TBA (Yambas 3.6.0)

Delete Parent Module Endpoint

Instead of the need to send a payload to the delete parent module endpoint you now need to give the parentModuleName and parentModuleVersion to the path:

• old:/yambas/rest/modules/{moduleName}/v/{moduleVersion}/parent

• new: /yambas/rest/modules/{moduleName}/v/{moduleVersion}/parent/{parentModuleName} /v/{parentModuleVersion}

If you called the delete parent endpoints before you need to switch to the new one.

TBA (Yambas 3.6.0)

Swift SDK,
Objective-C SDK

The Swift SDK has been adapted to work with Objective-C code:

• Generated classes inherit from NSObject

• Added methods for usage in Objective-C, these methods are postfixed with "ObjC", e.g. DataStore.loadCountForReferenceObjC. These methods are for handling optional parameters of primitive types, e.g. the Bool "usePersistentStorage", as primitive types cannot be nil in Objective-C - so instead, we provide one method with the parameter and one without it.

Classes in base modules such as Basics, Push, Facebook etc. are prefixed with AOM, e.g. AOMUser, because Objective-C does not have name-spacing.

If you used a String attribute named "description", it will be generated as a method because "description" is used as a property name in NSObject.

TBA (Yambas 3.6.0)

Objective-C SDK,
JavaScript SDK,
Phonegap SDK,
ReactNative SDK

The following SDKs ran out of deprecation and were removed from ApiOmat:

• Objective-C SDK, JavaScript SDK, Phonegap SDK, ReactNative SDK

Those specific SDKs cannot be generated anymore with YAMBAS version 3.6.0 and higher. Please use the following replacements instead:

• Swift, Typescript

19.11.0 (Yambas 3.4.0)

Chat module

The static chat module ran out of deprecation and was removed.

It isn't possible anymore to use the old static chat module within ApiOmat Yambas. Please use the GroupChat Module instead.

19.11.0 (Yambas 3.4.0)

old C# SDK,
old Xamarin SDK,
Backbone SDK,
Titanium SDK

The following SDKs ran out of deprecation and were removed from ApiOmat:

• old C# SDK, old Xamarin SDK, Backbone SDK, Titanium SDK

Those specific SDKs cannot be generated anymore with YAMBAS version 3.4.0 and higher. Please use the following replacements instead:

• C# SQLite, Xamarin SQLite, Typescript

3.3.0

NativeModule,
Swift SDK,
C# SDK

A lot of deprecated methods were removed in NativeModule Code and SDK Code.
See Deprecations and Migration for the full list of removed methods.

It's recommended to check the deprecation list and search for 3.3.0 . If you still use one of the listed deprecated methods you need to modify your code by using the mentioned replacement of the removed methods.

3.3.0

Module upload via Ant removed

The upload of native modules via Ant was completely replaced by a new Maven Plugin upload process in favor of the new Module Versioning feature and ApiOmat stability. Visit the introduction of the Module Versioning to see the new module upload process via Maven.

If you have some automated scripts that are uploading modules via Ant targets you need to replace the Ant commands by the new Maven Plugin commands. It's recommended to start reading the Module Versioning introduction that contains some further information and links to new uploading process.

3.3.0

JDBC Modules

Since Yambas 3.3 all object references are stored as collections to be able to support Module Versioning. Unfortunatly all JDBC Modules needed some minor changes to be able to operate with those reference collections especially when single references were used in past. The newest JDBC module 3.3 and all its derivatives like MSSQL, MySQL and OracleDb already includes those necessary changes.

If you used the JDBC module or any other SQL module in past, be sure to update your JDBC modules and as the circumstances require also update your crawled native modules.

3.2.0

Docker images

Rename of docker image for YAMBAS

The name for the previous alpine-yambas image was renamed to apiomat / yambas.

3.2.0

Objective-C SDK

When loading data while the device is offline and no data is found in the cache, an error with the status code AOMID_NOT_FOUND_OFFLINE will be returned, instead of AOMNO_NETWORK. When using the caching strategy NETWORK_ONLY, AOMNO_NETWORK will still be returned as the cache is not used.

If you are checking for the status code AOMNO_NETWORK when loading data and the cache is used, you'll have to check for AOMID_NOT_FOUND_OFFLINE instead.

3.1.3,

3.2.0

apiomat.yaml/maxResults

The system-wide maximum of results limitation is now set to 0/unlimited by default (was 1000 before)

When querying large datasets with no limitation, database may take lots of time to collect the data. Thus, on systems where millions of entries can be queried, the yambas.limits.maxResults should be set back to a proper limit.

3.0.1,

3.1.0

Dynamic Roles

When Dynamic Roles where used (only possible in 3.0.0), the custom role check (a.k.a. overwritten isUserInRoles() method in Native Module) was not called when in another Native Module hook method or auth method the AOM.checkRoles() method was called. Since 3.0.1 this method is called.

