4.16.09 - Edge for Private Cloud release notes

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation.

On Monday, September 19, 2016, we released a new version of Apigee Edge for Private Cloud.

Since the previous Edge for Private Cloud Feature Release, the following releases have occurred and are included in this Feature Release:

See About release numbering to understand how you can figure out whether a specific cloud release is included in your version of Edge for Private Cloud.

Release overview

In this release, the classic API proxy editor has been removed, replaced by the new proxy editor that was available for use alongside the classic editor. Other notable enhancements include improved behavior of API product resource paths, improved handling of JSON payloads defined in Assign Message and Raise Fault policies, enhancements to XML-to-JSON conversions, improved resource validation, the ability to set timeouts on individual API proxies, updated generation of SOAP proxies in the API proxy wizard, and a high-performance Crypto object for JavaScript.

Monetization enhancements include new notification features with a notification rate plan, an API that migrates developers to monetization, and the ability to make rate plans public or private.

The remainder of this topic contains details on all the new features, updates, and bug fixes contained in the release.


API Services

Classic Proxy Editor removed (Cloud 16.04.20 UI)

The new version of the API Proxy Editor is now the only supported version. The classic version is no longer available, and the link to "Access the Classic Version of Proxy Editor" has been removed. If you were using the classic version, your API proxies will be automatically loaded in the new editor. (EDGEUI-498)


The following deprecated features have been removed and are no longer supported:

  • Setting limits
  • Sending limit notifications

As an alternative, you can set up notifications, as described in the following sections:


New features and updates

Following are the new features and enhancements in this release. In addition to the following enhancements, this release also contains multiple usability, performance, security, and stability enhancements.

For further details and instructions, see the Edge for Private Cloud documentation.

Private Cloud

Postres upgrade to version 9.4

This release includes an upgrade to Postgres 9.4. For instructions on updating your system, see Update Apigee Edge to 4.16.09.

GeoMap support in the Edge UI

Geo aggregations lets you collect analytics data for API calls based on geographical attributes such as region, continent, country, and city. From this analytics data, you can view a GeoMap in the Edge UI that shows the location of API requests.

For more information, see Enabling Geo Aggregation and Geo Maps.


Added documentation on:

  • How to configure API BaaS to use TLS. For more information, see Configuring TLS for API BaaS.
  • How to configure all API BaaS Stack nodes to use shared storage so that all assets are available to all API BaaS Stack nodes. For more information, see Uploading assets.
  • How to encrypted Cassandra password when configuring BaaS Stack nodes. For more information, see Resetting Edge Passwords.

Beta release of the Monitoring Tool and Dashboard

Included in this release is a Beta version of the new monitoring tool and dashboard for Edge. This tool allows you to understand the health of various components (Routers, Message Processors, ZooKeeper, Cassandra) as well as http error codes for various orgs and environments in your deployment. You can also take to snapshot of your dashboard data and share it with Apigee to help resolve support incidents.

The documentation, including the install instructions, is included with the Edge 4.16.09 doc at Version 4.18.01.

However, before you can install and use the dashboard, you must complete the Apigee Evaluation Agreement, also available at Version 4.18.01, and return it to Apigee by emailing it to orders@apigee.com.

Beta release of the analytics collector tool

All Edge for Private Cloud customers are required to submit to Apigee statistics about API proxy traffic. Apigee recommends that customers upload that information once a day, possibly by creating a cron job.

To assist in uploading this data, Apigee provides the Beta release of the apigee-analytics-collector command-line utility. This utility sends the API call volume report back to Apigee. Every Edge for the Private Cloud installation can use this utility to retrieve and report traffic data to Apigee.

For more information, see Uploading API Traffic Data to Apigee - Beta Release.

API Services

JSON payloads in Assign Message and Raise Fault (Cloud 16.08.17)

When setting a JSON payload using an Assign Message or Raise Fault policy, users were sometimes required to use workarounds to ensure a JSON message was properly formatted at runtime, such as beginning the payload with a backslash "\" or specifying a variablePrefix and variableSuffix on the Payload element, even if no variables were used in the message.

