Release Notes: API Developer Portal

These Release Notes summarize the new and enhanced features, known issues, resolved issues, and compatibility matrix for
Layer7 API Developer Portal
These Release Notes summarize the new and enhanced features, known issues, resolved issues, and compatibility matrix for
Layer7 API Developer Portal
Installer Script Has Been Updated to Pull from Docker Hub
[Issued on December 7, 2020] The API Developer Portal will no longer support Bintray and will instead rely on Docker Hub as its preferred distribution platform by the end of December 2020. As a result of this change, customers who install, reinstall or upgrade to any of the Layer7 API Developer 4.x versions with the installer script ( will need to replace it with an updated one that ensures that images are being pulled from Docker Hub.
For API Developer Portal 4.5.x installations, visit the Layer7 (CA) API Developer Portal Solutions & Patches page to download the updated installer shell script (
Portal Migration Utility Now Available
[Issued November 20, 2020] As part of the installation on Docker Swarm option, the internal database for the API Portal can be created using either PostgreSQL or MySQL. With the deprecation of support for PostgreSQL, the
Layer7 Portal Migration Utility
is a tool you can use to migrate data from PostgreSQL to MySQL.
You can also read more about the PostgreSQL support deprecation notice here.
Upgrading from version 4.3.2 or earlier?
If you are upgrading from version 4.3.2 or earlier, a known issue has been observed that might cause upgrade failure to version 4.5 if there is any API information within the Portal database where the spec_filename column is 'NULL'. If your API Portal 4.5 instance fails to start after upgrading, follow the workaround specified in KB 195123: Portal Fails to Start after Upgrading to 4.5.
Note for customers using API Gateway 10 CR1
For customers using the API Portal with the Layer7 API Gateway, a sync issue exists that renders some Portal-published APIs incompatible with API Gateway version 10 CR1. As a temporary workaround, we recommend using other versions of the API Gateway (9.x or 10.0 base). In the case where an upgrade has been performed and a rollback is not possible, you can download and manually install an attached revised policy from Broadcom Support. See KB 199747: Compatibility with API Portal 4.x and API Gateway 10 CR1 for details.
Note for backing up and restoring internal database
A known issue exists that results in an error when backing up and restoring the internal database. See Known Issues for details.
Release (Hotfix) - April 2020
This fix addresses the issue "Unable to Modify Gateway-Published APIs after Upgrade" (DE456459).
Release 4.5 - March 2020
Review the following video and features list for details:

If you are upgrading to release 4.5 from an earlier version, update your Portal integration bundle to support the latest features. For more information, see Upgrade to API Portal Version 4.5 and Upgrade the Integration Software on the API Proxy.
Removal of Deprecated API Management Resource
A new set of API resources and endpoints (labeled as
in Portal API (PAPI)) were introduced in release 4.4 to allow new and future functionalities such as SOAP support, API visibility for Orgs, granular permissions, and updated user roles. These resources are accessible through the
page by default or manually through the PAPI.
Earlier API resources (labeled as
/2.0/Apis and /Apis
) were deprecated in release 4.4 and have been removed from PAPI 4.5. For more information about the PAPI 4.4, see PAPI Swagger File 4.4.
Service for the deprecated 2.0 resources will be decommissioned in the next release. Transition over to using the
For more information about the PAPI, see Portal API (PAPI).
Manage Proxies for Federated API Deployment
Portal admins can now assign organizations to proxies, limiting deployment of the organization's APIs to only the proxies allocated for that organization. For more information, see Manage Proxies and Manage API Deployments.
If you are upgrading from version 4.4 or earlier, by default no organization will be assigned to any of your proxies. Ensure that the Portal admin performs the necessary organizations assignment after upgrading. See Edit an API Proxy for details.
Assign Managing Organization
You can now assign managing organization to your APIs. While setting up who can manage an API, you have the option to specify a managing organization or at least one API Owner. Selecting a managing organization allows all users within that organization to edit an API. Certain conditions apply when you are upgrading from version 4.4 or earlier. For more information, see Create and Set Permissions for APIs.
New Organization-bound Org Publisher Role
Portal admins can now assign a user as an Org Publisher to grant them API publishing permissions within their organization. The Org Publisher belongs under the Org User user type category.
This role is identical to the API Owner role, but permissions are contained in the organization that the Org Publisher is assigned to.
Manage Application Deployments to Proxies
Portal admins can now deploy applications, identified by API keys, to specific proxies. These proxies represent specific environments and define the backend Gateways. In this way, these Gateways can process incoming requests from physical applications.
You manage application deployments to proxies by making calls to the
API Key Deployments
resource in the PAPI.
You can now view the status of application deployments on the new
tab within an application. This information includes the status of the deployment, messages about the deployment, and the proxies to which the application (the API key) is deployed.
For more information about how to manage application deployments to proxies, see Manage Application Deployments to Proxies.
Hash Client Secret
To improve the security of the application's client secret in addition to encryption, you can now configure Portal to store the shared secret hashed. A Portal Admin can choose to protect an application's client secret (shared secret) by using a selected hashing algorithm. The hashed secret is initially available for copying when generated, then subsequently displayed and stored in its hashed format. The option of generating plaintext client secrets is still supported for testing purposes, but can be disabled.
For more information, see Enable Hashed Client Secret.
Applications created with client secret hashing enabled cannot be synced on proxies running versions of OTK 4.3 or earlier.
Manage API Documents
Portal admins, API Owners, or Org Publishers (for APIs that are assigned to their organization) can now add markdown content to your API as API documents. Use these documents to provide more business context about your API and to include other information such as use cases, usage guidelines, and performance details that are useful to your API consumers. These documents are in addition to the Swagger API documentation that is available on the
tab within an API. You can manage API documents on the
tab within an API.
You can also manage your documents by making calls to the following resource in the PAPI:
For more information about how to get this Swagger, contact Support.
For more information, see Manage API Documents.
Tag APIs
Portal Admins can now associate tags to an API. Tagging helps in grouping and managing APIs so that you can discover APIs based on tags. You can create these tags in Portal or import them from Swagger.
For more information, see Manage APIs and Create and Set Permissions for APIs.
Analytics Enhancements - Custom Reporting and Export to PDFs
Custom Report allows you to create and visualize custom charts. You can drill down to specific API metrics and visualize the exact data based on your business requirements. Some of the key enhancements are:
  • New report to create and visualize data of interest.
  • Editable chart titles and description.
  • Enhanced drill-down options that allow fetching data by proxies, URI, and response code too.
  • Ability to group and ungroup data by URI patterns. This helps customers adhere to PSD2 (Open Banking) audit requirements by allowing URI level statistics.
For more information, see Custom Report.
You can now export
Traffic, Latency, and Errors Report
Quota Consumption Report
to PDFs.
You can retrieve all the insights that are visualized through Portal user interface (UI) using the Metrics Query API.
Further Updates and Enhancements
This release also features the following updates and enhancements:
Improved UI on Application Pages
The enhanced
pages now display an improved user experience for creating and managing an application.
Application Request Email Notification
API Portal now sends email notifications to API Publishers when application requests to their APIs are created or edited. API Publishers can then approve or reject the request from API Portal. This option is disabled by default. For information about how to enable email notifications, see Configure Request Workflow.
Organization Name Length Extension
The Organization Name field length in the
Add Organization
page is now extended to accommodate
Enable Integrations By Way of Portal
Portal Admins can now enable and disable integrations by way of the Portal, on the
Integration Settings
tab. You can also enable and disable integrations by way of making calls to the PAPI
For more information about how to enable integrations, see Enable Integrations.
API Catalog Deprecation
API Catalog has been deprecated in this release to provide a unified experience on API discovery. The enhanced
page, available in either Card or List View, now displays a quick view of each API with enhanced search and filtering. The Swagger specification allows for rich documentation and interactive discovery of all API resources.