TIBCO Mashery API Developer Blog

RSS Feed

Updated Developer Portal

TIBCO Mashery is happy to announce an update to its developer portal. We've been hard at work helping our customers that we've ignored our own portal! No more! Beyond its new look-and-feel (hello!) we're also happy to be beta testers for a new portal application framework that we're cooking up here in Mashery R&D. Announcements for that will be coming in the weeks to follow. Feedback is welcome. Tell us how we can be a better developer program for you.

Updated Feature: Import Swagger specification

TIBCO Mashery is ever evolving, and we have complemented the way in which Mashery will help you in setting up your swagger defined API's. In our latest release, we extended the wizard that allowed you to upload a Swagger specification, by ensuring that your interactive test documentation is setup in accordance with the uploaded swagger spec and the wizard will now also allow you to create a package and plan that you can directly use to have developers access your newly uploaded API.

After succesfully creating your API, the screen is now updated as per the figure below, the interactive test documentation (IODoc) is automatically created and the schemas and samples from the swagger spec are used to reflect the same information on the developer portal!

Updated swagger import flow


Furthermore, to ensure you can right away use this API and hand it over to your developers, the button at the bottom right will help you out. It will allow you to setup a new package and plan (or use an existing one) to allow developers to request keys to access this newly imported API and start using it!

Add package and plan

Mashery Local 4.1.1 is Generally Available today

Mashery Local - v4.1.1 is Generally Available as of today. To download this release and get access to the detailed documentation, you can visit http://edelivery.tibco.com as usual or contact Technical Support for assistance

This release includes a couple of improvements apart from several bug-fixes. For details, please access the release notes from edelivery.tibco.com


- OAuth token synchronizations are optimized for the initial download and administrator can flexibly synchronize by providing custom time-windows
- More networking level configurations are available now to the administrator user. For a complete list of commands, check out the Installation and Configuration guide

New Feature: Search for APIs and packages

As you might know, Mashery handles a lot of API calls from many different customers, customers managage tens of thousands APIs with Mashery and developers use thousands of packages to safely access those APIs. Most of our customers own hundreds of APIs with thousands of endpoints, combine that with the hundreds of packages and plans that go with this, sometimes it is a struggle to quickly find that one API you want to manage.

To ensure our customers can find that needle in their haystack, TIBCO Mashery is proud to present new functionality that will help all of our customers to quickly find the APIs and packages they need by simply searching for them!

The search functionality performs partial or complete string matches for the data in the specified columns. You can search for :


New Feature: Support Role

As we all know, TIBCO Mashery’s first class API management allows for many different setups that are of the utmost importance to you as our customer. Unwanted changes to any API pose a business risk, hence most customers do not give administrative access to a big group of people.

To ensure that your support team can investigate potential API issues using the control center without being dependent on those few administrators, TIBCO Mashery is proud to announce the support role within Mashery’s control center.

This role allows your support team to see your Mashery managed APIs configuration without allowing them to make changes. In this way support can help troubleshoot and figure out what happened to your API calls, without the risk of them making unwanted changes!


Please use TIBCO Mashery’s organization capabilities to assign the support role to your team members.

New Feature: Import Swagger specification

TIBCO Mashery is ever evolving, and for the first time, Mashery will help you in setting up your swagger defined API's more easily. In our latest release, all our customers are now able to import Swagger 2.0 specifications, which will automatically be mapped to a Mashery endpoint definition.

Most of you have heard about the Open API Initiative, which is an industry-wide effort to standardize how APIs work and look like. It is focused on creating, evolving and promoting a vendor-neutral API description format, which is gaining high adoption in the industry. Since Mashery wants its customers to grow along with new industry initiatives, it is following suit and adopting the format of the Open API initiative and allowing our customers to re-use their Swagger 2.0 specifications when managing APIs in Mashery.

With the release of this feature, once you go into your control center and click on "Design -> APIs", there is a minor change when creating a new, Mashery-managed API. As is seen in the image below, there is an option to create a new API definition by importing a file. If selected, a wizard will guide you through the steps needed to convert your Swagger 2.0 specification into a Mashery managed endpoint! 

Upon completion of the wizard, all functionality available to our customers can be used to further manage the API.

