**Source URL:** https://limited.veevavault.dev/rn/23r1.md
# Vault Developer Release Notes
We are pleased to bring you the following additions and enhancements to Developer Portal features in 23R1.
## Developer Features in 23R1 {#developer-features-in-23r1}
We are pleased to bring you the following additions and enhancements to Developer Portal features in 23R1. REST API features added in 23R1 only affect API v23.1, unless otherwise noted.
## Service Announcements {#service-announcements}
### SAML/Spark Certificate Rollover {#23r1-samlspark-certificate-rollover}
*Release Dates:*
* ***New Certificate Testing Period****: February 3, 2023 7:00 pm PT (February 4, 2023 03:00:00 UTC) - March 3, 2023 6:00 pm PT (March 4, 2023 02:00:00 UTC)*
* ***New Certificate Rollover Event****: March 3, 2023 6:00 pm PT (March 4, 2023 02:00:00 UTC)*
* ***Support for New and Old Certificate****: March 3, 2023 6:00 pm PT 02:00:00 UTC - March 24, 2023 6:00 pm PT (March 25, 2023 01:00:00 UTC)*
* ***Final Certificate Rollover****: March 24, 2023 6:00 pm PT (March 25, 2023 01:00:00 UTC)*
Vault is scheduled to rollover the signing certificate used to sign SAML Single Sign-on requests and Spark messaging connections. There is no expected downtime.
Your IT organization must ensure that the new certificate is configured on your Enterprise Identity Provider system prior to the **New Certificate Rollover Event** on March 3, 2023. Please ensure that your Spark messaging integrations do not cache the old certificate. Failure to utilize the new certificate by this date may cause login issues for SAML users, and Spark messaging integrations may fail.
Learn more about the action required for the certificate rollover process in [Vault Help](https://platform.veevavault.help/en/lr/15296/).
### Vault Java SDK Service Account {#23r1-vault-java-sdk-service-account}
In 23R1, Vault will permanently enable the *Run Custom Code as Java SDK Service Account* feature with the following expected behavior:
* Custom code executes as the *Java SDK Service Account*, which has Vault Owner level access.
* By default, Vault sets the *Java SDK Service Account* as the owner of object records and documents created by custom SDK code.
* Audit logs entries for documents and object records affected by Vault extensions identify the change with *Java SDK Service Account on behalf of* the user initiating the request.
This feature is auto-on and cannot be disabled.
### HTTP/2 {#23r1-http2}
In 23R2, Vault will enable support for the HTTP/2 protocol. Developers can choose to use HTTP/2, but upgrading is not required.
Before Vault begins supporting HTTP/2, developers should evaluate existing integrations that might be designed to auto-upgrade their HTTP protocol for compatibility with HTTP/2. For example, HTTP/2 returns all API headers as lowercase, which may be an issue if an existing integration is expecting case-sensitive header values.
## REST API v23.1 {#rest-api-v231}
### New Endpoints {#23r1-new-endpoints}
### Sandbox Sizes {#23r1-sandbox-sizes}
This feature introduces two new sandbox sizes, “Small” and “Full”. Existing Sandboxes will be categorized as “Large”. The size of a sandbox determines the amount of data a sandbox can store. Admins can interact with sandboxes using new endpoints.
The new [Recheck Sandbox Usage Limit](/vault-api/api-reference/23.1/sandbox-vaults/recheck-sandbox-usage-limit) endpoint allows Admins to recalculate data usage of a sandbox Vault.
The new [Change Sandbox Size](/vault-api/api-reference/23.1/sandbox-vaults/change-sandbox-size) endpoint allows Admins to change the size of a sandbox Vault.
### Sandbox Snapshots {#23r1-sandbox-snapshots}
A sandbox snapshot is a copy of a sandbox Vault that can store configuration and optionally data at a given point in time. Snapshots can be used to create or refresh sandbox Vaults. Admins are able to interact with snapshots using the following new REST API endpoints:
The [Create Snapshot](/vault-api/api-reference/23.1/sandbox-vaults/sandbox-snapshots/create-sandbox-snapshot) endpoint creates a snapshot for a sandbox by providing a source sandbox.
The [Retrieve Snapshots](/vault-api/api-reference/23.1/sandbox-vaults/sandbox-snapshots/retrieve-sandbox-snapshots) endpoint retrieves information about snapshots managed by the authenticated Vault.
