4.17.05 - Edge for Private Cloud release notes

You're viewing Apigee Edge documentation.
Go to the Apigee X documentation.

Since the previous Edge for Private Cloud Feature Release, the following releases have occurred and are included in this Feature Release:

Edge UI release Edge management release

See About release numbering to understand how you can figure out whether a specific cloud release is included in your version of Edge for Private Cloud.

Release overview

This release includes a number notable features that help you better control and secure your APIs, including:

  • Shared flows support zero-downtime deployment.
  • Deleting monetization data for an organization now supported.
  • Additional new features described below.

On the deprecation front, vaults have been deprecated.

The remainder of this topic contains details on all the new features, updates, and bug fixes contained in the release.

Deprecations and retirements

The following features were deprecated or retired in this release. See the Edge deprecation policy for more information.

Retired: Adding paths on the API proxy Performance tab

Up to this release, you could navigate to an API proxy in the management UI, go to the Performance tab, and create different paths for a chart-based comparison on the proxy's Performance tab and in the Business Transactions dashboard. This feature is now retired and is no longer available in the UI. For an alternative to this functionality, see the following Apigee Community article: https://community.apigee.com/articles/23936/alternative-to-business-transactions-api.html. (EDGEUI-902)

Retired: buildInfo URL for the Developer Services portal

In previous versions of the portal, to determine your portal version you opened the following URL in a browser:


In 4.17.05 this link was removed. To determine the version, open the Reports > Status report menu entry in Drupal. The portal version appears in the table in the row named Install profile.

Deprecation of Apigee secure store (vaults)

The Apigee secure store, also known as "vaults," is being deprecated and will be retired a year from the deprecation announcement date shown on the Deprecations and retirements page. Vaults, which provide encrypted storage of key/value pairs, are created with the management API and accessed at runtime with functions in the apigee-access Node.js module.

Instead of using the secure store, use encrypted key value maps (KVMs), as described in Working with key value maps. Encrypted KVMs are just as secure as vaults and provide more options for creation and retrieval. (MGMT-3848)

New features and updates

Following are the new features and enhancements in this release. In addition to the following enhancements, this release also contains multiple usability, performance, security, and stability enhancements.

Private Cloud

Added new required SMTP configuration parameter to installation

You must now use the SMTPMAILFROM parameter in the Edge installation configuration file. This parameter specifies the email address used when Edge sends automated emails, such as when a user requests to reset a password. See Install Edge components on a node for more.


Can now set the timeout used by the Edge UI for Edge API management calls

You can now specify the API timeout duration used by the Edge UI to control how long the UI waits for an API management call to return. The following properties define the timeout:

  • conf_apigee_apigee.feature.apitimeout sets the time, in seconds, that the UI waits for a call to the backend to return, regardless of any activity on it. If the call is not completed in that time, the UI throws a timeout error. The default value is 180 seconds (3 minutes).
  • conf_apigee_play.ws.timeout.idle sets how long the UI waits, in milliseconds, for activity on the server. It can be set to the same value as conf_apigee_apigee_apitimeout or to a lesser value. Setting it to a larger value has no effect. The default is 180000 milliseconds (3 minutes).
  • conf_apigee_play.ws.timeout.connection sets how long the UI waits for a connection to be established. It can be set to the same value as conf_apigee_apigee_apitimeout or to a lesser value. Setting it to a larger value has no effect. The default is 120000 milliseconds (2 minutes).

See Set the timeout used by the Edge UI for Edge API management calls for more.


Added Message Processor retry timeout to Routers

Added a timeout so that Routers stop retrying a request to Message Processors and returns an error message.

See Configuring the Router to retry connections to a Message Processor for more.


Added procedure to change the default system administrator

Documentation is now included to change the default system administrator.

See Managing Users, Roles, and Permissions for more.


Added documentation on separating Edge install tasks between root and non-root user

New documentation describes the steps to separate Edge install tasks between root and non-root user.

See Edge Installation Overview for more.


