Service Announcements: The following upcoming changes affect all versions of the API.

[X]

Developer Features in 17R3

Release Date: December 8, 2017

We are pleased to bring you the following additions and enhancements to Developer Portal features in 17R3. Refer to Vault Release Notes for additional information about the 17R3 release. View the “API & VQL” category of the Fixed Issues list for Developer Feature fixes in this release. Note that API issues are fixed for the current version only (17.3) unless otherwise noted.

Removal of Weaker TLS Ciphers

Beginning in 18R1, we will remove support for 1024 bit Diffie-Hellman ciphers and TLS v1.0, and will only support Elliptic Curve and TLS v1.2. To ensure your integrations continue working with Vault API, you must ensure that the technology you use to build and run integrations support strong ciphers.

REST API v17.3

Object Actions

With this release, your organization can work with Veeva Services to define actions for one or more objects allowing users to perform actions on those object records. With the introduction of object actions, we’re updating our existing object user action endpoints to include object actions. To differentiate object actions from lifecycle actions, object actions will have the Objectaction prefix, for example, Objectaction.monitoring_event__v.copy_record__v. Additionally, lifecycle user actions will now use the Objectlifecyclesateuseraction prefix. The modified endpoints include:

This new endpoint allows Admins to initiate a user action on a batch of object records. Users can initiate both lifecycle user actions and the new object actions described above.

Version-Specific Attachments

With the introduction of version-specific attachments, we’re adding new endpoints to manage version-specific attachments through the API. The new API endpoints include:

Document Export API

API users now have access to the same functionality as Vault Loader via the new Document Export API. Users can query a set of documents (for example, all documents related to a given study) and pass the list of document IDs to the API for export to the FTP staging site. Users have the option to export all versions, or only the latest version of a document.

The following artifacts are supported:

Vault Configuration Report API

This new endpoint allows users with the Vault Configuration Report permission to generate an Excel report containing configuration information of a Vault. Using query parameters, you can choose to include inactive components or only include components modified since a specified date. As of v17.3, this endpoint reports on component configuration only.

Audit API

All Vault audit trail and audit log data is now accessible through the REST API. This release, we’ve introduced three new endpoints:

Retrieve Video Annotations API

This new endpoint allows Admins to retrieve data for all annotations that exist in a video document. The response includes the following for each annotation:

Domain Information API

In v17.3, the Domain Information API response includes the vault_family__v field. This field contains information about the application family each vault belongs to, such as Commercial, Clinical Operations, Regulatory, or Quality.

New Query Parameters for /users

The following user endpoints have two new query parameters:

New Query Parameters:

These parameters allow you to exclude vault_membership and app_licensing fields from the response, which can dramatically increase performance if you do not need this information. These parameters are false by default in v17.3 and below.

Deprecated Workflows Field: task_reason_code__v

As of v17.3, the Workflows API will no longer expose the task_reason_code__v field. Because this field is not queryable with VQL, it provides low value and clutters response data. Prior versions of the API will continue to expose this field.

Vault Query Language (VQL)

VQL Query Describe

Previously, VQL users needed to understand the shape of the query response data in order to process it. To do this, the developer had to either first call one or more metadata APIs to inspect the object or document metadata, or hard-code this understanding of the metadata based on visual inspection of the Vault configuration.

This feature enhances VQL to return metadata which describes the shape of the response data, so developers can easily process the response without the need for additional API calls. Learn more in the VQL Reference.

VQL Record Properties

With the introduction of Atomic Security, the permissions and set of available actions may now differ for each record and user. The VQL Record Properties feature enables programs using the API to understand the dynamic properties of each record in a result set.

Understanding permissions, actions, and other properties of a record allows a client application to present the correct behavior to the end user. For example, the application is able to hide fields or make fields read-only to enhance usability.

This feature enhances VQL to provide the required programmatic interfaces to external application developers. Developers can now “describe a row” of object data and build applications that respond to the dynamic security model of Vault.

Queries without ORDER BY

Previously, the order in which results are displayed was variable. For example, a user could call the same query twice and see the same results displayed in a different order. To enforce a specific order, users needed to use the ORDER BY operator.

Starting in 17R3.0, for all versions of VQL, queries without ORDER BY now return results in a predictable default order, by relevance and internal ID.

OAuth2.0/OpenID Connect

Vault is adding limited support for OAuth 2.0 / OpenID Connect authorization frameworks. With this feature, customers can build applications that can use OAuth 2.0 / OpenID Connect infrastructure to authenticate to Vault API. View these endpoints in the V17.3 API Reference.

In 17R3, we are only certifying the support for OAuth 2.0/OpenID Connect with PingFederate Authorization Servers.

Honor OAuth2.0/OpenID Connect Tokens

The Vault API now accepts OAuth2.0/OpenID Connect tokens, acquired through pre-configured Authorization Servers, for authorizing access to protected Vault APIs.

Discover User’s Authentication Type

In this release, we’ve added a new API that allows external applications to discover the authentication type of a user. This Authentication Discovery API will help developers build applications which could dynamically adjust the the login requirements per user, and support either username/password or OAuth2.0/OpenID Connect authentication schemes.

Register OAuth2/OIDC Authorization Server Metadata

To enable external applications to discover and configure the login requirements and authentication flows for Vault OAuth2.0/OpenID Connect users, they need to obtain the remote authorization server metadata. This feature allows the configuration of remote authorization server metadata so that external applications can discover and download it.

Notable Developer Portal Fixes

View the “API & VQL” category of the Fixed Issues list for Developer Feature fixes in this release. Note that API issues are fixed for the current version only unless otherwise noted.