**Source URL:** https://general.veevavault.dev/rn/18r2.md

# Vault Developer Release Notes

We are pleased to bring you the following additions and enhancements to Developer Portal features in 18R2.

## Developer Features in 18R2 {#developer-features-in-18r2}

We are pleased to bring you the following additions and enhancements to Developer Portal features in 18R2. REST API features added in 18R2 only affect API v18.2, unless otherwise noted. You can learn more about the [18R2 Release in Vault Help](https://platform.veevavault.help/en/lr/48220).

* [18R2 Fixed Issues](https://platform.veevavault.help/en/lr/49581): View the "Developer Features" category of the Fixed Issues list for Developer Feature fixes in this release. Note that API issues are fixed in API v18.2 only unless otherwise noted.

* [18R2 Known Issues](https://platform.veevavault.help/en/lr/49578): View the "Developer Features" category of the Known Issues list for known issues with Developer Features which are not yet fixed.

### Service Announcements {#Service_Announcements}

<ReleaseNote id="18r2-feature-change-disable-tlsv10-and-weak-ciphers-for-https" app_family="platform" version="18r2">### Feature Change: Disable TLSv1.0 and Weak Ciphers for HTTPS {#18r2-feature-change-disable-tlsv10-and-weak-ciphers-for-https}

The removal of support for TLSv1.0 and Weak Ciphers for HTTPS has been deferred to the 18R3 release (November 30th, 2018) to provide customers additional time to upgrade their browsers and integrations to support TLS 1.2. Integrations that already use TLS 1.2 will continue to work.

Learn more about [Veeva Vault disabling TLS 1.0 and 1.1](/docs/tls).

</ReleaseNote>
<ReleaseNote id="18r2-vault-mobile-ios-sdk" app_family="platform" version="18r2">### Vault Mobile iOS SDK {#18r2-vault-mobile-ios-sdk}

The Vault iOS SDK provides customers for with the ability to build applications for the iOS platform that connect to Vault. The SDK provides APIs to aid developers with built in functionality for: authentication, encryption, document creation/update/query as well as local caching on-device.

</ReleaseNote>

### REST API v18.2 {#18r2-rest-api-v182}

<ReleaseNote id="18r2-vault-cdn-support" lr="18r2.0" app_family="platform" version="18r2">### Vault CDN Support {#18r2-vault-cdn-support}

Vault CDN support enables Vault to automatically push and remove content to and from a customer’s Amazon S3 bucket and generates public URLs for source files and renditions associated to that document.

When enabling Vault CDN Support, the [Retrieve Document Renditions API](/vault-api/api-reference/18.2/documents/document-renditions/retrieve-document-renditions) includes the following fields in the response:

* `productionCDNURLs`: List of all production CDN URLs for each of the individual renditions. This is only populated on the latest steady state version.

* `stagingCDNURLs`: List of all staging CDN URLs for each of the individual URLs. This is only populated on the latest version of the document.

These fields are not editable through the API.

This feature also introduces the following document fields:

* `cdn_content__v`: This is a standard document field which specifies whether a document should be sent to the CDN.

* `production_cdn_url__v`: This is a standard document field which specifies the production CDN URL of the content if the content is in a steady state. This field is only populated on the latest steady state document with a `cdn_content__v` value of `true`.

* `staging_cdn_url__v`: This is a standard document field which specifies the staging CDN URL of non steady state content. This field is only populated on the latest version of a document with a `cdn_content__v` value of `true`. Customers can only activate this field by enabling the **Enable Push to Staging** admin checkbox under *Enable Vault CDN* in the UI.

Learn more about [Vault CDN Support in Vault Help](https://commercial.veevavault.help/en/lr/48333).

</ReleaseNote>
<ReleaseNote id="18r2-removing-support-for-imedidata" lr="18r2.0" app_family="platform" version="18r2">### Removing Support for iMedidata {#18r2-removing-support-for-imedidata}

As of API v18.2, Vault no longer supports iMedidata Delegated Authentication. The API will no longer accept requests to authenticate users using iMedidata session. Although the User API still contains references to `medidata_uuid__v` field, the field is now deprecated and the data in this field is no longer used. This field will be completely removed in the next API version.

</ReleaseNote>
<ReleaseNote id="18r2-sandbox-vaults" lr="18r1.4" app_family="platform" version="18r2">### Sandbox Vaults {#18r2-sandbox-vaults}

This feature allows users to manage the sandbox Vaults using the API.

New endpoints allow API users to view, create, refresh and delete their sandbox Vaults.

Sandbox Vaults are used to develop and test configuration changes, data migrations, and integrations without impacting your production Vault and users. Sandbox Vaults are critical to an effective change control process.
Creating or refreshing a "Configuration" sandbox Vault copies the production Vault's configuration, ensuring the sandbox Vault is an accurate replica of production suitable for making and testing changes without exposing production data. Creating a sandbox for a new project and refreshing your sandboxes often will avoid issues and delays when deploying changes in production.

Learn more about [sandbox Vaults in Vault Help](https://platform.veevavault.help/en/lr/48988), or view the endpoints in the [v18.2 REST API Reference](/vault-api/api-reference/18.2/sandbox-vaults).

</ReleaseNote>
<ReleaseNote id="18r2-create-placeholder-from-edl-item" lr="18r1.4" app_family="platform" version="18r2">### Create Placeholder from EDL Item {#18r2-create-placeholder-from-edl-item}

In API v18.2, users can trigger the action to create placeholders from an EDL item using a new [API endpoint](/vault-api/api-reference/18.2/expected-document-lists/create-a-placeholder-from-an-edl-item).

<Endpoint path="/api/{version}/vobjects/edl_item__v/action/createplaceholder" method="POST"></Endpoint></ReleaseNote>
<ReleaseNote id="18r2-dataset-support-for-configuration-migration-packages" lr="18r1.4" app_family="platform" version="18r2">### Dataset Support for Configuration Migration Packages {#18r2-dataset-support-for-configuration-migration-packages}

This feature allows users with Configuration Migration permissions to include data loads into an Outbound Package. This is particularly useful when migrating components that require reference data. Rather then having to perform manual data load via Vault Loader, users can now include the corresponding data load steps into an Outbound Package. Customers can also use this feature to help streamline the replication of sample test data from production to sandbox, or from sandbox to test.

We’ve also updated the [Export Package](/vault-api/api-reference/18.2/configuration-migration/export-package) and [Deploy Package](/vault-api/api-reference/18.2/configuration-migration/deploy-package) API response to include datasets in the VPK. We’ve also updated the Export Package API for users to download the VPK from a job.

</ReleaseNote>
<ReleaseNote id="18r2-scim-for-users" lr="18r1.3" app_family="platform" version="18r2">### SCIM for Users {#18r2-scim-for-users}

With this release, customers can use SCIM 2.0 to implement user provisioning. SCIM stands for “System for Cross-domain Identity Management”, which is a standards-based protocol designed for the exchange of user identity information between identity domains. It is a protocol by which external systems, such as Identity Providers and Authorization Services, can provision, query, de-provision and synchronize user identity data in SaaS systems such as Vault. SCIM is implemented using REST framework, allowing user identity data to be exchanged over HTTPs, using objects expressed in JSON and described in a publicly exposed schema.

Vault implementation of SCIM does not support groups or granular Vault security, such as DAC.

Learn more about SCIM in [REST API v18.2 Reference](/vault-api/api-reference/18.2/scim-for-users)

</ReleaseNote>
<ReleaseNote id="18r2-user-person-object-enhancements" lr="18r1.3" app_family="platform" version="18r2">### User & Person Object Enhancements {#18r2-user-person-object-enhancements}

With this release, we’ve made the following enhancements to `user__sys` and `person__sys`:

* There is a new *Vault Membership* lifecycle on `user__sys` which controls whether or not a user is active in a Vault. With this lifecycle, API users can now control if a user is active or inactive by changing the state of users with the [Initiate Object Action API](/vault-api/api-reference/18.2/object-lifecycle-workflows/object-record-user-actions/initiate-object-action-on-a-single-record).

* We added the `security_policy__sys`, `salesforce_username__sys`, and `imedidata_uuid__sys` fields  to `user__sys`. This allows customers to use the [Create Object Records](/vault-api/api-reference/18.2/vault-objects/create-object-records) endpoint to create users with references to custom security policies and delegated authentication information.

* Creating `person__sys` records has been made much simpler by only requiring First and Last name, or a reference to a User.

</ReleaseNote>
<ReleaseNote id="18r2-unbound-document-display-options-for-binders" lr="18r1.3" app_family="platform" version="18r2">### Unbound Document Display Options for Binders {#18r2-unbound-document-display-options-for-binders}

In this release, users can set Binder Unbound Document Display Options in the UI, which controls what version is displayed for unbound documents in binders of this document type. The [Retrieve Binder](/vault-api/api-reference/18.2/binders/retrieve-binders/retrieve-binder) and [Retrieve Binder Version](/vault-api/api-reference/18.2/binders/retrieve-binders/retrieve-binder-version) APIs will return document versions for unbound documents based on the binder’s document type, and display in one of the following ways:

* **Latest Version**: Retrieves the latest version of the unbound document. This is how binders work today.

* **Latest Viewable Version**: Retrieves the latest version for each unbound document the user has access to.

* **Latest Viewable Version**: Retrieves the latest steady state version for each unbound document the user has access to. If there is no steady state for an unbound document, the response will not include it.

This feature does not apply when executing VQL queries for binder contents.

</ReleaseNote>
<ReleaseNote id="18r2-crossvault-user-profile-images" lr="18r1.3" app_family="platform" version="18r2">### Cross-Vault User Profile Images {#18r2-crossvault-user-profile-images}

As of this release, Vault manages the user profile image at the domain level instead of the Vault level. By setting the user profile image at the create or update time, it becomes available across all Vaults the user has access to in the home domain and the cross-domain.

