Release Notes: API Developer Portal

These Release Notes summarize the new and enhanced features, known issues, resolved issues, and requirements in version 4.2.x of the CA API Developer Portal.
These Release Notes summarize the new and enhanced features, requirements in version 4.2.x of the CA API Developer Portal.
Version Support for Direct Upgrade
 4.2 series
What's New
New or Updated Functionality
Security fixes
This release includes patches for security vulnerabilities. For more information, see Resolved Issues.
Version Support for Direct Upgrade
 4.2 series
What's New
New or Updated Functionality
Defect Fix
This release corrects a defect. For more information, see Resolved Issues.
Version Support for Direct Upgrade
 4.2 series
What's New
New or Updated Functionality
Defect Fix
This release corrects a defect. For more information, see Resolved Issues.
Version Support for Direct Upgrade,
What's New
New or Updated Functionality
Updated CentOS OVA
Previously, CentOS 7.4 OVA was the hardened image distributed to customers. Now, CentOS 7.5 OVA Version 2 is also available and is the recommended hardened image to use as a hardened environment ready to run the CA API Developer Portal.
CentOS 7.5 OVA provides the following updates and improvements:
  • Hard drive capacity increased to 500 GB.
  • The 
     partition size increased to 20 GB.
  • The 
     partition size increased to 50 GB.
  • Logging is configured with 
     in persistent mode, which will remove old logs when there is less than 10 GB of disk space on the 
     partition, so disks should no longer fill up with logs, even on high volume systems.
  • The host 
     keys are removed during image creation, so new host 
     keys are created when the OVA is first booted. This mitigates the possibility of MITM (man in the middle) attacks, because the host private keys cannot be known in advance and won't be shared with other servers built from the same OVA image.
  • The default username for the system is now 
    to maintain alignment with the AMI platform.
  • Number of CPU cores increased from 4 to 8 to address performance.
  • CentOS 7.5 provides numerous security fixes.
  • Filesystem has been changed from 
  • Swap is disabled.
For more information, see Configure and Start CentOS 7 OVA Version 2 Image.
Display the List of IDP Users
You can now display all external IDP users on the 
You can view the details of these users but cannot edit them.
Display the Proxy URL for the API
You can now display the Proxy URL for the API on the Developer console's View Documentation page.
For more information, see View All APIs and Applications on the Developer Console.
Set Limit on Password Recovery Attempts
An administrator can now limit the number of auto-generated emails sent to the user for multiple attempts to recover the password.
For more information, see the 
Configure the Password Change Policy
 section in Manage Password Policy.
External Mail Server Support
You can now send outbound mails from a custom SMTP server instead of the default server that is packaged during the CA API Portal deployment.
For more information, see Configure and Use External Mail Server.
Prevent Multiple Email Registrations
An administrator can now ensure that users first activate their account using the registration email, before sending another request.
For more information, see the 
Enable and Disable Third-Party Registration 
section in Configure User Registration.
Renaming of Settings Menu Name and Settings Icon Name
 menu name and the 
 icon name has been renamed to 
Encrypt User Credentials Over Non-SSL Connections
For LDAP and CA APIM (default) authentication schemes, the administrator can improve security by encrypting user credentials over SSL connection. Enhanced security reduces the man-in-the-middle attacks by encrypting the user passwords.
For more information, see the following sections:
Update to the Organization Drop-Down List
The Organization drop-down list in the API Details tab on the Publish an API page has been improved so that the list displays 10 results at a time, displaying the next 10 results when you reach the end of the list. It also allows you to enter text so you can do a keyword search.
Portal Page Customizations
You can now customize the following page elements:
  • Display portal product version on the login page
  • Add images to page footers and headers
  • Enable/disable the CA copyright in footers
  • Add custom fonts including Web Open Font Format and TrueType
  • Change the text labels in the Publish navigation menu (APIs, Apps, API Catalog, API Explorer)
For details, see Customize Page Appearance.
Defect Fixes
This release corrected a number of defects. For more information, see Resolved Issues.
Release 4.2.7
For more details about the fixes in each release, see Resolved Issues.
For upgrade instructions, see Upgrade API Developer Portal 
Version Support for Direct Upgrade
Release Description
Fixes a Login issue.
Fixes the incorrect value of 0 in the Portal Metrics API
Fixes a defect that prevented access to the Develop Page
Fixes a problem viewing the analytics dashboard
Provides a workaround for a known issue in which the analytics dashboard in the Monitor page cannot be viewed after a new Portal installation.
