What's New for Oracle API Platform Cloud Service
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Oracle® Cloud
What's New for Oracle API Platform Cloud Service
Release 21.4.3
E87201-35
January 2022
What’s New for Oracle API Platform Cloud
Service
Learn about the new and changed features of Oracle Oracle API Platform Cloud
Service .
Topics:
• Release 21.4.3 - January 2022
• Release 21.3.1 - November 2021
• Release 21.2.4 - June 2021
• Release 21.2.3 - May 2021
• Release 20.3.3 - September 2020
• Release 20.2.3 - June 2020
• Release 20.2.2 - May 2020
• Release 20.1.1 - February 2020
• Release 19.4.3 - December 2019
• Release 19.4.2 - November 2019
• Release 19.4.1 - October 2019
• Release 19.3.3 - September 2019
• Release 19.3.3 - August 2019
• Release 19.3.2 - August 2019
• Release 19.3.1 - July 2019
• Release 19.2.3 - June 2019
• Release 19.2.2 - May 2019
• Release 19.2.1 - March 2019
• Release 19.1.5 - February 2019
1• Release 19.1.3 - February 2019
• Release 19.1.1 - January 2019
• Release 18.4.5 - December 2018
• Release 18.4.3 - November 2018
• Release 18.4.1 — October 2018
• Release 18.3.5 — September 2018
• Release 18.3.3 — July 2018
• Release 18.2.5 — May 2018
• Release 18.2.3 — May 2018
Release 21.4.3 - January 2022
Gateway
Note:
To get the following fixes/features, download new Gateway installer and
install it. See Install the First Gateway Node for a Logical Gateway.
This Gateway Installer contains Critical Security Fixes. It's a mandatory
upgrade for all customers.
Feature or bug number Description
Latest Patch Sets WLS Patch Set Sep 2021 Update
12.2.1.3.210929 Patch 33412599. This patch
contains fixes for several Oracle WebLogic
Server Vulnerability and performance. More
details here
Coherence Patch 12.2.1.3.16 #Sep 2021
This release contains fixes for the recent log4j
vulnerability CVE 2021-44228. While the new
APIPCS Gateway has been tested and verified
to be log4j vulnerability-free, it is
recommended to apply this WLS patch post
the Gateway upgrade to enhance the security
of your gateways. See https://
support.oracle.com/epmos/faces/PatchDetail?
patchId=33691226.
Feature or bug number Description
APIP-250 Add Groovy execute() method to the list of
blacklisted methods
APIP-257 Gateway Polling should not make excessive
calls to Management Tier
2Feature or bug number Description
APIP-260 Gateway Node polling timeout should be made
configurable
Release 21.3.1 - November 2021
Gateway
Note:
To get the following fixes/features, download new Gateway installer and
install it. See Install the First Gateway Node for a Logical Gateway.
This Gateway Installer contains Critical Security Fixes. It's a mandatory
upgrade for all customers.
Feature or bug number Description
Latest Patch Sets WLS Patch Set Jun 2021 Update
12.2.1.3.210630 Patch 33064699. This patch
contains fixes for several Oracle WebLogic
Server Vulnerability and performance. See
Oracle® WLS Patch Set Update
12.2.1.3.210630 README.
Coherence Patch 12.2.1.3.15 #Jun 2021
Oracle Global Lifecycle Management OPatch -
13.9.4.2.6
Third Party SW upgrades Several Third Party Libraries used in API PCS
Gateway are upgraded to the latest version.
This includes Logstash upgrade to 7.10,
Nimbus JOSE + JWT upgrade to 8.22.1, and
JSON Smart upgrade to 2.4.2.
Management Tier
Feature or bug number Description
Third Party SW upgrades Several Third Party Libraries used in API PCS
Management Tier are upgraded to the latest
version. This includes Common Beanutils
upgrade to 1.9.4, and Common IO upgrade to
2.8.0.
Release 21.2.4 - June 2021
Gateway
3Note:
To get the following fixes/features, download new Gateway installer and
install it. See Install the First Gateway Node for a Logical Gateway.
This Gateway Installer contains Critical Security Fixes. It's a mandatory
upgrade for all customers.
Feature or bug number Description
Latest Patch Sets WLS Patch Set Apr 2021 Update
12.2.1.3.210329 Patch 32697734. This patch
contains fixes for several Oracle WebLogic
Server vulnerability and performance issues.
