**Source URL:** https://limited.veevavault.dev/rn/22r1.md
# Vault Developer Release Notes
We are pleased to bring you the following additions and enhancements to Developer Portal features in 22R1.
## Developer Features in 22R1 {#developer-features-in-22r1}
We are pleased to bring you the following additions and enhancements to Developer Portal features in 22R1. REST API features added in 22R1 only affect API v22.1, unless otherwise noted.
## Service Announcements {#service-announcements}
### Changes to FTPS Cipher Suite {#changes-to-ftps-cipher-suite}
*Release Dates:*
* *Limited Release Vaults: 21R3.2; December 10, 2021*
* *General Release Vaults: 22R1.0; April, 22, 2022*
In this release, Vault will no longer support TLS1.0 and TLS1.1. These changes may affect custom integrations, but Vault UI users will not be affected.
Learn more about [cipher suite changes](/docs/tls/cipher).
#### SAML/Spark Certificate Rollover {#samlspark-certificate-rollover}
*Release Dates:*
* *New Certificate Testing Period: March 28, 2022 6pm PDT - April 29, 2022 6pm PDT*
* *New Certificate Rollover Event: April 29, 2022 6pm PDT*
* *Support for New and Old Certificate: April 29, 2022 - May 20, 2022 6pm PDT*
* *Final Certificate Rollover: May 20, 2022 6pm PDT*
Vault is scheduled to rollover the signing certificate used to sign SAML Single Sign-on requests and Spark messaging connections. There is no expected downtime.
Your IT organization must ensure that the new certificate is configured on your Enterprise Identity Provider system prior to the New Certificate Rollover Event on April 29, 2022. Please ensure that your Spark messaging integrations do not cache the old certificate. Failure to utilize the new certificate by this date may cause login issues for SAML users, and Spark messaging integrations may fail.
Learn more about the action required for the certificate rollover process in [Vault Help](https://platform.veevavault.help/en/lr/15296/).
## Global Changes {#global-changes}
### Jobs: Disable Session ID Token in External URL Call Configuration {#22r1-jobs-disable-session-id-token-in-external-url-call-configuration}
Session ID tokens in the external URL call job configuration are no longer supported and will not work in this release. Please update your job configuration to use the *Post Session Credentials via Form Data with Key “Session.id”* option.
Learn more about [sending session IDs with Post Message](/docs/#Post_Message).
### High Volume Object Multi-Value Picklist Field {#22r1-high-volume-object-multivalue-picklist-field}
This feature provides support for the multi-value picklist field in high volume objects. You can create up to two (2) multi-value picklist fields per high volume object.
### User Role Object Moving to HVO {#22r1-user-role-object-moving-to-hvo}
The User Role system object (`user_role__sys`), which is used to store user role assignments, is moving to high volume to deliver increased performance and scalability. The `data_store` attribute for this object has been set to `high_volume`.
## REST API v22.1 {#rest-api-v221}
### New Endpoints {#22r1-new-endpoints}
### Page Layout API {#22r1-page-layout-api}
The new Page Layout API endpoint provides the page layout metadata for a specific user. The authenticated user’s permissions are considered, so fields which are hidden from the authenticated user will not be included in the API response. For example, field-level security and other object-level permissions. Record-level permissions such as atomic security are not considered. Developers can retrieve a specific page layout or all page layouts for a given object.
View these endpoints in the [v22.1 API Reference](/vault-api/api-reference/22.1/vault-objects/object-page-layouts).
### Existing Endpoints {#22r1-existing-endpoints}
### OAuth 2.0/OpenID Connect profiles: Preferred Microsoft Authentication Library (ADFS) {#22r1-oauth-20openid-connect-profiles-preferred-microsoft-authentication-library-adfs}
In OAuth 2.0/OpenID Connect profiles, a Vault domain administrator can set a preferred authentication library when selecting ADFS as an Authorization Server provider. The available preferred providers are MSAL or ADAL. At runtime, Vault File Manager uses the preferred provider setting to load the appropriate authentication library. Learn more about [Vault File Manager in Vault Help](https://platform.veevavault.help/en/lr/44346).
In addition, the [Authentication Type Discovery](/vault-api/api-reference/22.1/authentication/authentication-type-discovery) REST API endpoint displays this additional information in the returned payload.
