Red Hat 3scale API Management SaaS Release Notes
Updated
About Red Hat 3scale API Management SaaS
3scale SaaS is managed and operated by Red Hat as a cloud service. The product updates listed in this page refer to the 3scale SaaS version only. For other versions, check out the corresponding release notes in the This content is not included.3scale customer portal page.
New Features and Enhancements
| Date | Type | Summary | Details |
|---|---|---|---|
| May 12th, 2026 | New Feature | Configurable Security Headers | Providers can now configure Permissions-Policy, Content-Security-Policy (CSP), and CSP-Report-Only headers for both the Admin and Developer portals. This update removes the previous global permissive CSP, making security headers configurable per account. By default, The Admin Portal ships with a report-only policy to help detect issues before enabling enforcement. |
| May 12th, 2026 | Enhancement | Default Passwords | The default password for the sample developer account (“John Doe”) is no longer a static value. A unique, strong password is now generated dynamically and displayed to administrators in the UI when applicable. This change removes the use of shared default credentials and improves overall platform security. |
| March 31st, 2026 | Enhancement | Strong Passwords | Strong password policies are now mandatory in the admin portal and the Account Management API. All new or updated passwords must comply with the enforced complexity rules, including a minimum length of 15 characters. Existing passwords will continue to work until updated, but any new or modified passwords must comply with the enforced policy. |
| March 19th, 2024 | New Feature | Quick Starts | Introducing Quick Starts, in-app guided tutorials designed to help users kickstart their journey with the product. Access step-by-step instructions and resources directly within the 3scale UI, enabling smoother onboarding and rapid familiarization with key features. |
| January 31st, 2024 | Enhancement | Improved bot protection | Strengthened security protocols with more advanced captcha systems for enhanced user experience and reduced intrusion on legitimate users. |
| October 9th, 2023 | Enhancement | Require the current password on the user update form | For security reasons, users are now required to enter their previous password when updating their personal details in the Developer Portal. (This content is not included.JIRA #6648). |
| June 20th, 2023 | Upgrade | 3scale APIs upgraded to OAS3 | Update for 3scale APIs to use version 3 of the OpenAPI specification (OAS3). The user interface for the online API documentation has been renewed and shows a different look and feel and options. |
| September 14th, 2023 | Enhancement | Prevent deletion of used metrics | If a metric or method is currently used by the mapping rules set in the gateway configuration (either staging or production), the system will prevent it from being deleted and will show a message to the user (This content is not included.JIRA #7112). |
| June 20th, 2023 | Upgrade | 3scale APIs upgraded to OAS3 | Update for 3scale APIs to use version 3 of the OpenAPI specification (OAS3). The user interface for the online API documentation has been renewed and shows a different look and feel and options. |
| December 21st, 2022 | APIcast Upgrade | APIcast upgraded to v3.13 | A new version of APIcast hosted has been released (APIcast v3.13). It provides general improvements and internal bug fixes. |
| September 6th, 2022 | APIcast Upgrade | APIcast upgraded to v3.12 | A new version of APIcast hosted has been released (APIcast v3.12). It incorporates two new policies: HTTP Response Code Overwrite and NGINX Filters. It also includes general improvements like additional functionality and options to the CORS Request Handling and the Maintenance Mode policies. |
| June 14th, 2021 | Enhancement | Improved UI for creating Mapping Rules | Renewed user interface for creating Mapping Rules. With the new form, it's easier to find the Methods and Metrics of the selected Product or Backend; especially when there is a large number of them. |
| May 5th, 2021 | Enhancement | Improved UI for creating New Applications | Renewed form for creating new Applications. Also added the ability to create new applications from the most relevant places of the UI: the global applications list (Audience>Applications), the list of applications in an account (Audience>Accounts>Account>Applications) and from the product applications list (Products > Product > Applications > Listing). |
| April 20th, 2021 | APIcast Upgrade | APIcast upgraded to v3.10 | A new version of APIcast hosted has been released (APIcast v3.10). It includes various improvements including support for PROXY protocol in IP Check Policy, extended features for the URL rewriting with captures policy and performance enhancements. |
| October 20th, 2020 | Enhancement | Better scalability for large number of Products and Backends | User Interface improvement with regard to managing many products and backends: 1. The dashboard displays the most recently updated products and backends. 2. New paginated and searchable pages display all products and all backends, directly accessible from the context switcher. |
| September 22nd, 2020 | APIcast Upgrade | APIcast upgraded to v3.9 | A new version of APIcast hosted has been released (APIcast v3.9). It includes various improvements including: Custom metrics and mutual TLS connections between APIcast and upstream APIs. |