With this enhancement, no workarounds are needed to ensure proper JSON message formatting, and variables can be specified using curly braces without creating invalid JSON. For example, the following inserts the value of message.content in the JSON message:

<Payload contentType="application/json">{"Message: " : "{message.content}"}</Payload>

If you used a workaround, your code will continue to work as is. You can also use variablePrefix and variableSuffix instead of curly braces to indicate variables.

See the <Set><Payload> element in the Assign Message policy and Raise Fault policy reference docs. (APIRT-1160)

XML to JSON policy enhancements (Cloud 16.08.17)

The XML to JSON policy has been enhanced with the following capabilities. You can configure the policy to:

  • Treat some XML elements as arrays during conversion, which puts the values in square brackets '[ ]' in the JSON document.
  • Strip or eliminate levels of the XML document hierarchy in the final JSON document.

For more information, see XML to JSON policy. (APIRT-1144)

Multiple wildcards in API Product resource paths (Cloud 16.08.17)

When defining resource paths in API Product, you can include wildcards in multiple places in a resource path. For example, /team/*/invoices/** allows API calls with any one value after /team and any resource paths after invoices/. An allowed URI on an API call would be proxyBasePath/team/finance/invoices/company/a.

If after this release your existing API Product resource paths stop working as expected, set the following property on your organization to revert to the previous behavior: features.enableStandardWildCardMatchForAPIProductResources = true


Crypto functions in JavaScript (Cloud 16.08.17)

A new set of high-performance JavaScript crypto functions is available for creating, getting, and updating the following has objects: MD5, SHA-1, SHA256, SHA512. The crypto object also lets you get the date in various formats. For more information, see JavaScript object model. (APIRT-2886)

Java Callout JAR version checking (Cloud 16.08.17)

When uploading a Java JAR resource to an API proxy, an HTTP 400 status code is returned (instead of a 500) if the version of the Java resource is incompatible with the Edge supported version of Java, listed in Supported software and supported versions. (MGMT-3420)

API proxy resources validation (Cloud 16.08.17)

When you have API proxy resource files (such as JavaScript or Java JARs) stored at the environment or organization scope, the validation framework no longer requires you to also include those resources at the API proxy level in a proxy bundle for import to pass validation. Resource validation now occurs at deploy time, not at import time. (MGMT-1430)

Configure the timeout for individual API proxies (Cloud 16.08.17)

You can configure API proxies to time out after a specified time (with a 504 gateway timeout status). The primary use case is for Private Cloud customers who have API proxies that take longer to execute. For example, say you need specific proxies to time out at 3 minutes. You can use a new api.timeout property in the configuration for an API proxy. Here's how you'd do it with the 3-minute example:

  1. First, be sure to configure the load balancer, router, and message processor to time out after 3 minutes.
  2. Then configure the relevant proxies to time out at 3 minutes. Specify the value in milliseconds. For example:
    <ProxyEndpoint name="default">
          <!-- api.timeout is in milliseconeds -->
          <Property name="api.timeout">180000</Property>
  3. Note, however, that raising the system timeouts could result in performance issues, because all proxies without an api.timeout setting use the new, higher load balancer, router, and message processor timeouts. So configure other API proxies that don't require longer timeouts to use lower timeouts. For example, the following sets an API proxy to time out after 1 minute:
    <Property name="api.timeout">60000</Property>

Cloud customers, who can't modify the Edge timeouts, can also configure an API proxy timeout, as long as the timeout is shorter than the standard Edge message processor timeout of 57 seconds.

You cannot populate the value with a variable. This property is covered in the Endpoint properties reference. (APIRT-1778)

SOAP proxy behavior when using the proxy wizard (Cloud 16.07.27 UI)

When creating a SOAP-based proxy from a WSDL using the proxy wizard, there are two options for proxy creation:

  • Pass-Through SOAP, where the proxy simply passes through a SOAP request payload as is.
  • REST to SOAP to REST, where the proxy converts an incoming payload such as JSON to a SOAP payload, then converts the SOAP response back to the format the caller expects.

