Axway API Gateway and API Manager 7.7 SP 2 Readme

Document version: 19 December 2019


Readme for 7.7 SP 2

This Readme applies to Axway API Gateway and API Manager 7.7 SP 2, for all platforms. The information in this Readme supersedes any corresponding information in the documentation (online or printed) previously supplied for these products.

This service pack provides fixes for a number of reported defects. It includes updates for the following:

The service pack contains new API Gateway binaries and does not overwrite the existing API Gateway configuration. Service packs are cumulative and include all preceding fixes (service packs and patches) in this product version.

File packages: An installation archive is provided for supported platforms (for example,  APIGateway_7.7_SP2_Core_linux-x86-64_BNYYYYMMDDn.tar.gz).

Size: The file size differs for each platform. The MD5 checksum is provided for each file.

Additional notes

General

API Manager

Policy Studio/Configuration Studio

Security

Fixed issues

Fixed security vulnerabilities

Internal ID Case ID CVE Identifier Description
RDAPI-17326 01046587, 01052413 Issue: openid is always accepted as a valid scope in all OAuth configurations.
Resolution: A system variable com.axway.oauth.scopes.openid.allow can be set to "false" when customers do not want openid to be valid.
RDAPI-17768 01083881 Issue: The response to a HTTP OPTIONS request contains the HTTP OPTIONS request headers.
Resolution: The response to a HTTP OPTIONS request no longer contains the HTTP OPTIONS request headers.
RDAPI-18101 00963339 CVE-2019-14379 Issue: Jackson-databind version 2.9.5 has security vulnerabilities.
Resolution: This component has been updated to 2.9.10 which does not have these security vulnerabilities.
RDAPI-18239 01096489 Issue: A malicious user can use a bad scope to force the authentication request to redirect an error message to a non validated URI.
Resolution: Redirected URIs are validated before the scopes, and an invalid request response is sent if the URI is invalid. That will assure that in the event of a bad scope, the error information will be redirected to a legal URI.
RDAPI-18262 01095306 Issue: Dojo 1.10.4 has a security vulnerability
Resolution: Upgraded to Dojo 1.10.10 where the vulnerability is fixed
RDAPI-18558 01112196 CVE-2019-1547 Issue: API Gateway shipped with OpenSSL 1.0.2s-fips.
Resolution: API Gateway ships with OpenSSL 1.0.2t-fips, addressing the following security vulnerabilities: CVE-2019-1547