This functionality is not only available via the control center UI, but is can also be used via the Mashery V3 API, to ensure you can automate the import of the many swagger specification that you might currently have and it will abbreviate the need to setup each and every API in Mashery manually!

Please refer to the documentation in case you are running into any issues.

New Feature: Call Log Export

For the first time customers can now receive low-level API transaction details via automated, ongoing exports. Until now, reporting data provided via our Reporting Dashboard and API has provided aggregated data sets, but with our new Call Log Export feature, that is no longer the case!

Log files will be delivered in 30 minute slices as CSV files and will include such data as:  Request UUID, Source IP, Host name, User Agent, URI, HTTP Method, HTTP Status Code, API Key, and many more!  We have also joined the transaction data with other TIBCO Mashery Metadata, such as Package, Plan, and Service information to reduce complexity of creating helpful and actionable visualizations and insights without the overhead of having to join data tables together.

These detailed transaction logs should unlock a variety of use cases for our customers, allowing you to store Mashery call data along with your own transaction logs to get a full view of your API traffic.  Troubleshooting, threat detection, customized billing are all use cases that we have heard from our customers that will now be possible with this new feature.  Keep an eye on this blog as we are planning incremental improvements to this feature in the coming months.

Watch a quick demo of Call Log Exports working in conjunction with Redshift & TIBCO's industry leading analytics platform Spotfire.

Please see the feature documentation which also includes an FAQ.

* Please note: New Call Export profiles may take up to 3 hours for initial delivery, we are working to bring this latency down in the near term.


Integrated API Testing with API Fortress

Testing one’s APIs is a critical step in ensuring quality. An obvious statement to make, but an often overlooked one. Commonly, testing means engineering focused unit or functional tests that make everyone happy on the development and QA teams. That means that the end-users, the developers using your APIs, are often left as afterthoughts. Leaving the developer experience to be not fully tested, monitored, or improved on a continuous basis. To help our customers do a better job of testing their API facades - the APIs that they put into the hands of their developer partners - we have worked closely with API Fortress (http://www.apifortress.com) to make it easy to automatically generate API tests by leveraging your I/O Docs. If you are not using API Fortress, or a similar testing tool, be sure to check it out. They provide incredibly valuable testing and monitoring tech for APIs. Some sample screenshots of the integration and the product in action can be found below.

Screenshot #1: New Test Setup - Click on "Build from Mashery"

Screenshot #2: Working with an Existing Test

Screenshot #3: Viewing Status and Latency Dashboard

New Landing Page for Control Center

Continuing the theme in the second half of 2016, here at TIBCO Mashery we have been hard at work at improving the experience of the API Control Center, the web administration application that our customers use to manage their API programs. In order to help newer users understand more and more of what is available in the product, we have changed the initial page shown when entering the API Control Center, replacing the quick links to "create" processes with quick links to the high level functional areas of the product, including descriptions of what those functional areas can do for a user. Additionally, we have added some additional links on the right-hand side of the page to assist in getting more information about the product, whether to access support quickly or learn more through training videos. Sample screen-shot is shown below.


Mashery Local 4.0 is Generally Available!

The next release of Mashery Local - v4.0 was made Generally Available a few weeks back.  With this release we have included several features - some geared towards improvements in security oriented features and some towards improving dev ops flexibility around deploying Mashery Local. The new features are as below:

1) Mashery Local is now also available for deployment in Docker-based environments ( in addition to the virtual appliance form-factor). This allows administrators to easily deploy Mashery Local in either internal data-centers or external cloud platforms that support Docker based deployment choices. 

2) Mashery Local now includes full support for HTTPS server and client support. Features are included that allow administrators to configure trust and identity stores, set up HTTPS client profiles and facilitate two-way SSL if needed to the API back-end. Additionally, communication between an enterprise's load balancer and Mashery Local cluster can now be encrypted over SSL ( via a user-controlled configuration option)

3) Mashery Local now includes a secure way to manage developer secrets - a new option is now avaiable "Secure Hash Authentication" while configuring API endpoints. When this option is selected, secrets will no longer be stored anywhere either on-cloud or on-premise. Instead only a one-way hash of the secrets get stored which render them effectively useless in the event they get compromised

To download this release and get access to the detailed documentation, you can visit http://edelivery.tibco.com as usual or contact Technical Support for assistance

[ Previous | Page 2 of 12 | Next ]