Skip to main content
Feedback

API Management Release Notes for May 2025

Platform Release

May 24 2025

API Control Plane

New
We added these features

  • The MuleSoft agent is now available and allows you to discover MuleSoft APIs in the API Control Plane. (ACP-752)

    To learn more about this feature, see How to Connect to MuleSoft.

  • You can rapidly design APIs and generate comprehensive OpenAPI specifications by providing natural language descriptions, leveraging the new API Design Agent. (ACP-12)

    To learn more about this feature, see Generate an OpenAPI Specification with API Design Agent.

Fix
We fixed these issues
  • Resolved an issue that caused user deletion in an account to take an extended amount of time. (ACP-537)

API Gateway

New
We added these features

  • The API Infrastructure Manager role has been added and it includes the following privileges:

    • API Management - Plans: Grants read and write access to plans.
    • API Management - Authentication: Grants read and write access to authentication sources.
    • API Management - Developer Portal Publishing: Grants read and write access to publish the Developer Portal.
    • API Management - Gateway: Grants access to Configure Server > Gateways and read access to Configure APIs and Applications > Deployed APIs. (APIM-16208)

    To learn more about this feature, see API Management Roles and Privileges.

  • Added the Policy Path Mode option. Policy Path Mode defines the sequence of policy paths applied to an API request or response. These are designed to control the execution of different policy paths, allowing you to customize how APIs are consumed and managed when multiple policy paths are applied for an API. Supports the All Match and Best Match modes.

    • All Match is the default mode, where all the policy paths that match the API request are executed.
    • Best Match a single policy path with the closest match to the path of the API request is executed. (APIM-16236)

    To learn more about this feature, see Configuring Policy Path Mode for a Deployed API.

  • The API Proxy Component now supports GraphQL, enabling direct proxying of GraphQL API requests via the API Gateway. (APIM-15876)

    To learn more about this feature, see API Proxy General Tab.

  • To secure GraphQL APIs, a dedicated threat protection policy has been introduced. This policy mitigates potential DoS attacks from complex and cyclic queries by enforcing limits on query depth, entries, and allowed queries. Requests exceeding these limits will be rejected with a 400 Bad Request error.

    To learn more, see GraphQL Threat Protection Policy.

  • Developer Portal has a new embedded GraphQL editor that helps with testing and viewing GraphQL APIs.

    To learn more, see Leveraging GraphQL Query Editors in the Developer Portal.

May 20 2025

Cloud API Management

New
We added this feature
  • Added a new notification banner on the homepage to display the active notifications in the Cloud API Management area. It can be expanded to view all active notifications for an area. Click Show More to view them. The Close icon on the notification banner lets you close the notification banner for your area in the current session. If you log out from the current session and log back in again, the banner will reappear with active notifications. (WA-14070)
On this Page