Let?s ring in 2018 with enhanced developer productivity, seamless security, and mobile and IoT opportunities! The calendar year may be coming to an end, but our mobile API Management team has been hard at work developing new features for our customers. Today, we are excited to announce the release of Mobile API Gateway 4.1, Mobile SDK 1.6, and OAuth Toolkit 4.2. Read on to learn how these new releases will improve developer workflows and kick-start a new year of mobile innovation for your enterprise.
Save Time: Mobile API Gateway 4.1
Introducing MQTT Connection Manager and MQTT Over WebSocket. MQTT is a highly scalable, low-bandwidth publish/subscribe (pub/sub) messaging transport protocol. Due to its speed and efficiency, MQTT is particularly useful for low-code-footprint or remote device environments typical of mobile applications and the Internet of Things (IoT). With this release, we make it easier for your enterprise to set up, manage, and secure a range of MQTT connections, opening up opportunities to tap into additional mobile, IoT, and browser-based data sources from within CA Mobile API Gateway.
Simplify: MQTT Connection Manager
Before MQTT Connection Manager, it was difficult for developers to configure and troubleshoot MQTT connections in CA Mobile API Gateway. This release creates a centralized location for developers to create and manage outbound MQTT connections from the gateway to a broker. Developers can now set up new MQTT connections, edit the properties of existing connections, and manage connected brokers and clients from within the Mobile API Gateway, simplifying the management and configuration of MQTT messaging across your enterprise.
Connect: MQTT Over WebSocket
Mobile API Gateway 4.1 enables your enterprise to set up secure MQTT connections over WebSocket to take advantage of the protocol through an additional deployment mechanism. The WebSocket enabled MQTT listen port translates WebSocket frames to native MQTT messages. Web applications using an MQTT Over WebSocket library connect as first-class MQTT clients to the Mobile API Gateway and are able to leverage all MQTT features. Endpoints supporting the MQTT transport protocol are OAuth protected and can require mutual SSL connections for additional security.
Secure: Mobile SDK 1.6
Speed: Device Registration
Mobile SDK 1.6 focuses on improving the developer experience for device registration within CA Mobile API Gateway. For some developers building on the mobile SDK, app development was slowed by device registration error messages. These error messages served as an additional security mechanism ? since the SDK prevented the re-registration of a device if not requested by the original user or client ? but created friction in the development process by requiring developers to manually de-register a device via the Mobile API Gateway manager.
With this release, we sought to maintain security while reducing developer complexity from troubleshooting device registration errors. Mobile SDK 1.6 improves the way the device is identified at registration time, reducing the likelihood of running into errors when uninstalling and re-installing the application. This solution will better support the app development lifecycle, reducing pain points when building and testing your mobile apps.
Enhance: Cordova Support
With SDK 1.6, we have also enhanced our support for Cordova. We are investing in the Cordova plugin to deliver features available in our native SDK, including support for secure, external API calls not originating from the CA Mobile API Gateway. These features were previously available for iOS and Android and will now be supported for Cordova development as well.
Safeguard: OAuth Toolkit 4.2
We are thrilled to announce that OAuth Toolkit 4.2 has achieved OpenID Connect Implicit Profile Certification and OpenID Connect Hybrid Profile Certification ? our third and fourth OpenID Connect certifications for CA Mobile API Gateway.
OpenID Connect is aligned with CA Mobile API Gateway?s initiatives to make it faster and more secure for mobile users to access third party sites through online identities that transfer across multiple services.
Certified: Implicit Profile
Implicit Profile Certification covers Implicit Flow. Implicit Flow is recommended for simpler web architectures, such as a single page web application built on JavaScript. In this flow, all tokens are returned from the authorization endpoint without explicit client authentication; instead, a redirect URL is used to verify the client identity. Since only one round trip to the OpenID Connect Provider is required, this is the simplest to implement from the client application?s point of view.
Certified: Hybrid Profile
Hybrid Profile Certification covers Hybrid Flow. Hybrid Flow is a code-based flow recommended for server-side applications, in which some authorization tokens are returned from authorization endpoints. Client applications can make immediate use of the token to access user identity. Hybrid Flow provides an additional authentication step beyond Implicit Flow in that the application sends code to the token endpoint to receive longer-lived tokens such as refresh tokens, thus gaining long-lived access to resources.
These additional certifications validate our ongoing efforts to apply stringent, standards-based identity authentication and authorization mechanisms to our mobile solutions, and position CA among other leaders in web and mobile technology who have also achieved OpenID Connect certifications.