Contains new features. See Release
Fix to page rendering
XSS Vulnerability Fixes
Contains new features. See Release 
Contains new features. See Release 4.2.3 
Contains new features.See Release 
Contains new features.See Release 4.2.0 
 When upgrading to the latest release from versions prior to 4.2.3, you may encounter a database lockup and/or health check failure preventing a successful upgrade. If you encounter these issues, see 
Database Lockup during Upgrade
Health Check Failure during Upgrade
 in Troubleshoot the Installation.
An update to the integration software on your API proxy is required after upgrading to version For more information, see 
Update the Integration Software on the API Proxy
 in Integrate On-Premise API Proxies.
Filter Views for API Groups, Applications, Organizations, and Account Plans
The usability and viewing of API groups, applications, organizations, and account plans have been improved.
You can now:
  • Filter APIs while you are adding or editing API groups and account plans. The APIs are now paginated.
  • Filter by API or API group while you are adding or editing an application. The APIs are now paginated.
In addition, organizations are now paginated while you are adding an application.
Specify Subject Attributes for Generating External Tenant Certificate
You can now add the following subject attributes for generating external tenant certificate when using the 
  • Organization Name
  • Organizational Unit Name
  • City or Locality Name
  • State or Province Name
  • Country Name (2-letter code)
  • Email Address
Set Password Expiry and History in the Password Policy
Administrators can now configure password policy to set the password expiry duration, and also restrict the reuse of the old passwords.
For more information, see the Manage Password Policy section.
Secure Socket Layer (SSL) Support in LDAP Authentication
Administrator can now configure CA API Developer Portal to support LDAP with or without SSL for user authentication.
For more information, see the Configure Lightweight Directory Access Protocol section.
Support for Non-SSL External Mail Server
You can now integrate your own external mail server through non-SSL communication.
For more information, see Configure and Use External Mail Server.
Create and Sign Individual Certificates for External Tenants
You can now create and sign individual certificates for external tenants as per your corporate security policy. See Create and Sign Certificates for Production.
API Sync Improvements
Improved API sync mechanism from tenant Gateway perspective. Enhancements include:
  • Reduced sync times in both medium- and large-scale deployments, as well as when APIs are introduced and/or modified.
  • Addressed API and API fragment duplication issues.
  • Addressed memory error in large-scale deployments.
  • Addressed database retrieval timeout issue.
  • Added the following internal reserved custom field names: 
    • 'PortalModifyTS'
    • 'PortalID'
 To activate these sync improvements, you will need to update the API Portal integration software. See 
Update the Integration Software on the API Proxy
 in Integrate On-Premise API Proxies.
Instructions for Backing Up and Restoring Internal Database
API Portal provides an out-of-the-box PostgreSQL internal database. CA recommends that you regularly back up the database for safeguarding.
SAML Configuration Updates
SAML 2.0 is an XML-based protocol that uses security tokens to pass user authentication and authorization data between an IdP, and a service provider. CA API Developer Portal uses user authentication when integrated with SAML IdP system. Issuer ID is the new configuration parameter for SAML, and the Service Provider ID is a mandatory value. For more information, see the Configure SAML Single Sign-On section. 
Upgrade Consideration:
 When you upgrade to, the SAML configurations that were configured in the previous versions are deprecated. The SAML configuration is listed as the available authentication schemes. The Edit option to view the configuration is disabled. You can set the SAML configuration as a default authentication scheme or can delete it if required.
Transaction Tracing for Debugging and Performance Optimization
Administrators and support engineers can now use transaction tracing to trace any HTTP request coming through the CA API Portal multiple services. This function helps diagnose where failures occur in the service and identify service bottlenecks.
For more information, see Utilize Transaction Tracing.
Release 4.2.3
Configure Search Expression in LDAP Authentication Schemes
Administrator can now configure LDAP authentication schemes to include user account that has privileges to search for users, and specify search expressions for locating users in LDAP directory.
For more information, see the Configure Lightweight Directory Access Protocol section.
Active Directory Integration for Logging In to 
API Developer Portal
Administrator can now enable Active Directory user to log in to 
API Developer Portal
 with samAccountName as a login attribute.
For more information, see Configure Microsoft Active Directory section.
Increased Stability and Data and UI Performance
Further improvements are made to increase stability and performance when working with a larger number of organizations and APIs.
Release 4.2.2
Fixes to Application Sync (
For more information, see Resolved Issues.
Improved Load and Response Time
Improvements are made to reduce load and response time when viewing and working with a larger number of organizations and APIs.
CA Gateway 9.3 and OTK 4.2 Support
In this release, CA 
API Portal
 supports Gateway 9.3 and OTK 4.2 compatibility.