You're only affected if you implemented your own isUserInRoles() method and assigned the Role Class to a MetaModel, and also used AOM.checkRoles() on that MetaModel / on objects of that MetaModel in your code.

3.0.0

Git Modules

The whole git handling has changed.

• Module status "NATIVEGIT" has been removed

• Behaviour of the git endpoints changed

• Existing Git modules will be migrated on first start. A restart of yambas is necessary after the first full start!

Read more about the change on our page The Git Flow

3.0.0

Deprecations

The deprecations, which were scheduled to be removed for March 2018, have been removed.

• newly downloaded SDKs may break existing Apps, due to missing methods

• see the Deprecations and Migration page for detail information and replacements

3.0.0

Sharepoint module

Files were previously handled as Base64 strings in the attribute downloadableFile of the class SharepointFile. This attribute was changed to the type File and full static data handling was implemented. This means for example that in the response JSON the attribute is called downloadableFileURL and contains a URL where the actual file can be fetched.

You need to change native module and SDK code to handle files correctly, as well as any code that manually sends HTTP requests to the SharepointFile REST endpoint.

3.0.0

EULA Acceptance

Each ApiOmat account (including the SuperAdmin) is forced to accept the EULA to enable the account.

After installation or update, each account has to log into the dashbord one time and accept the EULA. Until then, each request with this account will raise an error, including all SuperAdmin requests.

3.0.0

Native Module Methods

The methods and resourceMethods field on AbstractClientDataModel are now of type IModelMethodsBackend and IResourceMethodsBackend.

If you set your own mock-implementation of these Interfaces, you have to rewrite them to implement the new interfaces

3.0.0

Server Code

The user object in ServerCode does not have the [get/set]LocLatitude and [get/set]LocLongitude methods anymore and instead, the [get/set]Latitude and [get/set]Longitude methods are (furthermore) available.

The [get/post/put/delete]Request methods are now only available on the static AOM object, but not on the objects itself.

• Change [get/set]LocLatitude and [get/set]LocLongitude to [get/set]Latitude and [get/set]Longitude

• Change obj.[get/post/put/delete]Request(...) to AOM.[get/post/put/delete]Request(...)
  in your ServerCode

3.0.0

Paymill module

The Paymill module is not available anymore, as it was only useable in ServerCode.

The module will be removed from your Backends automatically after upgrade.

3.0.0

Tumblr module

The tumblr module is not available anymore.

The module will be removed from your Backends automatically after upgrade.

3.0.0

Swift SDK

Swift SDK now uses Swift 4

You have to update existing Swift 3 apps to Swift 4: Swift 4 Information

2.6.5,

3.0.0

Objective-C SDK

Changed Cache-SDK from NSURLCache to DFCache

• same errorcode for sync and async request if internet is not available (614) and no cacheresult (615)

• async request return errorcode 614 if cachstrategy is Network_Only

2.6.1,

3.0.0

Static data (images and files)

Similar to the change in 2.6.0, where the JavaScript SDK was affected, now the Android, Objective-C, C#, C#-SQLite and Java SDKs are affected

• When deleting an image/file from an object that still contains the image/file HREF locally, but the image/file doesn't exist on the server anymore, an "ID_NOT_FOUND" error occurs instead of a "MODEL_NOT_FOUND" error

• When trying to load an image/file, but the local object doesn't contain the according image/file HREF, an "ATTACHED_HREF_MISSING" error occurs instead of a "MODEL_NOT_FOUND" error

• With the exception of the PushMessage class, when calling the post<dataAttrName>() method without having saved the object that you're calling the method on, an "HREF_NOT_FOUND" error occurs

• The below (for the JavaScript SDK) mentioned implications apply as well

2.6.0

JavaScript SDK

When posting a file or an image to an object, the object needs to be saved before.

When posting an image or a file, make sure the object was saved already. Otherwise the onError-callback will be triggered, giving a HREF_NOT_FOUND (601) error.

2.6.0

JavaScript SDK

When loading a referenced image or file, whose Href is missing, no exception will be thrown anymore.

When loading a referenced file or image fails because the accoding Href is missing, you can check for this error within the onError callback instead of using a try-catch block.

2.6.0

Static data (images and files)

There are new ways for handling static data. The JavaScript SDK was changed so that it uses the new REST endpoints internally. So when using the JavaScript SDK to post images or files to objects, the static data URLs are different now.

• If you work with the static data URLs directly (instead of with SDK methods) you need to keep in mind that the new URLs lead to the newly introduced hook methods being executed when sending a GET or DELETE request to them.

• If you send a DELETE request directly (instead of with the SDK method):

  • To the old static data URL, a following GET to the object that contained the image/file leads to the static data URL still being in the object. So loading the data with the SDK's "load<dataAttributeName>" method lead to a MODEL_NOT_FOUND (804) error.

