API Platform 4.3.4.0
Bug fixes
-
When a new API Revision was created, an issue with the Swagger editor was leading to undue modifications in the code, with information loss. Now, only what is explicitly changed in the Revision is modified in the Swagger file.
-
When a call was made using the Internal API Call interceptor (used to invoke an internal API), the internal call’s HTTP method was emulating the original call’s method. Now, the internal call is properly following the method registered in the "Operation" field of the interceptor’s settings. In addition, the interceptor was treating informed headers case-sensitively, and that has also been fixed.
-
If a user tried to generate an access token through the Password Flow of an OAuth Interceptor using an API with no connection to an API Identity, the return would be a 400 status code and an error message that did not fit the problem. We changed the status code to 401 and added a message informing the user that a token can only be generated through the Password flow by using an API Identity. We also adjusted the documentation to make this behaviour clear.
-
The APIs list wasn’t completely obeying ordering filters.
-
When an app’s extraInfo was changed using a Custom JavaScript interceptor with the method
$call.app.extraInfo
, the change was valid not only in the context of the call, but within the application’s scope (that is, the change remained in following calls that retrieved the extraInfo value). Now, the change will be restricted to the context of the call, without modifying the app’s data on the Manager.
-
If an API’s flow contained a JWT Validation interceptor configured without the encryption option flagged ("Use JWE-JSON Web Encryption") and if there was a call to this API with an encrypted JWT token, an error was returned with a 500 status code (server error). The status code was changed to 401 (Unauthorized).
-
An issue was preventing an API from being detached from an API Identity (even after the link’s removal, a token could still be generated for the API). This was fixed and now both can follow their own ways (George Michael would be glad).
-
The field "URI" on the Trace pages was exhibiting improper values because of the method used to return an address (when there were multiple URLs in a JSON, the first one was returned and exhibited in the field). This led to some confusion, making it seem that the Trace feature could be mixing different APIs (which was not the case). We changed the method and the field now shows the correct value.
-
When an API’s visibility option was changed, this modification was not reflected on the Manager, which led to unwanted behaviour (such as the impossibility of deleting the owner of an API).
-
There was no warning when a user tried to deleted an environment with at least one API. We added a message and the user has to confirm the deletion.
-
Searches with the character
/
on the APIs screen were retuning an error.
-
Users who were not Super Admin couldn’t create API Identities.
-
We added a warning message when users try to use unsupported characters on the login page (such as blank spaces).
-
In some cases, the environment visibility and deployment permissions weren’t treated independently (and so a modification on just one of them was not maintained).
-
The export feature for the General Trace through the download of a JSON file was broken.
-
An API’s screen allows searching for users and/or teams in order to select who is responsible for an API, but the Manager was only showing 10 query results. Now, all active users (that is, not blocked) and existing teams are shown and can be selected.
-
On the modal window where you can create a new user, you could type in an email address including capital letters, but that led to an unspecified error (without clear warning). Now, it’s no longer possible to include capital letters — the Manager automatically turns them into small caps.
-
We have included in the documentation the information that it is not possible to use the Internal API Call interceptor to invoke an API deployed in an environment other than the source API.
-
We fixed an issue related to opening connections that was leading to inconsistency on the Manager.
-
[Connectors] Calls using connectors were returning errors if a JWT was informed in the
Authorization
header.
-
[Connectors] The section "Docker Run" (
) didn’t contain the info "SERVER_PORT", which was added.
-
[Connectors] There was an issue related to searches by keyword in the database when an operation was created from a connector.
-
At last, some fixes are meant to satisfy those that care about grammatical and aesthetic issues:
-
the validation message exhibited when a user chose to delete an environment linked to a connector wasn’t clear and has been adjusted;
-
the values displayed on the modal window where you can import maps (in Environments) were breaking when too long (now they have line breaks);
-
when a connector that was not working was selected, the front end showed an error icon but there was no message (it was added);
-
long names without spaces between words were exhibited without line breaks on the Audit screen;
-
long API names were exhibited without line breaks and were making it hard to see APIs on List mode.
-
Improvements
-
The process of configuring API flows is more friendly now (you can see the new screens here). We applied these changes:
-
the screen now shows the descriptions of the resource and operation being configured, or the information that the settings will be applied to all resources and/or operations;
-
an API’s name and Revision are shown on the screen, above the fields to select the resource and operation.
-
-
We improved the Manager API:
-
we added the parameter
operation_id
for the endpoint/metrics/health
to allow looking up information regarding just one operation; -
we added the PATCH method for
developers/{login}
, and it allows altering Developers fields individually.
-
-
We added a sysconfig option to set up the minimum password length allowed to log in to the Manager.
-
We created a scenario validation based on TimeStamps to prevent outdated scenarios from being consumed.
-
It’s now possible to send data about origin certificates via header in mTLS connections. When this is enabled, these are the pieces of information sent:
By
,Hash
,Cert
,Chain
,Subject
,URI
, andDNS
. See more about it here.
-
[Connectors] We have implemented a new rule for Connectors: all new connectors are to be release as Beta and will be upgraded to a stable version after a maturation period.
-
The link to access our products' Online Help was updated to Sensedia Docs (this website!).
Compatibility Matrix
Sensedia API Platform is comprised of several components. Release 4.3.4.0 is formed by:
Application | Module | Version |
---|---|---|
API Platform |
API Gateway |
4.3.6.0 |
API Platform |
API Manager |
4.3.4.0 |
API Platform |
API Manager Front |
4.3.4.0 |
API Platform |
Platform Elasticsearch Templates |
Master |
API Platform |
API Authorization |
4.1.2.0 |
API Platform |
API Metrics |
4.2.1.0 |
API Platform |
Connector Manager |
4.2.0.0 |
Connector |
Connector-db-postgres-9.4 |
4.1.0.0-BETA |
Share your suggestions with us!
Click here and then [+ Submit idea]