Vault Developer Release Notes
Filters
Application Family
Tags
We are pleased to bring you the following additions and enhancements to Developer Portal features in 22R1.
Developer Features in 22R1
Section link for Developer Features in 22R1We are pleased to bring you the following additions and enhancements to Developer Portal features in 22R1. REST API features added in 22R1 only affect API v22.1, unless otherwise noted.
Service Announcements
Section link for Service AnnouncementsChanges to FTPS Cipher Suite
Section link for Changes to FTPS Cipher SuiteRelease Dates:
- Limited Release Vaults: 21R3.2; December 10, 2021
- General Release Vaults: 22R1.0; April, 22, 2022 In this release, Vault will no longer support TLS1.0 and TLS1.1. These changes may affect custom integrations, but Vault UI users will not be affected. Learn more about cipher suite changes.
SAML/Spark Certificate Rollover
Section link for SAML/Spark Certificate RolloverRelease Dates:
- New Certificate Testing Period: March 28, 2022 6pm PDT - April 29, 2022 6pm PDT
- New Certificate Rollover Event: April 29, 2022 6pm PDT
- Support for New and Old Certificate: April 29, 2022 - May 20, 2022 6pm PDT
- Final Certificate Rollover: May 20, 2022 6pm PDT
Vault is scheduled to rollover the signing certificate used to sign SAML Single Sign-on requests and Spark messaging connections. There is no expected downtime.
Your IT organization must ensure that the new certificate is configured on your Enterprise Identity Provider system prior to the New Certificate Rollover Event on April 29, 2022. Please ensure that your Spark messaging integrations do not cache the old certificate. Failure to utilize the new certificate by this date may cause login issues for SAML users, and Spark messaging integrations may fail.
Learn more about the action required for the certificate rollover process in Vault Help
.
Global Changes
Section link for Global ChangesJobs: Disable Session ID Token in External URL Call Configuration
Section link for Jobs: Disable Session ID Token in External URL Call ConfigurationSession ID tokens in the external URL call job configuration are no longer supported and will not work in this release. Please update your job configuration to use the Post Session Credentials via Form Data with Key “Session.id” option.
Learn more about sending session IDs with Post Message.
High Volume Object Multi-Value Picklist Field
Section link for High Volume Object Multi-Value Picklist FieldThis feature provides support for the multi-value picklist field in high volume objects. You can create up to two (2) multi-value picklist fields per high volume object.
User Role Object Moving to HVO
Section link for User Role Object Moving to HVOThe User Role system object (user_role__sys), which is used to store user role assignments, is moving to high volume to deliver increased performance and scalability. The data_store attribute for this object has been set to high_volume.
REST API v22.1
Section link for REST API v22.1New Endpoints
Section link for New EndpointsPage Layout API
Section link for Page Layout APIThe new Page Layout API endpoint provides the page layout metadata for a specific user. The authenticated user’s permissions are considered, so fields which are hidden from the authenticated user will not be included in the API response. For example, field-level security and other object-level permissions. Record-level permissions such as atomic security are not considered. Developers can retrieve a specific page layout or all page layouts for a given object.
/api/{version}/metadata/vobjects/{object_name}/page_layouts/api/{version}/metadata/vobjects/{object_name}/page_layouts/{layout_name}View these endpoints in the v22.1 API Reference.
Existing Endpoints
Section link for Existing EndpointsOAuth 2.0/OpenID Connect profiles: Preferred Microsoft Authentication Library (ADFS)
Section link for OAuth 2.0/OpenID Connect profiles: Preferred Microsoft Authentication Library (ADFS)In OAuth 2.0/OpenID Connect profiles, a Vault domain administrator can set a preferred authentication library when selecting ADFS as an Authorization Server provider. The available preferred providers are MSAL or ADAL. At runtime, Vault File Manager uses the preferred provider setting to load the appropriate authentication library. Learn more about Vault File Manager in Vault Help
In addition, the Authentication Type Discovery REST API endpoint displays this additional information in the returned payload.
SDK Performance Headers in Vault REST API
Section link for SDK Performance Headers in Vault REST APIThe Vault REST API now includes metrics in the response header that allow developers to inspect Vault Java SDK performance during API execution. These SDK performance metrics are also included in the API Usage Log available in the Vault UI. Developers can measure the number of SDK entry-points executed, total CPU and elapsed time, and gross memory used.
