Release Notes — v1.0 (General Availability)

v1.0 is the first General Availability release of SOAP-2-REST by Specaria. It delivers the complete platform: traffic-driven discovery, deterministic…

Status: General Availability — inaugural release.

v1.0 is the first General Availability release of SOAP-2-REST by Specaria. It delivers the complete platform: traffic-driven discovery, deterministic full-field SOAP↔REST conversion in both directions, OpenAPI v3 generation, learned examples, and in-app observability — running entirely in your VPC.

This page is the comprehensive feature inventory for v1.0. Deep-dive documentation for each area is linked inline.

Highlights

Bidirectional conversion — Publish (REST facade over a SOAP backend) and Consume (SOAP facade over a migrated REST backend), on one runtime.
Deterministic, full-field mapping generated from the WSDL, with immutable versioned snapshots and field-level overrides.
Traffic-driven discovery with a suite of gateway/load-balancer connectors plus a generic-HTTP receiver.
OpenAPI v3 generation (Publish) and WSDL serve-back (Consume).
In-app observability — dashboards, SLO reports, searchable logs, live traffic, contract drift, and a full audit trail.
Runs in your VPC with RBAC, IAP/OIDC/SAML, encrypted backend credentials, and no public endpoint.
UTF-8 / Hebrew / RTL end to end.
Specaria-platform licensing with fail-open telemetry and fail-closed entitlement.

Conversion

Both directions on one runtime:
- Publish — REST/JSON in → SOAP out; published contract is OpenAPI v3.
- Consume — SOAP in → REST/JSON out; published contract is WSDL (served back at the consume endpoint). Outbound REST auth supports none, basic, bearer, OAuth2 client-credentials, API-key header, and mutual TLS.
Deterministic full-field mapping from WSDL/XSD across the entire request/response tree.
Versioned, immutable mappings with activate/rollback.
Field-by-field overrides via the UI.
SOAP 1.1 and SOAP 1.2 — including SOAP 1.2's application/soap+xml content type and two-level fault model; the runtime detects the version from body + content type.
WSDL message styles — document/literal (wrapped and bare) and rpc/literal.
Per-operation SOAP header injection and RPC-style envelope build/parse.
SOAP fault normalization into a deterministic REST error shape, with WSDL-declared fault detail contracts reflected in the generated OpenAPI.
Conversion options — a catalog of operator-tunable behaviors, each settable platform-wide and overridable per service / operation / field: date/time formatting, numeric handling, boolean handling, null handling, array collapsing, whitespace, binary encoding, duration, field-name casing, SOAP header propagation, response envelope shape, JSON field ordering, error/fault shape (including RFC 7807), xsi:type discriminator handling, upstream-failure status, required handling, and request/response validation modes.

→ How mapping works · Conversion options reference · SOAP & XSD support

Multi-backend & resilience

Multi-backend routing for a service, with failover and backend health checks.
Per-backend SOAP transport settings.
Configurable per-operation timeout (100 ms default) and retries (2 default) with bounded failure behavior.
30 MB synchronous payload ceiling with a clear coded rejection.

OpenAPI v3 generation

One standards-compliant OpenAPI v3 document per published (Publish-direction) service.
The emitted schema reflects your conversion preferences and validation configuration.
Per-operation fault schema emission from WSDL-declared faults.
The Consume direction publishes a WSDL rather than OpenAPI, because the consumer-facing contract there is SOAP.

→ Generate & review the OpenAPI

Discovery & onboarding

Traffic-driven discovery — services discovered from live gateway-edge traffic, with a master discovery view showing per-service 24-hour / 7-day / 1-month request counts, loaded from pre-computed aggregation tables for sub-second performance.
Consumer attribution via forwarded-header resolution (X-Client-IP / X-Forwarded-For / Forwarded).
No-code WSDL onboarding wizard — import by file, URL, or pasted XML; suggested backend endpoint, SOAP version, and auth hints inferred from the WSDL; per-operation sample payloads generated.
Zero-touch autopilot — generate a draft service, operations, and mappings in one step, with a readiness score per operation.
Re-import change detection — breaking changes, added/removed operations, per-operation deltas.
Namespace repair for broken WSDLs.
Learned examples — real request/response payloads (and headers) captured from production traffic and curated per service/operation.

