Release 2025.11.0 LATEST MAIN VERSION

Publication Date: Nov 21, 2025

HIGHLIGHTED NEW FEATURE

The Angular version used in the Api Manager and API Portal application was upgraded to Angular 19, and all screens were reviewed.

Support for Elasticsearch version 8.17.x was enabled in the Api Manager and API Worker applications.

Nearly all functionality available in Api Manager was made possible through Management APIs, and all documentation was updated. Bkz.

NEW FEATURE

  • Access methods for API Proxy or API Proxy Groups have been enhanced.

Clients can now access API Proxy or API Proxy Group addresses using multiple “Relative Paths” or by specifying a Hostname without providing any “Relative Path,” whereas previously they could only access them via a single “Relative Path.” Bkz. 

  • Environment Variable feature has been added

The ability for an entity's value to take on environment-specific values in different environments has been enabled. For example, the username and password fields in the database connection can now be run in an environment-specific manner without entering environment-specific values for the test and production environments and without the need for separate connection definitions.  Bkz. 

  • OIDC Policy added

The ability to perform OIDC operations directly as a Policy, which was previously possible with the Script Policy in the current system, has been enabled. Bkz. 

  • WS-Security Policies have been divided into sub-policies.

Currently, WS-Security timestamp, username-password, encryption, sign, decryption, and sign validation operations, which could be performed with a single policy, have been separated into individual policies. 

    • Timestamp Policy: Support for adding Timestamp to WS-Security policies has been added. A timestamp is added to SOAP messages to control the validity period of the message. Bkz.
    • WS-Security Username Policy: Support for adding Username to WS-Security policies independently has been added. This enables user name and password information to be securely transported in SOAP messages. Bkz
    • WS-Security Encrypt Policy: Support for performing Encrypt independently within WS-Security policies has been added. This enables the content of SOAP messages to be encrypted, enhancing data confidentiality. Bkz
    • WS-Security Decrypt Policy: Support for standalone Decrypt has been added to WS-Security policies. Decrypting and securely processing encrypted SOAP messages is now supported. Bkz
    • WS-Security Sign Validation Policy: Support for standalone Sign Validation has been added to WS-Security policies. Message integrity and authentication are ensured by enabling the validation of SOAP messages. Bkz
  • Using WS-Security Policies at the Group Level

WS-Security policies can now be defined at the Policy Groups level. Bkz. 

  • Method-Based “Size” Report in the Analytics Module

The Method-Based Size Report added to the analytics module enables detailed analysis of API request and response sizes based on HTTP methods. Bkz.

  • Request/Response Size Fields in Analytical Reports

Request Size and Response Size metrics have been added to the report pages in the analytical module.

  • FTP Connection Integration Added

FTP Connection support has been added to the system infrastructure. Bkz.

  • “Read” and “List” Functions Added to FTP Connector

FTP Connector now supports file reading (Read) Bkz. and listing (List) Bkz. operations.

  • Encoding support has been expanded for Server-Sent Event (SSE) type responses.

Responses returned with gzip, zstd, compress, and deflate encoding can now be processed.

  • Environment Variable support has been added to Upstream Routing addresses

Addresses added in Upstream Routing can now be selected via “Environment Variable,” enabling them to work with their environment value during export/import operations. Bkz.

  • New Management API endpoints have been added:

A total of 107 Management API Endpoints with 163 different feature configurations have been made available.  Bkz.

  • Async operations thread pool support is added to environments. 

Async operations performed on the environments can now be managed by a separate thread pool and tuned with parameters.Bkz.

  • Category-Based API Product Listing in the API Portal

The API Portal now dynamically lists API Products by category and automatically displays products belonging to the relevant category on the API Product details page. The API Product List screen displays categories in a tree structure; when a user clicks on a category, only the API Products belonging to that category are listed. Bkz.

  • API Portal API Product Document Addition Support

The ability to add documents to API Products has been enabled on the API Manager and Portal sides. Users can create one or more documents for each API Product; these documents can be uploaded and edited as Markdown (.md) or HTML format files. Bkz.

  • API Portal API Product Visibility and Plan Management Support

On the API Manager and Portal side, the visibility and subscription plan management of API Products has been centralized. This feature allows you to set the access level (Public, Private, Restricted) for each API Product and define specific subscription plans for different user groups, enabling flexible control over who can view the APIs and under what conditions they can be accessed.  Bkz.

  • Multi-Language Support in API Portal Settings

Multi-language support has been added to the Portal Settings screen. The portal interface language, content, and system messages can now be managed in multiple languages. Bkz.

  • API Portal API Product Documentation Tab TR/EN Support

The Documentation tab on the API Product page now supports creating content in Turkish and English. Bkz.

  • “Code Samples” for API Portal Endpoints

A Code Samples section has been added to the endpoint detail pages on the API Portal with multilingual support. Bkz.

  • API Portal English Content Fields

Special fields have been defined for English page content on the API Portal. This allows the title, description, and text content of each page to be entered separately in multiple languages and managed through the Portal interface. Bkz. Bkz. Bkz.

  • OpenAPI Addition Support to the API Portal

The ability to add OpenAPI documents directly through the API Portal has been enabled. After selecting API Proxy and API Proxy Group, users can now directly upload OpenAPI documents using the direct API Spec or External Spec options, or automatically associate them from an external source. Bkz.

  • Customizable API Portal Login Emails

Emails sent during login to the API Portal can now be customized according to corporate requirements. Bkz.

IMPORTANT IMPROVEMENTS AND CHANGES

  • The actions performed on the Gateway Environments page have been made more controlled due to their impact on the system as a whole. The function and effect of each action has been explained to the user, and an additional approval mechanism has been added for critical actions. During the approval process, the user is required to manually enter the relevant Gateway name before the action is performed.
  • The error code colors on the API Traffic and Trace screens have been made consistent with each other and within themselves. A standard color palette has been applied to all error codes to improve visual harmony and readability. Bkz.
    The text in the Log Connection field has been improved for readability.
  • New WS-Security policies were added to the Response line. These policies were integrated into the section where the existing JOSE policies are located. In addition, the existing ws-sec-from-target policy was also moved to the area where JOSE policies are located in the response line.
  • The WS Security From Target policy is now applied not only in the response line but also in the request line.
  • With the update made on the Management API side, the relativePath field used in API Proxy and Proxy Group objects has been removed and replaced with the ClientRoute object, which manages routing and access information in a more comprehensive manner. Bkz. 

  • The Key Value Map feature has been renamed to Environment Variable. According to the new placement:

    • It is now located under Project menu → Development > Global Settings.

    • It is displayed under Admin menu → Environments.

  • The Project Relative Path update process has been separated from the current workflow and made into an independent process. This allows relative path changes to be managed with a separate control and approval process, isolated from other project settings, thereby reducing the risk of errors.
  • The relative-path-exist check has been removed, and the path validation and creation process has been reorganized with a new algorithm. In this context, all /api-proxies/relative-path-exist calls on the screen have been removed; path operations are now automatically executed through the updated internal algorithm.

  • In the API Integration General Settings section, only the “Define API Integration (Task Flow) Module Information” field remains, allowing only the Server URL information to be entered.Bkz.

    •  The previous distinction between “Kubernetes managed by us / self-managed” has been removed.

    •  When access to the server cannot be established, it is clearly stated that certain operations cannot be performed, and appropriate warning messages are displayed to the user.

  • The API Portal top menu bar has been moved to the left.

  • Previously, API Portal API cards could only be accessed by clicking on the text; now, they can be accessed by clicking on the entire box.

  • An indicator specifying which document it is in has been added to the API Product Documentation tab. When creating a new document, if Empty is selected, it is now added as HTML instead of Markdown. When first creating an API Product, entering the category field has been made mandatory. Bkz.

  • A new tab called “Danger Zone” has been added to the API Product screen. In this tab, critical operations such as permanently deleting the API are managed in a controlled manner.

  • Label and category fields have been added to the API Portal - FAQ section; thus, FAQ content has been classified to facilitate search and filtering operations. Bkz.

  • The API Product Publish process has been improved, making the publishing process more traceable and secure.

  • A Google SEO settings section has been added to the API Portal Settings screen, allowing the portal's search engine visibility and meta tag management to be configured. Bkz. 

  • A confirmation step has been added to the API Portal logout button to prevent user errors. When the logout process is initiated, a confirmation window asking “Are you sure you want to log out?” is displayed to the user.

  • The user experience has been improved by adding a “Close” button to the application addition dialog on the API Portal.

  • The broken dialog display in the application addition step within API Product has been fixed, and the window alignment and style structure have been reorganized.

  • Filtering has been adjusted on the API Portal so that only published products are displayed; unpublished products are no longer displayed on the portal.

WARNING With the new version, the apimanager image name must be used for the Apinizer Manager module. The old image name (manager) is not supported in the scope of updates.

WARNING With the new version, the Access URL information for the Integration module, which is accessible by the Manager, must be entered on the General Settings page, not the Kubernetes Resources page. This method is now officially supported. After upgrading to this version, this setting must be entered manually for the integration to work properly.