Additionally, the transaction_id column in the API Usage Log has been renamed to execution_id to match the API headers. The column name change applies to logs downloaded from the Vault UI and via API using v22.1+.
Learn more about Vault Java SDK Performance Headers.
Migration Mode with Relaxed Validation Rules
Section link for Migration Mode with Relaxed Validation RulesIn API v22.1+, Vault bypasses validation rules and reference constraints when creating records via the existing Create Object Records endpoint if the X-VaultAPI-MigrationMode header is set to true. The header continues to allow record creation in any lifecycle state.
With this change, the audit trail will now append “in migration mode” in the event_description. For example, if the previous description was “Vehicle : VEH-000007 created”, the new description is “Vehicle : VEH-000007 created in migration mode”.
Reclassify Migration Mode API Header Support
Section link for Reclassify Migration Mode API Header SupportIn API v22.1+, we’ve added X-VaultAPI-MigrationMode API header support for single document reclassification. This allows developers to change the setting of the status__v parameter if there is a change in document lifecycle or document type hierarchy (type__v, subtype__v, and classification__v).
Additionally, developers can set the document_number__v parameter when reclassifying documents which will override the existing document number. To override the existing document number, the existing document type, subtype, classification, or lifecycle must be modified.
The authenticated user must have the Document Migration permission to use the X-VaultAPI-MigrationMode header.
Document Type Metadata Always Includes Document Fields
Section link for Document Type Metadata Always Includes Document FieldsIn API v22.1+, the document type and subtype metadata endpoints to always include document fields regardless of the document type hierarchy (type__v, subtype__v, and classification__v). Previously, document field metadata was only included when the document type did not have any child subtypes or classifications.
Enhanced Bulk Document Update: Validation Behavior Changes
Section link for Enhanced Bulk Document Update: Validation Behavior ChangesIn API v22.1+, we have refactored the Update Documents endpoints and made changes to document validation. These endpoints now return an INVALID_DATA error when a user attempts to update a read-only field on a document. In versions prior to v22.1, attempts to update read-only fields are silently ignored.
Vault Loader
Section link for Vault LoaderReturn Updated Roles in Success Log
Section link for Return Updated Roles in Success LogWith this release, when updating document roles using Vault Loader, the success log now contains the updated role IDs.
Log Skipped Lines in Failure Log
Section link for Log Skipped Lines in Failure LogWith this release, Vault Loader failure logs now include any input CSV lines that were skipped due to errors.
Disabling Workflow System Objects from Load or Extract Requests
Section link for Disabling Workflow System Objects from Load or Extract RequestsWith this release, the envelope__sys and envelope_content__sys system objects are no longer available for load or extract using Vault Loader. These objects drive the behavior of Vault workflows, and excluding them from Vault Loader ensures data integrity within these objects.
Updating User & Group Role Assignments on Object Records
Section link for Updating User & Group Role Assignments on Object RecordsThe Vault Loader CLI and API now provide the ability to assign and remove users and groups from object record roles for objects that have custom and matching sharing rules enabled.
Application-Specific Endpoints
Section link for Application-Specific EndpointsVeeva SiteVault: Send eConsent Forms in Bulk
Section link for Veeva SiteVault: Send eConsent Forms in BulkThis feature adds two new Veeva SiteVault-specific endpoints that enable API users to send eConsent forms to participants in bulk:
- Retrieve a participant’s documents and signatories
- Send eConsent forms to signatories
View these endpoints in the v22.1 API Reference.
Veeva Safety: Bulk Narrative Import and Status Check
Section link for Veeva Safety: Bulk Narrative Import and Status CheckTwo new Veeva Safety API endpoints are available to import multiple case narrative documents and translations in one operation. This is to improve case migration performance in Veeva Safety.
The following endpoint imports narratives in bulk:
/api/{version}/app/safety/import-narrative/batch/The following endpoint checks the status of the bulk import operation:
/api/{version}/app/safety/import-narrative/batch/{importId}View these endpoints in the v22.1 API Reference.
Vault Java SDK
Section link for Vault Java SDKVault Tokens
Section link for Vault TokensThis feature introduces a new component type, Vaulttoken, and adds system-provided Vault tokens for Name, ID, and DNS to all Vaults. In addition to these, Vault Admins with the new Vault Tokens: Create permission can configure up to ten (10) Vault-wide tokens using MDL. Using Vault Java SDK, developers can reference Vault tokens and Custom tokens in HTTP Callout and the Spark message framework. Additionally, developers can resolve Custom token values using the new TokenService.
