Release Notes - 2023
Version 2023.08.1
Publication Date: July 28, 2023
APNZ-3746 The following command must be executed in the database during the update due to the change specified in the article:
For MongoDB v6.0 and later:
mongosh "mongodb://MONGOIPADDRESS:25080/apinizerdb" --eval 'db.getSiblingDB("admin").auth("apinizer", "MONGODBPASSWORD"); db.getSiblingDB("apinizerdb").apinizer_log.drop();'
MongoDB v6.0 öncesi için:
mongo "mongodb://MONGOIPADDRESS:25080/apinizerdb" --eval 'db.getSiblingDB("admin").auth("apinizer", "MONGODBPASSWORD"); db.getSiblingDB("apinizerdb").apinizer_log.drop();'APNZ-3709 the following entry should be added to the cache deployment during the update due to the change mentioned in the article.
- name: CACHE_SERVICE_NAME
value: cache-http-service.ENVIRONMENTNAME.svc.cluster.localIMPORTANT IMPROVEMENTS AND CHANGES
- It is now possible to set the initial log level of the Worker using an environment variable. See. Additionally, this issue also removes the 1-hour time-to-live (TTL) limit on application logs stored in MongoDB, making them retained indefinitely.
Support has been added for generating a JWK (JSON Web Key) from a Public Key, Secret Key, and Certificate. See.
Various improvements have been made to tasks under the API Integrator:
A toggle option to enable/disable tasks has been added.
A button has been introduced to add default parameter values in loop-type tasks' syntax area.
The variable selection list has been improved.
A new "Output Key" field has been added.
On the API Proxy Template screen, Connection Settings and Log Settings based on routing have been introduced. See.
The reset schedule of quota policies has been updated to follow the local time zone instead of UTC.
The Anomaly Detector’s logic has been updated, and the screen’s user experience has been improved. See.
Database and LDAP connection definitions can now be tested per environment. See1, See2.
The uniqueness validation of relative paths has been revised:
Previously enforced at the Proxy, Proxy Group, and Project level,
It is now enforced per environment.
The user experience of Gateway Environment screens has been improved. See1,See2.
A new "Backend API Version" metadata field has been added to API Proxies. This version is now also shown in the Deployment History. See.
The Connection Pool configuration can now be customized per route with in the API Proxy’s routing section. See.
All report screens have been consolidated under the "Reports" menu.
BUG FIXES
| Issue No | Description |
|---|---|
| APNZ-3355 | When Basic Authentication policy is added on API Proxy Template in the project, it throws an error. |
| APNZ-3551 | Errors are received when adding a task in API Integration; In the notification task, the user is not selected from another page, it is not saved and there is no task run type, tasks can be added without entering the required fields, and after adding a task, another task cannot be added. |
| APNZ-3563 | When testing the Db2Api created with the database connection created via Key-Value pair, a connection error is received. |
| APNZ-3589 | The form for JWK settings in the credential is malfunctioning. |
| APNZ-3593 | Jobs for Alert, Uptime Monitor, Anomaly Detector, and API Integrator are not listed on the Scheduled Jobs page. |
| APNZ-3594 | Mandatory checking does not work on entries in the Memory tab of the API Call policy. |
| APNZ-3612 | Proxy Client Id and Client Secret values on the API Proxy update screen are not updated. |
| APNZ-3618 | On the Gateway Environment screen, Host Alias values can be entered blank. |
| APNZ-3621 | A connection error occurs when a database backup is defined as a scheduled task. |
| APNZ-3622 | Even though the Kafka connection was closed manually, requests continue to go to Kafka. |
| APNZ-3623 | In Uptime Monitor, error messages do not appear in log results that contain errors. |
| APNZ-3624 | The database backup schedule cannot be deleted. |
| APNZ-3625 | When advanced filtering is performed on the API Proxy Traffic screen, the results for the title and parameter fields do not work properly. |
| APNZ-3637 | Although a request is sent to the Mock API with a single header value, when the request log is examined, it is seen that this value is double. |
| APNZ-3647 | Uptime Monitor may receive a TLS error code 525 while running as scheduled. |
| APNZ-3648 | In API Integrator, database type task throws error. |
| APNZ-3657 | A problem is encountered when the data coming in the URL parameter with application/x-www-form-urlencoded is attempted to be manipulated and transmitted to the backend. |
| APNZ-3658 | When the specified cache capacity is exceeded, the incorrect cached data is removed from the cache according to the FIFO principle, not the FILO principle. |
| APNZ-3663 | On the API Proxy Traffic screen, Today filtering lists logs from 03:00 onwards. |
| APNZ-3666 | Imported Uptime Monitor throws error. |
| APNZ-3673 | In insert operations performed with Form Data type variables in various policies, the key value is returned as null. |
| APNZ-3685 | If project(s) are selected once on the Gateway Environment screen, the environment is not activated in all projects when all of them are removed again. |
| APNZ-3687 | In the API Integrator module, an error is received when a request is sent with the API Call task to an API whose operation type is loop and of type Db2Api. |
| APNZ-3689 | When a quota is given to the identity information and the limit is reached, the purchase of JWT tokens is also blocked. |
| APNZ-3694 | While deploying API Proxy, receiving error regarding Sensitive Data Management setting. |
| APNZ-3695 | Even though Kafka, Rabbit etc. are enabled in the general settings, these fields do not appear in the API Proxy Log Settings. |
| APNZ-3716 | An issue occurs when trying to append a field from the API Call policy to the original message. |
| APNZ-3725 | When two authentication policies are used on an API Proxy, an error is received if the first policy is disabled. |
| APNZ-3726 | If the HTTP Get method is requested with x-www-formurlencoded data, it does not appear in the log. |
| APNZ-3728 | In the API Call policy, when form data submission is done with data manipulation, the first request sent is cached. |
| APNZ-3739 | In the graphs on the Overview screen, the numbers change but the graphics do not. |
| APNZ-3747 | In the Key Value pair, a variable is created with the same key value on an environment basis. |
| APNZ-3748 | In Scheduled Jobs, cron values are not entered manually. |
| APNZ-3769 | If the Body field is included in the REST-to-SOAP transformation, the namespace of the Body field is not added to the XML. |
Version 2023.06.1
Publication Date: June 7, 2023
NEW FEATURE
- Manual Kubernetes Management
By default, Gateway and Cache servers were defined and managed in Kubernetes via Apinizer. This version allows for manual management of existing Kubernetes clusters by simply defining the relevant metadata. This makes managing Kubernetes environments through the Apinizer management console optional.See.
- Creating a Personal API Access Token
A Personal API Access Token is a token used to authenticate the user when accessing the Apinizer Management API, in place of a password. It is generated specifically for the user who logs into the management console. See.
- Restoring API Proxy based on Deployment History
API Proxy can be restored to its previous revision (deployed state) via the deployment history. See.
IMPORTANT IMPROVEMENTS AND CHANGES
The user experience of the date filtering fields on screens where Job results are displayed has been improved.
The user experience of the General Settings screen has been enhanced.
A new save and update method has been added to ApiOps for API Proxies, allowing the creation of a new record if the API Proxy does not exist, or updating it if it does.
In the ApiOps API, during API Proxy save/update operations:
If specified in the request payload, the proxy is automatically deployed after being saved.
Routing configurations can also be set during the save operation.
BUG FIXES
| Issue No | Description |
|---|---|
| APNZ-3434 | When the Environment information is updated the status of the pods is not updated. |
| APNZ-3602 | When the API Proxy is deleted, all monitor information connected to it is deleted, but if it has scheduled jobs, it is not unscheduled. |
| APNZ-3608 | When a request is made to the API Proxy created with DB2API, the error message for the database connection does not appear correctly. |
| APNZ-3636 | In the Routing tab on the API Proxy screen, if there is more than one Routing address, the first address is always written instead of the last address in the API Traffic logs. |
Version 2023.05.1
Publication Date: May 18, 2023
Since this version upgrades the encryption method of sensitive data stored in the database, it is strongly recommended to backup the database before updating.
NEW FEATURE
- Defining SNMP Connection Configuration
SNMP connection definitions can be made to send data to monitoring tools that support SNMP protocol via Apinizer. See.
- Creating an Action with SNMP
By using SNMP Connection definitions, it is ensured that the data on the actions that occur can be sent to the monitoring systems. See.
- Completely Turn Off Elasticsearch Logging
By default, Apinizer manages the logging process with Elasticsearch and performs all queries for analytics operations on the Manager console on Elasticsearch. If desired, this feature can be disabled. It should be noted that when disabled, the analytics module will be deprived of some policies and monitor features. See.
- Transferring Logs to Another System with Kafka Integration
By default, the elements of the incoming and outgoing message to and from the API Proxy are kept on Elasticsearch. By doing Kafka Integration, messages can be transferred to a different application on the queue system. See.
