REST API Changes
The following REST API changes were made in Composer 5.
API documentation is provided with your Composer installation at this link:
The following endpoints have been added.
Supports themes. If your Composer user belongs to a group that has been assigned the Can Manage Themes privilege, you can use this endpoint to create, read, update, delete, list, activate and otherwise manage UI themes. You can also use this endpoint to assign a default color palette to visuals in the environment and to override the default color palette for specific visual styles.
Supports dashboard scheduling. If your Composer user belongs to a group that has been assigned the Can Create Scheduled Reports (ROLE_CREATE_DASHBOARD_REPORTS) privilege, you can use this endpoint to create, update, and delete scheduled dashboard reports as well as to retrieve scheduled dashboard report settings either by dashboard ID or by report ID.
Supports materialized views.
Supports column security. See Restricting Group Access to Fields Using Column Security.
Supports row security. See Restricting Group Access to Data Using Row Security.
Supports dashboard authorization. Use with the GET method to retrieve the user permissions for a specific dashboard.
Use this endpoint to search for users in a Composer account. At least three characters must be specified for
<string>. These characters can be any part of the user name, full name, or email. The endpoint returns the Composer internal user IDs and user names of any user in the account with those characters in their Composer user name, full name, or email.
This endpoint can only be used to search for users in the same Composer account as the user who issues the request.
If your Composer user belongs to a group that has been assigned the Can Manage Visuals privilege, you can use this endpoint to create, update, or delete a visual or to list the visuals that have been defined or the details about a specific visual.
The following API endpoints have been enhanced.
Supports dashboard authorization. Use with the GET method to retrieve the group or account permissions for a specific dashboard.
Supports dashboard authorization. Use with the PUT method to update the group or account permissions for one or more groups.
The response from this endpoint when used with the GET method was enhanced to include the read, write, and delete permissions assigned to a dashboard for the current user in the dashboard library. A new section
"permissions"has been added to the response.
The following API endpoints have been deprecated.
filterableInAggregateproperty of the
visdefsendpoints is no longer available. The information provided by this property was not tailorable and had no effect. If your API calls still include this property, the API call will succeed, but the
filterableInAggregateproperty is silently ignored.
The following endpoints have been removed and replaced, as shown in the following API requests.
Old API Request Use This API Request Instead
accountIdparameter is now deprecated and will be removed from the following API endpoints in a future release:
visualizationscontainer in the response from a GET or PATCH
/api/sources/<id>request is deprecated. The code will be removed in a future release.
vnd.composer.v2+jsonis now the default
Content-Typeused for API routes. The
vnd.zoomdata.v2+jsonis still accepted for backward compatibility, but is deprecated and will be removed in a future release. API routes that respond with JSON that conforms to a schema, respond using the
vnd.zoomdata.v2+jsoncontent type, depending on the setting of the
Acceptheader. If the
Acceptheader specifies either
vnd.zoomdata.v2+json, the API response is returned using the requested content type. However, if neither
vnd.zoomdata.v2+jsonare specified in the
Acceptheader, the API response uses the content type specified by the
/api/security/attributesendpoint is deprecated with this release. Its code will be removed from the product in a future release. It has been replaced by the new
/api/sources/<source-id>/security/attributesendpoint, used for column security.
A new X-AUTHORIZATION-ACCOUNT header has been added to the API that allows you to set the account to which the API call should be applied. The target account must be available to the user. For example:
X-AUTHORIZATION-ACCOUNT : <account-id>
This header is only supported for basic authentication requests.
If OAuth security is not enabled by the supervisor in the supervisor UI, then all OAuth client and token-related API endpoints now return a 404 response code or a 401 unauthorized response code (when an existing token is used). In addition, the OAuth API endpoints are not visible in the Swagger documentation. The primary OAuth endpoints are: