Information on the API Management service transition to AWS project.

Details on Developer Portal Changes. (08/10/22)

Berkeley’s API Developer Portal, “API Central,” is changing only slightly as part of our new platform project, but the improvements are important to note as they may require changes in your operations. They involve enhanced security practices for API availability management and credential secrets management.

These both show up in the dev portal user interface in an API’s details. For this...

Double Dashes in Chartstrings Blocked

On the new gateway, the Chart of Accounts API responds with a 403 error whenever I submit a chartstring that leaves out an optional code.


The Chart of Accounts API endpoints accept a chartstring as a query parameter or part of an xml request payload. A chartstring is comprised of seven separate codes combined into a single string in any of three ways:

Delimited with dashes: 1-55221-19900-26412-44-EEMSIN-ELJLV Delimited with...

Trailing slash included before query parameters

Some API endpoints can take both path and query parameters. (Path parameters can be thought of as "equals" criteria and query parameters as filtering criteria.) Including the separators for both kinds of parameter together with no path parameter between them (e.g. "/?") is confusing and should not be done.


A path parameter follows immediately after the resource it refers to separated by a forward slash ("/"). For example, in "https://gateway.api.berkeley.edu/hr/v3/employees/10146454" "employees" is the resource and "10146454" is the employee-id path...

API gateway unreachable from RFC1918 networks

When accessing the new API Gateway, hosts that use RFC1918 IP addresses on the campus network–and do not have Internet connectivity–will receive connection errors (e.g., "Could not resolve host", "Host[name]|Server not found", "ConnectionError", "SocketError: Failed to open TCP connection", "UnknownHostException", "ENOTFOUND").


The new API Gateway is no longer hosted on campus and API calls require connectivity to the global Internet. Some networks on campus use ...

Why does a request that works on the deprecated gateway return an error on the new one?

When I send identical requests to the deprecated gateway and to the new one, I get the expected "200 Success" response from the old one but "403 Forbidden" from the new one. What has changed?

While there are a number of subtle differences between the gateways that may result in different responses to identical requests, the most likely cause for unexpected error responses is the increased coverage and precision of AWS' Web Application Firewall (WAFV2). We've dialed back some of its restrictions to allow for a less troublesome transition, but it effectively enforces best practices that we all should already be following, so you may see some gotchas.


This Time We Really Mean It! (11/11/22)

Key Facts: This time we really mean it You need to secure your API credential secrets A proxy for use with private networks is coming

countdown from 6 to 1

This time we really mean it

The deadline for changing all of your applications to make API calls through the new gateway (...

Quantum Leap in Applications Switched (10/14/22)

Key Facts: We've measured a "quantum leap" in applications using the new gateway No new bugs or workarounds this week

simple diagram showing how an electron makes a quantum leap

Since our last update, the number pf applications fully using the new gateway has shot up to 36%! And more and more of you seem to have successfully completed testing too–of...

How do I start using the new API gateway?

I want to change my application code to send API requests through the new service gateway. What do I have to change?

All you have to do is change the domain part of any API requests your application makes from "apis.berkeley.edu" to "gateway.api.berkeley.edu" For example, the request "GET https://apis.berkeley.edu/sis/v2/students/61889?id-type=campus-uid" should be changed to "GET https://gateway.api.berkeley.edu/sis/v2/students/61889?id-type=campus-uid". If you've set the host domain as a constant in your application code, this should be a snap!

Be sure to make this change in your pre-production test environment first and run tests that...

API Gateway Transition: Status at the Midpoint (10/07/22)

Key Facts: Five weeks remain to switch to the new API gateway and secure your credentials. We've discovered and squashed several bugs. We want (and need) your feedback. Blue pill or Red pill?

It's been a busy two months since we officially released the new developer portal and API service gateway. A good number of you all have at least dipped your toe in...