| August 17th, 2020 | New Feature | APIs as a Product | Manage your APIs by separating your internal APIs (aka 'Backends') from your customer facing APIs (aka 'Products'). You can now : Expose any number of Backends as one Product, Re-use Backends in any Product, Get stats on Backend Usage. Check out this doc for a more in-depth overview. |
| April 6th, 2020 | APIcast Upgrade | APIcast upgraded to v3.8 | A new version of APIcast hosted has been released (APIcast v3.8). It includes various improvements including: Support for HTTP2 and gRPC connections (This content is not included.JIRA #3271) and support for WebSocket protocol connections to backend APIs (This content is not included.JIRA #4019). |
| November 21st, 2019 | APIcast Upgrade | APIcast upgraded to v3.7 | A new version of APIcast hosted has been released (APIcast v3.7). It includes a new Maintenance Mode policy to temporarily disable traffic (Content from issues.jboss.org is not included.JIRA #3189) and the TLS Termination policy to configure a TLS Certificate per service (Content from issues.jboss.org is not included.JIRA #2897). |
| August 5th, 2019 | APIcast Upgrade | APIcast upgraded to v3.6 | A new version of APIcast hosted has been released (APIcast v3.6). It includes two new policies: one to configure retries (Content from issues.jboss.org is not included.JIRA #2261), (see documentation), and another one for JWT claim check (Content from issues.jboss.org is not included.JIRA #2265), (see documentation); ability to manage access to different HTTP methods based on RHSSO roles (Content from issues.jboss.org is not included.JIRA #2236), (see documentation), and the ability to differentiate auth-failed and limit exceeded errors (Content from issues.jboss.org is not included.JIRA #2752), (see documentation). |
| July 18th, 2019 | Enhancement | All standard APIcast policies in the UI | From now on, it is possible to see and configure all available standard policies in the system UI according to which APIcast deployment option is being used (hosted or self-managed). (Content from issues.jboss.org is not included.JIRA #2698) |
| July 15th, 2019 | Enhancement | Differentiate auth-failed and limit exceeded errors | Now, APIcast returns a different message when a client reaches its rate limits for the requested endpoint (Originally, “403 - Authentication failed” was returned by default). There is now a new option in [Your_API_name] > Integration > edit APIcast configuration > Gateway response section to configure the “Usage limit exceeded” error returned by the gateway. (Content from issues.jboss.org is not included.JIRA #2752) |
| July 8th, 2019 | Upgrade | Braintree and Stripe integration upgrade | Upgraded the internal integration with Braintree and Stripe payment gateways. This change was required to use updated and more secure methods offered by the payment gateway providers to comply with the latest security standard regulations. Note that with this change, we generate the pre-built UI components provided by Braintree and Stripe; no customization for the credit card form is possible at this moment. |
| June 25th, 2019 | Enhancement | Redesign of the documentation library | Red Hat 3scale API Management includes changes in the structure of the documentation. For more details, refer to Redesign of the 3scale Documentation Library. |
| May 13th, 2019 | APIcast Upgrade | APIcast upgraded to v.3.5.1 | Introduces the ability to disable server tokens (Content from issues.jboss.org is not included.JIRA #1989), enables the no_body option with OpenID Connect when authorizing requests against the 3scale backend (Content from issues.jboss.org is not included.JIRA #2006), and the ability to configure maximum client certificate chain length (Content from issues.jboss.org is not included.JIRA #2383). Finally, it fixes the known issue about reusing the same HTTPS session for requests on different domains (Content from issues.jboss.org is not included.JIRA #2205). |
| March 20th, 2019 | APIcast Upgrade | APIcast upgraded to v.3.5.0 | Introduces two new APIcast policies 1) Routing policy to modify the upstream (scheme, host, and port) of a request based on the request path, a header, a query argument, or a JWT claim Content from issues.jboss.org is not included.JIRA #1709, This content is not included.documentation, 2) TLS Client Certification Validation policy Content from issues.jboss.org is not included.JIRA #1671, This content is not included.documentation. |
| March 7th, 2019 | Enhancement | Configure allowed OAuth flows per API | Added the ability to configure the allowed OAuth flows per API. When the API gateway is configured to use OpenId Connect for authentication, the corresponding flows are enabled on the RHSSO client side. This content is not included.documentation - Content from issues.jboss.org is not included.JIRA #774 |
| March 3rd, 2019 | New feature | Stop processing mapping rules | Introduced a new option to order mapping rules and added the ability to stop them once the first one is met. This content is not included.documentation - Content from issues.jboss.org is not included.JIRA #1344 |
| January 4th, 2019 | New API Endpoint | Create access tokens via API | A new endpoint called 'Access token create' has been added to the Account Management API. Now it is possible to programmatically create an access token and to assign the scopes needed for a specific use case. Content from issues.jboss.org is not included.JIRA #1112 |
| December 19th, 2018 | Enhancement | HTTP Basic Authentication support | Added a new “Basic Authentication” option in the configuration for the APIcast gateway. Now API credentials can be be passed in an HTTP Authorization header. To find this option, navigate from Admin Portal following this path “[Your_API_name] > Integration > Configuration > edit APIcast configuration > Authentication Settings”. Content from issues.jboss.org is not included.JIRA #430 |
