API Management Release Notes for July 2026
API Control Plane
-
You can now set a custom domain for Boomi-managed developer portals. This allows you to replace the default tenant-specific portal URL,
https://<tenantID>.na.controlplane.boomi.com/, with a custom domain you own — for example,developer.yourcompany.com. (ACP-2652)Refer to Custom Domains for more information.
noteIf you are using a Subject Alternative Name (SAN) certificate, you must import it via the UI. It cannot be imported via the API at this time.
-
Added multi-version specification management, so now an API can have multiple specification versions. Previously, discovery would override the specification with the latest version. Now, all versions are displayed in the dedicated Versions page. (ACP-4230)
Refer to Developer Portal- Menu Items for more information.
-
Added per-organization visibility for MCP servers in the developer portal. This allows each organization to see only the MCP servers assigned to it, keeping the developer portal scoped to what's relevant for a specific group. (ACP-4121)
Refer to MCP Server Visibility in Developer Portals for more information.
-
Boomi Connect is now a default Registry Connection in the MCP Registry. Servers published from Boomi Connect will automatically show up in the MCP Registry. (ACP-4477)
Refer to Registry Connections for more information.
-
Added the ability to filter out local servers/MCP servers on the MCP Registry API endpoint that use STDIO transport and servers that are distributed via package management software. (ACP-4144)
Known Issue
- Pre-existing self-hosted developer portals or Boomi-managed developer portals with a custom domain will display a CORS network error when selecting the MCP Registry. As a workaround to this issue, you can change the Developer Portal URL field, which will add that URL to the MCP Registry's allowed origins. It can take up to 60 seconds for the update to complete. This issue will be fixed in an upcoming release.
- API Control Plane could not discover deployed APIs on accounts that did not have the API Lifecycle feature enabled. (ACP-4170)
- Self-hosted developer portals had CORS errors when trying to access the
/devPortalsquery endpoint. (ACP-4175) - When deleting an API Product, the system deleted only the latest version of an API Product, and other versions remained in the MCP Registry. (ACP-4161)
- The MCP Servers menu option did not display in a developer portal when the visibility setting was set to Everyone. (ACP-4377)
- If the description for an MCP server was updated, the changes were not reflected on all pages within the MCP Registry. (ACP-4162)
- The title text in Administrator Portal screens was cut off when using Chrome v150+. (ACP-4536)
API Gateway
-
Added HMAC Authentication policy support to Boomi API Management Gateway. You can now configure, attach, and validate HMAC signatures for inbound API traffic directly through the API Gateway Manage APIs page. (APIM-18605)
Refer to HMAC Authentication policy for more information.
-
Updated the WSS connector to use a new internal web server interface, removing its direct dependency on the shared HTTP server component and associated third-party libraries. (APIM-19903)
importantSubsequent to the July Runtime Release, an issue was reported that required the WSS connector to be rolled back. If you applied the new version 26.07.0 during the Runtime Release, you will be reverted back to the previous release version 25.07.5. Future updates will be documented in the relevant release notes.
- Fixed the issue where the API Administrator role failed to propagate permissions from account groups down to sub-accounts. The role hierarchy has been corrected to ensure proper privilege inheritance without requiring manual Gateway configuration overrides. (APIM-19807)