Mashery Support Portals Developer Blog

RSS Feed

New Feature: Call Log Export

For the first time customers can now receive low-level API transaction details via automated, ongoing exports. Until now, reporting data provided via our Reporting Dashboard and API has provided aggregated data sets, but with our new Call Log Export feature, that is no longer the case!

Log files will be delivered in 30 minute slices as CSV files and will include such data as:  Request UUID, Source IP, Host name, User Agent, URI, HTTP Method, HTTP Status Code, API Key, and many more!  We have also joined the transaction data with other TIBCO Mashery Metadata, such as Package, Plan, and Service information to reduce complexity of creating helpful and actionable visualizations and insights without the overhead of having to join data tables together.

These detailed transaction logs should unlock a variety of use cases for our customers, allowing you to store Mashery call data along with your own transaction logs to get a full view of your API traffic.  Troubleshooting, threat detection, customized billing are all use cases that we have heard from our customers that will now be possible with this new feature.  Keep an eye on this blog as we are planning incremental improvements to this feature in the coming months.

Watch a quick demo of Call Log Exports working in conjunction with Redshift & TIBCO's industry leading analytics platform Spotfire.

Please see the feature documentation which also includes an FAQ.

* Please note: New Call Export profiles may take up to 3 hours for initial delivery, we are working to bring this latency down in the near term.


Integrated API Testing with API Fortress

Testing one’s APIs is a critical step in ensuring quality. An obvious statement to make, but an often overlooked one. Commonly, testing means engineering focused unit or functional tests that make everyone happy on the development and QA teams. That means that the end-users, the developers using your APIs, are often left as afterthoughts. Leaving the developer experience to be not fully tested, monitored, or improved on a continuous basis. To help our customers do a better job of testing their API facades - the APIs that they put into the hands of their developer partners - we have worked closely with API Fortress ( to make it easy to automatically generate API tests by leveraging your I/O Docs. If you are not using API Fortress, or a similar testing tool, be sure to check it out. They provide incredibly valuable testing and monitoring tech for APIs. Some sample screenshots of the integration and the product in action can be found below.

Screenshot #1: New Test Setup - Click on "Build from Mashery"

Screenshot #2: Working with an Existing Test

Screenshot #3: Viewing Status and Latency Dashboard

New Landing Page for Control Center

Continuing the theme in the second half of 2016, here at TIBCO Mashery we have been hard at work at improving the experience of the API Control Center, the web administration application that our customers use to manage their API programs. In order to help newer users understand more and more of what is available in the product, we have changed the initial page shown when entering the API Control Center, replacing the quick links to "create" processes with quick links to the high level functional areas of the product, including descriptions of what those functional areas can do for a user. Additionally, we have added some additional links on the right-hand side of the page to assist in getting more information about the product, whether to access support quickly or learn more through training videos. Sample screen-shot is shown below.


Mashery Local 4.0 is Generally Available!

The next release of Mashery Local - v4.0 was made Generally Available a few weeks back.  With this release we have included several features - some geared towards improvements in security oriented features and some towards improving dev ops flexibility around deploying Mashery Local. The new features are as below:

1) Mashery Local is now also available for deployment in Docker-based environments ( in addition to the virtual appliance form-factor). This allows administrators to easily deploy Mashery Local in either internal data-centers or external cloud platforms that support Docker based deployment choices. 

2) Mashery Local now includes full support for HTTPS server and client support. Features are included that allow administrators to configure trust and identity stores, set up HTTPS client profiles and facilitate two-way SSL if needed to the API back-end. Additionally, communication between an enterprise's load balancer and Mashery Local cluster can now be encrypted over SSL ( via a user-controlled configuration option)

3) Mashery Local now includes a secure way to manage developer secrets - a new option is now avaiable "Secure Hash Authentication" while configuring API endpoints. When this option is selected, secrets will no longer be stored anywhere either on-cloud or on-premise. Instead only a one-way hash of the secrets get stored which render them effectively useless in the event they get compromised

To download this release and get access to the detailed documentation, you can visit as usual or contact Technical Support for assistance

From darkness to light: New color scheme for API Control Center

We have more exciting UI changes coming to the Control Center. Soon you will have a more visually appealing white background for the API Control Center instead of the traditional dark one. We hope this will provide a much better visual experience for you. We are making this change for several reasons:

  • The color scheme matches with the rest of the products offered by TIBCO cloud services and provides a more unified UI experience.
  • Feedback from a majority of customers indicated a preference towards a “lighter” application.
  • It sets the stage for further enhancements to the product, including leveraging API oriented capabilities found in TIBCO Cloud Integration (

Enhanced: TIBCO Mashery Connector for TIBCO Simplr

A while back, we announced the availability of the TIBCO Mashery Connector for TIBCO Simplr (blog post here). And we haven't stopped there! Over the past month, we've been working hard to make it easier to use as well as open up more data that can be pulled out of the Mashery V3 API. The enhancements are as follows:


  • Export of package key data, with associated developer username and email
  • Export of reporting data for Package Keys, including Package, Plan, API information and developer metadata
  • Export of QPS data for Package Keys, including Package, Plan, API information and developer metadata
Additionally, we are changing the authentication mechanism so that you no longer have to provide your Mashery V3 API Key and Secret; area id, username and password are only required. This is a breaking change, meaning that you'll have to re-configure your connector in order for your flows to work.


A preview of the new actions can be seen below. Visit the original blog post to learn more about the feature in general. And visit to sign-up today.

New Header for Mashery API Control Center

We are pleased to let you know about some exciting changes coming to your Control Center experience. We have introduced a new header and incorporated a few changes based on customer feedback. For the new header "Mashery Control Center" has been replaced with "TIBCO Mashery".

The area name is displayed on the right and clicking the area name would give additional information, such as the Area UUID. This is a quick and easy way to find the UUID of a given area. Next to the area name is an icon(?) that you can click to get area information, get access to the latest Control Center documentation or get information on how to contact support.

As always we are trying to make the product better and we have bigger changes coming to the Control Center especially with regards to the look and feel. Stay tuned for more product updates. 

Mashery Local 3.1.1 is GA

Mashery Local 3.1.1 is generally available for customer download on The release includes greater access to networking system level commands for the Mashery Local administrator plus includes critical bug fixes. 

New Feature: Distributed API Management

We are super excited here at TIBCO Mashery to announce the release of our new feature: Distributed API Management. The feature adds group-aware role based access control to the Mashery product. Distributed API Management will allow users to create multiple organizations within the Control Center. Different assets such as Users, APIs and Packages can be assigned to an organization and managed independently of each other. Depending on which organization a user belongs to and what permission he or she has, they will be able to perform certain operations and view certain assets. Currently we have the roles of Admin, API Manager, Community Manager and a Reports User within an organization that can be assigned to a Control Center User.

We have also provided a new way of grouping developer users and controlling the access settings for these users. There is a new group called Portal Access Group that can be created for each organization. Users with access to Portal, typically developer users can now be added to the Portal Access Group. Plans and IO Docs can be added to the Portal Access Group. Users in a given Portal Access Group will get access to the Plans and IO Docs in that group when they log into the Portal.

Please contact customer support if you need the feature to be turned on for your area or want to learn more. Below are a few screen shots that go into a bit more detail on how the feature is designed and how it can be used. You can also view a recorded demo here.

Did you know? Mashery API responses contain quota limit information

If you are a Mashery API user - if not, sign-up here! - then you might not be aware of the fact that we're passing back, in the response header, information about your usage of the API, which can help you add in more resilency to your custom API programs, e.g. if you are about to hit a QPS limit, then perhaps you want to add in a slight delay to a next call. This information can be very useful for developers building custom applications using the Mashery API.

The headers returned are:

  • X-Packagekey-Qps-Allotted: The maximum QPS (queries per second) capacity set on your API key. This is the maximum number of calls that can be made in any given second.
  • X-Packagekey-Qps-Current: The current count of calls being applied against the above limit; in this case, it is a representation of how many calls your key is making at that particular second in time.
  • X-Packagekey-Quota-Allotted: The maximum number of calls that can be made on daily basis. 
  • X-Packagekey-Quota-Current: The current count of calls made in the current limit period, i.e. the current day.
  • X-Plan-Quota-Reset: The time when the quota count will reset to 0.

Example response headers are below:

X-Packagekey-Qps-Allotted: 25
X-Packagekey-Qps-Current: 1
X-Packagekey-Quota-Allotted: 2000000
X-Packagekey-Quota-Current: 105094
X-Plan-Quota-Reset: Saturday, July 30, 2016 12:00:00 AM GMT

[ Page 1 of 10 | Next ]