- mTLS Authentication Policy
The mTLS Authentication (Mutual Transport Layer Security Authentication) Policy is one of the authentication methods on the Apinizer side. This method is a type of TLS protocol used to create a secure channel between the client and the server. When mTLS Authentication is used, the Apinizer checks the validity of the client's certificate in incoming requests and ensures that a trusted certificate authority (CA) is used to ensure that it comes from a specific certificate authority.. See.
- Apply mTLS Setting on Demand
mTLS configuration can be activated via Routing settings. Thus, the Apinizer client, which will send from Apinizer to the target service, verifies the certificate of the target service and indicates that it also has a certificate and should be verified by the target service. The target service validates the client's certificate and thus establishes a secure communication with the client. See.
- Apply mTLS Setting to Credential
If it is desired to be able to verify the certificate with the Credential's mTLS Authentication Policy, the certificate for the Credential can be installed. See.
- API Proxy Group-based Log Settings
The incoming and outgoing message information of the API Proxies added to the API Proxy Group can be logged in the Elasticsearch database according to the message elements (header, parameter, body) or the logs can be transferred to a defined system (Syslog, Webhook, RabbitMQ, Kafka). See.
IMPORTANT IMPROVEMENTS AND CHANGES
The cache functionality of the API Call policy has been updated to check the presence of the
Cache-Controlheader at the moment the request reaches the API Call policy, rather than whether the header exists on the incoming request to the API Proxy.An "Export" option has been added to the menu of the Global Policies listing screen.
Definitions within the Decryption, Encryption, and Digital Signing policies are now editable.
The project information has been added to the API Proxy ACL and API Proxy Group ACL listings.
It is now possible to create Query, Filter, and Report Generator components on an application basis. See.
The API Proxies menu under the application-level Analytics section has been merged into the Overview page.
IP Group values can now be imported or exported.
The Audit Records screen now includes filters to search by Object Name and Keyword.
Search functionality in the Project dialog has been improved.
Credentials can now be imported or exported.
Database Connection Definitions can now be imported or exported.
Filter options and table readability have been improved in the API Integration detail screen.
JOSE Validation and JOSE Signing policies can now be applied to both request and response pipelines.
Authorization fields have been added to the JOSE Validation policy when applied to the request pipeline.
If a policy defined in an API Proxy Group will not be applied to a specific API Proxy, a warning icon is now displayed.
New fields have been added to the DB2API method creation settings to optimize JSON data processing.
The display of Keypair and Keypair Set information generated with JWK has been updated for better visibility.
The encryption algorithm used for sensitive data stored in the database has been upgraded.
A new option (Status Code List) has been added to the Error Handling Type field under Routing connection settings.
For traffic logs, requests that do not reach the API Proxy can now be included or excluded in log exports, configurable via General Settings.
BUG FIXES
| Issue No | Description |
|---|---|
| APNZ-3360 | On the Audit Records page, the filters are cleared when you go into the details of the record and return. |
| APNZ-3365 | There are problems when filtering by advanced search fields on the API Proxy page. |
| APNZ-3366 | Project based relative path information is not added to the imported API Proxy. |
| APNZ-3386 | When you click on the General Settings page of the project, it takes a very long time to open the screen. |
| APNZ-3387 | On the Anomaly Detector screen, it is not possible to go to the details of the record that received an error. |
| APNZ-3304 | The Snapshot Settings page contains display errors. |
| APNZ-3415 | When a log record is created for one of the different API Proxies within the API Proxy Group that has a method containing "/{id}", it is also displayed on the other API Proxy. |
| APNZ-3417 | If the relative path value in API Proxy Group is given an uppercase letter, the path cannot be found. |
| APNZ-3445 | When the Apply by value in the Cache tab of the API Call policy is empty, the policy does not work. |
| APNZ-3468 | Authentication with LDAP is not possible in JWT Policy. |
| APNZ-3494 | JOSE When Authorization is turned on in the Authentication policy, Issuer's role information cannot be retrieved. |
| APNZ-3502 | JOSE Verification policy does not show error messages. |
| APNZ-3504 | Credentials with the same name can be created. |
| APNZ-3518 | The Monitor tab on the Kubernetes Resources page does not present accurate data. |
| APNZ-3519 | There are problems with the OpenAPI documentation. |
| APNZ-3524 | There is a problem while performing operations on Manager settings on the Kubernetes Resources page. |
| APNZ-3532 | Notification of type SSL does not work based on control value. |
| APNZ-3538 | API Proxy of type Rest2SOAP throws an error while registering. |
| APNZ-3540 | The method/endpoint cannot be disabled from the API Proxy page. |
| APNZ-3549 | The method/endpoint cannot be disabled from the API Proxy page. |
| APNZ-3555 | JOSE gives an error when the Decrypt By Issuer/Credential's JWK option is active in the Verification policy. See. |
| APNZ-3584 | JOSE gives an error when the Decrypt By Issuer/Credential's JWK option is active in the Verification policy. |
| APNZ-3588 | Database connection configurations cannot be deleted. |
| APNZ-3593 | Jobs for Alert, Uptime Monitor, Anomaly Detector, and API Integrator cannot be listed on the Scheduled Jobs page. |
Version 2023.03.1
Publication Date: March 14, 2023
NEW FEATURE
- Creating a JSON Web Keypair Set
JWK stores public keys or keypairs in JSON format. Keys, key sets, keypairs, or keypair sets can be created in four different types (RSA, EC, OCT, OKP) using four different methods (convert from key store, retrieve from URL, paste to clipboard, and generate). These key definitions are used to validate or sign the message content in the request using JOSE policies, and to decrypt or encrypt the content in the response line.