Other fixed issues

Internal ID Case ID Description
RDAPI-14901 01006999 Issue: allOf was not supported, and it was not documented as a limitation
Resolution: allOf is now supported in models and as a response schema
RDAPI-16296 01103876, 01058292 Issue: When redaction is enabled, floating-point numbers in JSON body display in exponential format.
Resolution: The format of the floating-point numbers in JSON body is preserved.
RDAPI-16528 01064213 Issue: UI issues when expanding or collapsing nodes of Filter Execution Path in Traffic view of API Gateway Manager.
Resolution: UI issues of Filter Execution Path in Traffic view of API Gateway Manager were fixed.
RDAPI-16544 01062392 Issue: When HTTP redaction is enabled, API Gateway automatically turns on XML redaction for XML messages, which can cause performance issues.
Resolution: Enabling HTTP redaction will not automatically perform XML redaction on XML messages unless it is specifically configured.
RDAPI-17010 01079458 Issue: The Pass Through security device is missing from the API Manager front-end API Swagger export when the API is protected with a Security Profile containing multiple security devices that includes a Pass Through security device.
Resolution: The Swagger export now contains the Pass Through security device, which is exported as as empty JSON object in the Security Profile.
RDAPI-17026 00999364 Issue: ModSecurity status code was harcoded to 403
Resolution: ModSecurity status code can now be configured in ModSecurity configuration.
RDAPI-17032 01059408 Issue: An assertion is triggered when thread cannot be started.
Resolution: Threads will no longer terminate process when they could not be started.
RDAPI-17047 01059408 Issue: Process termination is triggered when network connection cannot be instantiated.
Resolution: Connection instantiation errors are no longer triggering process termination.
RDAPI-17083 01115117, 01085364, 01067392, 01066405 Issue: After upgrading API Gateway to version 7.7, the message 'Cannot modify a published API' is displayed during startup or at a deployment of APIs that were published on the previous version.
Resolution: The error message is no longer displayed for these published APIs.
RDAPI-17093 01064543, 01085364, 01078637 Issue: No option to prevent API Manager adding a forward slash "/" to back-end API calls.
Resolution: Add the "com.vordel.apimanager.swagger.method.singleslash.ignore=true" Java system property to the file jvm.xml in the directory conf/ of the instance to disable passing a single slash method path to the back-end. For example:
<ConfigurationFragment>
    <VMArg name="-Dcom.vordel.apimanager.swagger.method.singleslash.ignore=true" />
</ConfigurationFragment>
RDAPI-17128 01064774 Issue: User data entered during registration was expired but kept in the database when the user was not validated.
Resolution: User data entered during registration is now entered with a "time to live" parameter which will cause the data to be deleted from the database when registration is expired.
RDAPI-17132 01040133 Issue: Deleting APIs when there are multiple Node Managers causes corruption of quota relations in database tables leading to a failed to traverse error.
Resolution: The is fixed by not caching the quota relations which avoids corrupting the quota relations when deleting APIs.
RDAPI-17152 01066497 Issue: Conflicts can occur during merging of API projects due to incorrect comparison of entity fields of type Boolean.
Resolution: Entity fields of type Boolean are now correctly compared.
RDAPI-17250 01084300, 01056692 Issue: OAuth server does not return 401 in compliance with the RFC for certain invalid_client errors.
Resolution: OAuth server returns 401 as per RFC.
RDAPI-17276 01105019, 01074983 Issue: In API Gateway, when using OpenID Connect 1.0 on top of the OAuth 2.0 protocol, OpenId tokens generated by the hybrid flow do not contain the c_hash (code hash) value.
Resolution: OpenID tokens generated by the hybrid flow now include c_hash.
RDAPI-17290 01075542 Issue: When a REST API is created in Policy Studio and then deployed to a API Gateway, the base path appears duplicated in Dynamic Settings of API Gateway Manager.
Resolution: In API Gateway Manager, Dynamic Settings now lists REST APIs created in Policy Studio only once.
RDAPI-17304 01076160 Issue: Malformed JSON content may bypass API request payload validation in some cases.
Resolution: API request payload validation strictly verifies all tokens in JSON payload for Objects and Arrays. To enable relaxed JSON parsing, set the Java system property com.axway.json.parser.legacy to true. The default is false.
RDAPI-17330 01080317 Issue: JSON to XML filter was crashing in some specific cases for valid input
Resolution: JSON to XML filter is fixed now and should work properly for valid inputs
RDAPI-17374 01054344, 01070938 Issue: Custom attributes added during invocation of a policy during the OAuth External inbound security authentication were discarded upon failed authentication, and thus were not available to the Fault Handler.
Resolution: Upon failed OAuth External authentication all custom attributes created during policy invocation are retained, and are available to be used in the Fault Handler.
RDAPI-17385 01059408 Issue: In API Gateway, in some specific cases, the caching of SSL connections was producing memory leaks that could cause the gateway to crash.
Resolution: In API Gateway, memory handling has been reviewed and is now fixed for SSL connections caching.
RDAPI-17405 01087893, 01088304 Issue: After deploying to a gateway, a new API Client Cache is created but all references to the old cache are not removed so the memory it consumes is not made available again.
Resolution: All references to the discarded API Client Cache are removed, so the memory it was consuming is made available again right after deployment completes.
RDAPI-17477 01091120, 01087893 Issue: Requests return status code 401 while the API Client Cache is still updating.
Resolution: Requests will now return status code 503 unless system variable com.axway.apimanager.apiclient.cache.response.legacy is set to True.
RDAPI-17482 01083828 Issue: Transaction access logger is doing a reverse DNS lookup with the source IP address even when "%h" is not used.
Resolution: A DNS lookup has been removed from policy pre-execution phase.
RDAPI-17539 01075694 Issue: The IP address authentication filter updates are very slow.
Resolution: The performance of IP address authentication filter is improved as the amount of disk I/O performed is significantly reduced.
RDAPI-17568 01085199 Issue: Resource Repository entry for previously imported API could not be found causing API import from URL to fail for a repeated URL and API combination.
