Developer Features in 22R1

We are pleased to bring you the following additions and enhancements to Developer Portal features in 22R1. REST API features added in 22R1 only affect API v22.1, unless otherwise noted.

Service Announcements

Changes to FTPS Cipher Suite

Release Dates:

In this release, Vault will no longer support TLS1.0 and TLS1.1. These changes may affect custom integrations, but Vault UI users will not be affected.

Learn more about cipher suite changes.

SAML/Spark Certificate Rollover

Release Dates:

Vault is scheduled to rollover the signing certificate used to sign SAML Single Sign-on requests and Spark messaging connections. There is no expected downtime.

Your IT organization must ensure that the new certificate is configured on your Enterprise Identity Provider system prior to the New Certificate Rollover Event on April 29, 2022. Please ensure that your Spark messaging integrations do not cache the old certificate. Failure to utilize the new certificate by this date may cause login issues for SAML users, and Spark messaging integrations may fail.

Learn more about the action required for the certificate rollover process in Vault Help.

Global Changes

Jobs: Disable Session ID Token in External URL Call Configuration

Release Date: 21R3.5; March 4, 2022

Session ID tokens in the external URL call job configuration are no longer supported and will not work in this release. Please update your job configuration to use the Post Session Credentials via Form Data with Key “” option.

Learn more about sending session IDs with Post Message.

High Volume Object Multi-Value Picklist Field

Release Date: 21R3.4; February 11, 2022

This feature provides support for the multi-value picklist field in high volume objects. You can create up to two (2) multi-value picklist fields per high volume object.

User Role Object Moving to HVO

Release Date: 21R3.2; December 10, 2021

The User Role system object (user_role__sys), which is used to store user role assignments, is moving to high volume to deliver increased performance and scalability. The data_store attribute for this object has been set to high_volume.

REST API v22.1

New Endpoints

Page Layout API

Release Date: 21R3.4; February 11, 2022

The new Page Layout API endpoint provides the page layout metadata for a specific user. The authenticated user’s permissions are considered, so fields which are hidden from the authenticated user will not be included in the API response. For example, field-level security and other object-level permissions. Record-level permissions such as atomic security are not considered. Developers can retrieve a specific page layout or all page layouts for a given object.

GET /api/{version}/metadata/vobjects/{object_name}/page_layouts

GET /api/{version}/metadata/vobjects/{object_name}/page_layouts/{layout_name}

View these endpoints in the v22.1 API Reference.

Existing Endpoints

OAuth 2.0/OpenID Connect profiles: Preferred Microsoft Authentication Library (ADFS)

Release Date: 22R1.0; March 4, 2022

In OAuth 2.0/OpenID Connect profiles, a Vault domain administrator can set a preferred authentication library when selecting ADFS as an Authorization Server provider. The available preferred providers are MSAL or ADAL. At runtime, Vault File Manager uses the preferred provider setting to load the appropriate authentication library. Learn more about Vault File Manager in Vault Help.

In addition, the Authentication Type Discovery REST API endpoint displays this additional information in the returned payload.

SDK Performance Headers in Vault REST API

Release Date: 21R3.4; February 11, 2022

The Vault REST API now includes metrics in the response header that allow developers to inspect Vault Java SDK performance during API execution. These SDK performance metrics are also included in the API Usage Log available in the Vault UI. Developers can measure the number of SDK entry-points executed, total CPU and elapsed time, and gross memory used.

Additionally, the transaction_id column in the API Usage Log has been renamed to execution_id to match the API headers. The column name change applies to logs downloaded from the Vault UI and via API using v22.1+.

Learn more about Vault Java SDK Performance Headers.

Migration Mode with Relaxed Validation Rules

Release Date: 21R3.2; December 10, 2021

In API v22.1+, Vault bypasses validation rules and reference constraints when creating records via the existing Create Object Records endpoint if the X-VaultAPI-MigrationMode header is set to true. The header continues to allow record creation in any lifecycle state.

With this change, the audit trail will now append “in migration mode” in the event_description. For example, if the previous description was “Vehicle : VEH-000007 created”, the new description is “Vehicle : VEH-000007 created in migration mode”.

Reclassify Migration Mode API Header Support

Release Date: 21R3.2; December 10, 2021

In API v22.1+, we’ve added X-VaultAPI-MigrationMode API header support for single document reclassification. This allows developers to change the setting of the status__v parameter if there is a change in document lifecycle or document type hierarchy (type__v, subtype__v, and classification__v).

Additionally, developers can set the document_number__v parameter when reclassifying documents which will override the existing document number. To override the existing document number, the existing document type, subtype, classification, or lifecycle must be modified.

The authenticated user must have the Document Migration permission to use the X-VaultAPI-MigrationMode header.

Document Type Metadata Always Includes Document Fields

Release Date: 21R3.2; December 10, 2021

In API v22.1+, the document type and subtype metadata endpoints to always include document fields regardless of the document type hierarchy (type__v, subtype__v, and classification__v). Previously, document field metadata was only included when the document type did not have any child subtypes or classifications.

Enhanced Bulk Document Update: Validation Behavior Changes

Release Date: 21R3.4; February 11, 2022

In API v22.1+, we have refactored the Update Documents endpoints and made changes to document validation. These endpoints now return an INVALID_DATA error when a user attempts to update a read-only field on a document. In versions prior to v22.1, attempts to update read-only fields are silently ignored.

Vault Loader

Return Updated Roles in Success Log

Release Date: 21R3.4; February 11, 2022

With this release, when updating document roles using Vault Loader, the success log now contains the updated role IDs.

Log Skipped Lines in Failure Log

Release Date: 21R3.4; February 11, 2022

With this release, Vault Loader failure logs now include any input CSV lines that were skipped due to errors.