See Oracle® WLS Patch Set Update
12.2.1.3.210329 README.
Coherence Patch 12.2.1.3.13 #Mar 2021
Release 21.2.3 - May 2021
Management Tier
Feature or bug number Description
APIP-1 : Customer underbilling issue Due to a bug in Management Tier, sometimes
a few gateway hours were missed from the
days billing. We have fixed this bug in the
management tier.
Release 20.3.3 - September 2020
Management Tier
Feature or bug number Description
31697984 - Allow API Application access Customer cannot attach uri endpoints to
restriction based on resources end points constraints in plans. They requested to restrict
access to resource endpoints using plan and
entitlements.
30997643 - Gateway node having API When same API with key validation policy is
deployment issue deployed to a logical gateway with 2 registered
nodes, one of the gateway nodes successfully
validates the key whereas the other node fails
to validate it. The bug is intermittent.
31425082 - Request Payload Validation policy Customer requested to use the PATCH method
is not displaying PATCH method exposed by exposed by the REST end point in the request
REST end point payload validation policy.
Gateway
4Note:
To get the following fixes/features, download new Gateway installer and
install it. See Install the First Gateway Node for a Logical Gateway.
This Gateway Installer contains Critical Security Fixes. It's a mandatory
upgrade for all customers.
Feature or bug number Description
Latest Patch Sets WLS Patch Set Jul 2020 Update
12.2.1.3.200624 Patch 31535411. This patch
contains fixes for several Oracle WebLogic
Server Vulnerability and performance. More
details here
Coherence Patch 12.2.1.3.10 #14 July 2020
31546291 - Calls to external service fails with After the installation of Gateway version 20.2.3
HTTP 400 after new gateway installation certain SOAP requests were failing because
additional "=" sign got added at the end of the
URL. This resulted in API requests failing
The following bug fix is rolled back in the 20.3.3 release because it causes a
regression in the 20.2.3 release (June 2020).
Bug fix rolled back Workaround
31042350 - Query parameters like "?param=" The workaround for that issue to not pass a
were incorrectly forwarded to the service query parameter like "?param=“, this gets
request. trimmed into “?param”. If you pass “?param” or
“?param=val” they all work fine.
Release 20.2.3 - June 2020
Management Tier
Feature or bug number Description
28665774 - Need simple way to identify the To determine the version of the gateway to
version of the installer download and install from the Management
Portal, navigate to Gateways//
Nodes and hover over Download Gateway
Installer. The version numbers of the latest
available gateway and core engine are
displayed in the tooltip.
31318456 - Problem with deploying APIs that When an endpoint specified in Apiary Blueprint
use Apiary Blueprint specification with query contains query parameter definitions, this bug
parameters prevented the API from being deployed to the
gateway.
5Feature or bug number Description
API Request Endpoint URL is exposed on the The configured request endpoint URL can now
runtime context Groovy interface be referenced as the runtime
context.ApiEndpointUri property from
Groovy scripts.
Gateway
Note:
To get the following fixes/features, download new Gateway installer and
install it. See Install the First Gateway Node for a Logical Gateway.
This Gateway Installer contains Critical Security Fixes. It's a mandatory
upgrade for all customers.
Feature or bug number Description
Latest Patch Sets WLS Patch Set Update Apr 2020: Critical
patch containing fixes for several Oracle
WebLogic Server Vulnerability. More details
here
Coherence Patch #9 May 2020
30836924 - Problem with adding parameters in One way to version an API is to add a version
the Accept Header parameter to the Accept header. This caused
API calls to fail.
31042350 - Not able to get desired response Query parameters like ?param= were
while calling rest API with empty query params incorrectly forwarded to the service request.
31121699 - API Search-SQL Injection- Query parameters with an = (equal) sign in the
Response is not the same when compared to value were incorrectly forwarded to the service
local machine request.
31198805 - Request to pass the application If an API uses header-based key validation
key header to the service policy, the gateway does not forward the
header to the service request by default. This
enhancement enables API developers to add a
header configuration rule to the service
request to forward the application key header.
Release 20.2.2 - May 2020
Feature or bug number Description
Bug 28958520 - APIs deployed with Apiary Potential conflicts between the base path
specification return HTTP 405 response configured in the Apiary spec and the API
Request endpoint are detected. The user is
given the option to resolve these conflicts.
6Feature or bug number Description
Bug 30929197 - Limited amount of characters The documentation file name length for APIs,
for documentation filename Plans and Services has increased from 50
characters to 80 characters.