Resolution: Once the entry's existence is confirmed in memory a reference to it is used to import the API definition.
RDAPI-17590 01090971, 01082542, 01100983, 01109883, 01095837 Issue: Swagger was not properly serialized in some cases after switch to new swagger library.
Resolution: Swagger serialization was fixed by using associated serialization functionality.
RDAPI-17671 01094845 Issue: Some trace messages were not being formatted correctly in the Node Manager trace viewer
Resolution: The trace messages are now formatted correctly
RDAPI-17704 01069445 Issue: Deployment REST API envsettings/service/{serviceId} returns 500 Internal server error when instance is remote.
Resolution: It now returns the environment settings of the remote instance as requested.
RDAPI-17706 01096639, 01096739 Issue: XML Signature Verify filter causes orphaned, leaked files in temporary directory.
Resolution: The XML Signature Generate and XML Signature Verify filters are updated for thread-safety, and they correctly cleanup resources allocated for attachments of the processed message payload.
RDAPI-17748 01099089 Issue: API Gateway was sending redundant data during cache synchronization process.
Resolution: Data sent during cache synchronization is reduced.
RDAPI-17781 01068308, 01100492 Issue: Back-end invocation failing with 500 when outbound OAuth is used and Trace level is set to DATA.
Resolution: Back-end invocation works with outbound OAuth and all trace levels.
RDAPI-17783 01097471 Issue: Trace: Error traces not provided when an error is triggered when an OAuth scope is added as form paramter.
Resolution: Error traces are now shown in logs.
RDAPI-17790 01077309 Issue: Attempting to generate a Swagger 2.0 file from API Manager's API Catalog for a virtualized Swagger 2.0 API was dropping the following fields:
- Response header description removed
- License name was removed
- Schema $ref lost for 'array' responses
Resolution: Issues regarding Swagger generation were fixed.
RDAPI-17903 01090822 Issue: API Gateway does not check OAuth Authz codes' expiry times when stored in an SQL DB. Purge thread is responsible to delete expired codes. This caused a potential delay, as API Gateway treated all available codes as valid.
Resolution: API Gateway now checks OAuth Authz codes expiry time when uses it. Purge thread behaves as before.
RDAPI-17986 01091984 Issue: In Policy Studio REST API Repository, editing a method does not work if an error response is configured for the method.
Resolution: An API REST method with an error response configured can now be edited.
RDAPI-18032 01095443 Issue: Error found whilst attempting to perform a sysupgrade export.
Resolution: The LDAP query to retrieve users was incorrect and has been updated to retrieve users successfully.
RDAPI-18034 01111550, 01080681, 01071286, 01084375 Issue: The deployment time for API Manager is too slow when there are many APIs and methods defined in KPS.
Resolution: Improved caching in API Manager while loading API method data stored in KPS. Reuse compiler when loading the Script filters.
RDAPI-18037 01094555, 01094399 Issue: API Manager startup time slows down considerably in HA environments when the number of organizations increase.
Resolution: Organizations are cached in memory so the calls to DB are reduced. This makes the startup process faster.
RDAPI-18045 01019805 Issue: API Gateway cannot configure group passphrase with $ character in the password.
Resolution: API Gateway allows to configure group passphrase containing $ character.
RDAPI-18103 01074742 Issue: A missed impact in the advanced editing implementation leads to a blank entity reference overwriting the first in the list of node locations for the XML Signature Generation & Verification filters
Resolution: Valid node location references are not overwritten during save in advanced editing mode
RDAPI-18106 01087893, 01088304 Issue: The browser is unable to process the number of External Clients, OAuth Clients, and API Keys that API Gateway is returning - upwards of a 100 MB payload in the response payload.
Resolution: Server side pagination is implemented for GET requests for API Keys, OAuth Clients, and External Clients resulting in much smaller payloads being returned to the client.
RDAPI-18109 01048992, 01049266 Issue: As an User a getApplications call results in an individual call to KPS for every application to look up permissions
Resolution: The permissions are already cached, we are now using the cached permissions rather than reading from KPS for each application
RDAPI-18113 01073806, 01074080 Issue: Event logging for API Manager was incorrectly overwriting the Application Id in the Service Context "client" field.
Resolution: API Manager no longer overwrites the Service Context "client" field from its initial value.
RDAPI-18117 01079030 Issue: The apimanager-promote script only had capabilities to add API access to an organisation. There was no functionality to revoke access.
Resolution: You can use the new organization.apis.remove property, which was added to the script, to allow to revoke API access from organisations.
RDAPI-18119 01094845, 01065335, 01066017, 01087748, 01100629 Issue: Error on formatting in Traffic Monitor GUI and Trace Files
Resolution: The alignment of trace output has been corrected. The trace indentation error is now reported per processing thread, and if reported, the trace indentation stays intact in unaffected threads.
RDAPI-18152 01085199, 01082725 Issue: API Manager blocks its own traffic when processing virtualized API updates.
Resolution: API Manager no longer blocks its own traffic.
RDAPI-18201 01110388 Issue: KPS Admin tool was unable to delete rows.
Resolution: KPS Admin tool is now able to deleted rows.
RDAPI-18230 01108718 Issue: The Analytics post install script was failing whilst attemtping to run the 'updateNodeConfig' script.
Resolution: The Analytics post install has been updated to run the correct script 'updateAnalyticsConfig'.
RDAPI-18237 01098414, 01108764 Issue: KPS Cache caches empty search results.
Resolution: You can use the new Java system property com.axway.kps.cache.ignorenull, which defaults to False, to not cache empty results.
RDAPI-18245 01104282 Issue: There is an error when a JSON message containing an empty message goes through redaction, which results in API Gateway failing to log the correct data in the Traffic Monitor.
Resolution: In API Gateway, JSON Redaction accepts empty objects in messages and logs the result to the Traffic Monitor.
RDAPI-18260 01026796, 01046656 Issue: SFTP client filter shows intermittent handshake failure when uploading files to an API Gateway SFTP Server.
Resolution: Intermittent handshake failures are fixed after SFTP implementation is upgraded from using mina-sshd v0.6.0 to v2.2.0.

