Apiman 3.1.2 released!

· apiman, release
Avatar for Marc Savy
Co-founder & maintainer of Apiman. Founded Black Parrot Labs to support enterprise Apiman users.
/ Black Parrot Labs /

I’m delighted to announce that I have released Apiman 3.1.2.Final.

One particularly useful change I’d like to highlight is that the Vert.x Gateway’s API, when secured by Keycloak, now accepts a list of additionally accepted issuers using allowed-issuers, which is useful for users with more complex auth setups.

  // <rest of your config...>

  // Gateway API Authentication. See documentation for further possibilities.
  "auth": {
    "type": "keycloak",
    "config": {
      "flowType": "PASSWORD",
      "requiredRole": "realm:apipublisher",
      "auth-server-url": "...",
      // You can add extra issuers here.
      "allowed-issuers": [ (1)
      "realm": "${apiman.auth.realm:-apiman}",
      "resource": "apiman-gateway-api",
      "credentials": {
        "secret": "${apiman.auth.gateway.secret:-password}"
      "ssl-required": "none",
      "disable-trust-manager": true,
      "allow-any-hostname" : true
1 You can add extra issuers here; this can be very useful if your setup has internal vs external issuers, and you need to support them all simultaneously.
Need help? Support is available from Apiman’s developers, and helps the project be sustainable. Please be a good open source citizen!

What’s new?



  • [gateway-vertx]: you can add a list of additional allowed-issuers in your Gateway API Keycloak Authentication config. This better supports situations where your Keycloak server returns multiple different issuers, for example for internal vs external domains, Docker, K8s, etc. By Marc Savy (@msavy).


  • A large number of dependencies have been updated across the Apiman codebase to improve security. By Marc Savy (@msavy).

  • [containers/docker-compose]: to support a change in Keycloak’s behaviour, we now set allowed-issuers in the Vert.x Gateway API authentication configuration to allow both internal and external issuers. By Marc Savy (@msavy).



  • [gateway-vertx]: allow access to Vert.x Gateway API’s /system/status endpoint without auth. This allows health checks without needing to pass around auth credentials and/or relying on 4xx errors. By Marc Savy (@msavy).

  • [gateway-vertx]: array values are now always correctly substituted in Vert.x Gateway configuration. By Marc Savy (@msavy).

  • [portal]: show REST API documentation even when user not logged in. By Bastian Gembalczyk (@BastianGem) and Florian Volk (@volkflo).

  • [gateway-vertx]: do not include null/empty path elements in Keycloak discovery URI. If your Vert.x Gateway API was unable to speak to Keycloak because it had an unexpected null in the URI, this should fix it. By Marc Savy (@msavy).

  • [distro-ddl]: Multiple small MSSQL (Microsoft SQL Server) DDL fixes. If you are using MSSQL, you should set the Java system property hibernate.auto_quote_keyword=true — in WildFly you can put this into the properties section of standalone-apiman.xml. By Marc Savy (@msavy).

  • [manager-api-jpa]: Allow deletion of org with contracts. It should be possible to delete an organization with retired entities. By Florian Volk (@volkflo).

  • [gateway-engine-vertx]: Ensure API is resolved before using it. An old contribution did not respect asynchronous patterns properly. By Marc Savy (@msavy).