Edge automatically sends emails in response to certain events, such as when a user is added to an organization. Many of these emails contain a link. For example, when a new user is added to an organization, the Edge UI sends the user an email containing a login URL in the form:


The domain is determined automatically by Edge and is typically correct for the organization. However, there is a chance that when the Edge UI is behind a load balancer that the automatically generated domain name is incorrect. If so, you can use the conf_apigee_apigee.emails.hosturl property to explicitly set the domain name portion of the generated URL.

See Setting the hostname for links in generated emails for more.


Setting the base URL displayed by the Edge UI for an API proxy

The Edge UI displays the URL of an API proxy based on settings in the virtual host corresponding to where the proxy is deployed. This display can include the Router port number of the virtual host.

In most cases, the URL displayed in the Edge UI is the correct URL for making external requests to the proxy. However, for some configurations, the displayed URL is not correct. For example, any one of the following configurations can cause the displayed URL displayed to not correspond to the actual URL used to make external requests to the proxy:

  • SSL termination occurs at a load balancer
  • Port mapping occurs between a load balancer and Apigee routers
  • A load balancer configured with path rewriting

Edge for Private Cloud 4.17.05 and later support an attribute on the virtual host called <BaseUrl> that lets you override the URL displayed by the Edge UI. Here's an example showing the virtual host object with the new <BaseURL> attribute. In this example, the value "http://myCo.com" appears in the Edge UI:

<VirtualHost name="myVHost">

If <BaseUrl> is not set, the default, then the default URL rendered by the Edge UI will appear as: "http://DNS_name_or_IP:9005/", whereas actual host alias setup is "http://myCo.com".

You can also set the base URL when creating an organization by using the VHOST_BASEURL property with the apigee-provision utility.

See Configuring TLS access to an API for the Private Cloud for more.


Added documentation on enabling debug logging

Documentation has been added to describe how to enable/disable debugg logging for Edge components.

See Enabling debug logging for more.


New installer and command syntax for the apigee-analytics-collector utility

All Edge for Private Cloud customers are required to submit to Apigee statistics about API proxy traffic using the Beta release of the apigee-analytics-collector command-line utility. This utility sends the API call volume report back to Apigee.

This release of Edge contains new installation instructions and command syntax for the apigee-analytics-collector utility. In this release, you now use apigee-service to install the apigee-analytics-collector utility, instead of npm, and invoke the apigee-analytics-collector utility through apigee-service instead of as a stand-alone command.

See Uploading API Traffic Data to Apigee - Beta Release for more.

New default installation directory after Developer Services portal update of Nginx/Postgres from a new 4.17.01 installation

After updating a new installation of 4.17.01 that uses Nginx/Postgres, the root directory changed from:




API Services

Stricter input validation for entities

Stricter input validation has been enforced across all entities of Apigee Edge organization. The allowed characters are usually alphabets (all cases), numbers, underscore.

Entities affected include:

  • Organizations
  • Environments
  • API proxies
  • API proxy revisions
  • Policy names in the API proxy
  • Debug trace mask config IDs
  • Resource names (Java callout, xsl, all resources)
  • Keystores
  • CRLstores
  • Resource references
  • Target servers


Shared flows zero-downtime deployment

When you want to deploy shared flows and ensure that little or no incoming traffic is rejected during deployment, you can now use a zero-downtime deployment management API. The process is almost identical to zero-downtime deployment for API proxies using the management API. The only difference is the management API resource.

The following call deploys the shared flow revision indicated in the URI, then undeploys the previously deployed revision (the override=true query parameter enables this):

curl -X POST -H "Content-type:application/x-www-form-urlencoded" \
https://api.enterprise.apigee.com/v1/o/{org_name}/environments/{env-name}/sharedflows/{shared_flow_name}/revisions/{revision_number}/deployments?"override=true" \
-u email:password



Deleting monetization data for an organization

You may wish to delete monetization data for your organization in the following scenarios:

  • Delete your organization. In this case, you must delete the monetization data before you can delete the organization.
  • Clear monetization data from a test organization that you would like to reuse. In this case, you must synchronize the Apigee Edge data after you delete the monetization data.

For more information, see Delete monetization data from your organization. (DEVRT-2581)

Added API for enabling monetization for an organization

You can now use an API to enable monetization for an organization.

See Enable monetization for an organization for more.