| December 12th, 2018 | New API Endpoint | Read/Update user permissions via API | Providers are now able to programmatically configure user access rights via API. Two new endpoints 'User Permissions Read' and 'User Permissions Update' have been added to the Account Management API. Content from issues.jboss.org is not included.JIRA #484. For more information, please check this article. |
| November 29th, 2018 | APIcast Upgrade | APIcast upgraded to v.3.4.0 | APIcast has been upgraded to v.3.4.0. New additions are: 1) IP check policy Content from issues.jboss.org is not included.JIRA #1353 and This content is not included.documentation, 2) 'Delete' operator in 'Headers' policy Content from issues.jboss.org is not included.JIRA #1354 and This content is not included.documentation, 3) Return "retry-after" for quota Content from issues.jboss.org is not included.JIRA #1380 and This content is not included.documentation. |
| November 28th, 2018 | Enhancement | New currencies available for billing | CHF (Swiss Franc) and SAR (Saudi Riyal) are now supported and have been added to the available currencies for billing. This setting is configurable via the Admin Portal UI (Audience > Billing > Charging & Gateway). Enterprise only. Content from issues.jboss.org is not included.JIRA #1594. |
| October 30th, 2018 | Enhancement | Visual and navigational updates on the interface | Introducing a new navigation and an improved experience for the 3scale Admin Portal. As part of the work for a unified experience across 3scale and other Red Hat products, we’re switching from horizontal to vertical menus. Together with this effort we’ve re-organized the navigation structure for a more intuitive and better navigation experience, especially for customers that manage many API’s. For more information, please check this article. |
| October 16th, 2018 | APIcast Upgrade | APIcast upgraded to v.3.3.0 | APIcast has been upgraded to v.3.3.0. It introduces new OOTB policies including: Liquid Context Debug, RH-SSO/Keycloak Role Check, Anonymous Access, URL Rewriting with Captures, and Referrer. See This content is not included.documentation. If you’re using APIcast self-managed, learn how to upgrade to the latest version of APIcast. Note: if you are using a dockerized version of APIcast, make sure you upgrade to the This content is not included.latest image version available. |
| October 10th, 2018 | Enhancement | Weekly reports rescheduling | Weekly reports are now sent every Monday at 0:00 UTC instead of the 1st, 8th, 15th and 22nd days of each month. |
| October 4th, 2018 | New Feature | API switcher | Newly branded header with a quick API switcher for accounts that manage many APIs. |
| October 4th, 2018 | New Feature | API filter in the dashboard | The dashboard now spots an API search box to quickly filter out the APIs. |
| October 4th, 2018 | Enhancement | Pages reorganization | Applications can now be directly found in the API submenu. The API alerts settings have been merged with the rest of the API settings. Account plans can now be found in the Settings section. |
| October 4th, 2018 | APIcast Upgrade | APIcast dockerized image upgrade to v.3.3.0 | A new version of APIcast has been released (APIcast v3.3). For more details on changes, please check out the Content from github.com is not included.APIcast changelog. The image can be downloaded from the This content is not included.Red Hat Container Catalog. |
| July 18th, 2018 | Enhancement | Improved billing process | Improved efficiency in the Red Hat 3scale billing processes. As a reminder, the following are the key invoice dates in a month: 1st day of the month: Calculation starts and the invoices are created. - 3rd or 4rd day of the month: The invoices are issued. - 5th or 6th day of the month: The invoices are charged. Dates are based on Coordinated Universal Time (UTC). Exact days may vary depending on user timezone and the system status. |
| July 11th, 2018 | New Feature | Path based routing | Add the ability to configure path based routing in APIcast using APICAST_PATH_ROUTING environment variable (Info) |
| July 11th, 2018 | Enhancement | Billing fields in ‘Account read/update’ | New fields have been added to the ‘Account read’ and ‘Account update’ Account Management API endpoints. Use these new fields to retrieve billing related information. Content from issues.jboss.org is not included.JIRA #842 |
| May 11th, 2018 | New Feature | APIcast out-of-the-box policies | API providers can now customize the behavior of the gateway associated to a service by combining different policies. The policy chain is configurable via the Admin Portal UI (API > Integration > edit APIcast configuration). More info in our This content is not included.documentation site and in the Content from github.com is not included.upstream project |
| April 25th, 2018 | Enhancement | TLS 1.2 and newer for developer portal | Accept only TLS 1.2 and newer protocol for API Provider's developer portal website Content from issues.jboss.org is not included.JIRA #817 |
| April 6th, 2018 | Enhancement | reCAPTCHA upgraded to v2 | reCAPTCHA used on the developer portal was upgraded to v2, as v1 was discontinued. |
| March 13th, 2018 | New Feature | Configure SSO for admin portal via API | New endpoints in the Account Management API to be able to configure SSO integration for the admin portal. Content from issues.jboss.org is not included.JIRA #610 |