  • To the new static data URL, a following GET to the object that contained the image/file lead to the static data URL being empty. So loading the data with the SDK's "load<dataAttributeName>" method leads to a ATTACHED_HREF_MISSING (616) error.

• If you implemented any doPost, beforePost or afterPost hook method in a Native Module, and relied on the static data URL being present in the object, this won't work anymore if you're using the JavaScript SDK's "post<dataAttributeName>" method

2.6.0

Twitter Module

The twitter module have been moved from a static module to native module. Take a look at the module page to see what has changed.

If you did not use the module in any of your modules or backends, it will simply be deleted. If the installation have modules or backends that use the module, please contact us to get the new native module version of the twitter module.

For more information about the possible implications when switching to the native module version, please visit the Twitter module page

2.5.6, 2.6.0

Any ("wrong") AppName Parameter in NativeModule Methods and Non-Transient References in NativeModules

Any method in NativeModules that takes an appName parameter will now check whether the owner of the backend for which the request was originally made has permissions on the backend that is given by the appName parameter. Additionally, any non-transient reference that is loaded gets checked for correct permissions.

This also means, that you have to call your custom REST-endpoints with the backend name included (as suggested since ApiOmat 2.1), e.g.:

{BASEURL}/yambas/rest/modules/{MODULNAME}/{APPNAME}/spec/ping

If empty or random Strings are passed as appName or if the request-originating backendowner does not have the permissions on the given backend, an unauthorized exception will be thrown.

The additional permission check on references should not lead to problems, as it only prevents against a complex attack scenario with multiple implications related to knowledge against another backend

The additional checks can be suppressed by setting strictChecks=false (on yambas.conf) or yambas.strictChecks:false (on apiomat.yaml)

2.5.5, 2.6.0

Object-based DeltaSync

When a client makes a request to a collection with a query like "a < 10" and receives 2 objects (a=8, a=9), he can send these objects' IDs and lastModifiedAt in the next collection query with "a < 10".

Until now, the server responded with a delta-deleted header that included the IDs of those objects that were either deleted or changed in a way that they're not part of the result anymore (e.g. changed to a=11).
But without differentiation between these two cases, clients didn't know whether to delete the objects from the local storage or not.

From now on, the server will respond with a delta-deleted header for deleted object IDs and a delta-removed header for objects that are just not part of the result anymore.

This change only applies to object-based DeltaSync. When using collection-based DeltaSync, there's no delta-removed header in the response at all and there are also no object IDs of objects that aren't part of the result anymore in the delta-deleted header.

Clients with old SDKs will still work, because the server will combine deleted and removed object IDs in the delta-deleted header when the x-apiomat-sdkversion header is < 2.5.5, leading to the old behavior.

New versions of most SDKs already take care of the separate response headers and the correct handling regarding the offline storage. The handling for the C# / Xamarin and Swift SDKs will be fixed in an upcoming version.

When using requests without SDK version header, you need to change the DeltaSync handling.

When using DeltaSync in Native Modules, no automatic SDK version check is done and you need to change the handling as well (e.g. start using r.setDeltaSyncRemovedList(...) etc.).

2.5.0

Modules who use external libraries not included in default module code

Loading of external libraries in native modules has been changed. Please read more at Native Module specific notes and limitations.

• If you use libraries that are also used by yambas (like Apache HttpClient), you can now use any version you want

• You have to update the SMTP module (we can provide you a new version, or you can add javax.mail-1.4.5.jar by yourself)

• Also be aware, that if your module previously relied on libraries with only interfaces, where the implementation was contained in ApiOmat itself (like slf4j, jdbc,..), you now have to include the implementation libraries in your own modules as well

Update your module using the update guide.

To switch back to the previous behaviour, set useOldClassloader=true in yambas conf oryambas.useOldClassloader:true in apiomat.yaml (supported since ApiOmat 2.5.2)

2.4.7, 2.5.1, 2.6.0

Usage of save() in Native Module code

Exceptions which are thrown in save() method in native modules are now populated to the calling code. This makes it possible to react on exceptions happened during the save operation. Before 2.4.7, these exceptions were catched internally and null was returned.

Check module code and add a try { } catch block around thesave() calls if you want to handle the exception in native module code.

2.4.7

C# / Xamarin SDK

Portable Class Libraries containing the C# / Xamarin SDK can't target the Windows Phone 8.0 platform anymore, due to the use of the System.Linq.Parallel namespace.

Instead of using PCL profile 259 we recommend using profile 111.

2.4.3

OAuth2 error code handling

OAuth2 Token verification can now be done by external Authentication Classes. Due to workflow changes, return codes on authentication failure of OAuth2 tokens will change from 401 to 840.

If Oauth2 error codes are checked in your application, add a handling for error 840 (token invalid).

