Core Service API delta compared to SDL Tridion 2013 SP1

Compared to SDL Tridion 2013 SP1 HR1, the API has changed slightly. Some API changes cause compatibility breaks.

  • Compatibility break: Uploading files to the Core Service was discovered to have a security vulnerability, which was fixed in the new Core Service client. However, to fix this problem in the old Core Service client, uploading files has been completely disabled. If you want to make uploading possible, you have two options:
    • Modify your code to use the new Core Service client.
    • Accept the security vulnerability by explicitly enabling it. SDL recommends against this, but if you feel you need to do this, you can access your Content Manager server, edit %TRIDION_HOME%\config\Tridion.ContentManager.config, find the binaryContentStorage element and add an attribute-value pair: enable2013Compatibility="true" to re-enable the vulnerable upload.
  • Compatibility break: The method Tridion.ContentManager.Extensibility.Events.SetPublishStateEventArgs has a parameter of class PublicationTarget. Before, this object was writable; now, it is read-only.

  • Deprecation: The Actions enumeration in the Tridion.ContentManager namespace is now deprecated, because it had no more room for the new Demote and Promote enumeration values. In the Actions enumeration, those actions will now result in the enumeration value UnknownByClient. SDL recommends that you use the new TcmAction enumeration in the same namespace, which does cover all actions in its enumeration values.

  • In the new Core Service endpoint, ICoreService201501, the GetCurrentUser method no longer returns a UserData object, but rather an AccessTokenData object.

  • In the new Core Service endpoint for stream uploading, IStreamUpload201501, the UploadBinaryContent method has (and had) an UploadRequest object as a parameter. This UploadRequest object now has an AccessToken property that must be set.

  • Support for Claims-based access tokens resulted in new methods, ImpersonateWithClaims and ImpersonateWithToken, in both the batch and session-aware interfaces, and a new class, AccessTokenData.

  • Support for expiration of Claims-based access tokens resulted in an ExpiresAt property in the newAccessTokenData object.

  • Looking up a Trustee (that is, a Content Manager User or Group) by name was made more efficient by adding a new NameSearchMode property in the TrusteesFilterData class. (Previously, such a lookup required implementers to first get a list of all Users and/or Groups, which was expensive if such lists were large.)

  • Implementers can now use the GetPublishUrl method to retrieve the full URL, rather than a URL relative to the server, of a published Publication, Structure Group or Page, if they specify the Target Type or Purpose to which the item was published.

  • To improve measuring and troubleshooting your publish actions, the PublishTransactionData class has the following new properties:
    • TotalExecutionTime
    • ResolvingTime
    • RenderingTime
  • A number of Content Manager lists returned by an API call now contain not only a user name but also a user description.
  • The enumeration ActivityState has a new value, WaitingForWorkflowAgent.
  • The PublishTransactionState enumeration has a new value, WaitingForCdEnvironment.

  • A new method ElevatePrivileges lets you temporarily elevate the privileges of the current user, then revert to their original values using RestorePrivileges.