### Migration Mode with Relaxed Validation Rules {#22r1-migration-mode-with-relaxed-validation-rules}
In API v22.1+, Vault bypasses validation rules and reference constraints when creating records via the existing Create Object Records endpoint if the `X-VaultAPI-MigrationMode` header is set to `true`. The header continues to allow record creation in any lifecycle state.
With this change, the audit trail will now append “in migration mode” in the `event_description`. For example, if the previous description was “Vehicle : VEH-000007 created”, the new description is “Vehicle : VEH-000007 created in migration mode”.
### Document Type Metadata Always Includes Document Fields {#22r1-document-type-metadata-always-includes-document-fields}
In API v22.1+, the document type and subtype metadata endpoints to always include document fields regardless of the document type hierarchy (`type__v`, `subtype__v`, and `classification__v`). Previously, document field metadata was only included when the document type did not have any child subtypes or classifications.
### Enhanced Bulk Document Update: Validation Behavior Changes {#22r1-enhanced-bulk-document-update-validation-behavior-changes}
In API v22.1+, we have refactored the [Update Documents](/vault-api/api-reference/22.1/documents/update-documents/update-multiple-documents) endpoints and made changes to document validation. These endpoints now return an `INVALID_DATA` error when a user attempts to update a read-only field on a document. In versions prior to v22.1, attempts to update read-only fields are silently ignored.
### Vault Loader {#22r1-vault-loader}
### Return Updated Roles in Success Log {#22r1-return-updated-roles-in-success-log}
With this release, when updating document roles using Vault Loader, the success log now contains the updated role IDs.
### Log Skipped Lines in Failure Log {#22r1-log-skipped-lines-in-failure-log}
With this release, Vault Loader failure logs now include any input CSV lines that were skipped due to errors.
### Updating User & Group Role Assignments on Object Records {#22r1-updating-user-group-role-assignments-on-object-records}
The Vault Loader CLI and API now provide the ability to assign and remove users and groups from object record roles for objects that have custom and matching sharing rules enabled.
### Application-Specific Endpoints {#22r1-applicationspecific-endpoints}
### Veeva SiteVault: Send eConsent Forms in Bulk {#22r1-veeva-sitevault-send-econsent-forms-in-bulk}
This feature adds two new Veeva SiteVault-specific endpoints that enable API users to send eConsent forms to participants in bulk:
* Retrieve a participant’s documents and signatories
* Send eConsent forms to signatories
View these endpoints in the [v22.1 API Reference](/vault-api/api-reference/22.1/vault-query-language-vql).
### Veeva Safety: Bulk Narrative Import and Status Check {#22r1-veeva-safety-bulk-narrative-import-and-status-check}
Two new Veeva Safety API endpoints are available to import multiple case narrative documents and translations in one operation. This is to improve case migration performance in Veeva Safety.
The following endpoint imports narratives in bulk:
The following endpoint checks the status of the bulk import operation:
View these endpoints in the [v22.1 API Reference](/vault-api/api-reference/22.1/vault-query-language-vql).
## Vault Java SDK {#vault-java-sdk}
### Vault Tokens {#vault_tokens}
This feature introduces a new component type, `Vaulttoken`, and adds system-provided Vault tokens for Name, ID, and DNS to all Vaults. In addition to these, Vault Admins with the new *Vault Tokens: Create* permission can configure up to ten (10) Vault-wide tokens using MDL. Using Vault Java SDK, developers can reference Vault tokens and Custom tokens in HTTP Callout and the Spark message framework. Additionally, developers can resolve Custom token values using the new `TokenService`.
Vault also includes the following system-provided Vault tokens that developers can use to reference Vault information:
* `${Vault.vault_dns__sys}`
* `${Vault.vault_id__sys}`
* `${Vault.vault_name__sys}`
Learn more about [Vault tokens](/vault-sdk/sdk-integrations/tokens/vault-tokens).
### Connection Tokens {#22r1-connection-tokens}
Vault Admins can now configure the URL for external connections to use Vault tokens and Custom tokens that will be resolved at runtime. Connection records that include tokens are not cleared during Sandbox creation or VPK Import.
Learn more about [Connection tokens](/vault-sdk/sdk-integrations/tokens/).
