Changelog

All notable changes to Apiman will be documented here (as of Apiman 3).

3.1.2.Final

Added

• [gateway-vertx]: you can add a list of additional allowed-issuers in your Gateway API Keycloak Authentication config. This better supports situations where your Keycloak server returns multiple different issuers, for example for internal vs external domains, Docker, K8s, etc. By Marc Savy (@msavy).

Changed

• A large number of dependencies have been updated across the Apiman codebase in order to improve security. By Marc Savy (@msavy).
• [containers/docker-compose]: to support a change in Keycloak’s behaviour, we now set allowed-issuers in the Vert.x Gateway API authentication configuration to allow both internal and external issuers. By Marc Savy (@msavy).

Removed

Fixed

• [gateway-vertx]: allow access to Vert.x Gateway API’s /system/status endpoint without auth. This allows health checks without needing to pass around auth credentials and/or relying on 4xx errors. By Marc Savy (@msavy).
• [gateway-vertx]: array values are now always correctly substituted in Vert.x Gateway configuration. By Marc Savy (@msavy).
• [portal]: show REST API documentation even when user not logged in. By Bastian Gembalczyk (@BastianGem) and Florian Volk (@volkflo).
• [gateway-vertx]: do not include null/empty path elements in Keycloak discovery URI. If your Vert.x Gateway API was unable to speak to Keycloak because it had an unexpected null in the URI, this should fix it. By Marc Savy (@msavy).
• [distro-ddl]: Multiple small MSSQL (Microsoft SQL Server) DDL fixes. If you are using MSSQL, you should set the Java system property hibernate.auto_quote_keyword=true — in WildFly you can put this into the properties section of standalone-apiman.xml. By Marc Savy (@msavy).
• [manager-api-jpa]: Allow deletion of org with contracts. It should be possible to delete an organization with retired entities. By Florian Volk (@volkflo).

3.1.1.Final

• No changes, this additional release was needed due to a problem with Apiman’s CI/CD pipelines.

3.1.0.Final

Added

• [metrics-es]: allow logging metrics to file with write-to option. To facilitate scrape-based metrics patterns, this commit allows Apiman’s ES metrics to be written to a log file as JSON via whichever logging framework you are using (asynchronously). You can set any combination of remote (ES server) or/and log (local). By Marc Savy (@msavy).

Changed

• A variety of dependencies have been updated across the Apiman codebase in order to keep users secure. If you don’t want to upgrade, speak to your long-term support provider.
• [manager-api-rest]: Apiman Manager API now has an OpenAPI v3 schema! You can access this at /openapi.json or /openapi.yml. For example, http://localhost:8080/apiman/openapi.json. By Marc Savy (@msavy).
• Default plugin registry and API catalogue JSON files are now in the GitHub release, rather than directly in the repository. By Marc Savy (@msavy).
• Converted Apiman into a monorepo (as far as possible). Apiman plugins, default API catalogue, default plugin registry, developer portal, docker images, amongst others, have been painstakingly merged in. CI pipelines have also been updated to reflect this. Multi-repository releases are difficult with GitHub CI, so this will hopefully make more frequent releases much easier. By Marc Savy (@msavy).

Removed

• [manager-api-rest]: Removed obsolete Qmino API documentation generator. I would like to thank the Qmino team for their support over the years. By Marc Savy (@msavy).

Fixed

• fix[gateway-vertx]: in Keycloak discovery code getAllowedIssuers check was mistakenly inverted. By ronimhd.
• fix[manager-api]: register subtypes for deserializing policy probe response, this step was inadvertently removed during refactoring. By Florian Volk (@volkflo).
• fix[ui]: move validation function for IP list into validate function to ensure list valid when switching between IP policies. By Florian Volk (@volkflo).
• fix[gateway-engine-es]: throw ClientNotFoundException if client not found when unregistering. By Florian Volk (@volkflo).
• [manager-api]: Perform unregister only if client is in correct state. By Florian Volk (@volkflo).

Full Changelog: 3.0.0.Final...3.1.0.Final

3.0.0.Final

Thanks

A huge thanks to every company that has worked with Apiman’s main developer via consulting, support, sponsoring features, or other means. Without financial support, Apiman open source will not continue to be developed.

