We’re excited to share a comprehensive roundup of the latest enhancements delivered in IBM DataPower Gateway 10.6.6!

This release brings significant security advancements, expanded integration capabilities, and improved observability—empowering organizations to optimize API and application workloads with greater resilience, flexibility, and performance.

Here’s a breakdown of the standout features and why they matter:

Future-Proof Security for a Post-Quantum World

Cybersecurity is entering a new era, and IBM DataPower is leading the way. Building on our recent quantum-safe innovations like ML-KEM key encapsulation (introduced earlier this year, see Introducing Post-Quantum Cryptography (PQC) in DataPower Gateway), version 10.6.6 adds support for ML-DSA digital signatures—a NIST-standardized algorithm designed to withstand future quantum attacks.

With ML-KEM securing key exchange and ML-DSA ensuring data integrity and authenticity, DataPower now offers a comprehensive quantum-safe foundation for your APIs and transactions. These capabilities help you protect sensitive data today while preparing for tomorrow’s threats—without sacrificing performance or compliance.

What is ML-DSA? ML-DSA (Module-Lattice-Based Digital Signature Algorithm) is a, standardized (NIST FIPS 204), quantum-resistant digital signature scheme for data authentication, integrity, and non-repudiation in a post-quantum world. It is based on lattice cryptography, which is considered one of the most promising approaches for post-quantum security.

ML-DSA keys come in different security levels:

• ML-DSA-44: NIST Level 2, ~128-bit security
• ML-DSA-65: NIST Level 3, ~196-bit security
• ML-DSA-87: NIST Level 4, ~256-bit security. 

These levels allow organizations to choose the right balance between performance and security based on their compliance and risk requirements.

In IBM DataPower 10.6.6, ML-DSA keys can be used in:

• dp:sign-binary(): Generates a digital signature for binary data using ML-DSA keys.
• dp:verify-binary(): Verifies the digital signature against the original data using ML-DSA keys.

You can choose from NIST-approved security levels (128-bit, 196-bit, or 256-bit) to ensure your digital signatures remain resilient against quantum computing advances. This means your sensitive transactions and data stay secure—now and in the future.

Enhanced Observability for Faster Insights

Managing and monitoring complex environments can be challenging without centralized visibility. DataPower 10.6.6 makes observability easier and more scalable with two key enhancements:

Centralized, Real-Time Logging with Kafka

Logging is now more scalable and integrated. With support for Kafka log targets, you can stream logs directly to a Kafka cluster for real-time analysis and centralized observability. This enables faster troubleshooting, better insights into system behavior, and improved integration with enterprise monitoring pipelines.

Streamlined Information Gathering Across Services

Managing observability across multiple services often requires complex, repetitive configurations. With policy injections in DataPower 10.6.6, you can now gather information from every service in a domain and forward it to your observability platform—without modifying individual processing rules. By defining policy injections, teams can automatically apply GatewayScript or XSLT-based processing before or after specific actions across all rules in a domain.

Improved Connectivity and Integration for Modern Architectures

DataPower 10.6.6 introduces powerful enhancements to help you integrate seamlessly with modern, event-driven and microservices-based environments. With Avro schema validation for Kafka messages, you can ensure data integrity and consistency across your messaging pipelines. At the same time, gRPC bridging support enables you to connect backend gRPC services with familiar REST and SOAP APIs, simplifying protocol conversion and accelerating microservices adoption.

Validate Kafka Messages with Avro Schemas

In DataPower 10.6.6, we’ve introduced Avro schema validation for Kafka messages—giving you more control and confidence when integrating with event-driven architectures. Avro provides a compact, fast, and efficient serialization format, enabling seamless integration with modern data pipelines and messaging systems.

With this enhancement, you can now:

• Ensure data integrity by validating messages on both request and response topics against Avro schema files.
• Reduce integration errors by catching schema mismatches early, before they impact downstream services.
• Simplify compliance and governance by enforcing consistent message formats across your Kafka ecosystem.