Release 20.1.1 - February 2020
Feature or bug number Description
Bug 30680643 - Increased default timeout of The timeout has increased from 120000 ms to
APICS Gateway's Client to handle bulk API 300000 ms.
deployment
Bug 30459243 - Fixed issue of incorrect time The correct time is now displayed.
being displayed for Sao Paulo BRT timezone
Release 19.4.3 - December 2019
Feature or bug number Description
Bug 30349940 - Service Account with an An error no longer occurs when the Service
empty "Scope" - JSONObject scopes not Account is configured without a scope.
found
Bug 30237081 - Not able to consume given Increases the allowed length of API service
service in APICS URL.
Bug 30329761 - OCSG 19.3.3 REST Reduces response time of API deployment
getApplication and updateApplication during load conditions.
response slow
Bug 30400113 - Oracle API Platform Cloud Returns Internet Standards error message
Service GW http response message Unprocessable Entity for error code 422.
Release 19.4.2 - November 2019
Feature or bug number Description
Bug 30349940 - Service Account with an An error no longer occurs when the Service
empty "Scope" - JSONObject scopes not Account is configured without a scope.
found
Bug 30439829 - Arabic characters do not To ensure that Arabic characters display
display properly properly in the HTTP response message,
include charset=utf-8 in the HTTP request
message header.
Release 19.4.1 - October 2019
7Feature or bug number Description
30164347 - Incorrect calculation for number of Gateway hours are now calculated correctly
gateway hours when API invocation count is when the API calls exceed multiples of 35000.
35000 Previously, the calculated hours were
overestimated.
30299293 - Oauth token cache is an A problem with cache synchronization was
unsynchronized HashMap fixed in this release.
Release 19.3.3 - September 2019
Feature or bug number Description
Universal Credit accounts do not use My After signing into Oracle Cloud, you use the
Services Dashboard Oracle Cloud Infrastructure Console to access
your Platform Services. Previously you were
required to access these services from the My
Services Dashboard. See Access Oracle API
Platform Service in Using Oracle API Platform
Cloud Service.
Release 19.3.3 - August 2019
Management Tier
Feature or bug number Description
28952509 - The Subscriptions that are The actual count in default display is showing
pending in the Requesting tab show correctly now.
Requesting(0) in the default display. Clicking
this tab shows the actual count.
Gateway
Note:
To get the following fixes/features, download new Gateway installer and
install it. See Install the First Gateway Node for a Logical Gateway.
8Feature or bug number Description
Installer now supports customized temp You can now specify a custom temp directory
directories as follows:
java -Djava.io.tmpdir=$
{CUSTOM_TEMP} -jar
ocsg_generic.jar
The path for the temp folder can only contain
the following characters: a-z, A-Z, 0-9, -, and
_.
29930427 - The API Gateway IP is available In release 19.3.3, the API Gateway IP is
after API deployment. immediately available after API deployment. In
previous releases, the IP was blocked for up to
30 minutes due to threat protection.
Apply patch sets The following patch sets are now available:
• WLS Patch set 2019-Jul WLS
(P29814665)
• WLS Patch set 2019-Jul Coh PSU
(P29961519)
Release 19.3.2 - August 2019
Feature or bug number Description
Multiple identity domains are now supported You can create a service instance within a
specific identity domain among multiple
identity domains in Oracle Identity Cloud
Service. Each identity domain has an
independent set of users. For example, you
might create separate identity domains for test
users and production users. By default, service
instances are created in the primary identity
domain in Oracle Identity Cloud Service.
See About Multiple Instances in Administering
Oracle Identity Cloud Service.
29971533 - User cannot access the API User names and email addresses are now
Management Portal case-insensitive. Previously, a change in the
capitalization of user names (e.g. john.doe to
John.Doe) blocked access to the API
Management Portal for the affected user.
Release 19.3.1 - July 2019
Bug number Description
30041495 - Bad certificate in the call to the You can now successfully update configuration
Oracle Cloud from the gateway changes, and retrieve and save these them.
9Bug number Description
30034548 - API endpoints are not displayed in In the Application Details page, Subscriptions
Developer Portal tab in the Developer Portal, the endpoint URLs
are now displayed as expected when you have
subscribed to a published plan from an
application.
29839614 - REST2SOAP policy template When creating an XML template for a SOAP
generation incorrect for XML attributes request, REST2SOAP now generates XML
attributes correctly.
Release 19.2.3 - June 2019
Feature or bug number Description
Multiple identity domains now supported You can now select among multiple identity
domains in which to create your API Platform
Cloud Service instance. Each identity domain
has an independent set of users, so you can
create different instances with different sets of
users. By default, instances are created in the
primary identity domain in Oracle Identity
Cloud Service.