Vault also includes the following system-provided Vault tokens that developers can use to reference Vault information:
${Vault.vault_dns__sys}${Vault.vault_id__sys}${Vault.vault_name__sys}
Learn more about Vault tokens.
Connection Tokens
Section link for Connection TokensVault Admins can now configure the URL for external connections to use Vault tokens and Custom tokens that will be resolved at runtime. Connection records that include tokens are not cleared during Sandbox creation or VPK Import.
Learn more about Connection tokens.
Bulk Actions on Record Actions
Section link for Bulk Actions on Record ActionsThis feature adds the USER_BULK_ACTION usage. Annotating a RecordAction with USER_BULK_ACTION makes the action available to users in Vault’s bulk actions interface. A @RecordActionInfoannotation cannot contain both the USER_ACTION usage and the USER_BULK_ACTION usage.
Learn more about record actions.
Query Builder for Vault Java SDK
Section link for Query Builder for Vault Java SDKThis feature provides new interfaces that allow developers to create a VQL query using a standard builder pattern and define onSuccess and onError handlers for Query Requests. Query Builder exposes supported VQL clauses, operators, and functions. Additionally, developers can use QueryService to validate queries and get query counts without the overhead of full query execution.
The following interface and methods have been deprecated and are discouraged from use:
QueryResponseQueryResultQueryService#query()QueryService#escape()
Learn more in the Javadocs
SDK Runtime Logs
Section link for SDK Runtime LogsThis feature provides Vault Admins and developers runtime logging for SDK requests. Daily logs are available via the Vault UI and Vault REST API, and log entries include SDK exceptions and custom code usages of LogService.
Vault Admins can configure the current log level as:
- DISABLED
- EXCEPTIONS (default)
- ERROR
- WARN
- INFO
SDK runtime log entries are available 15 minutes after the request has completed and can be accessed for 30 days. Logging is limited to 10KB for Exceptions and 40KB for LogService entries.
Learn more about the Vault Java SDK runtime log.
Object and Document Field Types for Integration Field Rules
Section link for Object and Document Field Types for Integration Field RulesThis feature allows Vault Admins to configure the field type for an object or document query field when creating field rules within Spark messaging integration rules. Additionally, developers can access this value in Vault Java SDK and use the value to create callback VQL queries with the necessary VQL functions such as LONGTEXT(), RICHTEXT(), and TONAME().
Learn more about integration field rules.
Enhancements to Reference Lookups
Section link for Enhancements to Reference LookupsWith this feature, we’ve introduced a new ReferenceLookupType, Generic, which enables Administrators to configure lookups for mismatched data types. Additionally, the new Generic option provides support for any-to-any mapping for all single-value fields which were previously unsupported, such as Boolean. Multi-value fields such as multi-value picklists are not supported.
Learn more about generic reference lookups.
Field Centric Strict Matching
Section link for Field Centric Strict MatchingTo facilitate multi-term synonym searches, we’ve changed how searches are handled when using FIND with more than one term. This allows a search phrase such as “myocardial infarction” to be found in the thesaurus and to match other phrases such as “heart attack”.
This update makes the strict matching option more field-centric, meaning that the minimum number of required matching terms must be found in the same field. Previously, matching terms could be split between multiple fields. This change is not versioned, so strict matching now has this behavior for all FIND queries with multiple terms. Strict matching is optional and can be enabled or disabled at any time at Admin > Settings > Search Settings.
Learn more about strict matching in Vault Help
Allow VQL on HVO with API Versions Prior to v20.3
Section link for Allow VQL on HVO with API Versions Prior to v20.3This feature opens VQL support for high volume objects (HVO) on all versions of the Vault REST API. When using VQL with an API version prior to v20.3, HVO objects will enforce v20.3 behavior as specified in the VQL documentation.
Section Fields on Binder Nodes
Section link for Section Fields on Binder NodesThis feature adds query support for section_id__sys and parent_section_id__sys in the binder_node__sys query target and allows developers to use the returned values in the related Binder Section endpoints in the Vault REST API. These new fields are only available using API v22.1+.