attributes with high values, preventing stack overflow errors.

We fixed the issue preventing the list of Access Tokens from loading due to the massive number of keys.

We have increased the character limit of the JWT code to 7500. The total size limit of the header is 8 KB.

We fixed the issue where the execution flow of the Java custom interceptor was not correctly interrupted when an error occurred.

We corrected the error in the General Trace query, which failed to consider the selected date in the filter and consistently searched within the last 7 days.

We fixed the log interceptor to interpret and display body content as received via content-type in the content-type: application/problem+json header.

We adjusted the gateway to resolve env vars configured in the body of the Internal API Call interceptor.

We have corrected the error that inverted the parameters in the General Trace listing when using the Internal API Call interceptor.

Azure SQL

We upgraded the platform’s MySQL systems to version 8.

We added a user permission validation to the PUT /revisions/:id route to ensure consistency with API visibility.

We adjusted the General Trace to show request data sorted from the most recent to oldest.

We enhanced the experience of APPs and Access Tokens to allow opening cards in a new tab or window and keep search results.
In the card title, you can trigger the function in 4 ways:

We fixed the issue that was preventing the SQL Threat Protection interceptor from blocking a reserved word after the combination of characters %28 in URL encoded.

We adjusted the api-gateway to detect the source port of requests through the x-forwarded-origin header. This update aims to comply with Open Insurance regulatory requirements.

Progress

We optimized the APPs editing flow to reduce processing time and prevent timeouts.

We fixed the error causing a 500 return after executing the OAuth 2.0 interceptor.

Users, teams, roles and permissions are now managed via Access Control.

We have made the API OAuth available for support and customization.

We have discontinued the old functionality of Notification. If you need to configure alerts from Management actions, we have Flexible Actions.