TIBCO Cloud Mashery API Developer Blog

Continuing the theme in the second half of 2016, here at TIBCO Mashery we have been hard at work at improving the experience of the API Control Center, the web administration application that our customers use to manage their API programs. In order to help newer users understand more and more of what is available in the product, we have changed the initial page shown when entering the API Control Center, replacing the quick links to "create" processes with quick links to the high level functional areas of the product, including descriptions of what those functional areas can do for a user. Additionally, we have added some additional links on the right-hand side of the page to assist in getting more information about the product, whether to access support quickly or learn more through training videos. Sample screen-shot is shown below.

The next release of Mashery Local - v4.0 was made Generally Available a few weeks back.  With this release we have included several features - some geared towards improvements in security oriented features and some towards improving dev ops flexibility around deploying Mashery Local. The new features are as below:

1) Mashery Local is now also available for deployment in Docker-based environments ( in addition to the virtual appliance form-factor). This allows administrators to easily deploy Mashery Local in either internal data-centers or external cloud platforms that support Docker based deployment choices. 

2) Mashery Local now includes full support for HTTPS server and client support. Features are included that allow administrators to configure trust and identity stores, set up HTTPS client profiles and facilitate two-way SSL if needed to the API back-end. Additionally, communication between an enterprise's load balancer and Mashery Local cluster can now be encrypted over SSL ( via a user-controlled configuration option)

3) Mashery Local now includes a secure way to manage developer secrets - a new option is now avaiable "Secure Hash Authentication" while configuring API endpoints. When this option is selected, secrets will no longer be stored anywhere either on-cloud or on-premise. Instead only a one-way hash of the secrets get stored which render them effectively useless in the event they get compromised

To download this release and get access to the detailed documentation, you can visit http://edelivery.tibco.com as usual or contact Technical Support for assistance

We have more exciting UI changes coming to the Control Center. Soon you will have a more visually appealing white background for the API Control Center instead of the traditional dark one. We hope this will provide a much better visual experience for you. We are making this change for several reasons:

• The color scheme matches with the rest of the products offered by TIBCO cloud services and provides a more unified UI experience.
• Feedback from a majority of customers indicated a preference towards a “lighter” application.
• It sets the stage for further enhancements to the product, including leveraging API oriented capabilities found in TIBCO Cloud Integration (http://cloud.tibco.com).

A while back, we announced the availability of the TIBCO Mashery Connector for TIBCO Simplr (blog post here). And we haven't stopped there! Over the past month, we've been working hard to make it easier to use as well as open up more data that can be pulled out of the Mashery V3 API. The enhancements are as follows:

A preview of the new actions can be seen below. Visit the original blog post to learn more about the feature in general. And visit simplr.tibco.com to sign-up today.

We are pleased to let you know about some exciting changes coming to your Control Center experience. We have introduced a new header and incorporated a few changes based on customer feedback. For the new header "Mashery Control Center" has been replaced with "TIBCO Mashery".

The area name is displayed on the right and clicking the area name would give additional information, such as the Area UUID. This is a quick and easy way to find the UUID of a given area. Next to the area name is an icon(?) that you can click to get area information, get access to the latest Control Center documentation or get information on how to contact support.

As always we are trying to make the product better and we have bigger changes coming to the Control Center especially with regards to the look and feel. Stay tuned for more product updates. 

Mashery Local 3.1.1 is generally available for customer download on edelivery.tibco.com. The release includes greater access to networking system level commands for the Mashery Local administrator plus includes critical bug fixes. 

We are super excited here at TIBCO Mashery to announce the release of our new feature: Distributed API Management. The feature adds group-aware role based access control to the Mashery product. Distributed API Management will allow users to create multiple organizations within the Control Center. Different assets such as Users, APIs and Packages can be assigned to an organization and managed independently of each other. Depending on which organization a user belongs to and what permission he or she has, they will be able to perform certain operations and view certain assets. Currently we have the roles of Admin, API Manager, Community Manager and a Reports User within an organization that can be assigned to a Control Center User.

We have also provided a new way of grouping developer users and controlling the access settings for these users. There is a new group called Portal Access Group that can be created for each organization. Users with access to Portal, typically developer users can now be added to the Portal Access Group. Plans and IO Docs can be added to the Portal Access Group. Users in a given Portal Access Group will get access to the Plans and IO Docs in that group when they log into the Portal.

Please contact customer support if you need the feature to be turned on for your area or want to learn more. Below are a few screen shots that go into a bit more detail on how the feature is designed and how it can be used. You can also view a recorded demo here.

If you are a Mashery API user - if not, sign-up here! - then you might not be aware of the fact that we're passing back, in the response header, information about your usage of the API, which can help you add in more resilency to your custom API programs, e.g. if you are about to hit a QPS limit, then perhaps you want to add in a slight delay to a next call. This information can be very useful for developers building custom applications using the Mashery API.

The headers returned are:

• X-Packagekey-Qps-Allotted: The maximum QPS (queries per second) capacity set on your API key. This is the maximum number of calls that can be made in any given second.
• X-Packagekey-Qps-Current: The current count of calls being applied against the above limit; in this case, it is a representation of how many calls your key is making at that particular second in time.
• X-Packagekey-Quota-Allotted: The maximum number of calls that can be made on daily basis. 
• X-Packagekey-Quota-Current: The current count of calls made in the current limit period, i.e. the current day.
• X-Plan-Quota-Reset: The time when the quota count will reset to 0.

Example response headers are below:

X-Packagekey-Qps-Allotted: 25
X-Packagekey-Qps-Current: 1
X-Packagekey-Quota-Allotted: 2000000
X-Packagekey-Quota-Current: 105094
X-Plan-Quota-Reset: Saturday, July 30, 2016 12:00:00 AM GMT

At the end of August, all customers currently using the TIBCO Mashery API Control Center will be moved over to the new Developer Management User Experience. You can read more about that new experience here. At that time, there will be a change to the name of a feature, previously referred to as Roles or Custom Roles, which will be re-named Portal Access Groups. This feature gives you, the customer, the ability to define arbitrary role names that can be applied against content, APIs and API Plans in order to ensure that people with said roles only have access to these objects in the developer portal. You can learn more about that feature by exploring the product documentation here. We're re-naming to Portal Access Groups in order to reflect exactly what they are: a grouping of developers for the purpose of exposing different assets - content, APIs and API Plans - to them while visiting the portal.

Coincident with this change will be a new and improved user experience for managing Portal Access Groups. You can see this in action in this short demo video here. Some screenshots are displayed below.

NOTE: if you are currently using the Event Trigger Feature (blogged about here), you should be aware that there has been a slight change to the payload sent across from Mashery to your respective target endpoint. "object_type" is no longer provided; you must inspect the URI path to determine the type of object being passed to your code. If you have any questions, please contact support.