Disabling Workflow System Objects from Load or Extract Requests

Release Date: 21R3.4; February 11, 2022

With this release, the envelope__sys and envelope_content__sys system objects are no longer available for load or extract using Vault Loader. These objects drive the behavior of Vault workflows, and excluding them from Vault Loader ensures data integrity within these objects.

Updating User & Group Role Assignments on Object Records

Release Date: 21R3.2; December 10, 2021

The Vault Loader CLI and API now provide the ability to assign and remove users and groups from object record roles for objects that have custom and matching sharing rules enabled.

Application-Specific Endpoints

SiteVault: Send eConsent Forms in Bulk

Release Date: 21R3.5; March 4, 2022

This feature adds two new SiteVault-specific endpoints that enable API users to send eConsent forms to participants in bulk:

View these endpoints in the v22.1 API Reference.

Vault Safety: Bulk Narrative Import and Status Check

Release Date: 21R3.2; December 16, 2021

Two new Vault Safety API endpoints are available to import multiple case narrative documents and translations in one operation. This is to improve case migration performance in Vault Safety.

The following endpoint imports narratives in bulk:

POST /api/{version}/app/safety/import-narrative/batch/

The following endpoint checks the status of the bulk import operation:

POST /api/{version}/app/safety/import-narrative/batch/{importId}

View these endpoints in the v22.1 API Reference.

Vault Java SDK

Vault Tokens

Release Date: 21R3.4; February 11, 2022

This feature introduces a new component type, Vaulttoken, and adds system-provided Vault tokens for Name, ID, and DNS to all Vaults. In addition to these, Vault Admins with the new Vault Tokens: Create permission can configure up to ten (10) Vault-wide tokens using MDL. Using Vault Java SDK, developers can reference Vault tokens and Custom tokens in HTTP Callout and the Spark message framework. Additionally, developers can resolve Custom token values using the new TokenService.

Vault also includes the following system-provided Vault tokens that developers can use to reference Vault information:

Learn more about Vault tokens.

Connection Tokens

Release Date: 21R3.4; February 11, 2022

Vault Admins can now configure the URL for external connections to use Vault tokens and Custom tokens that will be resolved at runtime. Connection records that include tokens are not cleared during Sandbox creation or VPK Import.

Learn more about Connection tokens.

Bulk Actions on Record Actions

Release Date: 21R3.4; February 11, 2022

This feature adds the USER_BULK_ACTION usage. Annotating a RecordAction with USER_BULK_ACTION makes the action available to users in Vault’s bulk actions interface. A @RecordActionInfoannotation cannot contain both the USER_ACTION usage and the USER_BULK_ACTION usage.

Learn more about record actions.

Query Builder for Vault Java SDK

Release Date: 21R3.4; February 11, 2022

This feature provides new interfaces that allow developers to create a VQL query using a standard builder pattern and define onSuccess and onError handlers for Query Requests. Query Builder exposes supported VQL clauses, operators, and functions. Additionally, developers can use QueryService to validate queries and get query counts without the overhead of full query execution.

The following interface and methods have been deprecated and are discouraged from use:

Learn more in the Javadocs.

SDK Runtime Logs

Release Date: 21R3.4; February 11, 2022

This feature provides Vault Admins and developers runtime logging for SDK requests. Daily logs are available via the Vault UI and Vault REST API, and log entries include SDK exceptions and custom code usages of LogService.

Vault Admins can configure the current log level as:

SDK runtime log entries are available 15 minutes after the request has completed and can be accessed for 30 days. Logging is limited to 10KB for Exceptions and 40KB for LogService entries.

Learn more about the Vault Java SDK runtime log.

Object and Document Field Types for Integration Field Rules

Release Date: 21R3.4; February 11, 2022

This feature allows Vault Admins to configure the field type for an object or document query field when creating field rules within Spark messaging integration rules. Additionally, developers can access this value in Vault Java SDK and use the value to create callback VQL queries with the necessary VQL functions such as LONGTEXT(), RICHTEXT(), and TONAME().

Learn more about integration field rules.

Enhancements to Reference Lookups

Release Date: 21R3.4; February 11, 2022

With this feature, we’ve introduced a new ReferenceLookupType, Generic, which enables Administrators to configure lookups for mismatched data types. Additionally, the new Generic option provides support for any-to-any mapping for all single-value fields which were previously unsupported, such as Boolean. Multi-value fields such as multi-value picklists are not supported.

Learn more about generic reference lookups.


Field Centric Strict Matching

Release Date: 21R3.4; February 11, 2022

To facilitate multi-term synonym searches, we’ve changed how searches are handled when using FIND with more than one term. This allows a search phrase such as “myocardial infarction” to be found in the thesaurus and to match other phrases such as “heart attack”.

This update makes the strict matching option more field-centric, meaning that the minimum number of required matching terms must be found in the same field. Previously, matching terms could be split between multiple fields. This change is not versioned, so strict matching now has this behavior for all FIND queries with multiple terms. Strict matching is optional and can be enabled or disabled at any time at Admin > Settings > Search Settings.

Learn more about strict matching in Vault Help.

Allow VQL on HVO with API Versions Prior to v20.3

Release Date: 21R3.2; December 10, 2021

This feature opens VQL support for high volume objects (HVO) on all versions of the Vault REST API. When using VQL with an API version prior to v20.3, HVO objects will enforce v20.3 behavior as specified in the VQL documentation.

Section Fields on Binder Nodes

Release Date: 21R3.2; December 10, 2021

This feature adds query support for section_id__sys and parent_section_id__sys in the binder_node__sys query target and allows developers to use the returned values in the related Binder Section endpoints in the Vault REST API. These new fields are only available using API v22.1+.