Mashery Support Portals Developer Blog

RSS Feed

New Feature: Import Swagger specification

TIBCO Mashery is ever evolving, and for the first time, Mashery will help you in setting up your swagger defined API's more easily. In our latest release, all our customers are now able to import Swagger 2.0 specifications, which will automatically be mapped to a Mashery endpoint definition.

Most of you have heard about the Open API Initiative, which is an industry-wide effort to standardize how APIs work and look like. It is focused on creating, evolving and promoting a vendor-neutral API description format, which is gaining high adoption in the industry. Since Mashery wants its customers to grow along with new industry initiatives, it is following suit and adopting the format of the Open API initiative and allowing our customers to re-use their Swagger 2.0 specifications when managing APIs in Mashery.

With the release of this feature, once you go into your control center and click on "Design -> APIs", there is a minor change when creating a new, Mashery-managed API. As is seen in the image below, there is an option to create a new API definition by importing a file. If selected, a wizard will guide you through the steps needed to convert your Swagger 2.0 specification into a Mashery managed endpoint! 

Upon completion of the wizard, all functionality available to our customers can be used to further manage the API.

This functionality is not only available via the control center UI, but is can also be used via the Mashery V3 API, to ensure you can automate the import of the many swagger specification that you might currently have and it will abbreviate the need to setup each and every API in Mashery manually!

Please refer to the documentation in case you are running into any issues.

Updated V3 API Resources: IO Docs and Organizations

Mashery is pleased to announce the availability of new resources for our V3 API. Now you can manage your IO docs using this API, creating, updating and deleting IO Doc documents as you see fit. A great way to include that as part of your overall DevOps flow. Additionally, the Organizations feature, released last August 2016, now has its API resources available as well. You can create your organizations, associate APIs and API packages to these organization and manage the users and their roles in these respective organizations. You can learn more about the organization feature here and here. The API resources for IO Docs are available here and the ones for Organizations can be found here.

Mashery Local 4.1 is Generally Available !

We are extremely pleased to announce that the next release of Mashery Local - v4.1 is Generally Available as of today. To download this release and get access to the detailed documentation, you can visit as usual or contact Technical Support for assistance

This release includes several new features : 

1) Building upon the 4.0 release of Docker-based deployment option for Mashery Local , this release now provides support for Kubernetes configuration on AWS as well. 

2) OAuth support for Docker-based Mashery Local is included with this release

3) We have a new and improved version of the Adapter SDK that will allow Mashery Local customers to customize the API call flow in a self-service manner. Apart from the ability to customize the call flow via pre and post Processors, this release now includes an ability to customize authentication flow via the authentication extension point. With this feature, custom processors can be built to include authenications against other third party IDPs such as Ping Federate. In addition to the custom authenticator extension,the SDK includes other improvements such as being able to terminate the call flow during pre and post processing. The Adapter SDK documentation has also been revamped with more information and usage examples 

New Feature: Call Log Export

For the first time customers can now receive low-level API transaction details via automated, ongoing exports. Until now, reporting data provided via our Reporting Dashboard and API has provided aggregated data sets, but with our new Call Log Export feature, that is no longer the case!

Log files will be delivered in 30 minute slices as CSV files and will include such data as:  Request UUID, Source IP, Host name, User Agent, URI, HTTP Method, HTTP Status Code, API Key, and many more!  We have also joined the transaction data with other TIBCO Mashery Metadata, such as Package, Plan, and Service information to reduce complexity of creating helpful and actionable visualizations and insights without the overhead of having to join data tables together.

These detailed transaction logs should unlock a variety of use cases for our customers, allowing you to store Mashery call data along with your own transaction logs to get a full view of your API traffic.  Troubleshooting, threat detection, customized billing are all use cases that we have heard from our customers that will now be possible with this new feature.  Keep an eye on this blog as we are planning incremental improvements to this feature in the coming months.

Watch a quick demo of Call Log Exports working in conjunction with Redshift & TIBCO's industry leading analytics platform Spotfire.

Please see the feature documentation which also includes an FAQ.

* Please note: New Call Export profiles may take up to 3 hours for initial delivery, we are working to bring this latency down in the near term.