Warning:
The log4j.properties file was changed in order to add logging for the SFTP Server. Therefore, when applying a patch or upgrade, you must merge your changes back to the updated log4j.properties file.
RDAPI-18298 01078644, 01078776, 01109328, 01110676 Issue: Nested relative path behavior changed, causing customer policies to fail
Resolution: The invocation of policies for nested relative paths in API Gateway has been corrected according to Axway API Gateway documentation.
RDAPI-18310 01093544 Issue: RegEx pattern for email validation was incorrect.
Resolution: RegEx pattern for email validation changed to comply with rfc5322.
RDAPI-18320 01101884, 01100259 Issue: The SMTP connection security setting (SSL or TLS) that API Manager uses for sending emails is not applied to the API Manager SMTP SSL port.
Resolution: The SMTP connection security setting is now applied to the API Manager SSL SMTP port.
RDAPI-18409 01106697 Issue: Validation failing for imported SSL certs in API Manager due to missing passphrase.
Resolution: SSL certs are validated correctly using the passphrase.
RDAPI-18426 01085118 Issue: An organization's read-only createdOn field can be reset using a PUT request.
Resolution: An organization's createdOn field can no longer be changed using a PUT request.
RDAPI-18481 01118106 Issue: RegEx validation for back-end API Method Parameter Name incorrectly disallows hyphen '-' in the name
Resolution: RegEx validation now allows the use of a hyphen in an API parameter name
RDAPI-18564 01107890 Issue: One disabled OAuth credential makes the rest of OAuth credentials not usable.
Resolution: Disabling/Enabling one OAuth credential will not affect the rest of OAuth credentials.

