Open API Support Users can create an API by importing an open API document file or URL in API Gateway. OpenAPI Specification (formerly Swagger Specification) is an API description format for REST APIs.

Support for API Mashups Individual microservices and APIs can be composed into one mashed up API. API Gateway handles a request by invoking multiple microservices and aggregating the results and provide final response.

Support Async APIs APIs which take longer than usual invocation time, may end up with Read Time out. API Gateway could enforce policies to use the callback URL defined for the APIs.

Support AMQP protocol Support AMQP as an inbound and outbound endpoint for API Gateway APIs of type SOAP and REST. AMQP is open standard for passing messages between applications and provides standard messaging protocol across platforms.

API hot deploy API updates can be done without deactivating or affecting the ongoing requests. Each request finishes without being affected by updates to the API and policy definition.

Support runtime service registries API Gateway APIs can be published to service registries and clients can get the endpoints from service registry. APIs routing endpoint can be configured with service registry to discover endpoint from registry during outbound.

Log aggregation API Gateway aggregates different log files used for logging API Gateway usage and provides a comprehensive log file. Logs can be also viewed in the dashboard with filtering capabilities.

Security enhancements Security configuration is unified for OAuth, OpenID and JWT configuration, and is simplified. Support for multiple active Authorization servers simultaneously is included. Added capability to register clients dynamically in third-party Authorization servers. Support for third-party clients introspection. PKCE client application support for third-party Authorization servers. Mapping of OAuth scopes with API scopes.

Inbound Authentication – Transport policy was removed from API Gateway10.3 This functionality was added into the Identify and Authorize Application policy.