This release includes the following updates to how these options behave. The differences between the old and new behavior are in the policies and configurations that are automatically generated by the proxy wizard.

Pass-Through SOAP

  • All WSDL operations are now sent to the proxy base path "/" rather than to proxy resources (such as "/cityforecastbyzip"). Operation names are passed through to the target SOAP service. This behavior matches the SOAP specification.

  • The generated proxy no longer supports JSON in the request. It supports only XML. The proxy ensures SOAP requests have an Envelope, Body, and a namespace.


  • WSDL 2.0 is not supported.
  • The new behavior hasn't been tested with WS-Policy.
  • The proxy lets you POST JSON data instead of FormParams.
  • When you add CORS (Cross-origin resource sharing) support to the proxy using the proxy builder, you'll see the following enhancements:
    • Access-Control-Allow-Headers header: In addition to Origin, x-requested-with, and Accept headers, the Access-Control-Allow-Headers header also includes Content-Type, Accept-Encoding, Accept-Language, Host, Pragma, Referrer, User-Agent, and Cache-Control.
    • Access-Control-Allow-Methods header: In addition to GET, PUT, POST, DELETE, this header also includes the PATCH and OPTIONS verbs.
  • When generating an API proxy for a WSDL, Edge reads any ComplexTypes that are defined as abstract in the WSDL and properly recognizes any instance types that are based on the abstract types.

wsdl2apigee open source command-line utility

Apigee also provides an open source command-line utility to generate passthrough or rest-to-soap API proxies from WSDLs. See https://github.com/apigee/wsdl2apigee.


Expiry/refresh default in Key Value Map Operations policy (Cloud 16.06.15 UI)

They Key Value Map Operations policy lets you determine how long values are persisted before being refreshed. The refresh interval is set with the <ExpiryTimeInSecs> element. If a GET operation is executed and the expiry interval has been exceeded, the value is refreshed and the policy gets the updated value. When you add this policy to an API proxy, the default expiry time is now 300 seconds. (The previous default was -1, which means values are never refreshed.) (EDGEUI-579)


Adjustable notification rate plan (Cloud 16.04.20 UI, Cloud 16.04.13 monetization)

A new adjustable notification rate plan in Edge monetization lets an API provider adjust the target number of transactions for each app developer. You can configure if and when notifications are sent based on what percentage of the target number has been reached, such as 90%, 100%, or 150%. This feature is available through the management UI in addition to the management API (which was available in a prior release). For more information, see Specify adjustable notification plan details. (DEVRT-2375, DEVRT-2370)

Webhook notifications for adjustable notification rate plans (Cloud 16.04.27 monetization)

For adjustable notification rate plans, you can create webhooks that send notifications to the URL you specify. You can also control notifications to occur at specific intervals (percentages) up until the transaction limit is reached. Webhook notifications give you a flexible alternative to using the existing notification templates. See Set up notifications using webhooks. (DEVRT-2393, DEVRT-2394)

Adjustable Notification with Custom Attribute rate plan (Cloud 16.05.18 UI)

In Edge monetization, a new "Adjustable Notification with Custom Attribute" rate plan lets you add to a developer's transaction count using the value of a custom attribute. With the standard Adjustable Notification rate plan, each successful API call adds 1 to a developer's transaction count. But with the Adjustable Notification with Custom Attribute rate plan, the value of the custom attribute is added to the developer's transaction count. For example, if custom attribute "small" has a value of 0.1 in the response, the transaction count is incremented by 0.1; or if custom attribute "addressTotal" has a value of 50, the count is incremented by 50. For more information, see Specify rate plan with custom attribute details. (DEVRT-2504)

Set up notifications based on combined transaction totals for a company and its developers (Cloud 16.06.22 monetization)

Typically, transaction totals are tracked for all developers in a company automatically when the developers use the company app to access APIs. What if you have developers that are actively using their own developer apps to access APIs, and you need to track their combined transaction totals without any disruption in traffic? You can add the developers to a company and set up notifications to be sent when thresholds are reached that are based on combined transaction totals for the company and its developers. For more information, see Set up notifications based on combined transaction totals for a company and its developers. (DEVRT-2643)