2.4.1

Modules with implemented auth() methods in Hooks

Legacy call to auth hook method on Native Module class basis without any configured auth classes was removed (AOM-3567). To increase security and strictly follow the concept of Authentication Classes, the auth() method in Hook classes is now only called when the specific class is also set up as an auth class.

Before this change, auth hook methods were called in 2 additional cases:

• A CRUD request is received that targets class instances of a class of a Native Module, where the class contains an implementation of the auth hook method. This auth hook method gets called in this case.

• The requesting user (also for example a synced LDAP user) is found in the database. The class of the user gets determined (e.g. LDAPUser) and then that class' auth hook method gets called.

To stay with the legacy behaviour, set the classBasedAuth=true in yambas.conf / yambas.classBasedAuth: true in apiomat.yaml before upgrade.

2.4.0

Modules with own implementation of a REST class

New swagger library in native modules. Existing modules custom REST interface will not be shown in Apidocs and Dashboard anymore.

Update your modules and apply changes from the new library as described at the bottom of the help page.

2.3.1

Installations using same username for Users and Customers

Since using the same email/username for Users and Customers in one installation lead to various strange errors, it will not be possible anymore to create users and customers with the same name/email address. (AOM-3238)

Users and Customers having the same login may not be usable anymore.

2.2.1

Modules using the AOM.findByNames()method

Behaviour of <YourModule>.AOM.findByNames(...) changed; Old behaviour:

• If an exception occurs, return null. Independent of the transience.

• If the class of the objects you want to find is transient, the return value equals the return value of the doGetAll implementation of that class.

• If the class of the objects you want to find is non-transient:

  • If no elements were found, return an empty array.

  • If elements were found, return the filled array.

New behaviour:

• If an exception occurs, return null. Independent of the transience.

• Otherwise, independent of the transience:

  • If no elements were found, return an empty array.

  • If elements were found, return the filled array.

Change handling of the return value of the findBy() method in your native module code

all

DEB repository key

The GPG key for the Debian package has changed.

Please add the newest key to bypass apt signature errors:

TBA (Yambas 3.6.0)

OAuth2 tokens

We have changed the hash function used to generate OAuth2 tokens, so any existing tokens will no longer work. Therefore, all existing tokens (including manually set tokens) will be deleted when upgrading from a previous version.

After upgrading, generate new tokens for any Customers/Users that need them.

20.03.2 (Yambas 3.5.2), TBA (Yambas 3.6.0)

Consul registration

We have added a scheduled job to check if YAMBAS is (still) registered to Consul, and re-register it if not.

This job is deactivated by default. You can activate it by setting a specific application property.

Please note that this job does not work if you are using a Consul cluster, as YAMBAS may be registered in a different node.

To activate the job, set the application property common.consul.health.registrationCheckInterval to a positive integer, which will be the job interval (e.g. a value of 5 means the job will be executed once every five minutes).

TBA (Yambas 3.6.0)

Installations using usernames for Customers, Organizations and/or Users that only differ in case

It is no longer possible to create Customers, Organizations or Users with usernames that are identical except for case, e.g. "Freddy" and "freddy"

This is because Bouncer, our authentication microservice, cannot handle different casings.

The minimum required MongoDB version has been raised from 3.2 to 3.4. Please upgrade if necessary.

Customers and Organizations with usernames identical except for case may not be useable anymore.

With Users, the change only automatically affects new applications. It does not affect existing applications unless all the data for the User class is deleted (via "Drop all data" or "Drop class data") in the Dashboard.

19.11.0
(Yambas 3.4.0)

Android SQLite

New: Removed checked exception from postMyRefAsync() and removeMyRefAsync()

New: changed signature of methods of loadMyRef

• Update your Android SQLite SDK to be able to use the updated methods

19.11.0
(Yambas 3.4.0)

Reference deletion

The endpoint to remove a referenced object from a referencing object will now return an error response if the given ID doesn't match the ID of the actual referenced object. Previously this error was only logged, while the response status code was 204 (not indicating an error).

The related methods (e.g. obj.removeMyRef(...)) in the SDKs will now return an exception.

If you use:

• SDKs: If your code calls one of the methods to remove a reference and the object you pass might not be referenced you should catch and handle the exception

• NativeModule: Similar to the SDK - handle the exception if your code might lead to it

• REST endpoint: Change the code from expecting a 204 status code to the new error code.

3.3.3,
19.11.2 (Yambas 3.4.2),
20.03.1 (Yambas 3.5.1),
TBA (Yambas 3.6.0)

GoogleAnalytics Module, Piwik Module

The executor pools are now disabled by default and therefore won't track any CRUD event. This behavior results in less threads, memory and load on the system.