For more information, see Compatibility Matrix.
RHEL 7 Support
This release supports RHEL 7.
For more information, see Hardware and Software Requirements.
Overlay2 Replaces Devicemapper Storage Driver
Devicemapper is now replaced by overlay2. We found that under certain circumstances the devicemapper driver could corrupt the entire Docker volume structure and could require advanced troubleshooting and repartitioning steps. This can result in a complete loss of all Docker data and configuration.
For more information, see Hardware and Software Requirements.
CentOS Hardened Image Enhancements
API Developer Portal Virtual CentOS 4.2.2 OVA has Docker that is installed. The hardened image (OVA) is compliant with all OpenSCAP CentOS 7 profiles where appropriate and possible.
For more information, see CentOS Hardened Image.
Release 4.2
Fixes to the Offline Portal Installation (Patch
For more information, see Upgrade API Developer Portal.
Improved CA API Portal Installation, Configuration, and Upgrade
  • CA Jarvis is installed automatically by enabling analytics during installation
     You can run the installation script again to change the analytics enablement.
  • PostgreSQL database is provided out-of-the-box with an option to use an external database
  • SMTP is provided out-of-the-box with an option to use an external mail server
  • Installation creates certificates and key for testing purposes
    Certificates must be signed for the production environment.
  • Rolling product update
  • Bring your own host
    You can use your own provisioned VM. 
  • Cloud-init is deprecated
    The cloudinit ISO file from a previous release is not supported in this release.
 If using your own provisioned host, all Docker and Portal installation commands 
 be prepended with 
for example, 
sudo ./
For information about installing, configuring, and upgrading CA API Portal, see Install, Configure, and Upgrade.
CA API Management Console
The new CA API Management console provides a consistent experience for all roles.
    A new dashboard
    The dashboard overlays the existing Portal functionality. No existing Portal functionality has been removed; you will just find services in a different place. And, we added some new features!
    New global header
    A global header replaces the existing hamburger menu for improved navigation.
    For example, here is the global header navigation for the 
    Use the 
     icons for faster navigation between pages.
    New Developer service
    We have added an intuitive workflow for App developers to discover and consume APIs:
    On the dashboard, select 
    and then:
    Discover APIs
    • Search APIs (improved performance!)
    • View all APIs
    • View Swagger file or download it to use in Postman
    Consume APIs
    • Add API to app
    • Configure app (get API key/shared secret)
    • Manage app
    New Appearance Service
    Admins can customize global themes at the tenant level.
    On the dashboard, select 
    Appearance, Manage Global Theme, 
    and then change:
    • Header logo and console name
    • Fonts and sizes
    • Colors
Q. How do I get the new console?
A. Simply upgrade to 
API Developer Portal
 4.2. No configuration is required.
Q. How do roles map to the new console functionality?
A. Roles and Permissions.
Q. Any general limitations of the new console?
A. Just a few, but stay tuned for updates!
  • When searching APIs, you can search only by 
  • API documentation is only in Swagger (we know you would like to add your own custom documentation).
  • New apps that are pending approval are not displayed in the console.
Publish API without Deploying it in an Environment
An API can be created, retrieved, updated, or deleted without explicitly deploying. The Details page displays which published APIs were not deployed.
Automated Event Driven Targeted API Deployment
    New API Deployment Management
    New API deployment allows any user with create, read, update, and delete permission to author an API until it is ready for deployment to one or more environments using the new deployment types from a single Portal. 
    Deployment Type Setting on Proxy
    Administrators and API owners now have the ability to publish an API and deploy it to a runtime environment for the following deployment type options:
    • Automatic
      APIs are automatically deployed once they are published or updated.
    • On-demand
      API deployments are deployed on-demand by calling the deployment APIs. These APIs can be accessed from the Portal APIs link in the navigation menu.
    • Scripted
      API deployments can be integrated into your existing CICD workflow using the deployment APIs and invoking them from your deployment script. 
    You select the deployment types when adding or editing a proxy from the following pages:
    • Add Proxy
    • Edit Proxy
    API publishers can perform the following tasks:
    • Enable event-driven deployment of an API to a specific proxy
    • Promote an API across functional environments (dev, test, and prod)
    • Deploy an API to some specific environments (geographies) and not all
    New API Details Page
    The Details page displays the following information:
    • Name of the API
    • List of proxies where the API is deployed
    • List of proxies where the API is not deployed
    • Sync state for each deployment
    • Deployment type for each API
    • Time and date of the deployment
    New Deployment API
    On-demand and scripted deployment uses the Deployment API to trigger event-driven API deployments.