View and reprocess notifications (Cloud 16.06.08 monetization)

As part of the monetization test suite, you can view and reprocess notifications previously sent using the management API. For more information, see Viewing and reprocessing notifications. (DEVRT-2643)

Test Monetization (Cloud 16.05.25 monetization)

Monetization provides a set of APIs that you can use to test the execution of webhooks to ensure notifications are being sent. For details, see Test notification setup. (DEVRT-2625)

Migrating developers to monetization (Cloud 16.05.11 monetization)

A new API is available to facilitate the migration of developers to monetization. You can transfer transaction usage and charge customized setup and recurring fees. In addition, when accepting a published rate plan, you can waive setup fees in case they have already been charged. For more information, see Migrating developers to monetization. (DEVRT-2446)

Public and Private rate plans for the developer portal (Cloud 16.04.27 monetization)

You can set rate plans to be "Public" or "Private". Public rate plans appear in the developer portal; Private rate plans do not. The default for a rate plan is Public. For more information, see http://docs.apigee.com/monetization/content/create-rate-plans#public-versus-private-rate-plans. (DEVRT-2445)

Unsuspend developers (Cloud 16.06.08 monetization)

Monetization provides a set of APIs that you can use to unsuspend a developer that was previously suspended. A developer might be suspended if a configured limit is reached. For example, the number of transactions has reached its maximum limit or a prepaid account balance has been depleted. For information, see Unsuspend developers. (DEVRT-2641)

View the status of transactions (Cloud 16.06.08 monetization)

As part of the monetization test suite, you can view the status of transactions that have occurred during a specified time range using the management API. For more information, see Viewing the status of transactions. (DEVRT-2640)

Including developer custom attributes in revenue reports (Cloud 16.05.25 monetization)

For revenue reports only, you can include custom attributes in the report, if the custom attribute is defined for the developer. For more information, see Including developer custom attributes in revenue reports using the API. (DEVRT-2447)

Transaction Recording Policy and API product resource consistency (Cloud 16.05.18 UI)

If the resource paths in a monetization Transaction Recording Policy don't match the resources paths defined in its API product (for example, if you change the API product resource paths), the Transaction Recording Policy icon on the Products page shows a warning symbol. When you click the icon to view the Transaction Recording Policy, a warning appears at the top of the page. When you fix the resource paths in the Transaction Recording Policy, the warning indicators disappear. (DEVRT-2240)

Bugs fixed

The following bugs are fixed in this release. This list is primarily for users checking to see if their support tickets have been fixed. It's not designed to provide detailed information for all users.

Edge for Private Cloud

Issue ID Description
TBD-138 Play UI Session Timeout issue
APIRT-2978 Router fails to start Nginx or Router fails to start
AXAPP-2447 InvalidTimeRange error when selecting hourly analytics data
EDGEUI-592 Can now remove "Forgot Password" link from Edge UI when using Externalized Authentication provider
MGMT-3330 Private Cloud external auth bad password attempts locks out users
MGMT-2930 Data Masking not working in debug session
PRC-840 Broken symlink for Edge components
PRC-1004 Added "-p zk" option to installer to install ZooKeeper standalone on a node.
PRC-1013 Initial sysadmin account is not linked to correct LDAP password policy
PRC-1019 "apigee-all stop" doesn't stop Message Processors
PRC-1066 Encrypted Cassandra password not working in usergrid.properties for BaaS Stack