If you use the modules or want to use them, you have to set yambas.enableAnalyticsTracking to true

3.3.3, 19.11.2 (Yambas 3.4.2), 20.03.1 (Yambas 3.5.1), TBA (Yambas 3.6.0)

Java SDK,

Swift SDK

In the class AbstractClientDataModel, (the parent of every user-defined class), the method getAppName has been renamed to getApplicationName (Java SDK) and the field appName has been renamed to applicationName (Swift SDK).

If you call this method in your code, you will need to update your code after you have updated your Java or Swift SDK.

3.3.2

Swift SDK

New: minLength and maxLength validation for attributes

• data types: Int, Double, String

• new setter-method for these attributes

• try/catch to fetch validation error

The normal setter is private for attributes with validation (so it can't be used).

3.3.2

Supporter Role

It is now possible to add a supporter role to a customer account.

Adds access for the customer, who has this role, to see the Vendor Onboarding area of the dashboard with only read access. The supporter can also see all App-Backends and their data and configurations.

3.3.0

Update Routines

(when updating from versions prior to ApiOmat 3.0.1)

The automatic update routines prior to ApiOmat 3.0.1 have been removed.

If you're running a version below 3.0.1 and you're planning to update to 3.3.0 (e.g. your server is currently running ApiOmat 2.6), you should upgrade to 3.1 or 3.2 first and then upgrade to 3.3.0 to ensure that all routines will be executed.

3.3.0

C# SQLite SDK

• New: if offline storage has module classes of different versions than in downloaded SDK the offline storage is dropped (else kept) => old tasks will always be kept and later executed

• New: implemented SdkInfo.cs in Com.Apiomat.Frontend containing the module version info of the downloaded SDK

• Fix: deleted references will now be removed from storage (refCollection, singleRef, online and offline)

• Fix: deleted images/files will now be removed from storage (online and offline)

• Fix: new references will now be added to offline storage even if device is online (needed for later offline usage)

• Fix: new images/files will now be added to offline storage even if device is online (needed for later offline usage)

• Fix: missing collections (references and normal) will now consistently throw an exception with ID_NOT_FOUND, before the return value was a mix of null, empty list or exceptions

• Fix: table name in sqlite storage is now unique

• Fix: reference properties will now be cleared from objects, if loading results in an ID_NOT_FOUND exception was thrown

• Fix: removed references will now be deleted from object by id (not by hashcode anymore)

• Fix: deleted objects will now be removed from reference storage, if they are referenced to another object

• Fix: Delta sync of deleted references now returns the deletedIds

There were a lot of fixes to stabilize the C# SQLite SDK. Please take a further look in the list of fixes to decide if you need to make some changes after updating your C# SQLite SDK.

3.3.0

Android SQLite SDK

• New: to update your sqlite storage after changing modules or classes change your SQLite Database version number located in /frontend/offline/AppDatabase

• New: if offline storage has module classes of different versions than in downloaded SDK the offline storage is dropped (else kept) => old tasks will always be kept and later executed

• New: implemented SdkInfo.java in com.apiomat.frontend containing the module version info of the downloaded SDK

• New: offline tasks from previous versions will be processed if there are no conflicts in types, such as Long to String

• Fix: new images/files will now be added to offline storage even if device is online (needed for later offline usage)

Update your Android SQLite SDK to be able to use the new module version functionality within your project.

3.3.0

TypeScript SDK

• New: if offline storage has module classes of different versions than in downloaded SDK the offline storage is dropped (else kept) => old tasks will always be kept and later executed

• New: implemented SdkInfo.ts which contains all modules & their versions, which are included in the downloaded SDK

• Fix: several save-to-storage fixes for network else cache strategies

• Fix: embedded object "detection" fix for offline task handling

• Fix: improved offline task handling: stored models are now used as fallback when processing offline tasks

Update your TypeScript SDK to be able to use the new module version functionality within your project.

3.3.0

Swift SDK

• New: implemented SdkInfo.swift containing the module version info of the downloaded SDK

Update your Swift SDK to be able to use the new module version functionality within your project.

3.3.0

Referenced Static Data

Please use the new endpoints with module version as the old ones behave differently now and should only be used as a fallback! Click here for further information!

Also, reading or manipulating static data (files/images) that are linked to a data models attribute, providing a wrong attribute name or type will from now on return the error code

MODEL_NOT_FOUND (804),
and no longerINVALID_ATTRIBUTE_TYPE (751) orATTRIBUTE_NOT_FOUND (779) due to the new behavior since module versioning was included.

3.2.2, 3.3.0

Query Parsing

The query parser is more strict for queries containing a dot and an unknown prefix. Wrong Queries like "this.id" or "unknownAttribute.id" do not work anymore and should be corrected.

This only affects wrongly crafted queries.