### Bulk Actions on Record Actions {#22r1-bulk-actions-on-record-actions}
This feature adds the `USER_BULK_ACTION` usage. Annotating a `RecordAction` with `USER_BULK_ACTION` makes the action available to users in Vault’s bulk actions interface. A `@RecordActionInfo`annotation cannot contain both the `USER_ACTION` usage and the `USER_BULK_ACTION` usage.
Learn more about [record actions](/vault-sdk/entry-points/actions/record-actions).
### Query Builder for Vault Java SDK {#22r1-query-builder-for-vault-java-sdk}
This feature provides new interfaces that allow developers to create a VQL query using a standard builder pattern and define onSuccess and onError handlers for Query Requests. Query Builder exposes supported VQL clauses, operators, and functions. Additionally, developers can use QueryService to validate queries and get query counts without the overhead of full query execution.
The following interface and methods have been deprecated and are discouraged from use:
* `QueryResponse`
* `QueryResult`
* `QueryService#query()`
* `QueryService#escape()`
Learn more in the [Javadocs](https://repo.veevavault.com/javadoc/vault-sdk-api/21.3.4/docs/api/com/veeva/vault/sdk/api/query/Query.Builder.html).
### SDK Runtime Logs {#22r1-sdk-runtime-logs}
This feature provides Vault Admins and developers runtime logging for SDK requests. Daily logs are available via the Vault UI and [Vault REST API](/vault-api/api-reference/22.1/logs/download-sdk-runtime-log), and log entries include SDK exceptions and custom code usages of `LogService`.
Vault Admins can configure the current log level as:
* DISABLED
* EXCEPTIONS (default)
* ERROR
* WARN
* INFO
SDK runtime log entries are available 15 minutes after the request has completed and can be accessed for 30 days. Logging is limited to 10KB for Exceptions and 40KB for `LogService` entries.
Learn more about the [Vault Java SDK runtime log](/vault-sdk/troubleshooting-runtime-errors/runtime-log).
### Object and Document Field Types for Integration Field Rules {#22r1-object-and-document-field-types-for-integration-field-rules}
This feature allows Vault Admins to configure the field type for an object or document query field when creating field rules within Spark messaging integration rules. Additionally, developers can access this value in Vault Java SDK and use the value to create callback VQL queries with the necessary VQL functions such as `LONGTEXT()`, `RICHTEXT()`, and `TONAME()`.
Learn more about [integration field rules](/vault-sdk/sdk-integrations/spark-messaging/integration-rules).
### Enhancements to Reference Lookups {#22r1-enhancements-to-reference-lookups}
With this feature, we’ve introduced a new `ReferenceLookupType`, `Generic`, which enables Administrators to configure lookups for mismatched data types. Additionally, the new `Generic` option provides support for any-to-any mapping for all single-value fields which were previously unsupported, such as Boolean. Multi-value fields such as multi-value picklists are not supported.
Learn more about [generic reference lookups](/vault-sdk/sdk-integrations/spark-messaging/integration-rules/#Generic).
## VQL {#vql}
### Field Centric Strict Matching {#22r1-field-centric-strict-matching}
To facilitate multi-term synonym searches, we’ve changed how searches are handled when using `FIND` with more than one term. This allows a search phrase such as “myocardial infarction” to be found in the thesaurus and to match other phrases such as “heart attack”.
This update makes the strict matching option more field-centric, meaning that the minimum number of required matching terms must be found in the same field. Previously, matching terms could be split between multiple fields. This change is not versioned, so strict matching now has this behavior for all FIND queries with multiple terms. Strict matching is optional and can be enabled or disabled at any time at **Admin > Settings > Search Settings**.
Learn more about [strict matching in Vault Help](https://platform.veevavault.help/en/lr/61691#about-strict-matching).
### Allow VQL on HVO with API Versions Prior to v20.3 {#22r1-allow-vql-on-hvo-with-api-versions-prior-to-v203}
This feature opens VQL support for high volume objects (HVO) on all versions of the Vault REST API. When using VQL with an API version prior to v20.3, HVO objects will enforce v20.3 behavior as specified in the [VQL documentation](/vql/overview).
### Section Fields on Binder Nodes {#22r1-section-fields-on-binder-nodes}
This feature adds query support for `section_id__sys` and `parent_section_id__sys` in the `binder_node__sys` query target and allows developers to use the returned values in the related Binder Section endpoints in the Vault REST API. These new fields are only available using API v22.1+.