Mashery Support Portals Developer Blog

RSS Feed

New Feature: Mashery V3 API GA

We are excited to announce the general availability of the TIBCO Mashery V3 API. The V3 API provides a REST interface for managing the various assets in our system. The API can be used to manage User specific data, such as Members, Applications, Roles and Keys, and API related data, such as APIs, Endpoints,Methods, Packages and Plans, as well as access reporting performance data. You can use these API calls to automate the creation and management of these assets or to integrate with third party applications or create custom scripts and applications. The APIs are OAUTH2 protected and you can generate tokens by providing key and secret. Currently we have over 100 customers using these APIs, with use cases ranging from reporting data export to exporting developer data to drive email campaigns to managing the lifecycle of their APIs.

For more information on how to use the APIs or to sign up for keys please login to support.mashery.com. Documentation for the API can be found here and the IO Docs are located here.

io_docs1.png

io_docs2.png

New Feature: TIBCO Mashery Connector for TIBCO Simplr

One of the challenges associated with APIs is having more and more folks be able to use them, without the often requisite sophisticated programming knowledge and experience. Interactive documentation tools, like IO Docs and Swagger UI, have been great ways for helping developers learn about APIs. But what about having people - non programmers - use APIs to accomplish day to day tasks? Imagine that! How to best get them productive all the while not having to spin up big application development projects?

TIBCO Simplr™ is a great way to get API-driven useful capabilities into the hands of business managers. TIBCO Simplr links your cloud apps and automates tasks so you can get your job done faster and more accurately. Whether you’re planning a sales trip, reporting on marketing campaigns, surveying employees, or just trying to improve your productivity, Simplr can help you and everyone in your organization.

How does this all fit into TIBCO Mashery? Well, we're pleased to announce the availabilty of the TIBCO Mashery Connector for TIBCO Simplr. TIBCO Mashery customers can now leverage a very simple tool to do things like pull developer data out of Mashery, previously only accomplished using the Mashery API. Now you can do things like pull out developer data and put into a Marketo app or a Google spreadsheet or drive a SurveyMonkey product feedback process. All without programming!

Sample screen shots can be seen below. A quick demonstration of the feature can be found here.

NOTE: The use of the TIBCO Mashery Connector for TIBCO Simplr requires a Mashery V3 API Key. Please visit here to get one.

TIBCO Simplr is free right now in Beta. Sign up to access Mashery connector templates, or build your own!


Flow Overview Page

 

Setting Up A Flow

New Feature: Members, Applications, Roles and Keys

As your API program grows rapidly, so does your need to manage large numbers of users and keys. This led us here at TIBCO Mashery to create a new and improved User Management experience for our API Control Center. The new user management screens will enable you to create, maintain and manage users, applications, package keys and roles with greater ease. The new user interface provides a much better visual experience, new search and filter controls and a more intuitive way of navigating our control center.

The new user interface is Generally Available and can be enabled for customer usage. If you are using API control Center and are interested in switching to this new  interface please contact Support(support@mashery.com).

Screen-shot of User Listing Page

user_listing.png

Screen-shot of Filter Screen

filter.png

Screen-shot of Package Key edit page

create_packagekey.png

New Feature: Executive Summary Reporting API Methods

Mashery is pleased to announce the availability of new Reporting API methods that allow access to the data behind the Executive Summary report in the API Control Center. The Executive Summary is a 1-stop shop for API Metrics designed for sharing with executive leadership and for broadcasting widely to a general audience. The visually intuitive report delivers a high-level view across your API Program and includes new metrics and analytics to drive new business strategies and initiatives. The Executive Summary takes advantage of the latest data visualization techniques to deliver a "showcase-ready" dashboard with specially crafted data-driven narratives across three perspectives, Management metrics, Technical metrics, and Developer/Partner metrics. Now, with this release, customers can access this data and pull into their own visualizations; for example, why not create a custom dashboard that is thrown up on a nice big TV in your office, displaying some of the important metrics surfaced by the Executive Summary feature?

Screenshot of Executive Summary

 

Screenshot of API Methods in IO Docs

Check out the new methods in the V2 IO Docs!

Planned Java Upgrade Notification

We are going through a planned JRE upgrade to the latest Java version 1.8.
If you are using SSL to communicate between Mashery and your API back-end systems , there will be some older ciphers that may not be supported with this upgrade . To avoid any API call failures related to usage of such unsupported ciphers in your API back-end systems,  please ensure your systems are migrated off those ciphers. In addition, we recommend you make some test calls against a Mashery test environment that will be made available with the upgraded JRE.