BUG FIXES

APNZ-5030 : On the token log screen, when switching from a record containing response body content to a record without content, the data from the previous record continued to be displayed; this issue has been fixed to ensure that the data for the current record is displayed correctly.

APNZ-4867 : When selecting wide date ranges in the API Analytics screen, the data displayed in the “Most Active 10 Clients” graph is incorrect.

APNZ-5001 : The search function in the Variable / Context Values selection window is not working, and the screen components are not displaying correctly.

APNZ-5055 : In the confirmation window displayed during the proxy deletion process on the Proxy Group screen, the expression {{id}} is displayed instead of the proxy name.

APNZ-5056 : On the Proxy Group screen, when multiple API Proxies are added quickly, the same proxy may be listed multiple times. Requests may conflict and duplicate entries may occur because the add button remains active before the operations are completed in the background.

APNZ-5117 : When exporting Traffic & Time Metrics reports to Excel by selecting a project, all projects are exported instead of only the selected project.

APNZ-5229 : When the pagination component is opened in the project selection area, it is displayed within the list.

APNZ-5230 : On the IP Groups screen, JavaScript components do not activate when the page loads; they only start working after user interaction.

APNZ-5321 : When a policy is deleted from the All tab on the API Proxy screen, and then the Proxy Key is changed and the page is refreshed, the deleted policy reappears in the list. The policy deletion is not permanently applied after the proxy key change.

APNZ-5332 : The XML Error Template field in the Settings tab of newly added WSDL API Proxies is disabled by default. Therefore, error messages are not published in Apinizer's standard output format. When the XML Error Template is enabled, the Content-Type field is empty; in this case, the error output cannot be generated correctly. The field should automatically return the value text/xml;charset=utf-8, but instead returns empty.

APNZ-5333 : Requests recorded via the Test Console in SOAP-type APIs cannot be viewed again.

APNZ-5222 : The environment list is not displayed in the Try It area on the Script2API screen.

APNZ-5340 : On the IP Geolocation screen, uploading files other than Cities is not blocked. In case of incorrect file upload, no informative warning message is displayed to the user.

APNZ-5192 : After updating deployment names, the sections belonging to the Manager and Portal components on the Kubernetes Resources page become non-functional, and the relevant pod lists cannot be displayed.

APNZ-5265 : Admin → Analytics → API Traffic page: The menu components on the table overlap, causing display issues. The same issue is observed on the Development → API Proxies → API Traffic screen.

Additionally, when the number of items (25, 50, etc.) is changed via the paginator at the bottom of the page, the table continues to display only 10 records each time; the change in the number of items is not reflected in the list.

APNZ-5274 :  The Support Package Request page cannot be accessed. The application logs show the error java.lang.IllegalArgumentException: Id must not be null!

APNZ-5233 : All HTTP methods (POST, PUT, DELETE, etc.) can be used to access the definition files on Apinizer; this access should be restricted to the GET method only.

APNZ-5286 : When a Policy Group containing a JWT policy is added to an API Proxy that uses the JWT authentication method, the existing JWT configuration defined in the proxy is deleted.

APNZ-5254 : In an API Proxy with Swagger documentation and JWT Authentication structure, when method-based authentication policies are defined, endpoint-based authentication policies are lost when the proxy is duplicated or when a reparse operation is performed.

APNZ-5297 : When the Test Endpoint is run for the first time on the API Proxy and Test Console screens, the body content does not load; when the screen is closed and reopened, the content is displayed correctly. The query parameters defined on the Test Console screen are not reflected in the generated cURL output.

APNZ-5298 : Although the Node List field in the Kubernetes Resources → Deployment & Services screen is not mandatory, it is displayed as a required field in the user interface. 

APNZ-5299 : In the Gateway Environment screen, items in the Unpublished state are incorrectly displayed in blue; in this case, the visual state of the items is not accurately reflected.

APNZ-5301 : The Date Picker component used on the Report Generator screen looks different from the design on other pages and creates an inconsistent user experience. The warning icon on the same screen is not centered on its colored background; the icon appears visually shifted upward.

APNZ-5302 : The selection fields in the Method Settings screen of SOAP-type API Proxies are positioned too close to each other, and the alignment and spacing appear irregular.

APNZ-5309 : Connection Management → E-Mail → Project All screen displays all records regardless of which project the user selects; the checkbox selection is inactive.

APNZ-5342 : The logs on the Application Logs page are not sorted from newest to oldest.

APNZ-5346 : In the “Develop” section of the API Proxy, it is not specified which HTTP method (GET, POST, etc.) is selected.

APNZ-5337 : When creating Key Stores, after the registration process, the user is directed directly to the list screen, and the deploy status information is not displayed on the screen. After the “Save and Deploy” operation on the Key Stores screen, it returns to the list screen without showing which pods it was deployed to.

