To protect a transactional endpoint, like a login or checkout page, you define a resource purpose in API Definitions, then set protections for it in Bot Manager Premier or Account Protector. Perhaps, like us, you never cared for that term. We’re happy to share that we’re changing the term resource purpose to the more apt and appropriate term operation.

We've made the following enhancements and bug fixes:

Improvements to API Definitions give you better security and greater control over your APIs.

We've combined the API Gateway and API Discovery documentation into the API Definitions documentation to make it easier for you to find the guides, API docs, and resources you need to define your APIS across your products. Everything is now in one place. Visit the Welcome page for a toolkit of API Definition resources.

New features

New features

• In JWT settings, you can now load public RSA keys dynamically from a JSON web key set (JWKS).
• The color of switches throughout the API Definitions and Key and Quota Management applications has changed from red/green to grey/dark blue to increase usability.

• The property activation status check is now functional.
• Endpoint versions may now be updated when any associated hostnames have been removed from property configurations but remained in use in API configurations.
• Performance improvements in backend configuration processing.
• GraphQL users may now specify a maximum query size up to 8129 bytes.
• GraphQL users may now specify a nesting depth for queries up to 100 levels.

• Activating a registered API no longer changes the last modified date for that registered API.
• The Reset to API settings button in API Definitions is clearly separated from other elements in the UI.
• GraphQL settings are no longer visible for registered APIs with the GraphQL feature turned off.
• The UI for OAuth scopes clearly shows all APIs and resources each scope is associated with.
• The tool for comparing API versions in API Definitions includes GraphQL and OAuth scopes settings.
• When importing a Swagger file without an API name, the server URL is no longer used as a replacement for the API name in API Definitions. Instead, API Gateway returns a 400 HTTP error response indicating that an API name should be specified in the Swagger file.
• The email alerts received after activating an API are more user-friendly.
• A bug that caused failed activations of APIs for some customers has been fixed.

New features