Core Service API delta compared to SDL Tridion 2013 SP1
Compared to SDL Tridion 2013 SP1 HR1, the API has changed slightly. Some API changes cause compatibility breaks.
-
Compatibility break: Uploading files to the Core Service was discovered to have a security vulnerability, which was fixed in the new Core Service client. However, to fix this problem in the old Core Service client, uploading files has been completely disabled. If you want to make uploading possible, you have two options:
- Modify your code to use the new Core Service client.
- Accept the security vulnerability by explicitly enabling it. SDL recommends against this, but if you feel you need to do this, you can access your Content Manager server, edit %TRIDION_HOME%\config\Tridion.ContentManager.config, find the
binaryContentStorageelement and add an attribute-value pair:enable2013Compatibility="true"to re-enable the vulnerable upload.
Compatibility break: The method
Tridion.ContentManager.Extensibility.Events.SetPublishStateEventArgshas a parameter of classPublicationTarget. Before, this object was writable; now, it is read-only.Deprecation: The
Actionsenumeration in the Tridion.ContentManager namespace is now deprecated, because it had no more room for the newDemoteandPromoteenumeration values. In theActionsenumeration, those actions will now result in the enumeration valueUnknownByClient. SDL recommends that you use the newTcmActionenumeration in the same namespace, which does cover all actions in its enumeration values.In the new Core Service endpoint,
ICoreService201501, theGetCurrentUsermethod no longer returns aUserDataobject, but rather anAccessTokenDataobject.In the new Core Service endpoint for stream uploading,
IStreamUpload201501, theUploadBinaryContentmethod has (and had) anUploadRequestobject as a parameter. ThisUploadRequestobject now has anAccessTokenproperty that must be set.Support for Claims-based access tokens resulted in new methods,
ImpersonateWithClaimsandImpersonateWithToken, in both the batch and session-aware interfaces, and a new class,AccessTokenData.Support for expiration of Claims-based access tokens resulted in an
ExpiresAtproperty in the newAccessTokenDataobject.Looking up a Trustee (that is, a Content Manager User or Group) by name was made more efficient by adding a new
NameSearchModeproperty in theTrusteesFilterDataclass. (Previously, such a lookup required implementers to first get a list of all Users and/or Groups, which was expensive if such lists were large.)Implementers can now use the
GetPublishUrlmethod to retrieve the full URL, rather than a URL relative to the server, of a published Publication, Structure Group or Page, if they specify the Target Type or Purpose to which the item was published.-
To improve measuring and troubleshooting your publish actions, the
PublishTransactionDataclass has the following new properties:TotalExecutionTimeResolvingTimeRenderingTime
- A number of Content Manager lists returned by an API call now contain not only a user name but also a user description.
- The enumeration
ActivityStatehas a new value,WaitingForWorkflowAgent. The
PublishTransactionStateenumeration has a new value,WaitingForCdEnvironment.- A new method
ElevatePrivilegeslets you temporarily elevate the privileges of the current user, then revert to their original values usingRestorePrivileges.