APNZ-5349 : In WS Security configurations, the import operation cannot be performed in either the Proxy or Policies sections.

APNZ-5352 : The “Stop” option should not be displayed in redaction policies.

APNZ-5359 : In WS Security policies, only KeyStore entries in the project and in general should be selectable; entries in other projects should not be selectable.

APNZ-5353 : The “Redact By” field in redaction policies is not displayed in the interface.

APNZ-5373 : After adding a new Notification on the Monitoring → Uptime Monitor screen and saving it, the Apply button only becomes active if a change is made in the name field.

APNZ-5389: The race condition that occurs when “parse with wsdl” is selected in the XML Schema Validation policy must be fixed.

APNZ-5391: The “Condition” values added to the Rate Limit Control List settings are being lost when saved.

APNZ-5065: The API Proxy is not functioning when the API Root Context is defined.

APNZ-5463 : An error occurs when multiple credentials are used on the RLCL screen.

APNZ-5218 : In the JSON signing step of the API Portal, the “Sign” button does not become active even though the required fields are filled in.

APNZ-5227 : When switching between tabs on the Portal Test screen, updates made on the Body tab, for example, disappear when switching to the Headings tab and then back again.

APNZ-5228 : The portal homepage opens in English by default; the TR-ENG language selector does not work properly after switching versions. The language change only becomes active after navigating to the APIs page and clicking the TR button.

APNZ-5244 : When the same API Product is opened to multiple organizations, the system attempts to verify all visibility organizations because the portal can only assign the user to their own organization, resulting in incorrect access restrictions. 

Release 2025.07.0 

Publication Date: July 24, 2025

HIGHLIGHTED NEW FEATURE

  • Active-Active Multi-Region Support

Added support for high availability and regional load distribution with Active-Active architecture across Kubernetes clusters in multiple locations.See.

  • Server Side Streaming Support

Server Side Streaming feature has been added, which provides continuous data flow from server to client. See.

WARNING When the SSE feature is enabled, the connection pool and retry mechanisms are disabled. In addition, fragmented data sent on the response line is not logged and cannot be viewed in log traffic.

NEW FEATURE

  • Support for WebSocket and HTTP on the same port

WebSocket and HTTP protocols can now be run simultaneously over the same port. See.

WARNING  In old configurations, WebSocket was used as a different port. But now HTTP and WebSocket protocols will work on the same port 8091.

  • WebLogic JMS Connection Support

Added WebLogic JMS (Java Message Service) connection support using Script policy.

  • Cache Performance Tuning Parameters Added

Added new configuration parameters for cache performance settings. See.

  • API Traffic: New Search Fields Added

In API traffic, the ability to search via the 'To Backend API Body' and 'From Backend API Body' fields on the basic search screen has been added. See.

  • Selectively Enabling WS-A and WS-RM Settings

Even if WS-A and WS-RM are defined in the WSDL, these settings can now be manually activated by selecting them on the screen.

  • Added Disable SSL Validation Field to Routing Tab

Disable SSL Validation field added to the Routing tab to disable SSL validation. See.

WARNING  When this option is enabled, the following SSL/TLS validation errors are ignored:

  • Self-signed certificates: Connections are allowed even if the certificate is not signed by a trusted authority.

  • Expired certificates: Connections are established even if the certificate has expired.

  • Invalid hostname: The certificate is accepted even if it does not match the target domain.

  • Untrusted CA: Certificates issued by unknown or untrusted certificate authorities are not rejected.

  • Invalid certificate chain: Connections proceed even if the certificate chain is incomplete or broken.

IMPORTANT IMPROVEMENTS AND CHANGES

  • Read-only view in script policies has been updated to allow content copying.
  • Field updates made in Throttling and Quota policies have been integrated into the Management API. See1. See2.
  • Checks and improvements were added for possible null value scenarios in Condition Rules.
  • Cache TTL settings have been improved for Circuit Breaker, Client Banner, and API Proxy (Response, Group Response, Endpoint Response).
  • An option has been added to Client Banner policies to determine whether an error should be thrown if identity is not found. See.
  • Cache health check queries now also verify the status of the cache cluster.
  • Multipart Form Data content is partially reflected in the API traffic, excluding file content.
  • Configuration parameters related to WebSocket have been updated. See.
  • Some issues in WebSocket routing processes have been resolved. See.
  • API traffic JSON logs now include routingRetryCount and routingFailoverCount information.
  • In connector log settings defined in the Environment, message body truncation units have been changed from KB to character count. See.
  • Policy-related information has been added to the Trace tab. See.
  • The database backup screen in the Apinizer Manager interface has been disabled.
  • When using mTLS during routing, not only the truststore selected specifically for the related routing but also other existing certificates defined in Apinizer can now be used.
  • Even if mTLS is not used in WebSocket routing processes, it is now possible by default to use existing certificates defined in Apinizer.
  • The display on the traffic screen for spec access has been changed to ‘apinizer://spec/’.
  • Detailed error that occurs when keystore or truststore is not found in the environment in routing mTLS settings.
  • In SOAP services, another SOAP API proxy service can be defined under the sub-location.

  • The http2Enabled parameter was added to prevent connection issues with WebSocket when the Gateway type is set to HTTP+WebSocket. See.

  • The policies named WS-Security-To-Target and WS-Security-From-Target have been made available under Global Policies.
  • The image published on Docker Hub under the name apinizercloud/portal is now published under the name apinizercloud/apiportal.

WARNING The new version of the Apinizer API Portal module must use the apiportal image name. The old image name (portal) is not supported in updates.

BUG FIXES

APNZ-5090: The missing policy_group collection that did not occur when upgrading to 2025.04.X versions is now automatically created.

APNZ-5062: When authorized and sending requests via the Portal, the header information is now sent with the requested value instead of a fixed "Authorization".

APNZ-5053: In routing operations, the root context is now removed only where it first appears in the path.

APNZ-4936: In Client Traffic & Time Metrics reports, the number of requests received by the reverse proxy shows as zero.

APNZ-4918: Extra newline character issue in SIEM logs.

APNZ-4914: Constant errors thrown when entering the API Proxy Group page.

APNZ-4984: JWT and OAuth2 authentication methods should not be added for WebSocket and gRPC.

APNZ-4988: When obtaining a JWT token, if the user is not in the ACL list, an incorrect error message is returned.

APNZ-3907: After adding a SOAP 1.1 type service, when the routing address is changed to SOAP 1.2, the routing address may disappear in the API documentation created in Apinizer.

APNZ-4541: If an LDAP user or group is defined, these permissions are deleted when the project name is changed.

APNZ-4835: Enumeration definitions in the Rest2Soap transformation policy are not correctly processed and converted as enums.

APNZ-4550: In Rest2Soap, XSD schemas are not reflected in the OpenAPI output.

APNZ-4280: Because Rest2Soap cannot resolve input schemas of some methods, the body appears as only <string> in the OpenAPI output.

APNZ-5007: On the Token Request page, although multiple environments are defined, only the first defined environment is displayed.

APNZ-5014: Cache connection does not consider the tuneCacheConnectionPoolMaxConnectionTotal value; the number of connections operates differently, independently of cache configuration.

APNZ-5024: In XPath and JSONPath expressions, when the path is not found, it should return null but currently returns an empty string ("").

APNZ-5032: On the Manager login page, login requests with empty username or password should not be forwarded to the backend.

APNZ-5033: When sending a multipart form request, the default Content-Type value should be set to UTF-8.

APNZ-5038: When the grant_type is set to password in the proxy group, the token cannot be obtained.

APNZ-5054: Rest2Soap’s issue with failing to convert paths for Array types.

APNZ-5052: The "Disable Try It" setting on the Portal does not work correctly.

APNZ-5078: After changing the project’s relative path, associated proxy groups become non-functional.

APNZ-4837: In Rest2Soap transformation, even when the "unwrap body" option is enabled for responses, it is not reflected in the "show example" section.

APNZ-5066: When the routing expression contains / characters, these characters are duplicated and added extra during routing.

APNZ-5068: If the API proxy relative path contains / characters and parentheses ( or ) appear before or after it, deployment fails.

APNZ-5073: In JWT and OAuth2 policies, the accepted audience information generated for the "policy group" is incorrect.

APNZ-5079: When server stream is enabled, there are issues with form data submission and log display.

APNZ-5080: When the Keystore JKS is updated, the JKS data does not change.

APNZ-5082: When setting up a multi-region cluster, the cluster cannot select the cache address it will use.

APNZ-5105: During async API calls and script executions, a null error may occur because the context content is not read-only.

APNZ-5102: When deployment is saved in the environment, access URLs defined in Management API settings are deleted.

APNZ-5111: When the server side enabled setting is on, POST-type empty messages cannot be sent through the reverse proxy.

APNZ-5114: Errors occur in some proxies during project import.

APNZ-5118: Environment type should not be changed.

APNZ-5125: In new environments, WebSocket works even if only the HTTP type is enabled.

APNZ-5138: The values of enum expressions in the query editor screen are not displayed.