29741887 - Developer portal custom pages do When you create a custom page on the
not persist across managed servers Developer Portal and upload it through the
consumption service, the page will be serviced
from all Managed Servers, not just the
Managed Server that processed the upload.
28980520 - Developer Portal API list page When you publish APIs to the Developer Portal
stops loading after you click the Bottom button and click Bottom on the API list page, the
on Safari and Chrome APIs are displayed properly. In previous
releases, the APIs did not load.
Note: If you don't see the APIs right away,
wait. Loading the APIs takes some time.
29749975 - Add validation for reserved context The Management Portal now issues an error
paths message if context paths start with the
following reserved prefixes: ws, management,
portal, prm_pm_rest, daf-network.
29629939 - Enabled Oracle Identity Cloud You can now configure your Oracle Identity
Service federated single sign-on for Developer Cloud Service instance so that you can sign in
Portal to Developer Portal with your federated single
sign-on login.
29676868 - Policy SDK not reflected properly Updates to the Policy SDK after a gateway is
on the Management Portal deployed are now reflected accurately in the
Management Portal.
29533933 - Gateway node name length The maximum length of the name for the
restriction gateway node is now 256 characters.
Previously, the gateway node name maximum
length was 50 characters.
10Release 19.2.2 - May 2019
Feature or bug number Description
Template-based parameter causes API in plan In the Apiary blueprint for an API, you can now
to fail specify Actions having Query parameters.
Query using quotation marks (") results in In the Management Portal, you can now
Error surround a search string in quotes.
Microsoft Internet Explorer - Unexpected error From the APIs menu on the API Management
calling REST service portal, API implementations are now displayed
without error in the Windows Internet Explorer
browser, in addition to Chrome and Firefox.
Release 19.2.1 - March 2019
A new tab, Security Settings, was added to the Platform Settings page in Release
19.2.1. This new tab allows you to view the Client ID, Client Secret, and scope for your
instance. See View Security Settings.
Release 19.1.5 - February 2019
Feature Description
Enhancement to the Search feature on list On list pages for APIs, plans, applications,
pages services, service accounts, and gateways, you
can now enclose a search term in quotes to
find an exact match. See Understand the APIs
List Page for an example.
Enhancement in Application-Based Routing A button has been added to display a list of
policy applications for selection. See Apply
Application-Based Routing Policies.
Enhancement in Gateway-Based Routing A button has been added to display a list of
policy gateways for selection. See Apply Gateway-
Based Routing Policies.
Release 19.1.3 - February 2019
Feature Description
List page redesign The pages in the interface that list the APIs,
plans, applications, services, and service
accounts have been redesigned to make it
easier to view information.
11Feature Description
Added options in Resource-based Routing When applying the resource-based routing
Policy policy, you can now route requests based on
actions and methods as well as resources
from an Apiary specification. If you are
configuring it manually, you can also now route
requests on methods and method+path
combinations in addition to paths. See Apply
Resource-Based Routing Policies.
Gateway installation If the installed version of your gateway is
18.4.3 or later, there is no need to re-install the
gateway for 19.1.3.
Release 19.1.1 - January 2019
Feature Description
Outbound WSS Username Token Policy This new policy allows you to enable an end-
user identity to be passed over multiple hops
before reaching the destination web service.
See Apply Outbound WSS Username Token
Policies.
Inbound WSS Username Token Policy This new policy allows you to enforce
verification of credentials sent within the SOAP
payload and allow only authorized users to
access APIs. See Apply Inbound WSS
Username Token Policy.
Release 18.4.5 - December 2018
There were no new features in release 18.4.5. This release contained internal
infrastructure updates and bug fixes.
Bug number Description
28943090 - APIs and Plans pages time out in The query was optimized to reduce the
Deveoper Portal number of IDCS calls and make the query
faster.
28957876 - remove "links" as fields in API list When rendering the API list page, REST calls
page to /plans and /apis are made. In both
cases, the field "links" was included, explicitly
for /apis and implicitly for /plans. The
REST call to /plans was updated to pass ?
fields=id to ensure the links are not looked
into, and REST call to /apis was updated to
remove "links" as a field to return.
28642385 - Some analytics data did not allow Charts and tables in Analytics will now display
the time to display in the local time zone in the local time zone, not the platform time
zone.
12Bug number Description
28881998 - Republish button in Plan tab is Plans have no iterations, so any change to the
extra plan is immediately visible in the Developer
Portal. The Republish button is uneccessary
and is removed.