For more information:
Extend API Management Permissions
Previously, Developers and Org Admins could manage APIs only through the Portal Authorization API. 
In this release, Portal Admins can extend API permissions using the new console as follows:
    Org Admins
    publish their own APIs and create/read/update/delete operations 
    create/read/update/delete operations on APIs 
This allows roles to be less reliant on portal Admins. To access APIs in the new console, select the 
 icon, and select 
Integrated CA Jarvis Dashboard 
API Developer Portal
 provides an Analytics Dashboard to create on-demand reports using CA Jarvis. To view analytics, select Monitor from the Dashboard, and to create on-demand comprehensive reports, see the Jarvis documentation.
Administrators can integrate 
API Developer Portal
  with CA Jarvis during installation to enable the Analytics Dashboard. For more information, see the Install API Portal section.
Support for Multiple Identity Providers
Administrators can now configure, and authenticate portal users using the following Identity Providers:
  • Microsoft Active Directory 
  • Lightweight Directory Access Protocol (LDAP)
  • SAML Single Sign On (SAML SSO)
  • CA Single Sign-On (CA SSO)
The configured authentication types are available concurrently from the CA API Portal. For information about how to configure the Identity Providers, see the Configure Authentication Schemes section.
Authenticate and Manage External Users
CA API Portal supports authentication and management of external users. Administrators can add and manage user accounts in API Portal. For information about how to manage users from Portal, see the Manage Users section.
Configure Password Policy
Administrators can now configure a set of rules to create complex passwords. For information about how to modify password policies, see the Manage Password Policy section.
Improved Upgrade
The upgrade to 
API Developer Portal
4.2 migrates the existing SSO to the CA API Portal. The configured SSO is available in Authentication Schemes as SAML SSO.
Added RBAC Permissions
The Portal UI now uses role-based access control (RBAC) permissions for API entities.
Create and Manage API Groups
Administrators and API owners can now create and manage (edit, delete, and deprecate) API groups. Developers can now select API groups as part of the application creation process. API groups are a way publishers can group APIs so that developers can easily manipulate and consume them.
The Portal API now includes API groups as a resource.
For more information:
  • About how to create and manage API groups using the 
    API Portal
    , see Manage API Groups.
  • About how to add a collection of APIs to your application by way of an API group, see Manage Applications.
Manage API Groups using the Portal API
Administrators and API owners can now programmatically manage the 
API Portal
 ApiGroups entities that are exposed as RESTful resources using the Portal API. Administrators and API owners can also use this API in their scripts for managing API groups.
For more information:
Manage Themes using the Portal API
Administrators and API owners can now programmatically access the 
API Portal
 themes entities that are exposed as RESTful resources using the Portal API. Themes define the look of your 
API Developer Portal
 and its organizations individually.
For more information about this API, see Portal API (PAPI).
New Policy Templates
API Developer Portal
 includes new policy templates that help organizations manage API usage. The following policy templates are available by default for new tenants. Existing tenants update integration software on the API Proxy to receive the policies. 
    Rate Limit Policy
    Restricts the number of times that an API can be queried in a second. For example, a rate limit of 1 prevents all the applications that use that API from accessing it more than once per second. 
    Quota By Month Policy
Restricts the number of times that an API can be queried in a month. For example, a quota limit of 1 ensures all the applications that use that API can only access it once per month. 
    Quota By Day Policy
    Restricts the number of times that an API can be queried in a day. For example, a quota limit of 1 ensures that all the applications that use that API can only access it once per day. 
For more information, see Publish APIs.
Faster API Creation
The Portal includes the following new features, which improve API publishing:
    Use an API definition file to populate API details:
     The Add API wizard now uses information in Swagger or WADL files to provide API details. API Publishers do not need to enter API information manually before publishing. 
    Improved Add/Edit API Wizard: 
    The wizard that you use to create or edit an API now has improved navigation and additional functionality. 
    Reorder Policy Templates:
     API Publishers can now drag-and-drop policy templates to change the order in which they are applied. 
    Improved API testing:
      The following functionality simplifies API testing: 
    • Administrators can now set a default proxy that enables API Publishers to test APIs immediately after publishing. The Portal uses the default proxy for API calls unless a different proxy is set in the API definition file. Previously, API Publishers set the host and base path in the API definition file to be able to test the API in the API Explorer.
      Note: The default proxy does not affect existing API deployments.
    • An option to test an API is now available from the API List.
Verified and Integrated OTK 4.1
Updated the Portal with OTK 4.1.
Support for MySQL 5.7 
The Portal now supports MySQL 5.7.