When attempting to create or update an API key using the modern Portal API (PAPI) endpoint POST /api-management/1.0/applications/{appUuid}/api-keys, the request fails with a ValidationException (HTTP 400 Bad Request) if the apiKey field contains an underscore character ("_").

Error Response:

{
  "error": {
    "code": "ValidationException",
    "message": {
      "lang": "en",
      "value": "The request could not be completed due to data input errors."
    },
    "detail": {
      "errorCode": "483",
      "userErrorKey": "error.validation.entity",
      "validationErrors": [
        {
          "field": "apiKey",
          "error": "Invalid character present in the field.",
          "key": "error.invalid.character.present.error"
        }
      ]
    }
  }
}

• Product: Layer7 API Developer Portal
• Versions: 5.0 through 5.4.1
• Interface: Portal API (PAPI) /api-management/ endpoints

The modern PAPI endpoints enforce a strict regex validation pattern for the apiKey field: ^[a-zA-Z0-9-]+$. This pattern allows alphanumeric characters and hyphens but does not include the underscore character. This is a functional regression from deprecated endpoints (like /Applications) which previously supported underscores.

This issue has been identified as a defect (tracked under DE674095). A fix to update the validation regex and restore support for the underscore character is scheduled for the following release:

• API Developer Portal version 5.4.2 (Planned for late June 2026)

Until the fix is available in version 5.4.2, customers are advised to use only alphanumeric characters and hyphens (-) for new API keys created via the PAPI. If underscores are strictly required for backward compatibility, please contact Broadcom Support for guidance on temporary database-level updates or manual intervention.