</ReleaseNote>
<ReleaseNote id="18r2-record-validation-rules" lr="18r1.3" app_family="platform" version="18r2">### Record Validation Rules {#18r2-record-validation-rules}

Validation rules enhance data quality by comparing user entered data with Admin defined rules for an object record. This feature allows Admins to set up simple validation rules in the UI.

If one or more validation rules fail when users create or update records via the API, the response will return an error including the names of the failing validation rules, Admin configured error messages for those rules, and their error locations. For example:

`API Failure Type: “RECORD_VALIDATION_FAILURE”
responseStatus: FAILURE
Message: <Error Message configured for the Validation Rule> [<Field 1>, <Field 2>]
`There is no change to the API response if every validation rule passes and the record is successfully saved. Learn more about [Record Validation Rules in Vault Help](https://platform.veevavault.help/en/lr/46866).

</ReleaseNote>
<ReleaseNote id="18r2-reason-selection-when-making-a-copy" lr="18r1.3" app_family="platform" version="18r2">### Reason Selection When Making A Copy {#18r2-reason-selection-when-making-a-copy}

This feature extends the Make a Copy functionality for PromoMats and Medcomms to allow users to select a reason when making a copy. API users can retrieve the `copy_reason__v` document field with the [Retrieve Documents](/vault-api/api-reference/18.2/documents/retrieve-documents) API and use the [Picklists API](/vault-api/api-reference/18.2/picklists) to manage the `copy_reason_picklist__v` picklist.

</ReleaseNote>
<ReleaseNote id="18r2-multisite-document-distribution" lr="18r1.2" app_family="platform" version="18r2">### Multi-Site Document Distribution {#18r2-multisite-document-distribution}

As of API v18.2, users in Clinical Vaults can now use the existing **Document & Binder User Actions** endpoints to initiate multi-site document distribution workflows. These workflows distribute important documents, such as protocol amendments, revised informed consent form templates, and safety information documents, to many study sites at once. Learn more about [Multi-Site Document Distribution in Vault Help](https://clinical.veevavault.help/en/lr/45119).

</ReleaseNote>
<ReleaseNote id="18r2-accept-vault-session-ids-as-bearer-tokens" lr="18r1.2" app_family="platform" version="18r2">### Accept Vault Session IDs as Bearer tokens {#18r2-accept-vault-session-ids-as-bearer-tokens}

This feature allows API client applications and integrations to send Vault Session IDs inside an `Authorization` HTTP Request Header with a `Bearer` keyword, as if it was a real Bearer OAuth token.

For example:
`Authorization: Bearer {Vault Session ID}`

Learn more about Authentication in the [REST API v18.2 Reference](/vault-api/api-reference/18.2/authentication).

</ReleaseNote>
<ReleaseNote id="18r2-configurable-copy-fields" lr="18r1.2" app_family="platform" version="18r2">### Configurable Copy Fields {#18r2-configurable-copy-fields}

In this release, users can configure which fields to copy when executing the *Make a Copy* action on a document. Document fields have a new `noCopy` attribute when retrieving document field metadata, where `true` means this field is not copied. You cannot set the `noCopy` value through the API, and must do so through the UI.

</ReleaseNote>

### VQL {#18r2-vql}

<ReleaseNote id="18r2-vql-on-renditions" lr="18r1.4" app_family="platform" version="18r2">### VQL on Renditions {#18r2-vql-on-renditions}

This feature introduces the new `renditions` object for VQL, a common requirement for integration and migration use cases. Using VQL on renditions allows developers to easily determine which document versions have renditions of a particular type, and retrieve rendition metadata, including its size, checksum, and file type. The `renditions` object supports joins with the `documents` object so that Vault can return rendition metadata along with document version metadata. Learn more about [querying Vault renditions](/vql/query-targets/renditions).

</ReleaseNote>
<ReleaseNote id="18r2-vql-on-binders" lr="18r1.3" app_family="platform" version="18r2">### VQL on Binders {#18r2-vql-on-binders}

As of API v18.2, VQL supports two new query targets: `binders` and `binder_node__sys`. With these query targets, binders become fully queryable through VQL.

Some of the most common queries this new interface is able to answer are:

* Given a document, or a set of documents, find binders which contain them

* Given binder, or a set of binders, find documents which are contained within them

You must use API v18.2 or higher to query binders.

Learn more about [binder queries](/vql/query-targets/binders).

</ReleaseNote>
<ReleaseNote id="18r2-queryable-components" lr="18r1.3" app_family="platform" version="18r2">### Queryable Components {#18r2-queryable-components}

With this release, API users can query most Vault component objects like any other Vault object. For example, components such as `objecttype__sys` and `accountmessage__sys` are available for query through VQL. Note that not all components are available for query. To retrieve a list of queryable Vault component objects, use the [Retrieve Object Collection](#Retrieve_Object_Collection) endpoint.

</ReleaseNote>