Bugs fixed

The following bugs are fixed in this release. This list is primarily for users checking to see if their support tickets have been fixed. It's not designed to provide detailed information for all users.

Private Cloud 4.17.05

Issue ID Description

Monetization has smaller length limit on product and app names than Edge

Monetization and Edge now have the same length limits on product and app names.

DOS-4400 apigee-service backup action fails when data directory uses symlinks

ZooKeeper validation now works with hostnames as well as IP addresses

Edge configuration files now let you specify ZooKeeper nodes using IP addresses and hostnames.


"apigee-provision delete-env" action does not let you enter the admin password from the command line

You can now enter the admin password from the command line.


ZooKeeper validation now works when you specify the ":observer" suffix

Edge configuration files now let you specify the ":observer" suffix for ZooKeeper nodes.


User session not destroyed when user logs out of Edge UI

When a user logs out of the Edge UI, the session cookie for the user is deleted. However, while the user is logged in, malware or other malicious software running on the user's system could obtain the cookie and use it to access the Edge UI.
You can configure the Edge UI to store information about current sessions in server memory. When the user logs out, their session information is deleted, preventing another user from using the cookie to access the Edge UI. See Configure the Edge UI to store session information in memory for more.

Can now set the password hint text in the Edge UI

You can now control the text that appears in the reset password dialog box in the Edge UI. This is useful if you have special requirements on user passwords. See Setting the password hint text in the Edge UI for more.


Support for encrypted KVMs in the Edge UI is disabled by default

In previous releases, you had to explicitly enable support for encrypted KVMs in the Edge UI.


SMTP TLS port is no longer limited to 465

You can now choose the SMTP TLS port.

Cloud 17.04.12 (UI)

Issue ID Description
EDGEUI-1008 Incorrect redirection when switching to Try New Edge in SAML-enabled URL
Redirection works properly now when you click Try New Edge from a SAML-enabled URL.
EDGEUI-980 Trace session should be stopped after user saves changes to an API proxy or undeploys it from the environment
The Trace session is now stopped after a user saves changes to an API proxy or undeploys it from the environment.
DEVRT-3532 EDGE UI enforcement of decimal places
The EDGE UI can now enforce the number of decimal places, including the number of places allowed in input masks.

Cloud 17.04.05 (UI)

Issue ID Description
EDGEUI-976 Maximum Trace Transactions message incorrectly breaks across two lines
When displaying error messages, the Edge UI would sometimes incorrectly split a word across two lines. This issue has been fixed.
EDGEUI-971 SOAP 2 REST: remove samples that don't work
References to the CurrencyConvertor example WSDL have been removed from the Edge UI and documentation.
EDGEUI-905 SOAP proxy Weather WSDL example isn't working anymore
References to the Weather example WSDL have been removed from the Edge UI and documentation.

Cloud 17.03.29 (UI)

Issue ID Description
EDGEUI-967 Suppress error messages after trace session is stopped
When an error is encountered during a trace session, the trace session is stopped and subsequent error messages will be suppressed.

In addition, when you reach the maximum number of transactions allowed for a single trace session and the trace session is stopped, the following message is now displayed:

A maximum of 20 transactions can be fetched during a trace session. Start a new trace session to view more transactions.

EDGEUI-966 API product details page not displaying developer apps
In certain circumstances, the API product details page did not display any developer apps. This issue has been fixed.
EDGEUI-965 Developer Apps page hangs on openSUSE in some timezones
The Developer Apps page would not load on openSUSE in certain time zones. This issue has been fixed.
EDGEUI-907 Encrypted checkbox is selected by default for all HIPAA orgs
For HIPAA organizations, all key value maps are encrypted. When adding a new key value map using the UI for a HIPAA organization, in the New Key Value Map dialog the Encrypted checkbox is selected and cannot be disabled.

Cloud (UI)

Issue ID Description
EDGEUE-996 Product details page not showing apps
The product details page now shows all developer apps.
EDGEUI-973 Edge redirects to the login screen after Stop Trace Session
A bug has been fixed that was causing Edge to redirect users to the login screen when performing normal operations, such as stopping a Trace session.