| March 7th, 2018 | New Feature | Configure SSO for developer portal via API | New endpoints to configure developer portal SSO integration (for Red Hat Single Sign-On, GitHub and Auth0) through the Account Management API. Content from issues.jboss.org is not included.JIRA #609 |
| January 17th, 2018 | New API Endpoint | Creating a credit card charge | A new endpoint has been added to be able to create credit card charges via API. This endpoint requires account ID, invoice ID, and amount. Content from issues.jboss.org is not included.JIRA #297 |
| January 17th, 2018 | Enhancement | New fields added to invoice creation | The following invoice fields can now be added and saved as line items when creating invoices via admin or API: Application Id, Application Plan Id, and Contract-Type. Before this change, these were only present in system generated invoices. Content from issues.jboss.org is not included.JIRA #438 |
| January 17th, 2018 | New API Endpoint | Retrieving a list of service contract IDs | This endpoint complements the ability to unsubscribe developers from a service via the Service Subscription Delete endpoint. Content from issues.jboss.org is not included.JIRA #525 |
| December 14th, 2017 | New Feature | Ability to access multiple services with one key | API providers can now allow their developers to consume different API services using the same user key. Enterprise feature only. |
| November 30th, 2017 | New Feature | APIcast integration with OIDC for RH-SSO | New OpenID Connect integration to connect APIcast API Gateway with Red Hat Single Sign-On for API authentication. This content is not included.Documentation, This content is not included.Blog post, Content from issues.jboss.org is not included.JIRA #418 |
| November 30th, 2017 | Enhancement | New fields in ‘Account create / update’ | Two new fields have been added to the ‘Account create’ and ‘Account update’ Account Management API endpoints. Use these new fields to retrieve information, such as date of most recent traffic, for a particular application. Content from issues.jboss.org is not included.JIRA #220 |
| November 3rd, 2017 | Feature Request | Ability to unsubscribe developers from a service | API providers can now unsubscribe developers from any of their API services (either individually or in bulk) using the Admin Portal interface. Content from issues.jboss.org is not included.JIRA #258 |
| October 31st, 2017 | Enhancement | Ability to access id_token returned by the SSO provider | A new liquid drop has been introduced so it’s possible to access the id_token returned by the SSO provider from the developer portal. This way API providers can offer simultaneous authentication both to the 3scale powered developer portal and to any other external apps. Content from issues.jboss.org is not included.JIRA #259 |
| October 9th, 2017 | Enhancement | Warning when changing status of a developer account | A warning has been introduced to make it explicit that changing the status of a developer account doesn’t automatically change the status of their applications. Content from issues.jboss.org is not included.JIRA #244 |
| September 18th, 2017 | New Feature | Trial days left shown in developer portal | It’s now possible to expose, in the developer portal, how many trial days a customer has left. This can be achieved via liquid tags, documentation can be found here (replace ‘DOMAIN’ with your own domain name) Content from domain-admin.3scale.net is not included.Content from domain-admin.3scale.net is not included.https://domain-admin.3scale.net/p/admin/liquid_docs |
| September 14th, 2017 | New API Endpoint | Add / update invoices and invoice lines via API | Admins are now able to programmatically add and update invoices and invoice lines via API. Enterprise only. You can read further on our ActiveDocs (the new endpoints are: Invoice Update, Create Line Item for an Invoice, and Delete Line Item of an Invoice, Invoice Create, ). Content from issues.jboss.org is not included.JIRA #171 |
| September 8th, 2017 | New Feature | New webhook to detect deleted applications | A new webhook to detect when an application is deleted has been added to the existing list of available webhooks. To activate it go to Settings > Webhooks. Content from issues.jboss.org is not included.JIRA #231 |
| September 8th, 2017 | ActiveDocs Upgrade | Swagger UI upgrade to v. 2.2.10 in ActiveDocs | We have upgraded our ActiveDocs to version 2.2.10 of Swagger UI in the Developer Portal. With this change a few known issues like ability to set the default view for the response class (Model or Model Schema), or request headers not shown, are now solved. Content from issues.jboss.org is not included.JIRA #147 |
| September 6th, 2017 | Enhancement | Support for 4-byte UTF-8 Unicode characters | Added support for 4-byte UTF-8 Unicode characters in the CMS (Developer Portal) templates. |
| August 31st, 2017 | New Feature | Ability to delete applications from the developer portal | Providers can now allow their API consumers to delete applications from the developer portal (it was only possible via API until now). Applies to all provider accounts created after Aug. 31st, 2017. Content from issues.jboss.org is not included.JIRA issue #153 |
| August 21st, 2017 | Enhancement | UX / UI: navigate to individual apps from Analytics | It’s now possible to navigate directly from the Analytics > Top Applications view to individual applications. Small fix, big time savings. Content from issues.jboss.org is not included.JIRA issue #150 |