When configuring a Kafka handler, you can specify Avro schemas stored in the local: directory for both incoming requests and outgoing responses. This means:

• For request topics, DataPower validates incoming client messages before processing, ensuring they meet your expected structure. If the message conforms to the schema, it proceeds to processing. If not, DataPower can reject or log the error, preventing malformed data from entering your system.
• For response topics, DataPower validates outgoing messages, so you deliver clean, schema-compliant data.

This feature helps you build robust, predictable integrations with Kafka, reducing operational risk and improving overall data quality. Essentially, schema validation acts as a gatekeeper, ensuring that every message adheres to your defined standards, which is critical for reliable, predictable integrations in event-driven architectures.

gRPC Bridging Support

DataPower Gateway is renowned for its protocol bridging capabilities, seamlessly modernizing apps and connecting to diverse back-ends. However, until now, gRPC services were an exception. We've listened to your feedback, and we're thrilled to introduce gRPC bridging, a feature that allows the exposure of existing gRPC services as REST JSON APIs or SOAP WebServices. This enhancement further fortifies our multi-protocol gateway, reinforcing DataPower's position as a premier application integration and security gateway.

What is gRPC? gRPC is a high-performance, open-source Remote Procedure Call (RPC) framework that leverages HTTP/2 and Protocol Buffers for efficient, strongly typed communication. It's widely adopted for microservices due to its speed and reliability.

In IBM DataPower 10.6.6, you can utilize the dp:url-open element to establish a connection to a remote gRPC server.

• ·       Expose gRPC services as REST or SOAP APIs: Developers can now convert REST JSON or SOAP requests into gRPC calls—and vice versa—using DataPower. This makes it easy to provide a unified interface for external clients while leveraging the efficiency of gRPC behind the scenes.
• ·       Leverage .proto for automation: Use the gRPC service’s .proto file to automatically handle JSON-to-gRPC conversions, ensuring accurate and efficient communication.

For more information, please refer to the following resources:

• For the dp:url-open element, see url-open, gRPC.
• For the gRPC instance, see Configuring gRPC connections to remote gRPC servers.

This feature empowers you to modernize your architecture without disrupting existing integrations. It combines the strengths of both worlds: high-performance gRPC for microservices and standard APIs for external clients. By bridging these two technologies, DataPower Gateway continues to provide a robust, secure, and efficient solution for your application integration needs.

Enhanced Cryptography and Backup Options

DataPower 10.6.6 strengthens security and resilience with enhanced cryptographic features and flexible backup options. Key updates include:

• SafeNet Luna Upgrade: Network HSM client upgraded to version 10.9 for stronger hardware security.
• GatewayScript Enhancements: Support for Base64 and Hex encoding, plus updated APIs like cipher.update(), decipher.final(), sign.update(), and verify.update().
• PKCS #7 Support: New APIs to encrypt, decrypt, sign, and verify PKCS #7 documents.
• XSLT Crypto Extensions: Digital signatures with dp:sign-binary() and dp:verify-binary(), AES-GCM algorithms (aes128-gcm, aes196-gcm, aes256-gcm), and binary block operations.
• Secure Backup via SFTP: Backup and restore operations now support the SFTP protocol for added security.

These updates deliver stronger protection for sensitive data, simplify cryptographic workflows, and ensure compliance with modern security standards.

Better OAuth Visibility

Managing OAuth tokens just got easier. DataPower 10.6.6 introduces new status providers that give you full visibility into the API OAuth cache and its contents, helping you maintain security and streamline operations.

• ·       API OAuth Cache Key Status: View detailed information about individual OAuth keys stored in the cache. From this interface, you can also delete specific keys when needed.
• ·       API OAuth Cache Key Summary: Get a high-level view of all keys in the token store and clear the entire cache in one step for efficient cleanup.
• ·       Stale Key Cleanup: In rare cases where stale user security keys remain in the cache, you can schedule their removal using the global gateway-peering-user-security-cleanup command.

These enhancements improve security compliance, reduce operational risk, and make token management more transparent.

Learn more, and take your next steps

We hope this release reflects our DataPower team's commitment to continuous innovation and empowers your organization to stay secure, agile, and ready for the future.

Ready to explore these features?  As always, there is (much) more and you can see the full list / details of what's new in our product documentation.