Known issues

The following known issues are currently scheduled for the next service pack:

Internal ID Description
RDAPI-13653 API Portal incorrect Content-Type for SOAP + empty model schema
RDAPI-15607 Cant access NodeManager after submitting external CA signed certs
RDAPI-15676 API Manager load error "Map XXXX should be YYYY" after importing APIs
RDAPI-15759 Request headers reflected as response headers
RDAPI-16575 Duplicate headers returned when calling API Gateway Rest API
RDAPI-16954 API Manager event poller unnecessarily locks cache updates from Cassandra
RDAPI-17040 Policy called as REST API in Policy Studio, and local fault handler not catching unhandled false return from policy called by policy shortcut
RDAPI-17208 Test and document upgrading Gateway and Cassandra (7.5.3->7.7.x / 2.2.8->2.2.12) to new hosts
RDAPI-17924 Error while upgrading JSON schema from 7.5.3 to 7.7 - Cannot set ESPK for non-reference type field
RDAPI-18082 Regression: Policy Shortcut filters no longer automatically renamed in 7.7
RDAPI-18198 CORS preflight fails for WSDL based API Manager APIs, thus Try-It fails
RDAPI-18294 KPS REST API documentation missing info
RDAPI-18375 Message "You do not have permission to access this resource" when a user creates an application
RDAPI-18378 Spurious "forbidden" error in Manager UI
RDAPI-18484 "Get OAuth Access Token" expired token then refresh flow, not reseting message
RDAPI-18532 'Retrieve OAuth Client Access Token From Token Storage' filter (wrongly?) requires hard-coded client-credentials

Reverted issues


Install the service pack

These instructions apply to API Gateway and API Manager classic deployments only. For container deployments, follow the instructions for applying a service pack in the API Gateway Container Deployment Guide .

Prerequisites

This service pack has the following prerequisites in addition to those specified for the major product release version in the API Gateway Installation Guide:

  1. Shut down any Node Manager or API Gateway instances on your existing installation.

  2. Back up your existing installation. For details on backing up, see the API Gateway Administrator Guide.
    Note: Ensure to back up any customized files in your INSTALL_DIR. You should merge updated files instead of copying them back directly to avoid any regex matching issues. For example, the following directories might contain customized files:

    webapps/apiportal/vordel/apiportal
    webapps/emc/vordel/manager/app
    webapps/emc

    system/conf/apiportal/email
    system/conf
    samples/scripts/
    tools/filebeat-VERSION-PLATFORM

    For details on API Manager customization, see the API Manager User Guide.
  3. Remove old third-party libraries by deleting the following directories:
    INSTALL_DIR/apigateway/system/lib/modules
    INSTALL_DIR/analytics/system/lib/modules
  4. Remove old JRE versions by deleting the following directories:
    INSTALL_DIR/apigateway/platform/jre
  5. If you have an existing Apache Cassandra installation, ensure that you back up your data (Cassandra and kpsadmin ), and that the JAVA_HOME variable is set correctly in cassandra.in.sh and cassandra.in.bat .
  6. On Linux, remove existing capabilities on product binaries (which may prevent overwriting files):
  7. setcap -r INSTALL_DIR/apigateway/platform/bin/vshell

FIPS mode only

If FIPS mode is enabled, you must also  perform the following steps to install the service pack :

  1. Run togglefips --disable to turn FIPS mode off.
  2. Start the Node Manager to move the JARs.
  3. Stop the Node Manager.
  4. Install the API Gateway service pack as described in the Installation section.
  5. Start the Node Manager.
  6. Stop the Node Manager.
  7. Run togglefips --enable to turn FIPS on again.
  8. Start the Node Manager.