The [Delete Snapshot](/vault-api/api-reference/23.1/sandbox-vaults/sandbox-snapshots/delete-sandbox-snapshot) endpoint deletes a snapshot for an active sandbox.
The [Upgrade Sandbox Snapshot](/vault-api/api-reference/23.1/sandbox-vaults/sandbox-snapshots/upgrade-sandbox-snapshot) endpoint upgrades a snapshot to match the release version of the source sandbox Vault.
The [Update Snapshot](/vault-api/api-reference/23.1/sandbox-vaults/sandbox-snapshots/update-sandbox-snapshot) endpoint recreates a new snapshot for the same sandbox Vault. This action replaces the existing snapshot with the newly created one.
The existing [Create or Refresh Sandbox](/vault-api/api-reference/23.1/sandbox-vaults/create-or-refresh-sandbox) endpoint can create a sandbox from the available snapshots with the new `source_snapshot` parameter.
The [Refresh Sandbox from Snapshot](/vault-api/api-reference/23.1/sandbox-vaults/refresh-sandbox-from-snapshot) endpoint refreshes a sandbox from a snapshot.
### Existing Endpoints {#23r1-existing-endpoints}
### Event Filter for Document Audit API {#23r1-event-filter-for-document-audit-api}
To provide parity with document audit trails generated in the Vault UI, the [Retrieve Audit Details](/vault-api/api-reference/23.1/logs/audit/retrieve-audit-details) API now supports filtering based on events when retrieving `document_audit_trail` details. Add the `events` parameter and provide a list of the events you want to filter on. For example, to retrieve audit details for documents where either a single version or all versions have been deleted:
You can find a list of supported document audit events in [Vault Help]( https://platform.veevavault.help/en/lr/30435).
### Object Record Support for Picklist as idParam {#23r1-object-record-support-for-picklist-as-idparam}
This enhancement allows developers to use a picklist field as the `idParam` when upserting, updating, or deleting object records through the [Vault Loader API](/vault-api/api-reference/23.1/vault-loader) or the [Vault Objects API](/vault-api/api-reference/23.1/vault-objects).
### Assign Users & Groups to Roles on a Single Document {#23r1-assign-users-groups-to-roles-on-a-single-document}
In API v23.1+, the [Assign Users & Groups to Roles on a Single Document](/vault-api/api-reference/23.1/document-roles/assign-users-groups-to-roles-on-a-single-document) API supports assigning users and groups to roles with Dynamic Access Control (DAC) enabled.
However, If you need to assign users and groups to roles on more than one document or binder, it is best practice to use the corresponding [bulk API](/vault-api/api-reference/23.1/document-roles/assign-users-groups-to-roles-on-multiple-documents).
### Single Document Publishing: Document Deletion API Validation {#23r1-single-document-publishing-document-deletion-api-validation}
With this release, the Delete Single Document and Delete Single Document Version APIs now perform validation when attempting to delete documents with *Publish for Veeva CRM (CLM)* set to Yes. This provides parity with the Vault UI and prevents deletion when the document is associated with one or more object reference.
### Object Workflow API Requests for Field Prompts with Required Fields {#23r1-object-workflow-api-requests-for-field-prompts-with-required-fields}
In API v23.1+, object workflows now require values for required field prompts when starting a workflow and completing a task.
### Facetable Created By and Modified By Fields {#23r1-facetable-created-by-and-modified-by-fields}
The `created_by__v` and `modified_by__v` fields are now `facetable` just like any other object reference fields that point to the `user__sys` object.
### Migration Mode for Record Update and Upsert {#23r1-migration-mode-for-record-update-and-upsert}
This enhancement allows API users to update and upsert object records to any lifecycle state, bypassing validation rules for migrating records into Vault from an external system.
### Application-Specific Endpoints {#23r1-applicationspecific-endpoints}
### Populate Site Fee Definitions {#23r1-populate-site-fee-definitions}
Given an existing study with Site Fee Definitions or an eligible Site Fee Template, Veeva Payments customers can now automatically generate Site Fee Definitions for a new study. Developers can also initiate this action with the new [Populate Site Fee Definitions](/vault-api/api-reference/23.1/workflows/workflow-tasks) API:
### Deprecated: New Submissions Archive Viewer {#23r1-deprecated-new-submissions-archive-viewer}
With this release, we’re deprecating the Retrieve SubmissionsArchive Binder API endpoint. As of 22R3.4, the new Submissions Archive Viewer does not rely on the binder for the hierarchy structure, making this endpoint obsolete.
### Vault Loader {#23r1-vault-loader}
### Vault Loader Support for Record Migration Mode Update and Upsert {#23r1-vault-loader-support-for-record-migration-mode-update-and-upsert}
API users of Vault Loader can now leverage Record Migration Mode to update and upsert records in a non-initial state while bypassing reference constraints and validation rules.
### Vault Loader Support for MAXROWS and SKIP {#23r1-vault-loader-support-for-maxrows-and-skip}
With this release, Vault Loader users can now leverage the `MAXROWS` and `SKIP` VQL clauses to page through and retrieve large record sets. This feature is supported in the Vault UI, CLI, and API.
## VQL {#vql}
### Query Governor: Timeout Rule {#23r1-query-governor-timeout-rule}
To ensure Vault performance, Vault now enforces a new timeout rule. When VQL queries fail due to timeout, Vault will prevent the same query from being executed again for 24 hours. This change only applies to v23.1+ and does not affect existing integrations.
Learn more about [query performance](/vql/references/query-performance-best-practices) and [VQL transaction limits](/vql/references/system-limits-performance/transaction-limits).
### Query Governor: Duplicate & Slow Unfiltered Rules {#23r1-query-governor-duplicate-slow-unfiltered-rules}
For Vault stability, VQL now returns `WARNING` when the same query is executed more than once in a 5-minute fixed period. Integrations should avoid unnecessary VQL queries. Additionally, long-running queries without a `WHERE` clause now return `WARNING` with the recommendation of adding filters for better query performance. This change only applies to v23.1+ and does not affect existing integrations.
Learn more about [query performance](/vql/references/query-performance-best-practices).
## Vault Java SDK {#vault-java-sdk}
### System Managed Connections {#23r1-system-managed-connections}
Standard Vault Connections will no longer be referenceable in custom Java SDK code because each is now set to “System Managed”.
### Notifications SDK: Send In-App Notifications or Email Notifications Only {#23r1-notifications-sdk-send-inapp-notifications-or-email-notifications-only}
Developers can now choose to send in-app notifications only or email notifications only by using the `setNotificationMode()` method in the `NotificationParameters` interface. The `setNotifyByEmailOnly()` method is deprecated in this release.
### SDK Initiating User and Request Owner {#23r1-sdk-initiating-user-and-request-owner}
Developers have access to two new SDK Request Context Users: Initiating User and Request Owner. Initiating User will always return the “user-at-the-keyboard” unless the SDK request is initiated by Vault (scheduled job). Request Owner gives developers access to configured users such as Job and Message Processor Owners. Additionally, users can use HttpService and execute local API requests as these new users. Current User has been deprecated and is discouraged from use.
Learn more about [Request Context User Types](/vault-sdk/shared-code/request-context/#Request_Context_User_Types).
### Workflow Request Execution Context {#23r1-workflow-request-execution-context}
Developers can now determine if the current SDK Request is taking place during a workflow, and if so, gain access to the Workflow ID, Workflow Name, and the Workflow Owner ID. Learn more about [Request Execution Context](/vault-sdk/shared-code/request-context/#Request_Execution_Context).
### External Inbound Connections {#23r1-external-inbound-connections}
Vault now supports tracking inbound REST API integrations using *External Connections*. The URL field is no longer required during configuration to accommodate inbound only connections. Vault Admins can configure *Connection Client* records that allow developers to identify REST API integration using a unique Client ID.
### Jobs: Support DateTimes as Trigger Date {#23r1-jobs-support-datetimes-as-trigger-date}
With this release, developers can leverage DateTime fields as triggers for Date Based Document and Object Operation type Jobs.
### Multi-Record Workflow System Action Step Support for RecordAction SDK {#23r1-multirecord-workflow-system-action-step-support-for-recordaction-sdk}
Multi-record workflows now support the execution of Vault Java SDK `RecordActions` in system action steps.
### Record Trigger: Migration Mode Detection {#23r1-record-trigger-migration-mode-detection}
This enhancement allows developers to detect when a record trigger is invoked while the request is in was triggered within migration mode either through API or Vault Loader. Developers can use this to build new conditions, such as skipping any operations that would not be needed for migrated records.
## MDL {#mdl}
### Tab Collection {#23r1-tab-collection}
This feature adds the `Tabcollection` component type. Admins can group related tabs together in a *Tab Collection*, such as tabs for certain roles or tasks. Users can then access the tab collection through the new *Tab Collections* menu in the Vault UI.