Cloud 17.03.15 (UI)

Issue ID Description
EDGEUI-961 Leave buffer time for calculating token refresh
To prevent calls to Edge from occasionally failing, Edge now checks for and refreshes tokens that are due to expire in the near future, rather than refreshing only those that have expired.
EDGEUI-954 Proxy editor replacing quotes in conditions with encoded entity
In the proxy editor, quotes are no longer encoded within the <Condition> tag.
EDGEUI-952 Trace tool not working when filtered query parameters include special characters
The Query Parameter filter in the Trace tool works correctly when special characters are specified in the filter.
EDGEUI-943 Expired /oAuthRefreshToken should not return a 500 error
In the event an OAuth token expires, an 303 HTTP status code is now returned instead of a 5XX server error.
EDGEUI-942 Node.js Logs page should stop auto-refresh when there is an error
When viewing node.js logs, if an error is encountered, Auto Refresh is disabled automatically. You can re-enable automatic refresh by clicking Start Auto Refresh.
EDGEUI-941 Issues with error handling and auto logout
Under certain circumstances, when a user needs to re-enter credentials to continue working, the UI does not redirect to the login screen. This issue has been fixed.
EDGEUI-934 Bundles submitted from proxy editor should be compressed
When you edit a new or existing revision in the proxy editor, a compressed ZIP bundle is now submitted.
EDGEUI-918 Update Apigee Advisory
The Apigee Advisory has been updated as follows:
  • Queries the last 24 hours (instead of only supporting "yesterday midnight")
  • Stops querying if an error is encountered when checking for advisories (for example, your credentials have expired)
  • The title has changed to Advisories from Advisory Alerts
EDGEUI-917 Don't wrap 4xx errors as 502
4xx HTTP errors are no longer wrapped as 502 HTTP Bad Gateway errors in the UI.

Cloud (monetization)

Issue ID Description
DEVRT-3584 Transitional support for GET {organization}/limits call
All API endpoints for the retired Limits feature have been removed and will respond with status code 404, except for GET {organization}/limits, which returns an empty limit array (to allow time for transitioning away from using this endpoint). It is recommended that you remove all references to the GET {organization}/limits endpoint prior to September 2017 at which time it will be removed.
DEVRT-3555 Synchronizing developers output says "products"
When synchronizing developers using the monetization API, as described in Synchronizing developers using the API, the output specified "products" instead of "developers". This issue has been fixed.

Cloud (monetization)

Issue ID Description
DEVRT-3554 Add API product to more than one API package
You can now add an API product to multiple API packages that may or may not have active developers, as long as the developers do not accept two separate rate plans that are applicable to the same API product.
DEVRT-3532 Additional decimal places support for rate plan rating
The MINT.RATE_DECIMAL_PLACES property is now supported for your organization to enable you to set the number of decimal places supported for certain rate plan values. See Configure the number of decimal places for rate plan rates.
DEVRT-3517 Flag to enable tax engine per organization
The MINT_TAX_ENGINE_ENABLED flag is now available to allow system administrators to enable or disable the tax engine for monetization. The tax engine is disabled by default for new monetization-enabled organizations.
DEVRT-3454 Improve exception handling/responses in Monetization APIs
Error handling has been improved to include more specific details about the reported errors.
DEVRT-3441 Usage notification triggered incorrectly
A usage notification was triggered incorrectly. The issue that caused this to occur has been fixed.

Cloud 17.03.13 (API Management)

Issue ID Description
MGMT-3843 "org.antlr.v4.runtime.Vocabulary" error on rendering model as HTML
MGMT-3829 Attempt to deploy an API proxy with shared flow deployment API endpoint appears to succeed
This bug fix adds validation in Sharedflow deployment API to return 400 Bad Request "NoSharedFlowsToDeploy" on deploying an apiproxy revision.
MGMT-3667 GET /v1/o/{org}/developers returns inaccurate count of developers
MGMT-3575 expressions.parser.InvalidPattern exception during deployment
MGMT-3511 Proxy deployment returns 400 response code even though deployment succeeds
This bug fix takes care of ignoring the un-deployment status of an apiproxy revision triggered via another un-deployment api call during the override deployment of a new revision.