APNZ-5131: Cache errors occur during version migration.

WARNING  Due to the Hazelcast version upgrade, existing cache pods may fail to synchronize properly. Therefore, all cache pods should be scaled down to 0 before being restarted to ensure a clean and consistent startup.

APNZ-5138: In the 'Create JSON Schema' operation in the Data Operations section, 'required' fields should be removed.

APNZ-4901: Metrics on the Kubernetes Resources page can be displayed up to 1.5 hours in the past, regardless of the filter.

APNZ-4598: While a user authorized from the LDAP group does not have admin rights, the user is being dropped from the session due to the history tab on some proxies.

APNZ-5151: Issue with discarding from authorization-based interface in Collection field in Test Console.


Release 2025.04.0 

Publication Date : April 16, 2025

NEW FEATURE

  • Client Ban Support

A Client Ban Policy has been created for client ID-based access control. The old, simple version of the Routing tab has been removed. See

  • Rate Limit Checklist Module

To simplify Rate Limit management, a new module has been developed that allows users to adjust their access amount in bulk.

A new field called "external" has been added to Credentials for institutions whose credential management is not done via Apinizer. See

  • OIDC/OAuth2 Callback URL Support

Added support for defining callback URLs for OIDC/OAuth2 integrations.

IMPORTANT IMPROVEMENTS AND CHANGES

  • New additions for the API Based Throttling and API Based Quota sections have been included in the Management API.
  • For WebSocket and gRPC, the variables in the script policy have been updated to show only those related to error messages and context variables.
  • The "Metric Initialization" parameter, which enables Prometheus metrics, has been updated to be configurable via environment variables. See: Bkz1, Bkz2
  • It is now possible to add values to the target field using regular expressions in API Based Throttling and API Based Quota definitions.
  • Rate limit statistics can now be returned in the response headers for the following policies: API Based Throttling, API Based Quota, Client Based Throttling, Client Based Quota, and Rate Limit Control List.
  • The WWW-Authenticate header returned upon authentication failure can now be optionally removed from the error pipeline.
  • When the variable type is defined as "custom", its initial value can now be set via script. See
  • Script policies can now also be executed for WebSocket and gRPC protocols.
  • Support has been added for including a detailed list of target values in API Based Throttling and API Based Quota definitions. See: See, See
  • A new section has been added to the Gateway Environments page to manage Kubernetes annotations for worker and cache components. 

BUG FIXES

APNZ-4967: WebSocket policies should also be executed for the Connect method.

APNZ-4966: It should be possible to return Authentication and similar policy errors or responses over WebSocket.

APNZ-4965: WebSocket does not receive the XFF (X-Forwarded-For) header information.

APNZ-4952: When a project is exported/imported, the link between global policies and the ones attached to API Proxy/API Proxy Group is lost.

APNZ-4950: On the API Proxy Group page, there are issues when switching between tabs.

APNZ-4948: In Connection definitions, if you stay on the page after initial creation and try to perform another action, an "ID already exists" error is shown.

APNZ-4941: While creating and saving an Elasticsearch connection, the backend creates it, but it is not saved on the frontend.

APNZ-4940: When fields are found via JsonPath and they are of nested map or list type, the results are displayed in the format a=b.

APNZ-4938: In the API Proxy ACL Method Authorization screen, credentials disappear after an update.

    • In the new version, when assigning authorization to empty API methods, the screen freezes after each update and the organization being edited disappears.
    • Once the page is refreshed, the credential reappears, but no second update can be made without refreshing the page.

APNZ-4936: In the Client Traffic & Time Metrics reports, requests to the reverse proxy, durations, etc., are shown as 0. This issue occurs only on reverse proxies; proxies with endpoints display data correctly.

APNZ-4949: When creating a project using the admin user, the admin is not automatically assigned as the owner.

APNZ-4915: After using "Save and Deploy" during Credential creation, the list view used to appear and the API Proxy was automatically reselected. However, currently, the list does not appear, and the API Proxy list cannot be selected again.

APNZ-4816: In Mock API, only the last value added via conditions inside the 200 response works; the others return a 204 status.


Release 2025.01.0

Publication Date: January 31, 2025

HIGHLIGHTED NEW FEATURE

  • New API Proxy Types: gRPC and WebSocket

Added two new types of API Proxy creation options: gRPC, WebSocket.  See.

gRPC Proxy Support:

  • Unary gRPC calls (a single request from the client, a single response from the server)
  • Server streaming gRPC calls (a single request from the client, a stream of responses from the server)
  • Client streaming gRPC calls (a stream of requests from the client, a single response from the server)
  • Bidirectional streaming gRPC calls (bi-directional data streaming between client and server)
  • gRPC-Web support (for browser-based gRPC communication)
  • TLS/SSL secure connection support


WebSocket Proxy Support:

  • Standard WebSocket protocol (ws://)

  • Secure WebSocket protocol (wss://)

  • Text message format

  • Binary message format


Policies can be partially executed on these two new types of API proxies, and incoming and outgoing messages can be sent to log connectors.

