API changes in Ansible Automation Platform 2.7
Ansible Automation Platform 2.7 completes the migration of all API access to platform gateway. Direct API access to individual services that was deprecated in versions 2.5 and 2.6 has been removed in this release.
These changes impact your organization if you have API calls, scripts, or integrations that connect directly to automation controller, automation hub, or Event-Driven Ansible hosts. All API requests must now use platform gateway endpoints. Requests sent directly to component hosts return an HTTP 401 Unauthorized error.
This section highlights the changed APIs between 2.6 and 2.7.
General API changes
In Ansible Automation Platform 2.7, direct API access to individual platform components has been removed. All API access must go through platform gateway.
Service-specific API endpoints have been removed in Ansible Automation Platform 2.7. Direct component API access is no longer available. All API access must go through platform gateway.
| Component | 2.4 and earlier endpoints start with... | 2.5 and 2.6 endpoints start with... | 2.7 endpoints start with... |
|---|---|---|---|
| Automation controller | /api/v2/ |
/api/controller/v2/ |
Must use platform gateway: /api/controller/v2/ |
| Automation hub | /api/automation-hub |
/api/galaxy/v1 |
Must use platform gateway: /api/galaxy/v1 |
| Platform gateway | Not applicable | /api/gateway/v1/ |
/api/gateway/v1/ |
| Event-Driven Ansible | Not applicable | /api/eda/v1/ |
Must use platform gateway: /api/eda/v1/ |
In Red Hat Ansible Automation Platform 2.7, these API endpoints are only accessible through the platform gateway hostname. Direct access to component hostnames (such as controller.example.com or hub.example.com) returns an HTTP 401 Unauthorized error.
Example:
- Works in 2.7:
https://gateway.example.com/api/controller/v2/ping/ - Blocked in 2.7:
https://controller.example.com/api/v2/ping/
Specific API changes
In Red Hat Ansible Automation Platform 2.7, all API access must go through the platform gateway hostname. Direct access to component hostnames has been removed.
| Old (Ansible Automation Platform 2.6) | New (Ansible Automation Platform 2.7) | Status |
|---|---|---|
https://controller.example.com/api/v2/* |
https://gateway.example.com/api/controller/v2/* |
Required |
https://hub.example.com/api/automation-hub/* |
https://gateway.example.com/api/galaxy/* |
Required |
https://eda.example.com/api/eda/v1/* |
https://gateway.example.com/api/eda/v1/* |
Required |
Attempting to access component hostnames directly (controller.example.com, hub.example.com, eda.example.com) returns HTTP 401 Unauthorized in Red Hat Ansible Automation Platform 2.7.
Update collection versions
Older collection versions construct URLs and authentication flows that target component APIs directly. Only the latest collection versions route requests through platform gateway.
Before you begin
- You have access to your project's
requirements.ymlor execution environment definition files. - You have permissions to rebuild execution environments in your deployment.
About this task
If your automation content still targets component endpoints or uses outdated collection versions, your playbooks and integrations will fail after the upgrade.
- Upgrade all component collections to the latest versions for Ansible Automation Platform 2.7. The minimum required collection versions for Ansible Automation Platform 2.7 are as follows:
ansible.controller: 4.8.0ansible.hub: 1.0.6ansible.eda: 2.12.0ansible.platform: 2.7.0
- Update connection values in your playbooks, inventory variables, and Configuration as Code content to use platform gateway.
Procedure
Migrate playbook connection values to platform gateway
After upgrading to Ansible Automation Platform 2.7, all host, username, password, and token values in your playbooks must reference platform gateway. Connection values that target component hosts directly (such as controller.example.com or hub.example.com) cause authentication failures.
Before you begin
- Ansible Automation Platform 2.7 is deployed and accessible through the platform gateway.
- You have administrator access to platform gateway for creating credentials and tokens.
- You have updated your collections to the latest versions for Ansible Automation Platform 2.7.
Procedure
Example: Migrate a job launch playbook
The following example shows a playbook that launches a job template. The "before" version targets automation controller directly. The "after" version targets platform gateway.
- name: Launch a job template
hosts: localhost
connection: local
gather_facts: false
vars:
aap_controller_host: "https://controller.example.com"
aap_controller_username: "{{ lookup('env', 'AAP_CONTROLLER_USERNAME') }}"
aap_controller_password: "{{ lookup('env', 'AAP_CONTROLLER_PASSWORD') }}"
tasks:
- name: Launch the job
ansible.controller.job_launch:
job_template: "Deploy Application"
controller_host: "{{ aap_controller_host }}"
controller_username: "{{ aap_controller_username }}"
controller_password: "{{ aap_controller_password }}"This playbook fails after upgrading to Ansible Automation Platform 2.7 because ansible.controller can no longer authenticate directly against the controller host.
- name: Launch a job template
hosts: localhost
connection: local
gather_facts: false
vars:
aap_gateway_host: "https://gateway.example.com"
aap_gateway_username: "{{ lookup('env', 'AAP_GATEWAY_USERNAME') }}"
aap_gateway_password: "{{ lookup('env', 'AAP_GATEWAY_PASSWORD') }}"
tasks:
- name: Launch the job
ansible.controller.job_launch:
job_template: "Deploy Application"
controller_host: "{{ aap_gateway_host }}"
controller_username: "{{ aap_gateway_username }}"
controller_password: "{{ aap_gateway_password }}"The controller_host parameter now points to the platform gateway URL. The username and password are credentials created in platform gateway. The ansible.controller collection (latest version) routes the API request through platform gateway.