REST API (7.20.2)

<< Click to Display Table of Contents >>

Navigation:  Release Notes > EQuIS 7 > Build 20.2 (May 2020) >

REST API (7.20.2)





REST API: GET api/edp Endpoint Needs Query Option for File Name [m182165]

The GET api/edp endpoint can now query by EDD file name.





REST API Server Side Caching Security Issue [m184402]

We recently discovered a security vulnerability in a few of the EQuIS Enterprise REST API endpoints in Build 19300 (see This vulnerability is fixed in Build 7.20.1. For security purposes, and per policy, the exact details of the vulnerability are not being disclosed.





REST API: Wrong Response Code for Unauthenticated Requests to GET /api/facilities/FeatureServer [m184478]

The "My EQuIS Facilities" FeatureServer endpoint has been updated to return the correct error code for unauthorized requests.





REST API: Wrong Response Code When Users Lacking Correct Permissions Access GET /api/reports/{reportId}/FeatureServer [m184480]

The error message for the user report FeatureServer endpoint has been changed to show the correct error code when a user lacks permissions on the report.





Performance Improvement: Remove unnecessary Deserialization of JSON [m185019]

A performance improvement has been made in the response pipeline of the REST API that improves performance of JSON responses.





REST API: Implement UserReportInfo.MetaData.isMappable [m185266]

The REST API user report info endpoint (api/reports/{userReportId}) now has an isMappable property as part of the MetaData object that is set to true if the report is mappable.





REST API: Implement UserReportInfo.MetaData.outputTypes [m185269]

User Reports that return data now have an outputTypes property for the metadata object that show which options are available for output.





REST API: Swagger Response Code 409 (Conflict) Missing Description [m185313]

Swagger documentation list of response messages for POST /api/groups/{groupId}/members now includes a 409 Conflict message.





REST API: Swagger Document Validation Error Operation ID is Repeated [m185656]

REST API routes for Groups, Facilities and Reports controllers have been modified to validate against the Swagger/OpenAPI spec. No changes to functionality or routes.





REST API: GET API/REPORTS Populate Metadata [m185662]

The api/reports endpoint has been updated to retrieve user report metadata (including Schema) if it is set in the database.





REST API: Add Filter by Type to GET api/files [m185937]

The api/facilities endpoint has been updated with a type URL parameter allowing users to specify which file types to include in the response.





REST API: Refactor api/files/{fileId}/pages/{pageIndex} Endpoint to Return Pertinent Errors [m186139]

The endpoint has been updated to respond with the following status codes:
- OK (Status 200)
- Bad Request (Status 400) Invalid data or application state
- Unauthorized (Status 401) Missing user credentials or invalid user credentials
- Forbidden (Status 403) Insufficient Permissions
- NotFound (Status 404) File not found
- RequestedRangeNotSatisfiable (Status 416) Requested range not satisfiable
- InternalServerError (Status 500)
Note: Despite the parameter type being string, the parameter only accepts a single integer (i.e., no ranges, no characters, no special characters). The endpoint then returns that single page.
If a -1 is passed as the value for the page index parameter, the entire PDF is returned in paged format (all pages).





REST API: Swagger Documentation Expansion - Config Controller [m186223]

Summaries describing the Config model parameters have been added to Swagger for the Config endpoints.





REST API: Swagger Documentation Expansion - Dashboard Controller [m186429]

Summaries describing the Dashboard model parameters have been added to Swagger for the Dashboard endpoints.





REST API: Add sortOrder to Report MetaData [m186534]

The REST API has been updated to apply the user report metadata sort order to IGridReport operations, allowing users to configure default sorting on a per report basis.





REST API: Added 403 Response Description to Swagger for POST and GET api/groups/{groupId}/members [m186935]

Added missing 403 unauthorized to Swagger response code descriptions for POST and GET api/groups/{groupId}/members endpoints.





REST API: Swagger Documentation Expansion - EDP Controller [m187112]

Summaries describing the EDP model parameters have been added to Swagger for the EDP endpoints.