The test console does not yet support these two protocols.

  • New Environments Suitable for New API Proxy Types

The “Communication Protocol Type” field has been added to the environments. The deployment environments of API Proxies have been organized to be automatically matched according to the proxy types. REST and SOAP API Proxies can be deployed to HTTP type environments, gRPC API Proxies to gRPC type environments and WebSocket API Proxies to WebSocket type environments. With this update, proxy type and deployment environment compatibility is guaranteed and wrong environment selections are prevented.See.

The following policies and settings are currently not supported: WS-Security STS Token, mTLS Authentication, Script, Backend API Authentication, API Call, API Proxy Group, CORS Settings, Cache Settings, XML/JSON Error Response Template, Load Balancing Type, Define Circuit Breaker, Define Client Flow Banner, Define Proxy Server, NTLM Settings, and Customize Error Messages.

  • Geolocation Management with IP Control

IP controls can be done according to Geolocation data (Country, Province). See.

WARNING Since the log data structure kept with this change has changed, organizations using Elastic search need to update the log index template and make rollover index. You can visit this page for the new index structure.

  • Settings Group Management

It has been enabled to create and assign Global Settings to both API Proxy and API Proxy Group with the Settings Group screen.See.

  • Policy Group Management

With the Policy Group screen, it has been enabled to create and assign a Policy Group to both API Proxy and API Proxy Group. Please see here.See.

With this development, the structure of the Policy Display screens has been redesigned to allow readonly user access in the future.

  • Deploy Operations Synchronization and Result Display Enhancement

It has been enabled to show the result of all Deploy operations in detail.    See.

WARNING With this development, a comprehensive improvement has been made for pod deployment processes over kubernetes service. In the previous version, for deployment operations sent from Manager to Worker, Worker would broadcast this deployment asynchronously to other pods in its environment. Due to this structure, it was not possible to directly view whether Worker successfully deployed to other pods on the Manager screen, and possible errors could only be detected from system logs. In addition, since the deployment status of pods in the namespace could not be tracked instantly, inaccessible pods could cause inconsistencies in the system.

With the new development, the entire deployment process has been synchronized. The communication between Manager and Worker has been strengthened, so that when any pod cannot be accessed, errors can be caught instantly and displayed on the Manager screen. The results of all pod deployment operations over Kubernetes service are now reported in detail on the user interface. Thanks to these improvements, the transparency of the deployment process has been increased and it is easier to detect and manage errors faster. One thing to note is that deployment times may increase slightly due to the full synchronization of the previously partially asynchronous process.

NEW FEATURE

  • AI Powered Chatbot Integration for API Portal

An AI-powered chatbot integrated into API Portal. See.

  • Support Package Request Management for API Portal

“Support Package Request” screen has been added to API Portal Manager for easy management of support package requests. See.

  • Viewing and Managing Support Packages for API Portal

“Support Package Feature” screen has been added to API Portal to view and manage support packages. See.

  • Management of Support Package Types for API Portal

“Support Package Type” screen has been added to API Portal to manage support package types. See.

  • Support Packages Management for API Portal

“Support Package” screen has been added to API Portal to manage support packages. See.

  • Jira Integration for API Portal

Jira integration was added to API Portal. It was ensured that users can create their requests directly through the API Portal and easily track them through the Jira system. Bkz.

  • Jira Integration for API Portal Admin Panel

Jira integration has been added to the API Portal Admin panel, so users can manage and monitor requests through Jira. Bkz.

  • Cookies Management for API Portal

Cookies management has been added to API Portal. See.  

  •  API Product Update - Application Creation Button for API Portal

In API Product update section in API Portal, a button to create an application if the user has no application has been added. See.

  • WSDL definition files can be downloaded in Zip format.
  • Maintenance mode feature has been added to API Proxies.  See
  • Timeout values for deployment time have been made parametrically configurable.  See
  • TLS settings have been made parametric with JVM parameters. See
  • Location data has been added to the log structure. This data contains latitude and longitude fields. See.

IMPORTANT IMPROVEMENTS AND CHANGES

  • A "Redeploy All" option has been added to API Proxies and API Proxy Groups that use Global Policies, Policy Groups, and Settings Groups. See1, See2, See3.