| August 17th, 2017 | Enhancement | Ability to use same email address in admin and developer portal | As an admin user you can now use the same email address to sign up in the Admin Portal and in the Developer Portal (within the same 3scale provider). Note that admin users won't be able to log in to the developer portal with their admin user credentials. But they can have a completely separate user account in the developer portal with the same email address. Content from issues.jboss.org is not included.JIRA issue #152. |
| August 6th, 2017 | Enhancement | Update customer billing status via API | It is now possible to programmatically update the billing status of a customer (fields 'monthly_billing_updated' and 'monthly_charging_enabled'). To do so, use the Account update' endpoint (Account management API). Content from issues.jboss.org is not included.JIRA Issue #154. |
| August 6th, 2017 | New API Endpoint | Update invoice status via API | A new endpoint called 'Invoice' has been added to the 3scale billing API so providers can update the state of an invoice programmatically. Content from issues.jboss.org is not included.JIRA issue #155. |
| July 5th, 2017 | Enhancement | SSO for Admin Portal improvements | Where Single Sign-On for the developer portal is mostly motivated by making signups easier for developers, when it comes to Single Sign-On for the admin portal an important consideration is centralized access management. That’s why it’s now possible to enforce SSO for the admin portal and thus completely disable password based sessions. Furthermore, it’s now possible and required to test an SSO integration from within the admin portal before publishing it on the sign in page. |
| May 25th, 2017 | New Feature | New 3scale status page | From now on, in addition to our 3scale status Content from twitter.com is not included.Twitter account, you can check 3scale system status updates Content from status.3scale.net is not included.here. You can also subscribe to email notifications from there if you wish to do so. |
| May 24th, 2017 | New Feature | Single Sign-On (SSO) for Admin Portal | Support for Single Sign-On for the admin portal- both for admins and members- using Red Hat Single Sign-On or Auth0. Enterprise only. |
| May 17th, 2017 | Enhancement | Revamped application export file | The application export file contains new fields matching all the information available in the UI: Account name, Service name, Paid or Free, and Last traffic on (date). |
| May 17th, 2017 | Enhancement | Ability to edit developer accounts information | Members can now edit developer accounts information. Note that developer accounts have a presence across services, so if a member with visibility into service A but not into service B makes changes, members with access to service B will also see those changes. |
| May 16th, 2017 | New API endpoint | Manage roles and permissions via API | Admins are now able to programmatically configure member service permissions via API (changing member_permission_service_ids[]). Enterprise only. You can read further on our This content is not included.documentation site. |
| April 26th, 2017 | APIcast Upgrade | APIcast upgraded to v.3.1.0 | APIcast hosted (up to 50k calls/day) has been upgraded to v.3.1.0. For more details on changes, please check out the Content from github.com is not included.APIcast changelog. This is an opt-in feature for existing users. If you’re using APIcast self-managed, learn how to upgrade to the latest version of APIcast. Note: if you are using a dockerized version of APIcast, make sure you upgrade to the This content is not included.latest image version available. |
| March 31st, 2017 | New API endpoint | Update inbound email addresses via API | A new endpoint called ‘Provider Account Update’ has been added to the Account Management API so providers can update email settings for inbound email addresses programmatically. |
| March 29th, 2017 | New API endpoint | Update general settings via API | A new endpoint called ‘Settings Update’ has been added to the Account Management API so providers can update general settings of their account programmatically. |
| March 7th, 2017 | Enhancement | Easier navigation from Analytics to Applications | A new link has been added from the Analytics > Limit violation notification view so it’s easier to navigate to specific applications from there. |
| February 22nd, 2017 | Support Configuration | Plugins community supported only | Our code plugin integrations are now a 100% community effort and as such no longer officially supported by Red Hat. This change should not affect the operation of your API(s) integration. For more information see the This content is not included.open source GitHub repositories. |
| February 5th, 2017 | Enhancement | Better handling of SSL certificate issues (with RH-SSO) | When using a RH-SSO instance without a valid SSL certificate, you now have the ability to disable SSL verification from 3scale in order to be able to continue with the integration. |
| January 20th, 2017 | New API endpoint | Create ActiveDocs API | A new endpoint called ‘ActiveDocs Spec Create’ has been added to the Account Management API so providers can create ActiveDocs programmatically. See API documentation at https://YOUR-DOMAIN-admin.3scale.net/p/admin/api_docs |
| January 20th, 2017 | New API endpoint | Get a list of all ActiveDocs IDs API | A new endpoint called ‘ActiveDocs Spec List’ has been added to the Account Management API so providers can get a list of all their ActiveDocs programmatically. See API documentation at https://YOUR-DOMAIN-admin.3scale.net/p/admin/api_docs |
| January 5th, 2017 | APIcast Upgrade | APIcast dockerized image upgrade to v.2.0 | For more details on changes, please check out the Content from github.com is not included.APIcast changelog. The image can be downloaded from the This content is not included.Red Hat Container Catalog. Read more about this in the This content is not included.Red Hat Middleware Blog. |