3.2.2,
3.3.0

Create/Update MetaModelAttribute

It is no longer possible to create a reference attribute and pass a regular expression, minLength or maxLength patterns. Before, those three parameters were ignored silently when creating a reference attribute.
Now we indicate that patterns can't be set for reference attributes

• valid data types for using patterns are: Long, Double, String, Date, List (if the generic type is one of the types in this itemization)

• in Native Module classes, reference attributes can't be annotated with @Size or @Pattern anymore

3.2.7

PHP 7.3 update

PHP installation dependencies were set from 7.1 to 7.3.

3.2.1

Server side attribute validation

When using a collection attribute, the regex as well as min and max length validation is now executed for each element of the collection instead of the collection as a whole.

This only affects you if you're using regex or min/max length values for validating attribute values. Existing data is not changed at all and neither the returned data when fetching objects. But when creating or updating objects the new validation rules are followed.

3.2.1

TypeScript SDK

toJson() method in AbstractClientDataModel was renamed to toJsonString()

toJson() will now return a JSON-Object of the AbstractClientDataModel with all of its data

3.1.4,

3.2.1

Dynamic Roles

When using Dynamic Roles, the custom role check (a.k.a. overwritten isUserInRoles() method in Native Module) was not called for ApiOmat's Customer objects since 3.1.1 . Since 3.1.4 the custom role check is executed for Customers, again.

You may be affected, if you implemented your own isUserInRoles() method that should be called for Customer requests assumed that the role class is assigned to a MetaModel. The isUserInRoles() method will now be called for Customers credentials again, like it is supposed to.

3.1.4,

3.2.1

AOM.checkRoles() method

The basic user roles have always been hierarchical, which means for example that a user with the grant role could also read and write the object, and a user with the write role could also read the object. AOM.checkRoles() didn't adhere to this hierarchy, but instead lead to an authorization error when for example a user had write permissions and wanted to read an object. This was fixed.

AOM.checkRoles() is usually only required when combining custom auth methods with existing basic user roles. If you're using this method and didn't take the role hierarchy into account, you should revise your auth handling.

3.2.0

Database storage engine

The default MongoDB storage engine Wired Tiger is now fully supported in ApiOmat.

We now support Mongo's default storage engine and use it when doing a fresh install. Existing installations will keep the MMAPv1 engine, and new installations can also be re-configured to use MMAPv1 in mongod.conf.

3.1.3,

3.2.0

Backend and Customer caching

We removed the nearcache configuration from our default hazelcast.xml, as the nearcache may lead to inconsistencies when reading backends or customers from the cache.

We recommend to remove the nearcache configuration from hazelcast.xml. This may result in a slight decrease in performance, but fixes unexpected Unauthorized messages due to outdated cache entries. Your map configuration should look like this example

3.1.0

Cron Jobs

When using the static log methods from within a cron job, the module name that is displayed in the log message won't be Server Code anymore. Instead the name of the actual module, that contains the cron job, will be used.

informative

3.0.6,

3.1.4,

3.2.1

Java

We switched from Oracle JDK 8 to AdoptOpenJDK 8

On Windows, when installing the JDK with the ApiOmat installer, the JDK installation path was previously "C:\Java\jdk8" (independent of the exact version), and now it depends on the OpenJDK version, for example "C:\Java\jdk8u202-b08", with a slightly changed subdirectory structure.

To copy the old Java keystore to the new location you can run the following command (only necessary when you changed the keystore):

3.0.3,

3.1.3,

3.2.0

EHCache

EHCache caching was removed in favour of Hazelcast caching.

Since EHCache was only used on single node deployments, no implications for productive setups are expected.

3.0.1,

3.1.0

apiomat.yaml

The SuperAdminPassword was removed from apiomat.yaml configuration.

We recommend to manually delete the super admin password from your current apiomat.yaml. The entry is no longer needed. If you forgot your super admin password you are now able to get a password reset link to your configured super admin e-mail address. Just use the known password reset functionality.

3.0.0

sdk.properties

The build.xml for modules for Version 3.0.0 now also searches for properties defined in {user.home}/apiomat/apiomat.properties . If the sdk.properties defines the same value, the value is read from sdk.properties file.

We recommend the removal of customerName, password and host from the sdk.properties files of your module and instead putting these values to your local {user.home}/apiomat/apiomat.properties file

3.0.0

Modules with Git repository

Native modules can now be stored in a subfolder of a git directory. Additionally, we automatically create a .gitignore file, which ignores common build directories.

informative

3.0.0

Java SDK

JSON lib in class folder was replaced by library

Update project/build settings by adding the new json library in the /lib folder and remove the existing org.json package in the project folder.

3.0.0

Native Module objects

The structure of the NativeModule classes (extending AbstractClientDataModel) have been changed. The IModel interface now extends IResourceMethods and IModelMethods and therefore, you can use these Methods directly on an IModel object without casting.

informative

2.6.5,

3.0.0

Static Data (images and files)

Internal references for Files and Images

Until 2.6.5, files and images are deleted automatically, if the url of a file or image attribute changed to another one. This behaviour now has been adopted for removing the url from the object or deleting the whole object with that url.