Issue ID Description
SECENG-609 Runtime calls not failing during the delete of the associated truststore or when the valid cert in the truststore is deleted
MGMT-3404 Viewing/retrieving Node.js logs and deploying proxies is very slow
MGMT-3400 Call to the /userroles management API fails if the user doing the call has a "+" sign in the name
MGMT-3368 java.lang.ArrayIndexOutOfBoundsException: 1, when importing an API Proxy bundle that contains resources/node/resources directory
MGMT-3364 OAuthV2: redirect_uri check
MGMT-3319 List entries in a vault which has null value in one of the entries doesn't work for orgs (CPS and non-CPS)
MGMT-3226 Querying at organization/environment level should not pull all data causing API to fail
Release_160302 had a bug where the listing of resources at organization-level/environment level failed if the cumulative size of the resources is above 16MB, this fix takes care of it.
AXAPP-2429 Analytics API using response_status_code returns data access error
AXAPP-2386 Fix empty reports content in analytics daily email reports
AXAPP-2347 Not receiving daily analytics summary emails
APIRT-3141 Java Callouts fail when calling new ExecutionResult() , because the constructor has been made private
APIRT-3140 ServiceCallout policy not working in HEAD api calls
APIRT-3131 Incorrect createdBy shown for an API Proxy when using monetization with an external authentication provider
APIRT-3121 Org resource file change made is not 100% effective
APIRT-3117 MP reached 100% CPU utilization and stopped serving traffic
APIRT-3016 Router "Call timed out" errors on deployments
APIRT-2975 Upload cert bundle failure
APIRT-2955 Unable to mask certain attributes of JSON response data for FHIR-complaint Content-Type header 'application/json+fhir'
APIRT-2946 OAuthV2-RefreshToken Policy not hiding attributes even though display is set to false
APIRT-2908 Enforcing TLS1.2 for internal API call is required post TLS1.2 update on virtualhost
APIRT-2901 Gzipped responses returned from cache are double compressed
APIRT-2873 MPs throw NullPointerException related to VerifyAPIKey after deletion of products/developers/proxies
APIRT-2871 IOIntensive policies appearing twice in Trace
APIRT-2825 Grammatical error in the accesstoken error response
APIRT-2750 Traffic failures high in specific org
APIRT-2685 Traffic cannot flow with unknown error being thrown
APIRT-2647 "Underlying input stream returned zero bytes" error with nonprod/dev
APIRT-2630 Intermittent issues when trying to read value from cache
APIRT-2620 Separate thread pool for some blocking steps
APIRT-2610 java.lang.ClassCastException with Response Cache policy
APIRT-2608 Last-Modified headers parsing error in Response Cache policies
APIRT-2605 "organization" and "environment" variables should not be allowed to overwritten via policies
APIRT-2566 OAuthV2 policy returns malformed WWW-Authenticate Header
APIRT-2491 TargetServer update failed due to RPC timeout between management and mps
APIRT-2386 Empty string scope is created in an API product with an empty Allowed OAuth scopes
APIRT-2383 XSL Transformation policies do not seem to log any data upon an error
APIRT-2364 OAuth fault flow variables not getting updated on error
APIRT-2216 Server sent events - event stream having issues in prod
APIRT-2079 DEBUG cURL call not stopping after the timeout expires for the created session
APIRT-1495 XML Threat Protection not catching fhir Content-Type
APIRT-1404 Inconsistent behavior when a Condition compares a value in single quotes vs. double quotes
APIRT-347 The XSL Policy is not properly validated upon import (does not assign results to output variables as documented)

16.07.27 (UI)

Issue ID Description
EDGEUI-621 Save as New API Proxy uses default name that includes scientific notation, such as "new-1.234568901234568e+53"
EDGEUI-572 Ui displays "Error: Unknown Error" instead of "Error: Session timeout" (monetization)

This release includes minor DB schema changes There are no other software updates in this release.

16.07.13 (UI)

Issue ID Description
EDGEUI-609 New Target Server button is not enabled for a custom role that has permission to create Target Servers
EDGEUI-584 Minor key/secret display bugs for a developer app that has multiple credentials
EDGEUI-571 Proxy name limit incorrectly set to 50 characters in the UI (monetization)

Issue ID Description
DEVSOL-2817 Creation of billing documents using API doesn't work
Issues with billing document creation using the API have been fixed. Billing documents are generated successfully if the developer address is present.
DEVSOL-2797 Improve Developer attribute processing
Boolean custom attribute values are no longer case-sensitive. In addition, when syncing custom attributes with Apigee Edge, existing attributes are updated rather than creating duplicate attributes.

