Skip to main content

Version 2025.11.0

FEATURED NEW FEATURE Release Date: November 21, 2025
  • Angular version used in Api Manager and API Portal applications has been upgraded to Angular 19 and all screens have been reviewed.
  • Elasticsearch 8.17.x version support has been enabled in Api Manager and API Worker applications.
  • Almost all functionality that can be done with Api Manager can now be done with Management APIs, and all documentation has been renewed. See.
NEW FEATURE

  • Access Methods for API Proxy or API Proxy Groups Enriched

Clients can now access API Proxy or API Proxy Group addresses with multiple “Relative Path”s or with Hostname without giving any “Relative Path”, while they could previously access through a single “Relative Path”. See.

  • Environment Variable Feature Added

A value belonging to an entity can now take environment-specific values in different environments. For example, username and password fields in database connection can now be run environment-specifically without entering test and prod environment-specific values and without needing to define separate connections. See.

  • OIDC Policy Added

OIDC operations that could be done with Script Policy in the existing system can now be done directly as Policy. See.

  • WS-Security Policies Divided into Sub-Policies

WS-Security timestamp, username-password, encryption, sign, decryption, and sign validation operations that could previously be done with a single policy have each been made into separate policies. Timestamp Policy: Standalone Timestamp addition support has been added to WS-Security policies. Timestamp is added to SOAP messages to control the message’s validity period. See. WS-Security Username Policy: Standalone Username addition support has been added to WS-Security policies. Username and password information can now be securely carried in SOAP messages. See. WS-Security Encrypt Policy: Standalone Encrypt capability support has been added to WS-Security policies. Data privacy is increased by enabling encryption of SOAP message content. See. WS-Security Decrypt Policy: Standalone Decrypt capability support has been added to WS-Security policies. Decryption of encrypted SOAP messages and secure processing is supported. See. WS-Security Sign Validation Policy: Standalone Sign Validation capability support has been added to WS-Security policies. Message integrity and authentication are provided by enabling validation of SOAP messages. See.

  • WS-Security Policies Usage at Group Level

WS-Security policies can now be defined at Policy Groups level. See.

  • Method-Based “Size” Report in Analytics Module

API request and response sizes can now be analyzed in detail according to HTTP methods with the Method-Based Size Report added to the Analytics module. See.

  • Request/Response Size Fields Added to Analytics Reports

Request Size and Response Size metrics have been added to report pages in the Analytics module.

  • FTP Connection Integration Added

FTP Connection support has been added to the system infrastructure. See.

  • ”Read” and “List” Functions Added to FTP Connector

FTP Connector now supports file reading (Read) and listing (List) operations. See Read See List

  • Encoding Support Expanded for Server-Sent Event (SSE) Type Responses

Responses can now be processed even when they come with gzip, zstd, compress, and deflate encoding.

  • ”Environment Variable” Support Added to Upstream Routing Addresses

Addresses added in Upstream Routing can now be selected via “Environment Variable”, enabling them to work with their environment value when export/import operations are performed. See.

  • New Management API Endpoints Added

A total of 107 Management API Endpoints with 163 different feature configurations have been opened for service. See.

  • Asynchronous Operations Thread Pool Support Added to Environments

Asynchronous operations performed in environments can now be managed by a separate thread pool and configured with parameters. See.

  • Kafka Authentication Improvements

SASL/PLAIN and SASL/SCRAM authentication mechanisms have been added to Kafka.

  • Category-Based API Product Listing in API Portal

API Products on API Portal are now dynamically listed according to categories, and products belonging to the relevant category are automatically displayed on the API Product detail page. Categories are presented in tree structure on the API Product List screen; when a user clicks on a category, only API Products belonging to that category are listed. See.

  • Document Addition Support for API Portal API Products

Document addition to API Products has been enabled on both API Manager and Portal sides. Users can create one or more documents for each API Product; these documents can be uploaded and edited as Markdown (.md) or HTML format files. See.

  • API Portal API Product Visibility and Plan Management Support

Visibility and subscription plan (Plan) management of API Products has been centralized on both API Manager and Portal sides. With this feature, access level (Public, Private, Restricted) of each API Product can be determined, and subscription plans specific to different user groups can be defined, and who can see APIs and under what conditions they can be accessed can be flexibly controlled. See.

  • Multi-Language Support Added to API Portal Settings

Multi-language support has been added to the Portal Settings screen. Portal interface language, contents, and system messages can now be managed in multiple languages. See.