Installation

This section describes how to install the service pack on existing installations of API Gateway or API Manager.

Note:

Install the API Gateway server service pack

To install the service pack on your existing API Gateway 7.7 server installation, perform the following steps:

  1. Ensure that your existing API Gateway instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Remove any previous patches from your INSTALL_DIR/ext/lib and INSTALL_DIR/META-INF directories (or the ext/lib directory in an API Gateway instance). These patches have already been included in this service pack. You do not need to copy patches from a previous version.
  3. Verify the owners of API Gateway binaries before extracting the service pack
    ls -l INSTALL_DIR/apigateway/posix/bin
  4. Using the same user who owns the API Gateway binaries, unzip and extract API Gateway 7.7 SP2 server over the apigateway directory in your existing installation directory . For example:
    tar -xzvf APIGateway_7.7_SP2_Core_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.7/apigateway/
  5. Change to the apigateway directory in your installation: 
    LinuxINSTALL_DIR/apigateway
  6. Run the post-install script using the bash command, and ensure that the correct permissions are set:
    Linuxapigw_sp_post_install.sh

Note :

Install the API Gateway Analytics service pack

To install the service pack on your existing API Gateway Analytics 7.7 installation, perform the following steps:

  1. Ensure that your existing API Gateway Analytics instance and Node Manager have been stopped. For more details, see the API Gateway Administrator Guide.
  2. Verify the owners of API Gateway binaries before extracting the service pack
    ls -l INSTALL_DIR/analytics/posix/bin
  3. Using the same user who owns the API Gateway Analytics binaries, unzip and extract API Gateway 7.7 SP2 Analytics over the analytics directory in your existing API Gateway 7.7 installation directory. For example:
    tar -xzvf APIGateway_7.7_SP2_Analytics_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.7/analytics/
  4. Change to the analytics directory in your installation:
    LinuxINSTALL_DIR/analytics
  5. Run the post-install script for API Gateway Analytics 
    Linuxapigw_analytics_sp_post_install.sh 

Note:

Install the Policy Studio service pack

To install the service pack on your existing Policy Studio installation, perform the following steps:

  1. Shut down Policy Studio.
  2. Back up your existing INSTALL_DIR/policystudio directory.
  3. Remove old JRE versions by deleting the following directories:
    INSTALL_DIR/policystudio/jre
  4. Unzip and extract API Gateway 7.7 SP2 Policy Studio over the policystudio directory in your existing API Gateway 7.7 installation directory. For example: 
    tar -xzvf APIGateway_7.7_SP2_PolicyStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.7/policystudio/
  5. Start Policy Studio with policystudio -clean

Note :  The -clean option is needed the first time you start Policy Studio after installing the service pack.

Install the Configuration Studio service pack

To install the service pack on your existing Configuration Studio installation, perform the following steps:

  1. Shut down Configuration Studio.
  2. Back up your existing INSTALL_DIR/configurationstudio directory.
  3. Remove old JRE versions by deleting the following directories:
    INSTALL_DIR/configurationstudio/jre
  4. Unzip and extract API Gateway 7.7 SP2 Configuration Studio over the configurationstudio directory in your existing API Gateway 7.7 installation directory. For example: 
    tar -xzvf APIGateway_7.7_SP2_ConfigurationStudio_linux-x86-64_BNYYYYMMDDn.tar.gz -C /opt/Axway-7.7/configurationstudio/
  5. Start Configuration Studio with configurationstudio  -clean

Note :  The -clean option is needed the first time you start Configuration Studio after installing the service pack.