| December 1st, 2016 | New Feature | Deleting services from the UI | From now on if you’re on a plan that lets you create multiple API services, you’ll also be able to delete them. The only restriction is that you always need to keep at least one service under your account. Note: If you signed up before Dec. 1st, you’ll be able to delete any service but the very first one that was created. |
| October 13th, 2016 | Enhancement | SSO for invitations in the developer portal | No matter if you are using RH-SSO, GitHub, or Auth0 to allow your developers to use SSO to login into your developer portal, with this change, invited developers (and not only the ones that sign up directly) will also be able to take advantage of it. |
| October 13th, 2016 | Enhancement | Only admins have access to account info | In order to make it possible to providers to restrict access for members to certain sensitive areas of the Admin Portal, from now onwards only admin users will be able to access the ‘Account’ section. This means that member users will no longer be able to see the account-wide API key (they should use personal access tokens instead), export account data, or perform other actions at the account level. |
| October 11th, 2016 | Enhancement | SSO developer portal transparent signup | A couple of months ago we introduced the ability to integrate with RH-SSO for a more flexible developer portal authentication configuration. Now you can offer an even better signup experience to your developers by creating their 3scale account on behalf of them in cases where all the information needed is provided by the IdP. |
| October 3rd, 2016 | Enhancement | New access tokens | Introducing a new, more secure way to authenticate against all the 3scale APIs: 3scale tokens. See This content is not included.Documentation. |
| September 30th, 2016 | Enhancement | Analytics view enhancements | Visualize traffic by metrics (new view) and keep filter selection when switching from one view to another. These changes are part of a broader revamp of the Analytics UI. |
| August 19th, 2016 | Upgrade | Upgrade to Liquid v.3.0.0 | Upgrades Liquid to version to 3.0.0, see Content from github.com is not included.documentation. Liquid can be used to include developers information both in your Developer Portal and in emails sent to developers. |
| August 17th, 2016 | Enhancement | Integration with RH-SSO for the developer portal | Use Red Hat Single Sign-On (RH-SSO) to authenticate users on the Developer Portal. This will allow you to enable SSO with social logins (Twitter, Facebook, LinkedIn, Google etc.) as well as connecting with existing user databases (AD/ LDAP). See This content is not included.documentation. This content is not included.Read blog post published in the Red Hat Middleware Blog. |
| August 11th, 2016 | Enhancement | New notification system | No more noise in your inbox! The new notification system for providers allows admins and members under the same 3scale account to subscribe to notifications independently. Notifications will show in your dashboard, and you can decide which ones to receive by email as well. See documentation. |
| August 9th, 2016 | Enhancement | Ease of roll-back gateway configuration | Adds ‘updated at’ information to JSON endpoint so it’s possible to roll-back the gateway configuration in an automated deployment scenario. Undocumented. |
| July 21st, 2016 | Enhancement | Ease of use in API definition | New ‘API Definition’ page to centralize creation of methods and metrics. These will then be available both under Integration > Mapping rule and under Applications Plans to define rate limits and pricing rules. See This content is not included.documentation. |
| June 16th, 2016 | New Feature | Roles and rights by service | From now on different API teams under the same 3scale account can have independent access to different services. Admins can invite and give permissions to members from the Admin Portal. Enterprise only. See This content is not included.documentation. |
| May 16th, 2016 | New Feature | Adyen - New payment gateway integration | In addition to the already available gateway integrations such as Stripe or Authorize.net, Adyen has now been added. The Adyen platform is recommended for monetize large volumes of API transactions across continents, currencies, and payment methods. See This content is not included.documentation. |
Deprecated Features
| Date | Summary | Details |
|---|---|---|
| May 2nd, 2023 | GIF format no longer supported | Uploading GIF profile logos is no longer supported. The Developer Portal logo (also used when generating invoices) must be uploaded in JPEG or PNG format. |
| February 18th, 2021 | Forums feature no longer available | The out-of-the-box feature for enabling Forums in 3scale's developer and admin portals is deprecated and soon will be no longer available from the UI (final decommission date: January 18th, 2022). |
| July 9th, 2020 | Decommission of the Old Gateway | The old version of the APIcast gateway (Nginx downloadable files) has been decommissioned and the Admin Portal UI does no longer provide the option to download the Nginx configuration files. All the accounts have been upgraded to use the configuration for the last and fully supported version of APIcast. |