28925217 - Remove roles from grants pages The queries for grants took a long time to
and dialogs execute due to the role parts of the queries.
The query parameters for roles and the Role
columns were removed from the UI.
28963833 - Show/Hide navigation menu The navigation menu now opens in Internet
doesn't open in Internet Explorer 11 Explorer 11.
28883652 - Redesign the Requests by Queries on the Gateway analytics page were
Resource grid to scroll the data virtually very slow, or hung up. To resolved this, auto
refresh was removed and there is now a
Refresh button. Also, the grids have been
redesigned to "virtually scroll" the data.
28948363 - Application-based routing not The application selection drop-down list now
working as expected after release 18.4.3 shows all available applications.
Release 18.4.3 - November 2018
Feature Description
Action Level Plan Constraints You add rate limits on entitlements to control
requests from a specific API to a plan. If an
API uses an Apiary specification, you can now
set rate limits for specific actions in the API.
See Setting a Rate Limit for an Entitlement.
Support Apiary Actions in the Interface If an API uses an Apiary specification, you
Filtering and Method Mapping Policies now have the option of configuring the
resources using actions from the API
specification or configuring them manually in
the Interface Filtering and Method Mapping
policies. See Applying Interface Filtering
Policies and Applying Method Mapping
Policies.
Analytics Filters for Plans, Services, and You can now filter analytics results by plans,
Methods services, and methods. See Filtering Analytics.
Support JSON values for scopes in OAuth There is a new element called
ScopeClaimDataType, which allows you to
specify whether the scope values in JWT are
space-separated or in JSON structure. See
The OAuth Profile XML File.
Custom Pages in the Developer Portal You can now add custom pages to the
Developer Portal. See Managing Custom
Pages.
Release 18.4.1 — October 2018
13A new navigation menu sidebar on the left of the window was introduced in 18.4.1. It
contains options to access the pages for APIs, Plans, Applications, Gateways,
Services, Service Accounts, Roles and Platform Settings. When it is expanded, both
icons and text appear; when it is collapsed, only the icons appear. It can also be
hidden completely, and then viewed again using the Show/Hide Navigation Menu
option above the blue banner.
Release 18.3.5 — September 2018
In 18.3.5, if your API was created with an Apiary specification, you can choose to use
actions from the specification in the Interface Filtering and Method Mapping policies.
See Applying Interface Filtering Policies and Applying Method Mapping Policies.
Release 18.3.3 — July 2018
There were no new features in release 18.3.3. This release contained internal
infrastructure updates only.
Release 18.2.5 — May 2018
14Feature Description
Request Payload This new policy allows you to validate the request message body for length
Validation Policy and format. See Applying Request Payload Validation Policies
Analytics filter The filters on the analytics pages were redesigned. All the filters, including
redesign the time filters, are now in a sidebar.
Use Apiary If an API was created with an Apiary specification, yu can configure the
actions in resources using the API actions. See Applying Resource-Based Routing
Resource Based Policies
Routing policy
API actions on When you link an Apiary specification, the API actions are listed on the
Specification Specification page. You can expand each action to view its details.
page
UI update to On the Plans Subscription page, you can now view application details.
Plans
Subscriptions
page
Entitle in Plan There is a new grant for Gateways, called Entitle Gateway in Plan. This
grant for allows a user to entitle the gateway in a plan. See Issuing Gateway Grants.
Gateways
Plans pages You can now view plans and their details in the Developer Portal. See
added to the Discovering and Entitling Plans.
Developer Portal
Release 18.2.3 — May 2018
Feature Description
Applying Configuration examples were added. See Applying Redaction Policies
Redaction
Policies
Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle
Accessibility Program website at http://www.oracle.com/pls/topic/lookup?
ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers that have purchased support have access to electronic support
through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/
lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?
ctx=acc&id=trs if you are hearing impaired.
15Oracle Cloud What's New for Oracle API Platform Cloud Service, Release 21.4.3
E87201-35
Copyright © 2017, 2022, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws.
Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit,
perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for
interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is
applicable:
U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered
hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are
"commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental
regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs
(including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle
computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract. The terms governing the
U.S. Government’s use of Oracle cloud services are defined by the applicable contract for such services. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous
applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take
all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by
use of this software or hardware in dangerous applications.
Oracle, Java, and MySQL are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks
of SPARC International, Inc. AMD, Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open
Group.
This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates
are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable
agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-
party content, products, or services, except as set forth in an applicable agreement between you and Oracle.
16You can also read