Cloud 17.03.1 (UI)

Issue ID Description
EDGEUI-936 Trace: Setting a Filter on Content-Type doesn’t work because slash is double-encoded
EDGEUI-935 "Error fetching analytics data" when using = sign in custom report filter
EDGEUI-930 XML-encoding on regular expression protection policy not preserved when saving bundle

Cloud 17.02.15 (UI)

Issue ID Description
EDGEUI-901 Error in WSDL generated as part of SOAP-pass through proxies
EDGEUI-884 Viewing a product associated with tens of thousands of apps could crash the UI
EDGEUI-868 In IE browser, some UI pages do not display and give error, "Object doesn't support property"
EDGEUI-238 Misleading Trace error "You do not have permission to trace in this environment."
The real issue was that the selected proxy revision wasn't deployed.

Cloud 17.02.13 (API runtime)

Issue ID Description
DEVRT-3205 Create company fails intermittently
APIRT-3513 Proxy calls failing due to Vhost not found error
APIRT-3507 Intermittent errors on JavaScript service callouts that called the same IP with different hostnames
APIRT-3449 Policy Verify OAuth v2.0 Access Token sets wrong property name; double-prefixes apiproduct.apiproduct.*
APIRT-3392 Intermittent high response times on MPs for specific proxy
APIRT-3032 DNS lookup being done on target.url which is set to an ip address

OAuthV2 policy - Generate Access Token returns api_product_list incorrectly formatted
When using the management API to generate an OAuth v2.0 access token, the JSON response includes a list of API products in the following format:

"api_product_list" : "[Product1, Product2, Product3]"

A new api_product_list_json property in the response also returns the list of products as an array of individual product names:

"api_product_list_json" : ["Product1", "Product2", "Product3"]

Cloud 17.02.13 (API management)

Issue ID Description
UAPAQ-146 TPS analytics metric returns minutes, not seconds

Cloud 17.01.18 (UI)

Issue ID Description

Errors importing or saving large bundles (>10MB)

This issue was addressed in a hotfix released on February 6, 2017. (REL-3948)


Users are not receiving an email when added to an org in the UI

This issue was addressed in a hotfix released on January 23, 2017.

EDGEUI-847 NodeJS option should be removed from Service Callout policy option
EDGEUI-827 Custom roles can allow additional permissions unexpectedly

Cloud 17.01.16 (API management)

Issue ID Description
MGMT-3697 Management API slow performance
MGMT-3674 Unable to create encrypted KVM or Vaults for HIPAA-enabled orgs
MGMT-3647 User role access for users with Capitalized email throws 403
MGMT-3601 Error when deploying new Apigee proxy
MGMT-3527 Load Target server, Cache, VirtualHost error during deployment
DOS-4008 Traffic logging bug showing inaccurate drop in traffic

Cloud 17.01.16 (monetization)

Issue ID Description
DEVRT-3385 Add notification templates for company-developer notifications
Default notification templates have been added for company-developer notifications, including COMPANY_INVITES_DEVELOPER and DEVELOPER_INVITES_COMPANY. For more information, see Set up notifications using notification templates.
DEVRT-3364 Rate plan not renewed on renewal date
An issue has been fixed that was preventing rate plans from being renewed on the configured renewal date.
DEVRT-3325 Rate plans not generating usage notifications
An issue has been fixed that was preventing rate plan usage notifications from being sent.
DEVRT-3297 API calls are not blocked after rate plan expires
An issue has been fixed that was enabling API calls to go through after the rate plan expiration date.
DEVRT-3296 Deleting an API package with draft or expired plans returns a 500 HTTP error
When deleting an API package that had draft or expired rate plans, the delete operation would fail with a 500 HTTP error. A more descriptive error is now returned indicating that the user must delete the expired or draft rate plans before they can delete the API package.
DEVRT-3178 Future rate plan not applied to developer accepting parent rate plan after future rate plan is published
If one or more developers accepted a parent rate plan after a future rate plan had been published, the future rate plan was not honored and they were suspended when the parent rate plan expired. This issue has been fixed.
DEVRT-3113 Duplicate notifications sent for some events
Duplicate notifications are no longer sent for the same event.