Developer Features in 20R3

We are pleased to bring you the following additions and enhancements to Developer Portal features in 20R3. REST API features added in 20R3 only affect API v20.3, unless otherwise noted.

Service Announcements

Veeva Vault TLS Cipher Suite Changes

Beginning with the 20R3 release, we will be modifying the set of TLS cipher suites supported by Vault servers, removing weak ciphers and changing the priority order to utilize stronger ciphers. These changes may affect some custom integrations, but not users accessing Vault with a supported browser.

NOTE: Changes begin rolling out for Limited Release users with version 20R2.2.

All customers with affected integrations will be contacted directly by Veeva Services prior to any changes so that they can test their integrations. Testing can be performed on a limited release sandbox beginning with the 20R2.2 release (August 21, 2020).

Learn more about Veeva Vault cipher suite changes.

As part of efforts to reduce release window downtime, we recommend all Veeva customers update their DNS caching so that integrations don’t cache the DNS forever. We recommend that you configure the DNS TTL value to no more than 60 seconds. This ensures that when a Vault resource IP address changes, your integration will be able to receive and use the new IP address by re-querying the DNS.

Learn more about integration DNS caching changes.

SAML/Spark Certificate Rollover

Vault is scheduled to roll over the signing certificate used to sign SAML Single Sign-on requests and Spark Messaging connections. There is no expected downtime. The new certificate has been published and can be downloaded from here. Your IT organization needs to ensure that the new certificate is configured on your Enterprise Identity Provider system prior to the Initial Certificate Rollover event. You also need to ensure that your Spark integrations don’t cache the certificate and are able to pick up the new certificate immediately after the rollover.

Learn more about the SAML/Spark certificate rollover on Veeva Trust.

Re-Enable Large Size Asset Inbox Folder Triggers

In the 20R2.2 release, we disabled the automatic processing of files uploaded directly to the Inbox folder on the file staging server and introduced the ability to upload Large Size Asset renditions using the Vault REST API’s Add Multiple Document Renditions endpoint. With this release, we are re-enabling the automatic processing of files placed in the staging server’s Inbox folder. Note that we strongly recommend using the new process of uploading to the file staging server, either through FTP or the new File Staging API, and then using the Add Multiple Document Renditions endpoint to import large files into Vault. This process is more effective and does not require users to rename files after importing them.


Release Date: October 16, 2020

We are pleased to bring you the following additions and enhancements to Developer Portal features in 20R3. REST API features added in 20R3 only affect API v20.3, unless otherwise noted.

REST API v20.3

File Staging API

With this feature, Vault adds a new REST API which allows you to manage files on the Vault file staging server. Until now, the only way to manage the files on the file staging server was through FTPS protocol. Because this API interfaces with the same file staging area, and has more features then what is exposed through the FTPS, customers may consider using this API instead of the FTPS.

View these endpoints in the v20.3 API Reference.

Increase Batch Size for High Volume Objects

The maximum batch size for High Volume Objects for bulk operations in the API and SDK is increasing to 2000 records.


Describe No Longer Returns Deleted Document Fields

Vault no longer returns deleted document fields in VQL queries, or when retrieving document field metadata or component records through MDL.

Vault Java SDK

PicklistService: Retrieve Labels in User’s Language

Previously, PicklistService could only retrieve labels in the vault’s base language. In this release, we’ve added new methods to the Vault Java SDK which allows retrieval of picklist labels in the user’s language. This enhancement allows your integrations to deliver a more localized experience to your users.


Release Date: September 25, 2020

We are pleased to bring you the following additions and enhancements to Developer Portal features in 20R2.3. REST API features added in 20R2.3 only affect API v20.3, unless otherwise noted.

REST API v20.3

Site Connect: Safety Distribution

This new Site Connect API allows Sponsors and CROs to send Safety reports and letters to Sites using SiteVault.

POST /api/{version}/cdxdocsend/sendSafetyDistribution

View this endpoint in the v20.3 API reference.

Standard Metrics Job to Update Global Content Type from ‘Not Specified’ to Mapped Value

This feature allows Vault Owners to run a new asynchronous job called Standard Metrics GCT Mapping Document Update with a new public API. This job will run automatically with the 20R2.3 release and updates any documents whose Global Content Type is 'Not Specified’ to a mapped Global Content Type value. If no mapped Global Content Type value is configured or inherited from the parent document type, Vault does not update the document. This job does not update archived documents.

POST /api/{version}/standardMetrics/createDocumentUpdateJob

Learn more in the v20.3 API Reference.

We now support Event Actions on the Create Draft action for CrossLink documents.

POST /api/{version}/objects/documents/{doc_id}

Audit Action Security

When admins use Vault’s full audit export API, they now only need access to the relevant audit logs in order to download CSVs. Prior to this release, admins needed access to all admin logs in order to download the CSVs.

The full audit export API is the following endpoint:

GET /api/{version}/audittrail/{audit_trail_type}

When used with the all_dates parameter.

Support Upsert with Object Types

This feature changes the default behavior for the bulk object upsert API starting in v20.3. By default, the API now ignores values given for the Object Type field and parent object fields if the record already exists and the value has not changed. In previous versions, such operations failed because these field types become read-only after record creation.

Learn more in the v20.3 API Reference.

Keep Session Alive During Long API Requests

This feature enhances the Vault API framework to ensure that as long as an API request is active, the session that made that API call will continue to be valid until the request finishes executing.

Generate Outbound Package from Vault Compare

This feature enhances the Vault Comparison feature to optionally generate Outbound Packages based on the differences found in the comparison report. Each Outbound Package in the generated sequence can contain up to 200 components. The Summary and Description fields of each Outbound Package include information on the contents of the package as well as vaults the comparison was based on.