  • TR/EN Support for API Portal API Product Documentation Tab

The Document tab on the API Product page now supports creating Turkish and English content. See.

  • ”Code Samples” for API Portal Endpoints

A Code Samples section with multi-language support has been added to endpoint detail pages on API Portal. See.

  • API Portal English Content Fields

Special fields have been defined for English page contents on API Portal. Thus, title, description, and text contents of each page can be entered separately in multiple languages and managed through the Portal interface. See.

  • OpenAPI Addition Support for API Portal

The feature to directly add OpenAPI documents through API Portal has been enabled. Users can directly upload OpenAPI documents or automatically associate them from an external source using direct API Spec or External Spec options after selecting API Proxy and API Proxy Group. See.

  • Customization of API Portal Login Emails

Emails sent during login to API Portal can now be customized according to corporate requirements. See. IMPORTANT CHANGES AND IMPROVEMENTS
  • Operations performed on the Gateway Environments page have been made more controlled due to their system-wide impact, with each operation’s function and effect explained to the user, and an additional approval mechanism added for critical actions. In the approval process, the user is required to manually enter the relevant Gateway name before the operation is performed.
  • Error code colors on API Traffic and Trace screens have been made consistent with each other and within themselves, and a standard color palette has been applied for all error codes, increasing visual harmony and readability.
  • Texts in the Log Connection field have been improved for readability.
  • New WS-Security policies have been added to the response pipeline. These policies have been integrated into the section where existing JOSE policies are located. Also, the existing ws-sec-from-target policy has been moved to the area where JOSE policies are located in the response pipeline.
  • WS Security From Target policy can now be applied not only in the response pipeline but also in the request pipeline.
  • With the update made on the Management API side, the relativePath field used in API Proxy and Proxy Group objects has been removed and replaced with the ClientRoute object, which manages routing and access information more comprehensively.
  • Key Value Map feature has been renamed as Environment Variable. According to the new positioning:
  • It is located under Project menu → Development > Global Settings.
  • It is displayed under Admin menu → Environments.
  • Project Relative Path update operation has been separated from the existing flow and made an independent operation. Thus, only relative path changes are managed with a separate control and approval process, isolated from other project settings, reducing error risk.
  • Relative-path-exist check has been removed, and the path validation and creation process has been reorganized with a new algorithm. In this context, all /api-proxies/relative-path-exist calls on the screen have been removed; path operations are now automatically executed through the updated internal algorithm.
  • In the API Integration General Settings section, only the “Define API Integration (Task Flow) Module information” field is now present, and only Server URL information can be entered from here.
  • The previously existing distinction “Kubernetes managed by Apinizer / managed by organization” has been removed.
  • When server access cannot be established, it is clearly stated that certain operations cannot be performed, and appropriate warning messages are shown to the user.
  • API Portal top menu bar has been moved to the left.
  • Access to API Portal API cards could previously only be done by clicking on the text; now access can be done by clicking on the entire box.
  • An indicator showing which document you are in has been added to the API Product Documentation tab; when Empty is selected while creating a new document, it is now added as HTML instead of Markdown; category field has been made mandatory when API Product is first created.
  • A new tab called “Danger Zone” has been added to the API Product screen. In this tab, critical operations such as permanent deletion of the API are managed in a controlled manner.
  • Label and category fields have been added to the API Portal - FAQ section; thus, FAQ contents are classified, making search and filtering operations easier.
  • API Product Publish operation has been improved, making the publishing process more traceable and secure.
  • Google SEO settings section has been added to the API Portal Settings screen, making search engine visibility and meta tag management of the portal configurable.
  • A confirmation step has been added to the API Portal logout button to prevent user errors. When the logout operation is initiated, a confirmation window is shown to the user asking “Are you sure you want to close the session?”
  • A “Close” button has been added to the application addition window (dialog) on API Portal, improving user experience.
  • Broken dialog display in the application addition step within API Product has been fixed, and window alignment and style structure have been reorganized.
  • Filtering has been arranged so that only published products are displayed on API Portal; unpublished products are now not displayed at all on the portal.
With the new version, the apimanager image name should be used for the Apinizer Manager module. The old image name (manager) is not supported within the scope of updates.
With the new version, the Access URL information belonging to the Integration module that will be accessed by Manager must be entered from the General Settings page, not from the Kubernetes Resources page. This method is now officially supported. After transitioning to this version, this setting must be entered manually for the integration to work properly.
In the Create/Update API Proxy APIs, the clientRoute field has been introduced instead of the relativePath field. Those using Proxy management APIs in CI/CD processes should pay attention to this field.See
