Mashery Support Portals Developer Blog

RSS Feed

Mashery Local 3.1.1 is GA

Mashery Local 3.1.1 is generally available for customer download on edelivery.tibco.com. The release includes greater access to networking system level commands for the Mashery Local administrator plus includes critical bug fixes. 

New Feature: Distributed API Management

We are super excited here at TIBCO Mashery to announce the release of our new feature: Distributed API Management. The feature adds group-aware role based access control to the Mashery product. Distributed API Management will allow users to create multiple organizations within the Control Center. Different assets such as Users, APIs and Packages can be assigned to an organization and managed independently of each other. Depending on which organization a user belongs to and what permission he or she has, they will be able to perform certain operations and view certain assets. Currently we have the roles of Admin, API Manager, Community Manager and a Reports User within an organization that can be assigned to a Control Center User.

We have also provided a new way of grouping developer users and controlling the access settings for these users. There is a new group called Portal Access Group that can be created for each organization. Users with access to Portal, typically developer users can now be added to the Portal Access Group. Plans and IO Docs can be added to the Portal Access Group. Users in a given Portal Access Group will get access to the Plans and IO Docs in that group when they log into the Portal.

Please contact customer support if you need the feature to be turned on for your area or want to learn more. Below are a few screen shots that go into a bit more detail on how the feature is designed and how it can be used. You can also view a recorded demo here.

Organization Overview

Organization Control Center Users

Adding an API to an Organization


Did you know? Mashery API responses contain quota limit information

If you are a Mashery API user - if not, sign-up here! - then you might not be aware of the fact that we're passing back, in the response header, information about your usage of the API, which can help you add in more resilency to your custom API programs, e.g. if you are about to hit a QPS limit, then perhaps you want to add in a slight delay to a next call. This information can be very useful for developers building custom applications using the Mashery API.

The headers returned are:

  • X-Packagekey-Qps-Allotted: The maximum QPS (queries per second) capacity set on your API key. This is the maximum number of calls that can be made in any given second.
  • X-Packagekey-Qps-Current: The current count of calls being applied against the above limit; in this case, it is a representation of how many calls your key is making at that particular second in time.
  • X-Packagekey-Quota-Allotted: The maximum number of calls that can be made on daily basis. 
  • X-Packagekey-Quota-Current: The current count of calls made in the current limit period, i.e. the current day.
  • X-Plan-Quota-Reset: The time when the quota count will reset to 0.

Example response headers are below:

X-Packagekey-Qps-Allotted: 25
X-Packagekey-Qps-Current: 1
X-Packagekey-Quota-Allotted: 2000000
X-Packagekey-Quota-Current: 105094
X-Plan-Quota-Reset: Saturday, July 30, 2016 12:00:00 AM GMT

Upcoming User Experience and Feature Name Change: New Developer Management Screens and Roles to Portal Access Groups

At the end of August, all customers currently using the TIBCO Mashery API Control Center will be moved over to the new Developer Management User Experience. You can read more about that new experience here. At that time, there will be a change to the name of a feature, previously referred to as Roles or Custom Roles, which will be re-named Portal Access Groups. This feature gives you, the customer, the ability to define arbitrary role names that can be applied against content, APIs and API Plans in order to ensure that people with said roles only have access to these objects in the developer portal. You can learn more about that feature by exploring the product documentation here. We're re-naming to Portal Access Groups in order to reflect exactly what they are: a grouping of developers for the purpose of exposing different assets - content, APIs and API Plans - to them while visiting the portal.

Coincident with this change will be a new and improved user experience for managing Portal Access Groups. You can see this in action in this short demo video here. Some screenshots are displayed below.

NOTE: if you are currently using the Event Trigger Feature (blogged about here), you should be aware that there has been a slight change to the payload sent across from Mashery to your respective target endpoint. "object_type" is no longer provided; you must inspect the URI path to determine the type of object being passed to your code. If you have any questions, please contact support.

New Feature: Queries per Second (QPS) Detail Reporting API

We are pleased to announce the release of a new feature within the Mashery Reporting API that will provide access to Queries per Second (QPS) details for Area, Developer key, and Endpoint objects in 30 minute summaries. This new functionality should be particularly helpful to customers seeking to manage capacity, visualize traffic spikes for any of the three objects, or generally understand traffic patterns in a new and interesting way.

In addition to pure max QPS information per 30 minute slice, the response will contain information covering data transferred and connections, which represents call concurrency. 

The new methods are called:

These new methods are now available within the existing Reporting V2 and V3 API plans, and further details regarding their use can be found within our IODOCS and in our long hand docs.