  • The loading of settings and fonts on the Portal has been updated to run automatically when the system is first started.

  • While creating a new API Proxy, the default value for the "Ignore Error Response Template In Case Of Error On Backend API" parameter in the Routing section has been set to false.
    WARNING This change ensures that in the case of a backend error, the error response is returned using the error response template, thereby preventing a potential security vulnerability.

  • Formatted display of data in API Traffic Logs, Test Console Response Logs, AuthToken Logs, and Trace Logs has been removed to avoid misinterpretation risks. With this change, logs are now presented as they are received.

  • The title and description section on the API Product page in the API Portal has been made dynamic.

  • The test button has been removed from the endpoints tab of API Proxy Groups for undeployed environments. See.

  • On the Admin Projects page, the Members and Roles column has been removed. A new column has been added to the table showing Relative Path, its active/inactive status, and the actual path if available. See.

  • The visibility of the Try It button in the API Portal has been made dynamic for each API Product. See.

  • The list of supported Content-Encoding values for responses returned by the API has been expanded. Previously, only gzip, deflate, and br were supported. Now, gzip, deflate, br, compress, and zstd encoding types are also supported.

BUG FIXES

APNZ-4755: Test console does not open properly the second time.

APNZ-4746: When values such as product or responsible are deleted in API Portal, pages are not opened due to null error.

APNZ-4737: If the test console is closed from the cross on the top right, the body field is not loaded in the next test endpoint request.

APNZ-4720: API Proxy exports are exported as empty zip file.

APNZ-4697: The job that deletes app logs every night at 1am should be removed, because this prevents app purge jobs from working properly.

APNZ-4626: Policies exported from API Proxy cannot be imported to Policy Group.

APNZ-4204: Wrong value is deleted during deletion from Access-Control-Allow-Origin values in CORS.

APNZ-4702: Repeated export option appears in Export/Import menu.

APNZ-4780: Wrong library in mail import in Groovy.

APNZ-4771: When switching between tabs in the API traffic log screen, the body field is not updated without clicking.

APNZ-4752: Errors related to policies;

  • When registering Groovy script in Script Policy, the script type is not registered correctly.
  • When adding a new rule in business rule, the variable selection slides back and the page hangs after cancel.
  • Some of the API Calls appear more than once in the trace.
  • 'Updated' appears twice after the policy is saved.
  • Although there are no errors in the console, error messages are not reflected on the readonly screen.

APNZ-4741: The SOAP message returned from the backend is now fully logged.

APNZ-4714: When using the 'zstd' encoding in the Accept-Encoding header, the response content could not be correctly encoded, resulting in corrupted content.

APNZ-3933: Policies exported from the API Proxy cannot be imported into the Proxy Group.

APNZ-4756: In the Mock Proxy, for the first method, errors occur in API Calls that were previously functioning and are still appearing in logs. Corresponding error messages are not displayed on screen, and this condition is logged as a 404 error.

APNZ-4790: In the test console, the "name" and "value" modal windows for adding headers open in the background.

APNZ-4787: When "one way" is selected in the API Call and then switched to "two way," the "not change default" option is not selected by default and remains inactive.

APNZ-4822: When sending a file with multipart/form-data and the file content is missing, the corresponding part is not sent to the backend.

APNZ-4815: Newly added Context Values are not fully visible in the script view.

APNZ-4812: Search filters do not work in the Portal Accounts section of API Manager.

APNZ-4799: In the request pipeline, the "Activate All" and "Disable All" policy actions affect response and error handling in the method, but the "All" options do not reflect these changes.

APNZ-4678: When a DB2 API connection is deleted, DB2 APIs that depend on it become unusable.

APNZ-4286: On the Admin Projects page, the listing shows all records instead of the first 10 entries.

APNZ-4806: Direct API Product links do not open properly in the API Portal.

APNZ-4829: When the failover setting is disabled in the log connector, the "Apply" operation hangs for a long time without reaching the system timeout. Even if the user refreshes the page, the setting cannot be disabled and the changes are not applied.

APNZ-4836: The string exists condition in the Business Rule policy does not work as expected.

APNZ-2889: When an API Product is deleted, blank rows appear in the ApiProductAppRegister table on the Account screen.

APNZ-4831

  • When adding WSS user information, an extra timestamp field appears in readonly mode when only the username field should be added. Also, the password field is displayed explicitly.
  • When the page refreshes after deploying on API Proxy Group, the system shows the redeploy option. However, the API Proxy Groups page shows the group as correctly deployed.
  • The CodeMirror body in the test console is displayed with 3 characters aligned inside.
  • When API Proxy is imported, the word imported is unnecessarily added to the relative path field.