BUG FIXES APNZ-5030 : On the Token log screen, when transitioning from a record with response body content to a record without content, the previous record’s data continued to be displayed; this situation has been fixed, and data belonging to the current record is now shown correctly. APNZ-4867 : On the API Analytics screen, when wide date ranges are selected, data comes incorrectly in the “Most Active 10 Clients” graph. APNZ-5001 : Search function does not work in the selection window in the Variable / Context Values field, and screen components are not displayed correctly. APNZ-5055 : In the confirmation window shown during proxy deletion operation on the Proxy Group screen, {{id}} expression is displayed instead of proxy name. APNZ-5056 : On the Proxy Group screen, when multiple API Proxies are added quickly, the same proxy can be listed multiple times. Requests conflict and duplicate records can occur because the add button remains active before operations complete in the background. APNZ-5117 : In Traffic & Time Metrics reports, when Excel export is taken by selecting a project, all projects are exported instead of only the selected project. APNZ-5229 : When the pagination component opens in the Project selection field, it is displayed within the list. APNZ-5230 : JavaScript components on the IP Groups screen do not become active with page load; they only start working after user interaction. APNZ-5321 : When a policy in the All tab on the API Proxy screen is deleted, and then Proxy Key is changed, when the page is refreshed, the deleted policy is seen to be listed again. Policy deletion operation is not permanently applied after proxy key change. APNZ-5332 : In newly added WSDL API Proxies, the XML Error Template field in the Settings tab comes closed by default. Therefore, error messages are not published in Apinizer’s standard output format; when XML Error Template is opened, the Content-Type field comes empty; in this case, error output cannot be created in the correct format. The field should come automatically with text/xml;charset=utf-8 value but returns empty. APNZ-5333 : Requests saved through Test Console in SOAP type APIs cannot be viewed again. APNZ-5222 : Environment list is not displayed in the Try It field on the Script2API screen. APNZ-5340 : Loading of files other than Cities is not prevented on the IP Geolocation screen. An informative warning message is not shown to the user in case of wrong file loading. APNZ-5192 : After deployment names are updated, sections belonging to Manager and Portal components on the Kubernetes Resources page become non-functional, and relevant pod lists cannot be displayed. APNZ-5265 : Menu components on the table on the Admin → Analytic → API Traffic page open on top of each other, causing display corruption. The same problem is also observed on the Development → API Proxies → API Traffic screen. Also, when the number of items (25, 50, etc.) is changed through the paginator at the bottom of the page, the table continues to show only 10 records each time; the item count change is not reflected in the list. APNZ-5274 : Access to the Support Package Request page cannot be established. java.lang.IllegalArgumentException: Id must not be null! error is received in application logs. APNZ-5233 : Definition files on Apinizer can be accessed with all HTTP methods (POST, PUT, DELETE, etc.); this access should be limited to GET method only. APNZ-5286 : When a Policy Group containing a JWT policy is added to an API Proxy using JWT authentication method, the existing JWT configuration defined in the proxy is deleted. APNZ-5254 : In an API Proxy with Swagger documentation and JWT Authentication structure, when method-based authentication policies are defined, endpoint-based authentication policies are lost when the proxy is duplicated or reparse operation is performed. APNZ-5297 : When Test Endpoint is run for the first time on API Proxy and Test Console screens, body content does not load; when the screen is closed and reopened, content is displayed correctly. Query parameters defined on the Test Console screen are not reflected in the generated cURL output. APNZ-5298 : On the Kubernetes Resources → Deployment & Services screen, the Node List field is shown as a required field in the user interface even though it is not required. APNZ-5299 : On the Gateway Environment screen, items in Unpublished status are incorrectly displayed in blue color; in this case, the visual status of items is not correctly reflected. APNZ-5301 : The Date Picker component used on the Report Generator screen looks different from the design on other pages and creates an inconsistent user experience. The warning icon on the same screen is not aligned in the center of the colored background it is on; the icon appears visually shifted upward. APNZ-5302 : Selection fields on the Method Settings screen of SOAP type API Proxies are positioned very close to each other, and alignment and spacing look irregular. APNZ-5309 : On the Connection Management → E-Mail → Project All screen, all records are listed regardless of which project the user selects; checkbox selection is non-functional. APNZ-5342 : Logs on the Application Logs page do not come sorted from newest to oldest. APNZ-5346 : On the API Proxy “Develop” tab, the selected HTTP method (GET, POST, etc.) is not indicated as selected. APNZ-5337 : When Key Stores are created, after the save operation, the user is directly redirected to the list screen, and deploy status information is not displayed on the screen. After the “Save and Deploy” operation on the Key Stores screen, it returns to the list screen without showing which pods were deployed to. APNZ-5349 : Import operation cannot be performed in both Proxy and Policies sections in WS Security configurations. APNZ-5352 : “Stop” option should not be displayed in Redaction policies. APNZ-5359 : In WS Security policies, only KeyStore records in the project and global should be selectable; records in other projects should not be selectable. APNZ-5353 : “Redact By” field is not displayed in the interface in Redaction policies. APNZ-5373 : On the Monitoring → Uptime Monitor screen, after a new Notification is added and saved and re-entered, the Apply button only activates if a change is made in the name field. APNZ-5389: Race condition situation that occurs when parse with wsdl is selected in XML Schema Validation policy should be fixed. APNZ-5391: “Condition” values added to Rate Limit Control List settings are lost when saved. APNZ-5065: gRPC type API Proxy does not work when API Root Context is defined. APNZ-5463 : Error is received when many Credentials are used on the RLCL screen. APNZ-5218 : In the JSON signing step on API Portal, the “Sign” button does not become active even though required fields are filled. APNZ-5227 : When switching between tabs on the Portal Test screen, updates made, for example, in the Body tab are lost when switching to the Headers tab and returning. APNZ-5228 : Portal main page opens in English by default; TR-ENG language selector does not work properly after version transition. Language change only becomes active when navigating to the APIs page and clicking the TR button. APNZ-5244 : When the same API Product is opened to multiple organizations, since only the user’s own organization can be assigned to the user on the portal side, the system tries to validate all visibility organizations and access is incorrectly restricted.