| May 19th, 2020 | Discontinued support for old Apicast | The old version of the APIcast gateway (Nginx downloadable files) was deprecated in March 2019; now it is officially unsupported. Existing integrations with downloadable nginx files can still be downloaded in the UI but this feature will be removed soon. Here you can check the supported configurations and the upgrade info. |
| May 11th, 2020 | Decommission of legacy OAuth 2.0 endpoints | Following the deprecation for native OAuth 2.0 API traffic authentication announced in Nov 2018, these legacy endpoints for token management have now been removed: POST/services/<service_id>/oauth_access_tokens.xml, GET/services/<service_id>/oauth_access_tokens/ |
| December 19th, 2019 | Changes in Account Management API | Currently, when Proxy Update is used, it creates a new APIcast configuration version for the Staging environment with the updated settings. This will not be the case in the future. Starting on March 2020; users will need to use the new Proxy Config Promote endpoint for this purpose. |
| November 14th, 2019 | Discontinued support for Internet Explorer 11 | We are deprecating support for Internet Explorer 11. Starting 01/01/2020 we will no longer actively support this browser. We recommend all users to switch to a different browser (Microsoft Edge, Chrome, Firefox) before then. |
| August 22nd, 2019 | Discontinued support for Adyen | Starting from August 22nd 2019, Adyen integration is no longer available. Nevertheless, Red Hat provides support for integrations existing before this date. The current payment gateways available in the billing settings are: Stripe and Braintree. |
| July 29th, 2019 | End User Plans no longer available | End User Plans feature has been removed. This feature is replaced by the ability to define rate limits for end users using the APIcast policy for edge limiting. For more details, see Edge Limiting Policy. |
| November 5th, 2018 | Discontinued support for native OAuth 2.0 API traffic authentication | Starting from November 5th 2018, native OAuth 2.0 implementation (Authorization Code flow) for API traffic authentication will no longer be available for new configurations. Note that for existing configurations, OAuth 2.0 will continue to be supported and remain visible. This feature is replaced by the OpenID Connect integration with Red Hat Single Sign-On which includes support for multiple OAuth 2.0 flows (see This content is not included.documentation). |
| October 30th, 2018 | Latest transactions no longer available | References to the page with a live feed of the latest transactions reported from your APIs have been removed from the admin portal. Although, the page is still available by typing the URL '[your-admin-domain]/apiconfig/transactions', this feature is now deprecated and the page will be removed soon. (Update: This feature was completely removed from the product on March 7th, 2019) |
| October 30th, 2018 | Custom logo feature no longer available | Custom logos on the 3scale dashboard are no longer supported. With the new navigation we've shrunken the header size to focus on the content. Furthermore the dark background of the masthead doesn't lend itself to flexible branding. |
| July 27th, 2018 | Discontinued support for Ogone and Authorize.net | Starting from July 27th 2018, Ogone and Authorize.net integrations are no longer available. Nevertheless, Red Hat provides support for integrations existing before this date. The current payment gateways available in the billing settings are: Stripe, Braintree and Adyen. |
| April 4th, 2018 | "From" email changed for 3scale SaaS notifications. | The email addresses "no-reply@3scale.net" and "support@3scale.net" have been deprecated. The notifications sent by the 3scale SaaS platform are now sent from email address "no-reply@redhat.3scale.com". |
| January 22nd, 2018 | Changes in Content-Type accepted by the Service Management API | Starting from January 22nd 2018, the only Content-Type accepted by the Service Management API will be application/x-www-form-urlencoded. |
| July 17th, 2017 | TLS 1.0 support discontinued | We have now discontinued TLS 1.0 support for our services. |
| June 1st, 2017 | Request logs no longer available | A mix of the request logs feature not being very popular and users preferring standard logging infrastructures were the reasons why we made this call. We recommend using a log management tool for aggregating NGINX logs. Open source tools such as ELK (Elasticsearch, Logstash, Kibana) offer great flexibility. |
| April 1st, 2017 | TLS 1.0 support | We are in the process of deprecating TLS 1.0 support for our service. Some security flaws have been identified in the past few years that relate to this protocol and there are some international services that require a server not to support this protocol in order to be certified as compatible (i.e. PCI-DSS). |
| August 22nd, 2016 | Provider templates no longer available from the UI | Due to the introduction of a new notification system on Aug. 11th, email templates for provider notifications (notifications) are no longer available in the UI. As part of the new notification system implementation, the email copies have been reviewed and changed to cover most common needs (e.g. including necessary user data). If that’s not the case, feel free to reach out to us. You will still be available to edit email templates for provider to developer communications from the UI (messages). |
Resolved Issues
| Date | Summary | Details |
|---|---|---|
| June 23rd, 2021 | Service plan field always required | Create Application form is now fixed to show the Service Plan field only when the Service Plans option is turned on. This content is not included.JIRA #7120 |
