Release notes

2025r12

Fix for JWT token in REST exchange log

The publication API is the first API to run on the BAPI 2.0 framework. Previously, when executing a POST /login call for this API, the generated JWT token was fully visible in the response body of the REST exchange log entry, rather than being obfuscated for security purposes. This issue has been fixed in this version.

Fix for empty or incomplete reponse in REST exchange log

The publication API is the first API to run on the BAPI 2.0 framework. Previously, the response body in the REST exchange log entry navigator showed an incorrect or empty response body for BAPI 2.0 calls. This issue has been fixed in this version.

2025r1

Permissions only for active modules in publication API and BAPI 2.0

The publication API uses the BAPI 2.0 framework, which means some calls might behave or look differently. For now, it is the only API using this framework.

In the BAPI 2.0 framework, the permissions required for the API user are calculated based on the data model, meaning the permissions defined in the Mediagenix Base platform for certain modules and concepts.

Previously, this framework did not filter the permissions based on the active or inactive modules.

Specifically in the publication API, when sending a GET /publication-snapshots/{publicationSnapshotId} call, the response body contains, among others, the contentId attribute (see the Explorer). This contains the external reference of the content corresponding to the publication record, which can be a product or episode but also a trailer, commercial or music clip.

However, previously, when the API user did not have permission for all these content types because not all modules were active, the user would get the following error when sending the call:

{
  "statusCode": "403",
  "message": "The account being accessed does not have sufficient permissions to execute this operation.",
  "timestamp": "2021-07-06T09:23:56Z"
}

This was not correct because if a certain module is not active, it will not be used in other concepts either, and this permission should not be checked.

For example, if the Music Clip Management module is not active, music clips will not be linked to publication records so the Music Clip Management permission should not be required for the call.

From this version, the permission checking in the BAPI 2.0 framework, meaning the publication API and any future APIs, will only happen based on the active modules.

In the example, the Music Clip Management will no longer be required for these calls and the error message no longer appears.

The YAML was not changed for this update.