REST API (7.20.2)

REST API: GET api/edp Endpoint Needs Query Option for File Name [m182165]

The GET api/edp endpoint can now query by EDD file name.

REST API Server Side Caching Security Issue [m184402]

We recently discovered a security vulnerability in a few of the EQuIS Enterprise REST API endpoints in Build 19300 (see https://forum.earthsoft.com/communities/1/topics/4808-). This vulnerability is fixed in Build 7.20.1. For security purposes, and per policy, the exact details of the vulnerability are not being disclosed.

REST API: Wrong Response Code for Unauthenticated Requests to GET /api/facilities/FeatureServer [m184478]

The "My EQuIS Facilities" FeatureServer endpoint has been updated to return the correct error code for unauthorized requests.

REST API: Wrong Response Code When Users Lacking Correct Permissions Access GET /api/reports/{reportId}/FeatureServer [m184480]

The error message for the user report FeatureServer endpoint has been changed to show the correct error code when a user lacks permissions on the report.

Performance Improvement: Remove unnecessary Deserialization of JSON [m185019]

A performance improvement has been made in the response pipeline of the REST API that improves performance of JSON responses.

REST API: Implement UserReportInfo.MetaData.isMappable [m185266]

The REST API user report info endpoint (api/reports/{userReportId}) now has an isMappable property as part of the MetaData object that is set to true if the report is mappable.

REST API: Implement UserReportInfo.MetaData.outputTypes [m185269]

User Reports that return data now have an outputTypes property for the metadata object that show which options are available for output.

REST API: Swagger Response Code 409 (Conflict) Missing Description [m185313]

Swagger documentation list of response messages for POST /api/groups/{groupId}/members now includes a 409 Conflict message.

REST API: Swagger Document Validation Error Operation ID is Repeated [m185656]

REST API routes for Groups, Facilities and Reports controllers have been modified to validate against the Swagger/OpenAPI spec. No changes to functionality or routes.

REST API: GET API/REPORTS Populate Metadata [m185662]

The api/reports endpoint has been updated to retrieve user report metadata (including Schema) if it is set in the database.

REST API: Add Filter by Type to GET api/files [m185937]

The api/facilities endpoint has been updated with a type URL parameter allowing users to specify which file types to include in the response.

REST API: Refactor api/files/{fileId}/pages/{pageIndex} Endpoint to Return Pertinent Errors [m186139]

The endpoint has been updated to respond with the following status codes:
- OK (Status 200)
- Bad Request (Status 400) Invalid data or application state
- Unauthorized (Status 401) Missing user credentials or invalid user credentials
- Forbidden (Status 403) Insufficient Permissions
- NotFound (Status 404) File not found
- RequestedRangeNotSatisfiable (Status 416) Requested range not satisfiable
- InternalServerError (Status 500)

Note: Despite the parameter type being string, the parameter only accepts a single integer (i.e., no ranges, no characters, no special characters). The endpoint then returns that single page.

If a -1 is passed as the value for the page index parameter, the entire PDF is returned in paged format (all pages).

REST API: Swagger Documentation Expansion - Config Controller [m186223]

Summaries describing the Config model parameters have been added to Swagger for the Config endpoints.

REST API: Swagger Documentation Expansion - Dashboard Controller [m186429]

Summaries describing the Dashboard model parameters have been added to Swagger for the Dashboard endpoints.

REST API: Add sortOrder to Report MetaData [m186534]

The REST API has been updated to apply the user report metadata sort order to IGridReport operations, allowing users to configure default sorting on a per report basis.

REST API: Added 403 Response Description to Swagger for POST and GET api/groups/{groupId}/members [m186935]

Added missing 403 unauthorized to Swagger response code descriptions for POST and GET api/groups/{groupId}/members endpoints.

REST API: Swagger Documentation Expansion - EDP Controller [m187112]

Summaries describing the EDP model parameters have been added to Swagger for the EDP endpoints.