16.07.06 (monetization)

Issue ID Description
DEVRT-2795 Webhook request timestamp field is inconsistent
Within the JSON request sent to the callback handler for a webhook, the developerQuotaResetDate is now expressed in epoch timestamp format to be consistent with the other timestamp formats. For more information, see Setting up the callback handler.

16.06.29 (UI)

Issue ID Description
EDGEUI-600 Unable to view/edit roles for custom reports
EDGEUI-593 5- and 10-minute intervals removed from the analytics UI
Analytics data in the management UI doesn't appear for a minimum of 10 minutes after calls to API proxies are made. Because of this, the 10-minute range setting has been removed from custom reports, and the 5- and 10-minute range setting has been removed from the Performance view of API proxies.

16.06.22 (monetization)


16.06.15 (UI)

Issue ID Description
EDGEUI-566 Blank page after logging into management UI
EDGEUI-564 Users receive permissions errors on management UI login, then they're automatically logged out
EDGEUI-549 Error showing data on the API Proxy Performance view
EDGEUI-544 Custom Roles page displays incorrect value for Delete Reports permission
EDGEUI-504 Confusing status on Developer Apps, Keys, and Products
EDGEUI-120 Internal Error page email link has an invalid email address
DEVRT-2301 Monetization: UI alignment with API on published rate plans
With regard to the expiration date on published rate plans, the management UI now matches the behavior of the management API. If a rate plan has an End Date specified, you cannot change its expiration date. For more information, see Expire a published rate plan.

16.06.08 (monetization)


16.05.25 (monetization)

Issue ID Description
DEVRT-2617 Not receiving an alert when a customer purchases a service plan
DEVRT-1483 NullPointerException when a developer moves from prepaid to postpaid

16.05.18 (UI)

Issue ID Description
EDGEUI-551 UI session expires if inactive for an hour or so

16.05.11 (monetization)

Issue ID Description
DEVRT-2497 Qpids stopped receiving data
DEVRT-2490 Deleting the app key is failing

16.05.11 (UI)

Issue ID Description
EDGEUI-541 Trace Shows IP instead of Host when there is a Target Server
EDGEUI-505 Importing endpoint resources results in authorization failure for all endpoints

16.05.04 (UI)

Issue ID Description
EDGEUI-532 New proxy wizard gets stuck on "Creating product..." step when creating a proxy for a SOAP service
EDGEUI-506 Cache performance is showing "Loading data…" when there is no data available

16.04.27 (UI)

Issue ID Description
EDGEUI-531 Cannot import a JAR file using the new proxy editor
EDGEUI-524 Issue generating an API proxy from a WSDL
EDGEUI-38 If an Invalid WSDL is passed to the Proxy Wizard, the wizard gets stuck on the last page

16.04.27 (monetization)


16.04.20 (UI)

Issue ID Description
EDGEUI-502 Proxy Editor does not show the verb when StartsWith is used as an operator
EDGEUI-496 "Unknown Error" while stopping a Trace session in the management UI
EDGEUI-141 Proxy Editor has hard-coded revision in error message

16.04.13 (monetization)


16.04.13 (UI)

Issue ID Description
EDGEUI-495 Trace always shows .execution.success = false
EDGEUI-494 Javascript policy always generates script with the default name even when I specify a different name
EDGEUI-432 Directed proxy creation on Edge management UI dashboard
EDGEUI-90 New API Proxy Editor injects inappropriate whitespace around CDATA elements

Known Issues

This release has the following known issues:

Issue ID Description

Message Processor does DNS lookup on IPv4 and IPv6

If you have installed and enabled NSCD (Name Service Cache Daemon) you might notice that Message Processors make two DNS lookups: one for IPv4 and one for IPv6.

To disable the DNS lookup on IPv6:

  1. On every Message Processor node, edit /etc/nscd.conf.
  2. Set the following property:

    enable-cache hosts no
DOC-1687 Due to a known package dependency conflict, the Katello agent used in Satellite Server 6 will not install properly on Apigee Edge hosts running the Qpid daemon.