Version 2025.07.0

Release Date: July 24, 2025 FEATURED NEW FEATURE

  • Active-Active Multi-Region Support

High availability and regional load distribution support with Active-Active architecture has been added in Kubernetes clusters in multiple locations. See.

  • Server Side Streaming Support

Server Side Streaming feature that provides continuous data flow from server to client has been added. See.
When SSE feature is enabled, connection pool and retry mechanisms are disabled. Also, partial data sent in the response pipeline is not recorded and cannot be displayed in log traffic.
NEW FEATURE

  • WebSocket and HTTP Same Port Operation Support

WebSocket and HTTP protocols can now run simultaneously on the same port. See.
Previously WebSocket ran on a different port. Now both HTTP and WebSocket will serve on port 8091.

  • WebLogic JMS Connection Support

WebLogic JMS (Java Message Service) connection support has been added using Script policy.

  • Cache Performance Tuning Parameters Added

New configuration parameters have been added for Cache performance settings. See.

  • API Traffic: New Search Fields Added

In API traffic, the ability to search through ‘To Backend API Body’ and ‘From Backend API Body’ fields has been added to the basic search screen. See.

  • Selective Activation of WS-A and WS-RM Settings

Even if WS-A and WS-RM are defined within WSDL, these settings can now be manually selected and activated from the screen.