Particular thanks go to the team at Scheer PAS who sponsored a considerable amount of the work that is in the 3.0.0.Final release.

Added

• [manager-api] Events*: versioned events are now emitted inside Apiman for a number of important business actions. These are consumed internally within Apiman, but are also inserted into a transactional outbox* inside the database using the CloudEvents format. You can use CDC software, such as Debezium to integrate Apiman’s events into your messaging platform of choice, such as Apache Kafka. A wide variety of rich business functionality can be enabled via this integration. By Marc Savy (@msavy).
• [manager-api] Notifications: notifications for important events are now generated and sent to the appropriate user(s) and/or group(s). This is driven by the event system. For example, when an API requires approval, all users with the apiEditor permission will receive an in-browser notification and email notification. In-browser notifications can be seen by pressing the bell in the top-right corner of the screen. Notifications can be disabled entirely in apiman.properties. By Marc Savy (@msavy).
• [manager-api] Email notifications and templates: a fully templated and i18n-friendly email notification system, which is driven by the events subsystems. This can easily be customised by the user to change the look-and-feel or text. Email notifications are disabled by default in apiman.properties. By Marc Savy (@msavy).

Changed

• [ui]: Lazy load API DevPortal page using $ocLazyLoad, this avoids the Apiman Manager UI initial download being larger. By Marc Savy (@msavy).
• [build]: Java 11+ is the minimum supported version to compile and run Apiman.
• [distro]: Apiman Docker images now published to both GHCR (GitHub Packages) and DockerHub. By Marc Savy (@msavy).
• [build]: Apiman Docker images have been refactored to accept --build-args for most variables, such as Apiman’s version, JDBC driver versions, etc. By Marc Savy (@msavy).
• [build]: Bumped Keycloak to 16.0.2. By Marc Savy (@msavy).
• [ui]: Upgraded Apiman Manager UI to latest AngularJS. By Marc Savy (@msavy).
• [ui]: Refactored Apiman Manager UI build system to use Webpack 5. Although this was a considerable investment of time and effort, it enabled us to make the build smaller, with a much better developer experience, whilst eliminating some bugs associated with our old approach. By Marc Savy (@msavy).
• [ui]: Major refactor of Apiman Manager UI to bring most deps up to date: Angular 1.8, Typescript 4.4.x, JQuery, Lodash, etc. By .

Removed

• [distro]: Apiman is no longer distributed with the Keycloak Server Overlay, as this has been discontinued by the Keycloak team. You will need to point Apiman to a Keycloak server that is run separately (see the Docker Compose distro for examples). By Marc Savy (@msavy).
• [distro]: Apiman Manager API no longer supports Elasticsearch as a backend store, this is now RDBMS/SQL only. We still maintain full support for Elasticsearch for metrics/analytics. Consequently, we have removed ESStorage and associated code. See: AEP 2: Drop Elasticsearch as Manager API database in Apiman 3 (keep for metrics, gateway, etc). By Marc Savy (@msavy).
• [distro]: Java 8 is no longer supported in the community project.

Fixed

• [ui]: Fixed a wide variety of glitches afflicting the Apiman Manager UI. By Marc Savy (@msavy), Florian Volk (@volkflo).
• [manager-api-war]: handle comma-separated lists properly in apiman.properties. By Marc Savy (@msavy) in https://github.com/apiman/apiman/pull/2012
• [common-es]: work around ES index creation race condition. By Marc Savy (@msavy) in https://github.com/apiman/apiman/pull/2037
• [ui]: browser back button on "all"-pages. By Florian Volk (@volkflo) in https://github.com/apiman/apiman/pull/2005
• [manager-api]: client republish and/or unregister when breaking contracts. By Marc Savy (@msavy) in https://github.com/apiman/apiman/pull/2123
• [manager-api]: ensures RestExceptionMapper actually prints stack trace. By Marc Savy (@msavy)
• [gateway-engine-policies]: check for null request path in URLRewritingPolicy. By Marc Savy (@msavy)

Full Changelog: 2.2.3.Final...3.0.0.Final