| February 14th, 2019 | Negative invoices when changing application plan | Fixed an issue that generated invoices with a negative line item when changing the application plan. This happened when the new application plan was free or cheaper than the original one. Content from issues.jboss.org is not included.JIRA #995 |
| February 14th, 2019 | Search accounts by user_key | Now, the search accounts feature lists results when searching by user_key. Content from issues.jboss.org is not included.JIRA #996 |
| January 10th, 2019 | Non-chargeable invoices in "pending" state | Invoices resulting in a negative or zero-value are now cancelled in the moment where they would be attempted to be charged. Content from issues.jboss.org is not included.JIRA #1420 |
| November 5th, 2018 | Prevent non-positive invoices from being charged | Fixed an issue that, in certain situations, could generate an attempt to charge invoices with a negative cost. Content from issues.jboss.org is not included.JIRA #1378 |
| April 20th, 2018 | Missing invoice line item on plan upgrade immediately after application creation | Fixed the issue with a missing invoice line item when the newly created application was upgraded to a higher plan on the same date. Improvements to representing the application upgrades in the invoice was also introduced, the details of the new behavior are described in the Knowledge base solution. |
| January 17th, 2018 | IE11 not properly rendering list of services | The expand / collapse options on the Dashboard and APIs pages are now working on IE11. Content from issues.jboss.org is not included.JIRA #605 |
| January 17th, 2018 | CMS preview mode always redirects to draft after saving template | You may now save template changes and still render the correct version of the preview, draft or published, as desired. |
| November 30th, 2017 | ‘Invoice create’ doesn’t validate ‘period’ | The ‘Invoice create’ endpoint now returns an error indicating the proper format to use when an invalid period of time is passed. |
| November 13th, 2017 | Mandatory SSL authentication in developer portal | Fixed issue that was preventing users from being authenticated with RH-SSO in the developer portal when skipping SSL authentication. Content from issues.jboss.org is not included.JIRA #412 |
| November 6th, 2017 | Analytics view not properly working (Internet Explorer 11 on Microsoft Windows 10) | The analytics view has been fixed and now properly works when using Windows 10 and Internet Explorer 11. Note that the recommended browser for Windows 10 is Microsoft Edge. |
| October 18th, 2017 | Feature system name can’t be accessed via liquid tags | Feature system names can now be accessed via liquid tags to be used in the developer portal. Content from issues.jboss.org is not included.JIRA #410 |
| October 10th, 2017 | ‘Invoice create’ ActiveDocs doesn’t work | The ‘Invoice Create’ endpoint (Billing API) wasn’t working in the ActiveDocs due to the way the params were being passed (path vs. query). It has been fixed now. Content from issues.jboss.org is not included.JIRA #382 |
| October 10th, 2017 | Duplicated “Invoice” endpoint in Billing API | The issue has been fixed by renaming the previously named GET Invoice to “Invoice Read” and the PUT Invoice to “Invoice Update”. Content from issues.jboss.org is not included.JIRA #385 |
| September 18th, 2017 | Incorrect credit card year saved | When adding a credit card year, both 2-digit and 4-digit values are accepted. Whenever a 2-digit year is provided, the system will normalize it to a 4 digits automatically. Content from issues.jboss.org is not included.JIRA #330 |
| September 18th, 2017 | Incorrect credit card shown (Adyen) | When a customer updates a credit card, the latest one will always be the one saved and shown in the UI, apart from being the one used for the next transaction. This content is not included.See documentation. |
| September 18th, 2017 | Client secret update doesn’t update update_at field | When the client secret of the application object is updated, the updated_at field is now also updated accordingly. Content from issues.jboss.org is not included.JIRA #290 |
| September 18th, 2017 | Service name not shown in app view (Dev portal) | Service name wasn’t being shown in the developer portal, making it difficult to distinguish apps automatically created by the same developer in different services (they all get the same name by default). Content from issues.jboss.org is not included.JIRA #298 Solution |
| August 21st, 2017 | Bypassing account approval with SSO | If account approval is required, users authenticating with a trusted IDP will not be able to log in until their account is approved. Content from issues.jboss.org is not included.JIRA issue #127 |
| August 7th, 2017 | Fixed billing issues with ‘0’ values preventing saving credit card details | When adding credit card details, values ‘000’ in the CVV field and ‘00000’ in the zip code are now accepted. JIRA issue Content from issues.jboss.org is not included.#162. Read more |
Known Issues
Technology Preview
WARNING: The following configurations and features are provided as technology previews only. They are not supported for use in a production environment, and may be subject to significant future changes. See this note on the Red Hat Customer Portal on the support scope for Technology Preview features.
| Date | Summary | Details |
|---|---|---|
| January 18th, 2023 | CMS API | A new 3scale API (CMS API) is available for interacting with the Content Management System embedded in the solution. This API provides the capabilities needed to automate the provision, migration, and overall management of the contents in the Developer Portal. |
Product(s)
Article Type