Integrated API Testing with API Fortress

Testing one’s APIs is a critical step in ensuring quality. An obvious statement to make, but an often overlooked one. Commonly, testing means engineering focused unit or functional tests that make everyone happy on the development and QA teams. That means that the end-users, the developers using your APIs, are often left as afterthoughts. Leaving the developer experience to be not fully tested, monitored, or improved on a continuous basis. To help our customers do a better job of testing their API facades - the APIs that they put into the hands of their developer partners - we have worked closely with API Fortress ( to make it easy to automatically generate API tests by leveraging your I/O Docs. If you are not using API Fortress, or a similar testing tool, be sure to check it out. They provide incredibly valuable testing and monitoring tech for APIs. Some sample screenshots of the integration and the product in action can be found below.

Screenshot #1: New Test Setup - Click on "Build from Mashery"

Screenshot #2: Working with an Existing Test

Screenshot #3: Viewing Status and Latency Dashboard

New Landing Page for Control Center

Continuing the theme in the second half of 2016, here at TIBCO Mashery we have been hard at work at improving the experience of the API Control Center, the web administration application that our customers use to manage their API programs. In order to help newer users understand more and more of what is available in the product, we have changed the initial page shown when entering the API Control Center, replacing the quick links to "create" processes with quick links to the high level functional areas of the product, including descriptions of what those functional areas can do for a user. Additionally, we have added some additional links on the right-hand side of the page to assist in getting more information about the product, whether to access support quickly or learn more through training videos. Sample screen-shot is shown below.


Mashery Local 4.0 is Generally Available!

The next release of Mashery Local - v4.0 was made Generally Available a few weeks back.  With this release we have included several features - some geared towards improvements in security oriented features and some towards improving dev ops flexibility around deploying Mashery Local. The new features are as below:

1) Mashery Local is now also available for deployment in Docker-based environments ( in addition to the virtual appliance form-factor). This allows administrators to easily deploy Mashery Local in either internal data-centers or external cloud platforms that support Docker based deployment choices. 

2) Mashery Local now includes full support for HTTPS server and client support. Features are included that allow administrators to configure trust and identity stores, set up HTTPS client profiles and facilitate two-way SSL if needed to the API back-end. Additionally, communication between an enterprise's load balancer and Mashery Local cluster can now be encrypted over SSL ( via a user-controlled configuration option)

3) Mashery Local now includes a secure way to manage developer secrets - a new option is now avaiable "Secure Hash Authentication" while configuring API endpoints. When this option is selected, secrets will no longer be stored anywhere either on-cloud or on-premise. Instead only a one-way hash of the secrets get stored which render them effectively useless in the event they get compromised

To download this release and get access to the detailed documentation, you can visit as usual or contact Technical Support for assistance

From darkness to light: New color scheme for API Control Center

We have more exciting UI changes coming to the Control Center. Soon you will have a more visually appealing white background for the API Control Center instead of the traditional dark one. We hope this will provide a much better visual experience for you. We are making this change for several reasons:

  • The color scheme matches with the rest of the products offered by TIBCO cloud services and provides a more unified UI experience.
  • Feedback from a majority of customers indicated a preference towards a “lighter” application.
  • It sets the stage for further enhancements to the product, including leveraging API oriented capabilities found in TIBCO Cloud Integration (

Enhanced: TIBCO Mashery Connector for TIBCO Simplr

A while back, we announced the availability of the TIBCO Mashery Connector for TIBCO Simplr (blog post here). And we haven't stopped there! Over the past month, we've been working hard to make it easier to use as well as open up more data that can be pulled out of the Mashery V3 API. The enhancements are as follows:


  • Export of package key data, with associated developer username and email
  • Export of reporting data for Package Keys, including Package, Plan, API information and developer metadata
  • Export of QPS data for Package Keys, including Package, Plan, API information and developer metadata
Additionally, we are changing the authentication mechanism so that you no longer have to provide your Mashery V3 API Key and Secret; area id, username and password are only required. This is a breaking change, meaning that you'll have to re-configure your connector in order for your flows to work.


A preview of the new actions can be seen below. Visit the original blog post to learn more about the feature in general. And visit to sign-up today.

New Header for Mashery API Control Center

We are pleased to let you know about some exciting changes coming to your Control Center experience. We have introduced a new header and incorporated a few changes based on customer feedback. For the new header "Mashery Control Center" has been replaced with "TIBCO Mashery".

The area name is displayed on the right and clicking the area name would give additional information, such as the Area UUID. This is a quick and easy way to find the UUID of a given area. Next to the area name is an icon(?) that you can click to get area information, get access to the latest Control Center documentation or get information on how to contact support.

As always we are trying to make the product better and we have bigger changes coming to the Control Center especially with regards to the look and feel. Stay tuned for more product updates. 

[ Page 1 of 11 | Next ]