- JOSE Verification Policy
JOSE (Javascript Object Signing and Encryption) is a solution used to facilitate the secure transfer of "claim," or generally JSON, data between any two parties. The JOSE Verification Policy performs signature verification of signed data and decryption of encrypted data.
- JOSE Implementation Policy
JOSE (Javascript Object Signing and Encryption) is a solution used to facilitate the secure transfer of "claim," or generally JSON, data between any two parties. The JOSE Implementation Policy is used to sign and encrypt data.
- Elasticsearch Configuration
If you want to write logging to Elasticsearch from an external system rather than directly through Apinizer, Elasticsearch can be placed in read-only mode. In this case, Apinizer stops writing outgoing message logs to the Elasticsearch cluster via the API Proxy, and only active reading of the logs is performed. This allows for querying operations run by analytics screens to continue.
- Transferring Logs with Webhook Integration
By default, message elements sent to and from the API Proxy are stored in Elasticsearch. With Webhook integration, message logging can be transferred to a different application.
- Transferring Logs to Another System with RabbitMQ Integration
By default, message elements arriving and departing from the API Proxy are stored in Elasticsearch. With the RabbitMQ integration, messages can be transferred to a different application via the queuing system.
- Creating Alarms for System Information
In real-time systems, it's crucial to catch resource utilization issues before they become problems to prevent application performance degradation. This prevents potential problems by providing solutions. Alarms monitor the Kubernetes modules and Elasticsearch clusters within the Apinizer Platform according to predefined trigger types. If a given threshold is exceeded, a notification is generated in the application.
- A new Action type: Creating a Notification
When creating an Anomaly Detector, Runtime Monitor, API Integrator, or Alarm, a new action, "Create a notification," can be added at the end of the timer to process the result. This way, when each job definition is run, notifications are sent to all users or to the users for whom notifications are requested. Users can manage their notifications from the application's interface.
- Managing Notifications
Notifications are generated on Apinizer for three different situations: notifications showing action results, Account/Developer creation requests, and API Product subscription requests. All notifications can be viewed from the icon in the application's header or managed by clicking on the relevant notification category.
- Creating a Connection Definition from MongoDB
A new type of database connection configuration, MongoDB, has been added.
- Creating a DB-2-API Find Method with MongoDB
When creating an endpoint from the database with Db-2-API in the API Creator module, an endpoint can be added by writing a find query with the MongoDB configuration.
- Checking All API Proxy Log Settings on a Project or Application Basis
Previously, logging was configured on three different levels: Project, API Proxy Group, and API Proxy. To improve usability and manageability, logging settings have been reduced to a single API Proxy level. There are three screens for enabling or disabling logging settings; these can be configured on each API Proxy page, or multiple API Proxy logging settings can be configured on a per-project and application basis through the Log Settings screen.
- Defining Pod Probes from the Kubernetes Resources Screen
Kubernetes uses probes to know when its container is ready to restart and when to start it. Essentially, probes check the health of containers and ensure that unresponsive applications are restarted. Pod probes are defined through Apinizer.
IMPORTANT IMPROVEMENTS AND CHANGES
The user experience of the Actions dialog and the Create Action/View dialogs has been improved.
When creating an API Proxy through Spec Design, it is now possible to continue designing from the generated spec definition.
An append operation has been added to the body manipulation step in the API Call policy for modifying the original message data.
A new filter has been added to the API Proxy list to allow searching based on deployment status.
A refresh button has been added to the table displaying pod statuses on the Kubernetes Resources screen.
Copy as cURL and export to Excel features have been added to the API Proxy Traffic screen.
The Report Generator screen now supports editing queries and filters, as well as copying the query as cURL.
The storage of JWT tokens has been made independent of the database.
Certificates, Keys, and Key Store screens can now be managed on a per-project basis.
For audit logs, the IP address of Manager Console logins is now obtained from the X-Forwarded-For header.
The restriction requiring at least two addresses to display Circuit Breaker in the Routing tab of API Proxy has been removed.
Time-related fields (Total Time, API Proxy Time, Backend Time) on the Report Creation and Query screens have been revised.
The database connection configuration screens have been unified.
A new Log Settings tab has been added to the API Proxy screen, separating all log-related configurations from the Settings tab.
Definitions for Uptime Monitor and Anomaly Detector can now be managed per application.
Required credential fields in database connections have been made optional to support connections that do not require authentication.
In the Plain-Text Authentication policy, the password field has been made optional, allowing services to be authorized using only an API Key.
In the Authorization Configuration policy, roles can now be retrieved without enforcing role validation.
In JWT, OAuth2, and JOSE Validation policies, if an Identity/Authorization Service is selected, roles from this service can now be added to the request header.
Sensitive Data Management and Syslog Integration screens have been moved under the Log Settings menu.
KPS Configuration and ProCrypt screens have been moved to the System Settings menu.
The API Proxy Report has been moved to the Analytics menu.
The ACL Report screen has been moved to the Identity Management menu. Previously limited to application-based access, it is now also accessible via the project menu.
The API Proxies screen under the Analytics menu has been removed; its table data has been merged with the table view of the API Proxy Report screen.
A JWK Settings tab has been added to the Credentials screen to allow selection of JWKs to be used in JOSE policies.
Support for OpenAPI version 3.0.3 has been added.
BUG FIXES
| Issue No | Description |
|---|---|
| APNZ-2958 | Even if the schedule is running on the Report Generator, Anomaly Detection and Uptime Monitor screens, no report data is generated. |
| APNZ-3247 | Filtering with the X-Forwarded-For field in advanced search on the API Proxy Traffic screen does not work. |
| APNZ-3308 | When multiple API Call policies are added to API Proxy and Data Editing is performed, it affects other API Call policies as well. |
| APNZ-3344 | In JWT and OAuth2 policies, when the Grant Type value is selected as Password, the Identity Service Security Manager is not selected by default. |
| APNZ-3345 | Import operations contain errors. |
| APNZ-3353 | In the Mock API, requests sent to the endpoint with only an empty content-type response are not logged in API Traffic. |
| APNZ-3354 | There is an issue while creating a new API Integration module via Kubernetes Resources. |
| APNZ-3363 | After the API Proxy Group deletion is canceled, it cannot be deleted again. |
| APNZ-3364 | Host aliases belonging to the environment cause errors in every republish operation. |
| APNZ-3383 | The search for "starts with" and "ends with" options on the query creation screen does not work. |
| APNZ-3392 | When defining parameters for the method for Db-2-API, parameter names that contain each other cause the query not to work. |
| APNZ-3393 | The quota applied to API Proxy can force the cache when the data size grows. |
| APNZ-3395 | When a new query is applied to records whose pagination has been changed on API Proxy Traffic, synchronization does not work. |
| APNZ-3398 | The log record on the API Proxy Traffic screen does not open even though it is smaller than 500kb. |
| APNZ-3401 | Kubernetes Resources page has issues if there are excessive resources. |
| APNZ-3410 | Another API Proxy or API Proxy Group can be created that contains the same relative path value. |
| APNZ-3411 | On the API Proxy Group ACL screen, the change in the ID editing process is reflected after the page is refreshed. |
| APNZ-3415 | When a log record is created for one of the different API Proxies within the API Proxy Group that has a method containing "/{id}", it is also displayed in the other. |
| APNZ-3416 | An XSD processing error is received in definition files that reference the local address of the schemaLocation information in the WSDL address. |
| APNZ-3419 | A parameterized query cannot be saved when converted to parameterless with Db-2-API. |
| APNZ-3438 | An error is received when trying to go to the tracing log details of the Rest2SOAP type API Proxy. |
| APNZ-3441 | Audit records are not created for transactions performed in bulk. |
| APNZ-3449 | Even if the method is present in SOAP methods, iterating other methods causes the faulty method to be found in methods with the same request body. |
| APNZ-3450 | Unexpected characters such as spaces in query parameters in Db-2-API are not URL decoded. |
| APNZ-3466 | API Proxy or API Proxy Group cannot be created with the same relative path value. |
| APNZ-3490 | Errors are received when saving and canceling Rest 2 Soap Transformation policies. |