New Feature: Mashery V3 API GA

We are excited to announce the general availability of the TIBCO Mashery V3 API. The V3 API provides a REST interface for managing the various assets in our system. The API can be used to manage User specific data, such as Members, Applications, Roles and Keys, and API related data, such as APIs, Endpoints,Methods, Packages and Plans, as well as access reporting performance data. You can use these API calls to automate the creation and management of these assets or to integrate with third party applications or create custom scripts and applications. The APIs are OAUTH2 protected and you can generate tokens by providing key and secret. Currently we have over 120 customers using these APIs, with use cases ranging from reporting data export to exporting developer data to drive email campaigns to managing the lifecycle of their APIs.

For more information on how to use the APIs or to sign up for keys please login to support.mashery.com. Documentation for the API can be found here and the IO Docs are located here.

io_docs1.png

io_docs2.png

New Feature: TIBCO Mashery Connector for TIBCO Simplr

One of the challenges associated with APIs is having more and more folks be able to use them, without the often requisite sophisticated programming knowledge and experience. Interactive documentation tools, like IO Docs and Swagger UI, have been great ways for helping developers learn about APIs. But what about having people - non programmers - use APIs to accomplish day to day tasks? Imagine that! How to best get them productive all the while not having to spin up big application development projects?

TIBCO Simplr™ is a great way to get API-driven useful capabilities into the hands of business managers. TIBCO Simplr links your cloud apps and automates tasks so you can get your job done faster and more accurately. Whether you’re planning a sales trip, reporting on marketing campaigns, surveying employees, or just trying to improve your productivity, Simplr can help you and everyone in your organization.

How does this all fit into TIBCO Mashery? Well, we're pleased to announce the availabilty of the TIBCO Mashery Connector for TIBCO Simplr. TIBCO Mashery customers can now leverage a very simple tool to do things like pull developer data out of Mashery, previously only accomplished using the Mashery API. Now you can do things like pull out developer data and put into a Marketo app or a Google spreadsheet or drive a SurveyMonkey product feedback process. All without programming!

Sample screen shots can be seen below. A quick demonstration of the feature can be found here and here.

NOTE: The use of the TIBCO Mashery Connector for TIBCO Simplr requires a Mashery V3 API Key. Please visit here to get one.

TIBCO Simplr is free right now in Beta. Sign up to access Mashery connector templates, or build your own!


Flow Overview Page

 

Setting Up A Flow

New Feature: Enhanced Developer Management User Experience and REST APIs for managing Members, Applications, Roles and Keys

As your API program grows rapidly, so does your need to manage large numbers of users and keys. This led us here at TIBCO Mashery to create a new and improved User Management experience for our API Control Center. The new user management screens will enable you to create, maintain and manage users, applications, package keys and roles with greater ease. The new user interface provides a much better visual experience, new search and filter controls and a more intuitive way of navigating our control center.

The new user interface is Generally Available and can be enabled for customer usage. If you are using API control Center and are interested in switching to this new  interface please contact Support(support@mashery.com).

Screen-shot of User Listing Page

user_listing.png

Screen-shot of Filter Screen

filter.png

Screen-shot of Package Key edit page

create_packagekey.png

New Feature: Executive Summary Reporting API Methods

Mashery is pleased to announce the availability of new Reporting API methods that allow access to the data behind the Executive Summary report in the API Control Center. The Executive Summary is a 1-stop shop for API Metrics designed for sharing with executive leadership and for broadcasting widely to a general audience. The visually intuitive report delivers a high-level view across your API Program and includes new metrics and analytics to drive new business strategies and initiatives. The Executive Summary takes advantage of the latest data visualization techniques to deliver a "showcase-ready" dashboard with specially crafted data-driven narratives across three perspectives, Management metrics, Technical metrics, and Developer/Partner metrics. Now, with this release, customers can access this data and pull into their own visualizations; for example, why not create a custom dashboard that is thrown up on a nice big TV in your office, displaying some of the important metrics surfaced by the Executive Summary feature?

Screenshot of Executive Summary

 

Screenshot of API Methods in IO Docs

Check out the new methods in the V2 IO Docs!

Planned Java Upgrade Notification

We are going through a planned JRE upgrade to the latest Java version 1.8.
If you are using SSL to communicate between Mashery and your API back-end systems , there will be some older ciphers that may not be supported with this upgrade . To avoid any API call failures related to usage of such unsupported ciphers in your API back-end systems,  please ensure your systems are migrated off those ciphers. In addition, we recommend you make some test calls against a Mashery test environment that will be made available with the upgraded JRE.

 

Supported ciphers

TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_RC4_128_MD5

Unsupported ciphers

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDH_ECDSA_WITH_RC4_128_SHA
TLS_ECDH_RSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV

 

If you have any further questions please contact Mashery Support at support@mashery.com

[ Page 1 of 10 | Next ]