After installation

The following steps apply after installing the service pack.

API Gateway

To allow an unprivileged user to run the API Gateway on a Linux system, perform the following steps:

  1. Add the following line to the INSTALL_DIR/system/conf/jvm.xml file: 
    <VMArg name="-Djava.library.path=$VDISTDIR/$DISTRIBUTION/jre/lib/amd64/server:$VDISTDIR/$DISTRIBUTION/jre/lib/amd64:$VDISTDIR/$DISTRIBUTION/lib/engines:$VDISTDIR/ext/$DISTRIBUTION/lib:$VDISTDIR/ext/lib:$VDISTDIR/$DISTRIBUTION/jre/lib:system/lib:$VDISTDIR/$DISTRIBUTION/lib"/>
  2. Run the command setcap 'cap_net_bind_service=+ep cap_sys_rawio=+ep' INSTALL_DIR/platform/bin/vshell to allow the API Gateway to listen on privileged ports.

For more details on configuring API Gateway to run on privileged ports, see the API Gateway Administrator Guide.

Notes:

The JRE included in API Gateway disables undesirable cipher suites when using SSL/TLS by default. Users using RSA Access Manager (formerly known as RSA ClearTrust) with API Gateway may experience SSL/TLS handshake issues where no common cipher suites can be found. In this case, you should reconfigure SSL/TLS of the RSA Access Manager to support stronger cipher suits. Alternatively, you can re-enable the anonymous cipher suites in JRE for successful SSL/TLS connections with the RSA Access Manager as follows:

The JRE included in API Gateway enables endpoint identification algorithms for LDAPS (secure LDAP over TLS) by default to  improve the robustness of the connections. This may cause API Gateway LDAP filters to fail to connect to an LDAPS server. In this case, you can disable endpoint identification using a new system property (com.sun.jndi.ldap.object.disableEndpointIdentification):

API Manager

When API Manager is installed, you must run the update-apimanager script after the API Gateway post-install script to ensure that all paths are up-to-date.

Caution: Before executing the update-apimanager script:

This script updates the active deployment in the API Manager group. After running the script, you must recreate the API Manager project (common project, containing Server Settings) from the deployment, so that you won't need to revert the changes the next time you perform a project deployment.

As an alternative to recreating the API Manager project, you can deploy only your common project to a development server and run the update-apimanager script against it, and create a new common project from this gateway instance. Then, you must deploy your updated policies to your API Manager group.

Tip: You can run this command once at the API Gateway group level, instead of on every API Gateway instance, for example:

/opt/Axway-7.7/apigateway/posix/bin/update-apimanager --username=admin --password=MY_PASSWORD --group=API_MGR_GROUP

If the API Gateway group is protected by a passphrase, you must append the above command with --passphrase=API_MGR_GROUP_PASSPHRASE

Client Application Registry

The following command shows an example of running the update-apimanager script when the Client Application Registry is installed: 

/opt/Axway-7.7/apigateway/posix/bin/update-apimanager --username=admin --password=MY_PASSWORD --group=API_MGR_GROUP   --productname=clientappreg

If the API Gateway group is protected by a passphrase, you must append the above command with --passphrase=API_MGR_GROUP_PASSPHRASE


EMT API Manager Service Pack Installation

If a fed file is provided as part of building the API Manager EMT container, you must follow these steps to update the fed with the Service Pack API Manager configuration:

1. Install the Service Pack on a installation of the gateway.
2. Run /opt/Axway-7.7/apigateway/posix/bin/update-apimanager --fed <path to file>.fed. There is no need to run any API Manager instances.

The fed now contains the Service Pack updates for the API Manager configuration and can be used to build EMT containers.

Documentation

Find all documentation for this product version in the Axway Documentation portal at https://docs.axway.com.

The following reference documents are also available from the Documentation portal:

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.

Email support@axway.com or visit Axway Support at https://support.axway.com.


Copyright © 2019 Axway. All rights reserved.