Besides that, we keep track of the objects that reference a file or image. If multiple objects reference the same image or file, the resource will only be deleted automatically, if the last object itself gets deleted or the url gets removed from the last object.

Keeping track of references between objects and static data only applies to newly created relations, to update old datasets, please contact us for an update script.

We do not update the data automatically, as this may be a time-consuming process - depending on your installation.

2.6.3,

3.0.0

HREFs of embedded objects

Before 2.6.3, HREFs inside of embedded objects had "null" as scheme/prefix followed by a resource URL. Now, all these HREFs are set completely to null. Since HREFs of embedded objects cannot be used directly to e.g. query the REST interface with it, the changes are just of informative character.

If your client makes use of embedded objects' HREFs, then some code changes for treatment of the new prefix might be necessary.

2.6.0

Repository URL

For updating to ApiOmat 2.6 and later, you have to update to our new repository repo.apiomat.com. Also, new (personal) credentials are need, which will be kindly provided by your customer success manager at ApiOmat.

Change your repository URLs as specified in installation manuals.

2.6.0

Password Policy configuration

This new feature allows the system adminstrator to configurate a system-wide password policy. Every newly created password that doesn't match the policy rules will be rejected. For configuration details follow the instructions on the Password Policy page.

Furthermore there are two new REST endpoints to login customers and organizations properly. Visit Apidocs REST endpoint documentation for more details.

Configure passwordpolicy.json to define and enable some new password policy rules. For more information visit Password Policy .

2.6.0

Usage of REST endpoint /backup of the RestoreModule

The specific backup function by calling the REST endpoint '/backup' manually is not supported anymore.

Instead of using '/backup' to manually backup ApiOmat's data use the pre-configured daily cronjob. For more information visit Configure Backup / Restore Functionality

2.6.0

New app versions with ObjectiveC SDK

• Collections with simple types will return an optional in ObjectiveC now, which may require manual updates in iOS code when downloading a new SDK after 2.6 upgrade

• Collections with date types will return null in ObjectiveC now, if initialized and saved with null before.

Check your code after updating a new SDK if it uses the colletion types and correct the return values

2.6.0

Download SDK REST endpoint

The download SDK REST endpoint will now need an application/octet-stream accept header. You have to update the dashboard to the latest version and change legacy scripts to make the SDK download work again.

If existing, check your own scripts using the REST endpoint and send the new header.

2.5.7, 2.6.1,

3.0.0

C# / Xamarin (-SQLite) SDKs

The Analytics package imports and helper methods have been removed due to lacking support of the PCL for the target platforms that the ApiOmat SDK PCL works with.

If Analytics is enabled on your installation, future SDK downloads won't contain the Countly package imports and helper methods, so if you already used the helper methods in your app code, you will get compile errors.

To continue using the Countly SDK, you can import the Countly package from NuGet to your project and call the Countly methods instead of our helper methods. See Analytics Module.

2.5.7,
2.6.1,

3.0.0

Resource access rights when using restrictResourceAccess and object with new attached static data URL gets saved in NM

In the past, when a yambas image/file URL was set to an object in a Native Module hook method and then the object was saved, with "restrictResourceAccess" being enabled in the object's class, the image/file access rights were not changed to the ones of the object. This has been fixed now, so that the behavior is the same as when the object is updated with a static data URL via the REST API.

If you don't want your static data access rights to adopt the ones of the object that the data URL is assigned to, you need to turn off "restrictResourceAccess". Be aware that this enables access by guests (that have the correct API key) though.

2.5.5, 2.6.0

New Installations beginning with 2.5.5

The Audit Log feature is now deactivated by default for new installations. To activate it follow the instructions on the Audit Log page.

informative

2.5.2, 2.6.0

Installations with ApiOmat Analytics

Analytics SDK updated to server version 16.12.3 (backward compatible with older versions)

informative

2.5.0

All

The MetaModels of invisible classes can now be fetched by the module owner and customers with the writerole for the module. This was not possible previously.

informative

2.5.0

All

Main-Modules, which are automatically created when creating a new App-Backend, will now be hidden in Dashboard (if not containing any classes)

informative

2.5.0

Installations with ApiOmat Analytics

Activation of the Analytics module is now done via adding it to the default modules in yambas.conf/apiomat.yaml. The separate config value analytics.enabled is not used anymore.