  • Disable Ssl Validation Field Added to Routing Tab

A Disable Ssl Validation field has been added to the Routing tab to disable SSL verification. See.
When this feature is enabled, the following SSL/TLS verification errors are ignored
  • Self-signed certificates: Connection is allowed even if the certificate is not signed by a known authority.
  • Expired certificates: Connection is established even if the certificate has expired.
  • Invalid hostname: Certificate is accepted even if it does not match the target domain.
  • Untrusted CA: Verification is not performed even if the certificate is from an untrusted or unknown certificate authority.
  • Invalid certificate chain: Connection can be established even if there is a deficiency or corruption in the certificate chain.
IMPORTANT CHANGES AND IMPROVEMENTS
  • Content can now be copied in read-only view in Script policies.
  • Field updates made in Throttling and Quota policies have been integrated into Management API.
  • Controls and improvements have been added for null value scenarios that may occur in Condition Rules.
  • Cache TTL settings have been improved for Circuit Breaker, Client Banner, and API Proxy (Response, Group Response, Endpoint Response).
  • A setting has been added to Client Banner policies that determines whether to give an error when identity is not found.
  • Cache health check queries now also check cache cluster status.
  • Multipart Form Data is partially reflected in API traffic, excluding file content.
  • Configuration parameters related to WebSocket have been arranged.
  • Some issues in WebSocket routing processes have been resolved.
  • routingRetryCount and routingFailoverCount information are now also included in API traffic JSON logs.
  • In connector log settings defined in Environment, the unit of message body truncation operation has been changed from KB to character count.
  • Policy-related information has been added to the Trace tab.
  • Database backup screen in Apinizer Manager interface has been deprecated.
  • When mTLS is used during routing, not only the truststore specifically selected for the relevant routing but also other existing certificates defined in Apinizer can now be used.
  • Even if mTLS is not used in WebSocket routing operations, existing certificates defined in Apinizer can now be used by default.
  • Display in traffic screen for spec accesses has been changed to ‘apinizer://spec/’.
  • Error that occurs when keystore or truststore is not found in environment in routing mTLS settings has been detailed.
  • In SOAP services, another SOAP API proxy service can now be defined under sub-location.
  • http2Enabled parameter has been added to prevent connection issues for websocket when Gateway type is used as HTTP+WebSocket.
  • Policies named WS-Security-To-Target and WS-Security-From-Target have been made available under Global Policies.
  • Image published as apinizercloud/portal on Docker Hub is now published as apinizercloud/apiportal.
With the new version, the apiportal image name should be used for the Apinizer Portal module. The old image name (portal) is not supported within the scope of updates.
BUG FIXES APNZ-5090 : Automatic creation of policy_group collection that does not occur during transition to 2025.04.X versions has been enabled. APNZ-5062 : When authorized and request is sent on Portal, header information is now sent in the desired value instead of fixed “Authorization”. APNZ-5053 : In routing operations, root context is now deleted only where it first appears in the path. APNZ-4936 : In Client Traffic & Time Metrics reports, request count coming to reverse proxy shows 0. APNZ-4918 : Extra enter character issue in SIEM logs APNZ-4914 : Continuous error throwing when entering API Proxy Group page APNZ-4984 : JWT and OAuth2 authentication methods should not be added for WebSocket and gRPC. APNZ-4988 : When JWT token is obtained, wrong error message is given if user is not in ACL list. APNZ-3907 : When routing address is changed to SOAP 1.2 after adding a SOAP 1.1 type service, routing address may disappear in API documentation created in Apinizer. APNZ-4541 : If LDAP user or group is defined, these authorizations are deleted when project name is changed. APNZ-4835 : Rest2Soap transformation policy enumeration definitions are not processed and converted correctly as enum. APNZ-4550 : In Rest2Soap, XSD schemas are not reflected in OpenAPI output. APNZ-4280 : Since Rest2Soap cannot resolve the input schema of some methods, body appears only as <string> in OpenAPI output. APNZ-5007 : On the Token Request page, even though multiple environments are defined, only the first defined environment is displayed. APNZ-5014 : Cache connection does not consider tuneCacheConnectionPoolMaxConnectionTotal value; connection pool count works differently independently of cache configuration. APNZ-5024 : In XPath and JSONPath expressions, empty string ("") is returned instead of null when path is not found. APNZ-5032 : Login requests made with empty username or password on Manager login page should not be forwarded to backend. APNZ-5033 : When multipart form request is sent, default Content-Type value should be set as UTF-8. APNZ-5038 : Token cannot be obtained when grant_type is set as password in proxy group. APNZ-5054 : Rest2Soap’s inability to transform paths for Array types. APNZ-5052 : “Disable Try It” setting on Portal does not work correctly. APNZ-5078 : After project relative path change, associated proxy groups become non-functional. APNZ-4837 : In Rest2Soap transformation, even if “unwrap body” option is active in response, it is not reflected in the show example section. APNZ-5066 : When there are / characters in routing expression, these characters are duplicated and added extra during routing. APNZ-5068 : If there is a / character in API proxy relative path and ( or ) characters are found before or after it, deploy operation cannot be performed. APNZ-5073 : In JWT and OAuth2 policies, accepted audience information created for “policy group” is incorrectly generated. APNZ-5079 : When server stream is enabled, issues occur in form data sending and log display. APNZ-5080 : When Keystore JKS is updated, JKS data does not change. APNZ-5082 : When multi-region cluster installation is done, cluster cannot select the cache address it will use. APNZ-5105 : During async API call and script execution, null error can be received because context content is not read-only. APNZ-5102 : When deployment is saved in Environment, access URLs defined in Management API settings are deleted. APNZ-5111 : When server side enabled setting is open, POST type empty message request cannot be sent through reverse proxy. APNZ-5114 : Errors occur in some proxies when project is imported. APNZ-5118 : Environment type should not be changed. APNZ-5125 : In new environments, WebSocket works even when only HTTP type is opened. APNZ-5138 : Value of enum expressions on Query editor screen does not come. APNZ-5131 : Cache receives error during version transition.
Since Hazelcast version has changed, synchronization may not be achieved with existing cache pods. Therefore, all cache pods should first be closed by scaling scale=0, then restarted.
APNZ-5138 : ‘required’ fields should be removed in ‘Create JSON Schema’ operation in Data Operations section. APNZ-4901 : Metrics on Kubernetes Resources page can be displayed up to a maximum of 1.5 hours ago, independently of filter. APNZ-4598 : When a user authorized from LDAP group does not have admin authority, user is logged out due to history tab on some proxies. APNZ-5151 : Authorization-related interface logout issue in Collection field on Test Console.