 

Supported ciphers

TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_RC4_128_MD5

Unsupported ciphers

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV

 

If you have any further questions please contact Mashery Support at support@mashery.com

Administration Tool SAML SSO

We are thrilled to announce, with today's release, that TIBCO Mashery has provided its customers the capability to have their administration users login into the TIBCO Mashery administrative web applications with their enterprise credentials using SAML Single Sign On (SSO). For API providers, sometimes having admins create separate and independent user accounts in the TIBCO Mashery system is counterintuitive to their centralized ID Management and security policies. And it generally is not very efficient for users either: admins have to remember different user credentials from their current corporate ones. SAML SSO for the administration dashboards is part of TIBCO Mashery’s broader vision to allow us and our customers to:

  • Scale and optimize their organizations daily API management with quick and efficient user approval and provisioning. As a part of Single sign on process, provisioning over SAML allows our customers to create on-demand accounts. We have now simplified scenarios where users need to be dynamically provisioned, by combining the provisioning and single sign-on processes into a single message.
  • Increase security by allowing authentication against customer’s ID management system. With this feature, we simply check users' corporate credentials using their employer’s directory, instead of our own directory and eliminate the need for separate Mashery credentials.
  • Increase user adoption: users only need to memorize a single password to access both their enterprise’s site and Mashery. Users are more likely to use TIBCO Mashery on a regular basis.
  • Reduce support costs and inefficiency. Now, customers don’t have to wait for Mashery Admins to approve accounts individually and/or remove users after they have left an organization.

Screenshot of Admin SAML SSO Enabled for API Program Login

Screenshot of admin SAML SSO

To understand more about how this feature works and how your API program might benefit from this feature, please contact your TIBCO Mashery CPSM or Support for information.

New Feature: Executive Summary

TIBCO Mashery is pleased to announce the availability of a new reporting feature, Executive Summary, for those customers currently using the new API Control Center. The Executive Summary is a 1-stop shop for API Metrics designed for sharing with executive leadership and for broadcasting widely to a general audience. The visually intuitive report delivers a high-level view across your API Program and includes new metrics and analytics to drive new business strategies and initiatives. The Executive Summary takes advantage of the latest data visualization techniques to deliver a "showcase-ready" dashboard with specially crafted data-driven narratives across three perspectives, Management metrics, Technical metrics, and Developer/Partner metrics.

A sample screenshot of the Executive Summary in action can be seen below.

To understand more about how this feature works and how your API program might benefit from this feature, please contact your TIBCO Mashery CPSM or Support for information.

Updated Control Center User Experience

The user experience for the TIBCO Mashery API Control Center has changed a bit with last night's release (2/17/2015). After getting feedback on how navigation was working and with an eye towards other future enhancements, the location of the "New" buttons, on "List" pages, has been changed, and replaced by an icon, as well as an update to the "View" pages for API Definitions, Endpoints, Packages and Plans. Examples of the changes can be seen below.

Updated "List" Page with "New" button location

 

Screen shot of new "View" page with updated actions locations and icons.

SSL v3 Vulnerability Update

Mashery addressed the SSLv3 vulnerability aka Poodle in our environment within few hours of learning about it on the afternoon of October 14th 2014. After carefully reviewing the likelihood and impact of this vulnerability, we determined the risk to be High, especially as “Poodle” became a widely known vulnerability that could potentially expose our customers’ data. We decided to disable SSLv3 immediately with an option to rollback on a customer case-by-case basis.

Prior to disabling SSLv3, we informed our customers about our decision and made that change (i.e., disabling SSLv3) during our weekly maintenance window (11 PST 11/14/14) on the same day. We also recommended our customers to use TLS 1.0 or above as per the industry best practice. Follow up communications were sent to our customers to keep them abreast on the status of the change.

We did not come across any significant interruptions due to disabling SSLv3 in our own, or our customers’, operations. We made every effort to address customer issues as early as possible. Only a very small number of customers reported issues caused by the necessary change.

As always, customers’ information security has always been one of our top priorities and we will continue to do our part to safeguard customer data.

Please contact customer support at support@mashery.com, TIBCO Mashery Support Portal, or call our toll free number: 888-667-1588. You can also follow our updates on our Twitter stream, @MasheryOps.

For more information about this vulnerability, please refer to http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html.

Advisories CVE-2014-6271 and CVE-2014-7169 for GNU Bash

A security advisory was released on 09/24/2014 related to a vulnerability, now informally being referred to as Shellshock, that exists in GNU Bash.  For more information about this vulnerability, please refer to CVE-2014-6271 and CVE-2014-7169.  An incident response is in effect and immediate actions have been taken by TIBCO Mashery to address this vulnerability.  We will update you with more information as it becomes available.  Please contact support@mashery.com with questions or concerns.

Mashery understands the impact and is working towards building and deploying the patch for Mashery Local 2.2 customers by end of next week. Also Mashery Local is less vulnerable as it sits behind the firewall.


[ Page 1 of 9 | Next ]