Update config file to keep default module behaviour

2.5.0

Image or file usage in Backbone SDK

When loading images or files using the Backbone.js SDK, the data within the resulting model is not Base64 encoded anymore. Also the information about size, ownership etc. is not contained anymore. Alternatively you can use the loadResource method to access to former image or file data. Therefore have a look at the 'working with files' topic in the sdk reference.

informative

2.5.0

All

Authentication of customers or organizations email adresses is now case insensitive.

informative

2.5.0

New Installations beginning with 2.5.0

ApiOmat issues new license keys (64 char length). These keys are periodically activated automatically, and no permanent connection to license server is needed anymore. After a successfull activation, an offline license is stored to the YAMBAS users directory and is used 10 days max. During that period, re-activations are done automatically, which will reset the 10 days threshold and generate a new offline license.

informative - old license keys still work

2.5.0

All

YAMBAS installation now uses an own user aom-yambas and a new service name aom-yambas instead of tomcat7.

informative

2.5.0

Fileuploads with > 200MB

Upload of static data (files, images, etc) is limited to 200 MB by default and can be changed in apiomat.yaml/yambas.conf files.

informative

2.5.0

All

When downloading a file in the SDKs, it only gets stored in in-memory cache or persistent storage if their size is below a certain threshold. This value can be configured in the Datastore.
When uploading a file bigger than the max value and the device is offline, an exception gets thrown.

informative

2.5.0

Modules with own implementation of a REST class

Native modules will contain a newer swagger annotations library after download - please update your module. Using this library version, you can use more specific definitions of @ApiParam annotations like format or type.

Update module libraries to get access to new annotation parameters

2.5.0

Native Module usage

Native modules do not contain static class files anymore, they're packaged into an own lib. Additionally a new ant task to update your module is available. Please read more about updating your module.

2.5.0

Native Module usage

Modules can be released for each system separately. The field releaseState reflects the state for the current system (depending on the X-apiomat-system header in request). Additionally, there is a field releaseStates with the current state for each system. If you update this field, the releaseState field will be ignored.

informative

2.4.10, 2.5.5, 2.6.0

Native Module Deployment

Modules are now deployed in bottom-up order. If you have a Module A which uses Module B, then, while deploying Module A, the onDeploy-Method of Module B is called first and afterwards the one of Module A. In un-deploy process the methods are called top-down. When undeploying Module A, the onUndeploy method of Module A is called first and then the one of Module B. Note that the invocation of these methods are done only in the context of a specific module (the two onDeploy method calls for the deployment of module A is independent from the onDeploy method call of module B)

informative

2.4.8, 2.5.1, 2.6.0

ObjectiveC SDK usage

[Objective-C] Getter methods for attributes of type long and double are now returning a value of type NSNumber.

ObjectiveC Apps may have to be changed when updating to a new SDK

2.4.6

All

ACLs of objects and classes can now be fetched separately using REST and native modules. Both will addtionally contain attributes/methods for allowedRoles{Read, Write, Create, Grant}ForClass and allowedRoles{Read, Write, Create, Grant}ForObject. The existing Implementation allowedRoles{Read, Write, Create, Grant}ForClass will remain and return a merge of both the objects and class ACLs like it was implemented before.

informative

2.4.2

All

Startup of YAMBAS and Dashboard will check if either yaml or conf file is defined in system properties or environment. If both config files are defined, neither Dashboard nor YAMBAS can guess which one is correct and will stop with an error message.

Check if your operation systems configuration uses multiple definitions of the config file location; change to a single one if necessary

2.4.0

Apps using the Push Module

receiverUsername attribute of PushMessage was removed because of duplication of receiverUsernames attribute. Old SDKs will still work, but newer SDKs won't contain this attribute anymore.

informative

2.4.0

Native Module usage

Please update to the newest native modules delivered from ApiOmat when you want to inherit classes; when using older versions of the modules, sometimes the hook methods to not get called properly

Apps may have to be changed when updating to a new SDK

2.4.0

All

New repository paths: To update to version 2.3.3 or 2.4.x, please remove the old apt/rpm repository and add the new one according to the documentation before starting the update command.

Change the repository paths on your linux installations before upgrade

2.4.0

Native Module usage

No serialization anymore in JAR native modules

informative

2.4.0

All

Salt & Pepper values are used to strengthen the hashing of user passwords

informative

2.3.9, 2.4.9, 2.5.4, 2.6.0

Existing Modules

The version of the maven-dependency-plugin should be pinned to 2.1. Otherwise, libraries will be duplicated and lead to unforseen behaviour. Please remove these duplicates. ApiOmat 2.5.2 delivers a fixed pom.xml for new modules. Read more about that in the warning-note on the Maven Integrationpage.

Update pom.xml of any existing module, remove duplicates

2.3.0

Apps using the Wordpress Module

Wordpress type attribute name changed; type will not be set- or gettable by older SDKs when using Wordpress.

Apps may have to be changed when updating to a new SDK

2.2.7

Multi-node setups

Application config changes can trigger the modules onConfigChange() method on all cluster nodes, depending on the @ModuleConfig.notifyAllNodes setting.

informative

2.2.1

All

Deploy in Dashboard only compiles dynamic (non-native) modules of the customer

informative