Version 2025.04.0

Release Date: April 16, 2025 NEW FEATURE

  • Client Ban Support

Client Ban Policy has been created for client identity-based access control. The old simple version in the Routing tab has been removed. See.

  • Rate Limit Control List Module

A new module has been developed to allow users to set access amounts in bulk to facilitate Rate Limit management. A new field named “external” has been added to Credentials for organizations that do not manage Credentials through Apinizer. See.

  • OIDC/OAuth2 Callback URL Support

Callback URL definition support has been added for OIDC/OAuth2 integrations. IMPORTANT CHANGES AND IMPROVEMENTS
  • New additions made for API Based Throttling and API Based Quota fields have been included in Management API.
  • Variables in Script policy for WebSocket and gRPC have been updated to show only those for returning error messages and context variables.
  • “Metric Start” parameter that enables Prometheus metrics has been updated to be taken from environment variable.
  • Ability to add values with regex to target value in API Based Throttling and API Based Quota definitions has been enabled.
  • Rate limit statistics can now be returned via response header for API Based Throttling, API Based Quota, Client Based Throttling, Client Based Quota, and Rate Limit Control List policies.
  • WWW-Authenticate header returned when Authentication fails can now be deleted in the error pipeline.
  • When Variable type is defined as “custom”, initial value assignment can now be given with script.
  • Script policies can now also be executed for WebSocket and gRPC protocols.
  • Support for adding detailed target values list has been enabled in API Based Throttling and API Based Quota definitions.
  • A section where Kubernetes annotations management can be done for worker and cache has been added to the Gateway Environments page.
BUG FIXES APNZ-4967 : WebSocket policies should also be executed for Connect method. APNZ-4966 : Authentication and similar policy errors or responses should be returned via WebSocket. APNZ-4965 : WebSocket does not receive XFF (X-Forwarded-For) information. APNZ-4952 : When project is exported/imported, the connection between global policies and global policies added to API Proxy/API Proxy Group breaks. APNZ-4950 : Issues occur when switching between tabs on the API Proxy Group page. APNZ-4948 : In Connection definitions, if you stay on the page after first creation and want to do another operation, “ID already exists” error is received. APNZ-4941 : Issues occur when Elasticsearch connection is created and saved; it is created in the background but not saved in the foreground. APNZ-4940 : Fields found with JsonPath, if they are nested map or list type, results are shown in a=b format. APNZ-4938 : Credential is lost after update on API Proxy ACL Method Authorization screen.
  • In the new version, when giving authorization to empty API methods, the screen freezes after each update and the organization the operation was performed on disappears from the screen.
  • When the page is refreshed, credential appears again, but a second update cannot be made without refreshing the page.
APNZ-4936 : In Client Traffic & Time Metrics reports, requests coming to reverse proxy, durations, etc. appear as 0. The problem is only seen in reverse proxy; data is displayed correctly in proxies with endpoints. APNZ-4949 : When creating a project with Admin user, admin user is not automatically made owner. APNZ-4915 : When Credential is created, after “Save and Deploy” operation, it was returning to the list and API Proxy was being selected again. However, now it does not return to the list and API Proxy list cannot be selected. APNZ-4816 : In Mock API, only the last of the values we add with conditions into the 200 response works; others return 204.

Version 2025.01.0

Release Date: January 31, 2025 FEATURED NEW FEATURE

  • New API Proxy Types: gRPC and WebSocket

Two new types have been added to API Proxy creation options: gRPC, WebSocket. See. See WebSocket gRPC Proxy Support:
  • Unary gRPC calls (single request from client, single response from server)
  • Server streaming gRPC calls (single request from client, multiple response stream from server)
  • Client streaming gRPC calls (multiple request stream from client, single response from server)
  • Bidirectional streaming gRPC calls (bidirectional data stream from both client and server)
  • gRPC-Web support (for browser-based gRPC communication)
  • TLS/SSL secure connection support
WebSocket Proxy Support:
  • Standard WebSocket protocol (ws://)
  • Secure WebSocket protocol (wss://)
  • Text message format
  • Binary message format
Policies can be partially executed on API Proxies created in these two new types, and incoming and outgoing messages can be sent to log connectors. Test console does not yet support these two protocols

  • New Environments Suitable for New API Proxy Types

“Communication Protocol Type” field has been added to Gateway Runtime environments. API Proxy deployment Gateway Runtime environments have been arranged to automatically match according to proxy types. REST and SOAP API Proxies can be deployed to HTTP type Gateway Runtime environments, gRPC API Proxies to gRPC type Gateway Runtime environments, and WebSocket API Proxies to WebSocket type Gateway Runtime environments. With this update, proxy type and deployment Gateway Runtime environment compatibility is guaranteed, preventing wrong Gateway Runtime environment selections. See. Unsupported Policies/Settings: Ws Security Sts Token, mTLS Authentication, Script, Backend API Authentication, API Call, API Proxy Group, CORS Settings, Cache Settings, XML/ JSON Error Response Template, Load Balancing Type, Define Circuit Breaker, Define Client Flow Banner, Define Proxy Server, NTLM Settings, Customize Error Messages

  • Geolocation Management with IP Control

IP controls can now be made according to Geolocation data (Country, City). See.
Since the log data structure kept changes with this change, organizations using Elasticsearch need to update their log index template and perform rollover index. You can visit this page for the new index structure.

  • Settings Group Management

The ability to create and assign Global Settings to both API Proxy and API Proxy Group has been enabled through the Settings Group screen. See.

  • Policy Group Management

The ability to create and assign Policy Groups to both API Proxy and API Proxy Group has been enabled through the Policy Group screen. See. With this development, the structure of Policy Display screens has been redesigned to allow readonly user access in the future.

  • Deployment Operations Synchronization and Result Display Improvement

Detailed results of all Deploy operations are now shown. See.
With this development, comprehensive improvements have been made for pod deployment processes performed through Kubernetes service. In the previous version, in deployment operations sent from Manager to Worker, Worker was broadcasting this deployment asynchronously to other pods in its environment. Due to this structure, whether Worker successfully deployed to other pods could not be directly viewed on the Manager screen, and possible errors could only be detected from system logs. Also, since pod deployment statuses within namespace could not be tracked in real-time, unreachable pods could cause inconsistencies in the system.With the new development, the entire deployment process has been made synchronous. Communication between Manager and Worker has been strengthened, so when access to any pod cannot be established, errors are immediately caught and displayed on the Manager screen. Results of all pod deployment operations performed through Kubernetes service are now reported in detail in the user interface. Thanks to these improvements, transparency of the deployment process has been increased, and faster detection and management of errors has been facilitated. It should be noted that since the previously partially asynchronous process has been made completely synchronous, some increase in deployment times may be observed.
NEW FEATURE

  • AI-Powered Chatbot Integration for API Portal

An AI-powered chatbot integration has been provided to API Portal. See.

  • Support Package Request Management for API Portal

“Support Package Request” screen has been added to API Portal Manager for easy management of support package requests. See.

  • Support Package Display and Management for API Portal

“Support Package Feature” screen has been added to API Portal for displaying and managing support packages. See.

  • Support Package Type Management for API Portal

“Support Package Type” screen has been added to API Portal for managing support package types. See.

  • Support Package Management for API Portal

“Support Package” screen has been added to API Portal for managing support packages. See.

  • Jira Integration for API Portal

Jira integration has been added to API Portal. Users can now create their requests directly through API Portal and easily track them through the Jira system. See.

  • Jira Integration for API Portal Administrator Panel

Jira integration has been added to API Portal Administrator panel, allowing users to manage and track requests through Jira. See.
Cookie management has been added to API Portal. See.