→ Discovery · Onboarding

Connectors

Shipped connectors, each with management-API discovery and a traffic-ingest path:

Load balancers: F5 BIG-IP, Citrix NetScaler/ADC, HAProxy, nginx, Kemp LoadMaster, A10 Thunder ADC, Radware Alteon.
API gateways: IBM DataPower (REST management interface + HTTP log target), CA/Broadcom Layer7, Software AG/IBM webMethods, Perforce Akana, TIBCO Mashery, Oracle API Gateway.
Generic-HTTP receiver — a universal ingest endpoint with per-vendor parsers and a dead-letter queue, for any edge that emits accessible HTTP traffic logs.

Discovery/ingest mechanisms differ per vendor to match what each platform exposes. The Oracle API Gateway connector ships in v1.0; its field-shape validation is finalized with the first customer running that platform.

→ Connectors

Observability

Operations dashboard — KPI tiles, timeline charts, per-service rollups.
SLO reports with availability/latency targets and breach detection.
Searchable runtime logs keyed by correlation ID, result code, environment, service, operation.
Live traffic log with full request/response payloads and headers for drill-down.
Contract-drift detection on backend responses.
Asynchronous callback tracking — lifecycle/timing, stored-callback replay through the current response mapping, manual submission/reprocessing, and overdue detection.
Aggregation-table read path — all time-bucketed surfaces read pre-computed aggregations, never raw logs at query time.
Retention — 60 days default, configurable.

→ Observability

Security

RBAC — admin / operator / reader, resolved from IdP groups, direct in-app principal bindings, or an emergency bootstrap list.
Identity — Google IAP, Azure AD, standard SAML / OIDC.
No public endpoint — internal-only networking by default.
Encrypted backend credentials (pgcrypto), never logged or returned in plaintext.
IAM database authentication on Google Cloud.
Full audit trail with actor, role, action, and before/after state.
Correlation IDs across the request lifecycle.

→ Security

Licensing

Specaria-platform licensing — JWKS-verified RS256 license JWT, re-verified periodically, with a 14-day offline grace period before degraded (read-only) mode.
Capacity dimensions — discovered services and converted (active) services, counted over a rolling window.
Fail-open telemetry, fail-closed entitlement — a telemetry outage never disrupts traffic; an invalid/expired license disables licensed writes only after the grace period.
No PII egress — outbound telemetry is numeric counts, versions, a hashed host fingerprint, an installation ID, a customer label, and a contact email — never payloads or hostnames.

→ Licensing

Languages & localization

UTF-8 end to end (payloads, envelopes, database, generated contracts, UI).
Hebrew support including gendered forms and Hebrew regex constraints; RTL rendering.
Per-tenant timezone and locale.

→ Conversion options reference

Deployment

GCP-native — Cloud Run + Cloud SQL (PostgreSQL, IAM DB auth) + Cloud Storage + Cloud IAP.
Kubernetes / OpenShift — Helm chart.
GCP Marketplace listing.
Standalone Docker Compose stack (control plane + runtime + worker + PostgreSQL), with an automated CI smoke test.
Cloud-adapter abstraction (object store / compute provisioner / relay-VM gateway / secret store) with Google Cloud, Azure, and VMware adapters (AWS in progress) and sample Terraform environments for AWS, Azure, and a vSphere relay.

→ Installation

Performance

Engineered and load-tested for a ~1M-calls/day baseline (~12 rps sustained, ~100 rps burst), with sustained / burst / slow-backend load-test scenarios.
Sub-second dashboards across large estates via aggregation tables.

→ Operations

Known limitations / intentionally out of scope for v1.0

In line with the product's focus on the mainstream 80% of estates, the following are handled as bespoke engagements rather than in the standard v1.0 product:

RPC/encoded (SOAP encoding) messages — document/literal and rpc/literal are supported.
WS-Security message signing/encryption on the inbound SOAP-facade (Consume) path — outbound REST auth (including mTLS) is supported.
Non-HTTP transports (e.g. message queues, SFTP) — HTTP/HTTPS only.
Fully air-gapped operation — v1.0 requires outbound HTTPS to the Specaria platform for licensing and updates (a 14-day offline grace covers transient loss).
VM appliance images and first-class AWS/Azure/Oracle native ports — on the v1.1 roadmap; sample Terraform for AWS/Azure/vSphere is available today.
Additional identity providers (Okta, Keycloak, custom SAML) and dedicated connectors for modern API management platforms — on the v2 roadmap; the generic-HTTP receiver covers the latter today.

See Support lifecycle & deprecation policy for how these evolve.

Upgrading

This is the inaugural release; there is no prior GA version to upgrade from. For future upgrades, see the upgrade guide.

All Specaria SOAP to REST docs

Loading…