A new optional body parameter, generate_outbound_packages has been added to the Vault Compare API and generates Outbound Packages when set to true. If omitted, the default value is false.

Learn more in the v20.3 API Reference.

High Volume Object (HVO)

This feature adds a new, alternative, data store for Vault Objects which is optimized for large or frequent transactions. The new data store delivers very fast write performance, but has a narrower feature set than standard Vault Objects and requires technical knowledge to configure optimally. For this reason, it is recommended to thoroughly read and understand the documentation on High Volume Objects before using this data store.

Some MDL execute requests against HVO object may require the new asynchronous endpoint.

FTP Staging Permission Name Update

This release renames the Application: FTP Staging permission label to Application: File Staging.

Learn more in the v20.3 API Docs.

Vault Java SDK

Integration Query Object Rules

The Spark framework requires that integrations are processed through a Vault Java SDK Spark message processor. To support all aspects of the filtering capabilities of query object rules, we’ve added a few new interfaces to the Vault Java SDK to get and resolve query object rules, as well as replace tokens.

The Filter Clause used to define your query object rules are written with Criteria VQL.


Release Date: August 21, 2020

REST API v20.3

REST API features added in 20R3 only affect API v20.3, unless otherwise noted.

Match Documents to EDL Item API

This feature allows API users to match specific document versions to, and remove manually matched documents from, EDL items via the Vault REST API. You must have a security profile that grants Application: EDL Matching: Edit Document Matches permission, and EDL Matched Document APIs must be enabled in your Vault.

POST /api/{version}/objects/edl_matched_documents/batch/actions/add

POST /api/{version}/objects/edl_matched_documents/batch/actions/remove

View these endpoints in the v20.3 API reference.

Bulk Active Workflow Actions: Cancel & Reassign Tasks

This feature allows bulk cancellation and reassignment of workflow tasks by users with appropriate permissions. These new actions work for document, multi-document, and object workflows.

API users can cancel all tasks assigned to a user by providing user IDs for task owners, or cancel all instances of a specific task by providing task IDs.

API users can reassign tasks by providing the user ID of the current task assignee and user ID of the new task assignee. We will fetch all the tasks assigned to the current user and reassign them to the new User.

Learn more in the v20.3 API Reference.

New API Parameter for Adding Large Size Asset Renditions

As of 20R2.2, Vault will no longer automatically process files placed in the FTP Inbox. Users will instead upload files to any folder on the FTP, and then use the Vault REST API to upload renditions to the correct document. This feature also adds the new largeSizeAsset query parameter to the Add Multiple Document Renditions endpoint, allowing users to add Large Size Asset type renditions with Document Migration Mode limitations even if the user does not have Document Migration permission.

POST /api/{version}/objects/documents/renditions/batch?largeSizeAsset=true

It should be noted that when Large Size Asset renditions are added the MIME type will be guessed according to the file extension, until the file is fully processed. Similarly, the MD5 checksum will be set to Pending until the checksum has been asynchronously calculated.

If the CSV contains any rendition type other than Large Size Asset, the API call will fail.

Learn more about Uploading Renditions and Creating Staged Documents in Vault Help.

Support Archived Documents in Document Export

As of API v20.3, API users with the View Archive permission can now export archived documents with the existing export document APIs:

POST /api/{version}/objects/documents/batch/actions/fileextract

POST /api/{version}/objects/documents/versions/batch/actions/fileextract

Managing Sandbox Allowances

This feature enables Vault Admins and developers to manage sandbox allowances across all their sandboxes through a newly introduced API endpoint. The Retrieve Sandboxes endpoint now provides information about not only sandboxes created from the logged-in vault, but also any clone created from another sandbox. A new endpoint to retrieve additional sandbox details by vault ID is also introduced with this feature.

Learn more about setting sandbox entitlements and retrieving sandbox details by ID.

Vault Configuration Report API Enhancement

This feature introduces an optional body parameter, include_doc_binder_templates, to the Vault Configuration Report endpoint. When set to false, the configuration report excludes document and binder templates. If omitted, the default value is true.

Vault Loader Bulk Remove Users from Document Roles

This feature adds support for bulk removal of users from document roles to the Vault Loader Command Line Tool (CLI) as well as the Multi-File Load REST API.

OAuth Profiles: Enable Azure as a Standalone Authorization Server Type

This feature splits the Authorization Server Type configuration or ADFS / Azure AD on OAuth / OpenID Connect Profiles into two separate options: (1) ADFS, and (2) Azure AD. By default, all current configurations which have the Authorization Server Type set to ADFS / Azure AD, will receive a value of ADFS after this release.

The Authorization Server Type setting manifests itself in the response to the Authentication Type Discovery API, in the field oauthProviderType. The Azure AD option will be exposed as Azure.



In VQL v20.3+, we’ve introduced four new operators:

Learn more about these new clauses in the VQL reference.

Pagination for Relationships and matched_documents Query Targets

This feature enhances pagination in VQL when querying relationships and matched_documents query targets. The response will include the standard pagination mechanism using the next_page and previous_page URLs when the result set is larger than what can fit on a single response page.

Learn more about paginating results in VQL.

Vault Java SDK

Spark Field Rule Field Default Additional Data Type Support

Spark Field Rules for mapping fields now supports Number, Boolean, Date, Datetime, and Picklist (single and multiple) in the field defaults, supplementing the existing string and array data types. If the format is correctly entered, a field default can be persisted to a target object field of these data types.

SDK Job Administration

This feature enables Vault Admins to manage SDK Jobs through the new SDK Job Metadata UI (Admin > Operations > SDK Job Metadata), in addition to management via MDL commands.Learn more about administering SDK job metadata in Vault Help.