Release 11.0.0

Explore the release highlights, usage notes, for webMethods.io API Gateway 11.0.0.

Note
Self service upgrade to webMethods.io API Gateway 11.0.0 is not supported. For more information, see Upgrading to a new version.

Highlights

What’s New

New Item Description
Continuous value delivery model Starting from 11.0.0 release, webMethods.io API will consistently introduce new features and improvements in its periodic updates. This allows you to swiftly tap into added value rather than waiting for the next major version release.
Next-generation architecture for running workloads anywhere Before the 11.0.0 release, API calls to backend services within a private cloud or on-premises infrastructure were routed through the public internet, impacting response times and posing security concerns. With the 11.0.0 release, Software AG’s webMethods.io API enables linking to a customer’s cloud while preserving network isolation through a hub-and-spoke architecture. This approach, such as dedicated egress, enhances security and reduces latency. Customers can set up individual spokes, enabling their API traffic to leverage hyper-scaler backbones, effectively bypassing the public internet if desired.
EDR implementation for Azure Disaster recovery (DR) for cloud-based systems is critical to an overall business continuity strategy. In rare instances, complete unavailability of a hyper scaler’s facilities within an availability zone or region might occur, potentially due to network failures or complete loss owing to natural disasters. Such occurrences can profoundly impact enterprises heavily reliant on the webMethods.io API Management solution hosted in a hyperscaler region. Irrespective of the cause, the most effective solution for such a disaster scenario involves a well-defined and tested DR process encompassing Failover and Failback procedures. Failover enables automatic and seamless switching of production to a dependable secondary region, while Failback restores production to the original or a new primary region post-resolution of the disaster or a scheduled event. Enhanced Disaster Recovery (EDR) is now accessible to webMethods.io API customers upon request, subject to an additional cost.
Faster provisioning and smaller deployment footprint Several architectural improvements have been implemented in webMethods.io API Management. These encompass the deployment of Ignite-based clustering for SaaS cloud users. Additionally, the policy enforcement runtime engine now, resides on the Microservice Runtime (MSR) instead of the Integration Server (IS).
API Control Plane agent configuration using API Gateway UI webMethods.io API offers the functionality to manage API Control Plane agent configuration via both the API Gateway UI and REST APIs. Setting up API Control Plane as a Destination establishes the communication link between the API Gateway and API Control Plane. Data synchronization from the API Gateway to API Control Plane occurs only when the API Control Plane agent is configured and communication channels are successfully established. Upon successful connection, the API Control Plane agent initiates the transmission of Health check statuses, Asset information, and Runtime Metrics from the API Gateway to API Control Plane. This enables informed business decision-making through metrics’ analysis.
Decouple API Gateway and Developer Portal provisioning Before the 11.0.0 release, the Free-For-Ever edition (FFE) provisioned both the Developer Portal and the API Gateway. However, starting from the 11.1 release, customers can now explicitly select which product they want to explore. Additionally, if they later wish to test the other product, they can independently launch it from the landing page after logging into the Software AG cloud.
Elasticsearch bulk updates for transaction and monitoring data Amidst peak API traffic, a substantial volume of API Analytics data needs to be transmitted to Elasticsearch. The mechanism for dispatching this data has been enhanced to bolster performance.
JWT Time Tolerance Clock Skew support This enhancement focus on validating JWT tokens considering clock skew. When verifying the JWT tokens’ expiration and not-before claims, a minor time variance might exist between the API Gateway and the external authorization server. In such instances, the API Gateway might not authorize JWT tokens. A clock skew value can be established at the global level using the pg_JWT_clock_skew_seconds extended setting to address this. This clock skew value can be configured within the external authorization settings.
External authorization server enhancements Prior to the 11.0.0 release, when you input a discovery URL while configuring an external authorization server, the URL is not retained for future reference. Consequently, upon revisiting the page, the discovery URL was not displayed, hindering the re-discovery process. However, with the 11.0.0 release, the discovery URL is now stored and visible on the page, enhancing the user experience by facilitating easy re-discovery when needed.
Traffic Optimization policy performance improvements The algorithm has been altered to enhance performance during periods of high API traffic.
Registered Applications Tab Improvements have been made to the Applications screen, now featuring pagination to enhance the user experience.
Documentation improvements A newly introduced Getting Started section comprises user-friendly introductory articles accompanied by reference assets.

Usage Notes

This section provides any additional information that you need, to work with webMethods.io API Gateway.

The link provided in the Documentation section of the API details tab can be accessed using API gateway internal users credentials and cannot be accessed using SSO user credentials.

Note
Software AG recommends not to use the XFF header for application identification.

The following functionalities have certain restrictions in webMethods API Gateway instance on cloud: