API v1.0.366 Release Notes

Released on Thursday, October 31, 2024

New

• Token Revocation

  • Existing user tokens are now revoked automatically when a user is deactivated or the user's password is reset

  • A user's tokens can now be explicitly revoked through new endpoints for admin, buyer, and supplier users

    • DELETE v1/adminusers/{userID}/tokens

    • DELETE v1/buyers/{buyerID}/users/{userID}/tokens

    • DELETE v1/suppliers/{supplierID}/users/{userID}/tokens

  • Additionally, a user can revoke their own tokens without needing an elevated role by calling DELETE v1/me/tokens, which is functionally equivalent to a "sign me out of all devices" feature

• The maximum duration of the refresh token has been extended from 43200 minutes (30 days) to 524160 minutes (364 days) to accommodate client applications that desire longer periods of inactivity before forced logout (e.g. mobile applications, shopping sites). Use token revocation as described above to require a new login

• EntitySync now has properties, SyncEntityChanged and SyncEntityDeleted, to allow disabling incremental syncs for changes and deletions, while maintaining the ability to run a manual sync (similar to ProductSync)

• Listing Eligible Promotions now returns an Amount, which is the discount amount that would be applicable if the promotion was applied to the order