TIBCO Mashery API Developer Blog

Portal Security Updates

The Mashery team released an update to the Mashery developer portal to provide more security options for clients and provide additional configuration settings.  The following changes are described below:

  • Any login to a Mashery powered portal now occurs using SSL
    Users will by default will be redirected to a secure domain managed by Mashery for login.  After successful login, the user will be redirected back to your domain. Note that a small set of clients have specific login requirements using SAML or Single Sign-On, in such cases Mashery is working currently with such clients to migrate their existing configuration.
  • My account functions, such as changing passwords or updating account information, now occurs using SSL  
    Clients will be redirected to a secure Mashery domain for managing their account and will the be redirected back to your domain when finished.
  • New login page allows for customer branding
    When users are redirected to a mashery SSL domain to login, Mashery will include a new option to add a logo on this login page in order to cobrand the page with Mashery.  
  • Clients now have the option to provide their own SSL certificate to Mashery
    In the case where a client provides an SSL cert for their domain, Mashery will host the SSL certificate.  Users will then be able to login and my account functions will be served via SSL under your domain.  Furthermore, this option will allow clients to further customize the login page with their header, footer and sidebar.  Note that Mashery hosting a client's SSL certificates is optional to clients and likely result in a slight increase to your monthly platform fee.
  • All dashboard access will be under SSL
    When clients log into the Mashery dashboard to access reports, setup endpoints or create content, such access will be served under a separate admin domain name under mashery.com.  Your existing Mashery IDs will continue to work and grant you access to the dashboard.

New configuration options allow you to manage HTTP auth, domain names, and redirects

New login page branding allow to you add your own layout to the login page