  • API Product Update - Application Creation Button for API Portal

  • A button to create an application has been added to the API Product update section on API Portal if the user has no application. See.
  • WSDL definition files can now be downloaded in Zip format.
  • Maintenance mode feature has been added to API Proxies. See.
  • Timeout values for deployment duration have been made configurable parametrically. See.
  • TLS settings have been made to be given parametrically with JVM parameters. See.
  • Location data has been added to log structure. This data contains latitude and longitude fields. See.
IMPORTANT CHANGES AND IMPROVEMENTS
  • “Redeploy All” option has been added to API Proxies and API Proxy groups using Global policies, policy groups, and Settings groups.
  • Loading of settings and fonts in Portal has been arranged to be done automatically when the system is first opened.
  • When a new API Proxy is created, the default value of the “Ignore Error Response Template In Case Of Error On Backend API” parameter in the Routing section has been set to false.
ATTENTION: This change prevents security vulnerability formation in case of backend error by ensuring that error response returns with error response template.
  • Formatted display of data in API Traffic log, Test Console Response Log, AuthToken Record Log, and Trace Logs has been removed to prevent misinterpretation risk. With this change, logs are presented as they are.
  • Title and description section on API Portal API Product page has been made dynamic.
  • Test button has been removed for undeployed environments in API Proxy Group endpoints tab.
  • Members and Roles have been removed from the list on Admin Projects page, and Relative Path active, passive status and Relative Path if available have been added to the Table.
  • Try It button visibility on API Portal has been made dynamic for each API Product.
  • Supported Content-Encoding values for responses returned by API have been expanded. Previously only gzip, deflate, and br were supported; now gzip, deflate, br, compress, and zstd encoding types are also supported.
BUG FIXES APNZ-4755 : Test console does not open properly when opened for the second time. APNZ-4746 : When values such as product or responsible are deleted on API Portal, pages do not open due to null error. APNZ-4737 : If test console is closed from the X in the top right, body field does not load in the next test endpoint request. APNZ-4720 : API Proxy exports are exported as empty zip files. APNZ-4697 : Job that deletes application logs every night at 1 AM should be removed, because this prevents app purge jobs from working properly. APNZ-4626 : Policies exported from API Proxy cannot be imported to Policy Group. APNZ-4204 : Wrong value is deleted during deletion operation from Access-Control-Allow-Origin values in CORS. APNZ-4702 : Repeated export option appears in Export/Import menu. APNZ-4780 : Wrong library comes in mail import in Groovy. APNZ-4771 : When switching between tabs on API traffic log screen, body field is not updated without clicking. APNZ-4752 : Errors related to Policies;
  • When Groovy script is saved in Script Policy, script type is not saved correctly.
  • When adding a new rule in Business rule, variable selection goes to the back and page locks after cancel.
  • Some API Calls appear multiple times in Trace.
  • ‘Updated’ text appears twice after policy is saved.
  • Even though there is no error in console, error messages are not reflected to readonly screen.
APNZ-4741 : SOAP message returned from backend is completed in log. APNZ-4714 : When ‘zstd’ encoding is used in Accept-Encoding header, content in response is not encoded correctly and content is corrupted. APNZ-3933 : Policies exported from API Proxy cannot be imported to Proxy Group. APNZ-4756 : In Mock Proxy, errors are received in API Calls that were previously saved and working in the first method and are still working according to logs. Related error messages do not load on the screen and this situation appears as 404 error in logs. APNZ-4790 : “name” and “value” modal that opens in the header addition section in test console opens in the background. APNZ-4787 : When “one way” is selected in API Call and switched to “two way”, “not change default” option does not come checked by default and does not become active. APNZ-4822 : When sending files with Multipart/form-data, when file content is not sent, related part data does not go to backend. APNZ-4815 : Newly Added Context Values in Script appear missing. APNZ-4812 : Search filters do not work for Portal Accounts in API Manager. APNZ-4799 : ‘Activate All’ and ‘Disable All’ policies operations done in request pipeline affect response and error pipelines in method, while ‘All’ options do not affect this situation. APNZ-4678 : There are DB2 APIs that become unusable when DB2 API connection is deleted. APNZ-4286 : There is listing on Admin projects page but all records are shown, not 10 records. APNZ-4806 : API Product link cannot be opened directly on API Portal. APNZ-4829 : When failover setting is closed in log connector, system waits for a long time without falling to timeout duration during “Apply” operation. Even if the page is refreshed by the user, setting cannot be closed and changes cannot be completed. APNZ-4836 : String exist condition works incorrectly in Business Rule policy. APNZ-2889 : When API Product is deleted, gaps occur in ApiProductAppRegister table on Account screen. APNZ-4831 :
  • When WSS user information is added, only username field should be added, but an extra timestamp field appears in readonly mode. Also, password field is displayed openly.
  • After deploy operation is performed on API Proxy Group, when the page is refreshed, the system shows redeploy option. However, the group appears correctly deployed on the API Proxy Groups page.
  • CodeMirror body section in test console is displayed aligned 3 characters inward.
  • When API Proxy is imported, the word imported is unnecessarily added extra to the relative path field.