Sync API Changes
Sync API Changes
This document provides information on changes made to the Sync API for both Web and Mobile (iOS and Android). This document provides information on changes made to the Sync API for both Web and Mobile (iOS and Android).
Sync API Changes on the Web:
- Removed validation of the ability to call sync API while requesting to api/sync/companies/get to allow users who don't have access to mobile API to request available companies (This workaround is only for v17).
- WinApp DEV.
- Removed company-related endpoint that allows finding a company based on a password.
- Start application flow is changed: application is authenticated, then requests companies and changed company if required (based on existing logic).
- Added company to application settings.
- WebApp DEV (Sync API)
- Added ability to authenticate (sync api) without specifying a company.
- Removed get companies endpoint that requires to specify password and login (replaced by end point for authorized users).
- Added company id to claims.
Before |
After |
Url: api/sync/companies/get Payload: { string Login; string Password; bool UseAesCryptoProvider; } |
Removed |
Url: api/sync/authorization/Authorize Payload (data model): { string Login; string Password; long CompanyId; bool UseAesCryptoProvider; }
|
Url: api/sync/authorization/Authorize Payload (data model): { string Login; string Password; long? CompanyId; bool UseAesCryptoProvider; } i.e. type of CompanyId has been changed. From long to long? CompanyId should be specified when mobile application tries to login user to specific company. CompanyID claim has been added to claims. |
- There are no changes regarding api/sync/OpenIdConnect/GetMobileToken.
- This endpoint continues to use CompanyId only and ignores everything which has been included in the payload (works as is).
Sync API Changes in Android:
To match with the changes made on the web, the following changes are made in Android.
- Added ability to authenticate (sync API) without specifying a company.
- Removed get companies endpoint that requires to specify password and login (replaced by the endpoint for authorized users).
|
Before |
After |
For authorization token |
String authUrl = CmoApplication.getInstance().prepareUrl (Constants.URL_SYNC + “Authorize”); AES Encryption = AES/ECB/PKCS7Padding |
String authUrl = CmoApplication.getInstance().prepareUrl (Constants.URL_SYNC + “authorization/authorize”); AES Encryption = AES/GCM/NoPadding |
To get companies |
String authUrl = CmoApplication.getInstance().prepareUrl (Constants.URL_SYNC + “Companies/Get”); |
String authUrl = CmoApplication.getInstance().prepareUrl (Constants.URL_SYNC + “companies/GetAvailableCompanies”); |
- AES encryption has been changed from ‘AES/ECB/PKCS7Padding’ to ‘AES/GCM/NoPadding’ (This workaround is only for v18).
Sync API Changes in iOS:
|
Before |
After |
For authorization token |
URL : Client Server URL + “Authorize” Params : login - > username password -> encrypted Password companyId -> companyID UseAesCryptoProvider -> true (AES256 Encryption) |
URL : Client Server URL + "authorization/authorize” Params : login - > username password -> encrypted Password companyId -> companyID UseAesCryptoProvider -> false (AES GCM no padding Encryption) |
To get companies |
URL : Client Server URL + “Companies/Get” |
URL : Client Server URL + "companies/GetAvailableCompanies” |
- UseAesCryptoProvider parameter has been changed from ‘AES256 encryption’ to ‘AESGCM no padding’ encryption (This workaround is only for v18).