Skip to main content

API

Latest Beta Version

[12.1.0] - 2026-05-12

Added

  • Feature Entitlements — certain API endpoints now require the organization or company to have the appropriate entitlement; requests without it receive a 402 response
  • CustomScript endpoints require OrganizationEntitlements.Scripts
  • Applet create/delete endpoints require CompanyEntitlements.DevSpace

[12.0.1] - 2026-05-06

Fixed

  • Pagination returning 404 on second page for endpoints with custom uniqueIdentificator (e.g., emulator, device)

[12.0.0] - 2026-05-05

Added

  • Endpoint GET /v1/organization/:organizationUid/member returns the members of the organization
  • Endpoint GET /v1/organization/:organizationUid/member/count returns the number of members in the organization
  • Endpoint GET /v1/company/:companyUid/member returns the members of the company
  • Endpoint GET /v1/company/:companyUid/member/count returns the number of members in the company

Removed

  • Timing check before device deprovisioning - timings are now cleaned up automatically by command-handler

[11.9.2] - 2026-05-04

Fixed

  • JWT authentication now supports any Auth0 namespace prefix for sosAccountId claim, fixing 403 errors for white-label customers

[11.9.1] - 2026-04-30

Fixed

  • Bulk operation changeSubscriptionType rejects unknown subscriptionType
  • Bulk operation setScheduledPowerAction rejects unknown powerType and weekdays values
  • Bulk operation setTimer and setProprietaryTimer reject unknown type and weekdays values

[11.9.0] - 2026-04-29

Added

  • GET /v1/company and GET /v1/company/:companyUid response now includes isMfaRequired field
  • GET /v1/device/:deviceUid/telemetry/:telemetryType now supports account and jwtToken authentication

Added

  • Support for Auth0 namespaced claims (https://signageos.io/sosAccountId) in JWT authentication, enabling CLI tools using Auth0 Device Flow
  • JWT auth fallback in organization-authenticated endpoints — when no clientId:secret is found, the middleware now verifies JWT tokens and resolves the organization from organizationUid query/body parameter

[11.8.0] - 2026-04-21

Added

  • GET /v1/account response now includes firstname, username, licenses, isActive, and sessions fields
  • GET /v1/account privileges and settings schemas are now strictly typed with enums

Fixed

  • PUT /v1/account no longer requires firstname/lastname to update settings only

[11.7.1] - 2026-04-20

Fixed

  • Improved quality of description generated from endpoint POST /v1/content-guard/ai-helper/generate-description
  • Improved quality of prompts generated from endpoint POST /v1/content-guard/ai-helper/generate-prompt
  • Endpoint POST /v1/content-guard/ai-helper/analyze-prompt accepts a wider range of prompts

[11.7.0] - 2026-04-20

Added

  • GET /v1/company list endpoint now uses cursor-based pagination with lastId, descending, and sortKey query parameters
  • Company network managers can access companies within their network via GET /v1/company/:companyUid and GET /v1/company list

[11.6.2] - 2026-04-17

[11.6.1] - 2026-04-15

Fixed

  • Return 400 error with clear message when creating an applet version with a non-existing frontAppletVersion (previously returned 500)

[11.6.0] - 2026-04-14

Added

  • POST /v1/content-guard/ai-helper/analyze-prompt endpoint for AI-powered prompt validation and optimization with fail-open behavior

[11.5.0] - 2026-04-14

Added

  • Added SUPRA telemetry type to OpenAPI specification and API validators for SUPRA mode connection and configuration status

[11.4.1] - 2026-04-09

Fixed

  • Fix GET /v1/device/applet query parameter active
  • Fix GET /v1/timing query parameter current
  • Fix GET /v1/timing/:timingUid query parameter current

[11.4.0] - 2026-04-09

Added

  • Organization endpoint now returns denormalized count fields: deviceCount, userCount, tagCount, locationCount, pluginCount, runnerCount
  • POST /v1/device/configuration/:deviceUid/telemetry-cache/invalidate endpoint to invalidate cached device telemetry data

[11.3.0] - 2026-04-07

Added

  • Upcoming change notices on screenshot endpoints documenting the transition from permanent public URLs to pre-signed URLs that expire after some time
  • PUT /v1/company/:companyUid/support-access-permission endpoint for setting company support access permission level

Fixed

  • Content-MD5 encoding in S3 presigned uploads now uses base64 instead of hex, complying with the S3 spec and newer MinIO versions

Added

  • Added CLIENT_PUBLIC_IP telemetry type to OpenAPI specification and API validators

[11.2.0] - 2026-03-19

Added

  • GET /v1/organization-tag/tree endpoint for retrieving organization tags in hierarchical tree structure with nested children, statistics, and colors
  • GET /v1/organization-tag/tree/latest endpoint for tree cache validation with count, totalAssignments, and lastUpdatedAt

Fixed

  • GET /v1/device/telemetry/latest uids query parameter filtering devices correctly
  • GET /v1/applet/:appletUid/version/:appletVersion/file endpoint now supports pagination for applets with >1000 files via Link header with rel="next"
  • POST /v1/applet/:appletUid/version no longer returns 500 error when creating version before files are uploaded (normal CLI flow)
  • POST /v1/alert-rule now correctly handles companyUid in alert rule creation

[11.1.0] - 2026-03-11

Added

  • Endpoints for managed Content Guard (Read only content guard which is managed by system):
    • GET /v1/content-guard/managed/category
    • GET /v1/content-guard/managed/category/{contentGuardCategoryUid}
    • GET /v1/content-guard/managed/item
    • GET /v1/content-guard/managed/item/{contentGuardItemUid}

Fixed

  • OwnServerLicense and OwnServerLicenseValidity model references (no longer used)
  • Use ahash function from new dedicated lib-image library
  • POST /v1/export/device's organizationUid body parameter wasn't handled properly
  • deviceUid in provisioning recipe serves the correct value instead of physical uid

[11.0.0] - 2026-02-25

Added

  • locationUids to filter for endpoint POST /v1/export/device

Removed

  • organizationUid property from endpoint POST /v1/export/device

[10.16.1] - 2026-02-23

Fixed

  • Types for policyItems and powerAction

[10.16.0] - 2026-02-18

Added

  • GET /v1/device now supports account and jwtToken authentication
  • GET /v1/device/count new endpoint added
  • GET /v1/device/:deviceUid now supports account and jwtToken authentication
  • GET /v1/device/alive now supports account and jwtToken authentication
  • GET /v1/device/alive/count new endpoint added
  • GET /v1/device/:deviceUid/alive now supports account and jwtToken authentication
  • PUT /v1/device/:deviceUid now supports account and jwtToken authentication
  • GET /v2/device now supports account and jwtToken authentication and has expanded filters
  • GET /v2/device/count now supports account and jwtToken authentication and has expanded filters
  • GET /v2/device/:deviceUid now supports account and jwtToken authentication
  • PUT /v2/device/:deviceUid now supports account and jwtToken authentication

[10.15.0] - 2026-02-17

Added

  • (internal) Updated CORS middleware

Fixed

  • Endpoint /v1/system-log - limit since and until query parameters to 30 days to the past
  • Endpoint /v1/device/{deviceUid}/system-log - limit since and until query parameters to 30 days to the past

[10.14.0] - 2026-01-29

Added

  • deviceCount property to GET /v1/runner and GET /v1/runner/{runnerUid}

[10.13.0] - 2026-01-28

Added

  • GET /v1/organization-tag returns assignedContentGuardItemsCount in response
  • PUT /v1/content-guard/item/{contentGuardItemUid}/tag/{tagUid} and DELETE /v1/content-guard/item/{contentGuardItemUid}/tag/{tagUid} endpoints for assigning and removing tags
  • Endpoint POST /v1/content-guard/ai-helper/upload-temp-image
  • Endpoint POST /v1/content-guard/ai-helper/generate/description
  • Endpoint POST /v1/content-guard/ai-helper/generate/prompt
  • Endpoint POST /v1/content-guard/ai-helper/finalize

[10.12.2] - 2026-01-27

[10.12.1] - 2026-01-26

[10.12.0] - 2026-01-23

Added

  • Use correct algorithm for ahash computation
  • Endpoint GET /v1/organization-tag - endpoint now supports account, organization and jwtToken authentication
  • Endpoint POST /v1/organization-tag - endpoint now supports account, organization and jwtToken authentication
  • Endpoint GET /v1/organization-tag/:uid - endpoint now supports account, organization and jwtToken authentication
  • Endpoint PUT /v1/organization-tag/:uid - endpoint now supports account, organization and jwtToken authentication
  • Endpoint DELETE /v1/organization-tag/:uid - endpoint now supports account, organization and jwtToken authentication
  • Endpoint GET /v1/location/organization-tags - endpoint now supports account, organization and jwtToken authentication
  • Endpoint GET /v1/location/:locationUid/organization-tag - endpoint now supports account, organization and jwtToken authentication
  • Endpoint PUT /v1/location/:locationUid/organization-tag/:tagUid - endpoint now supports account, organization and jwtToken authentication
  • Endpoint DELETE /v1/location/:locationUid/organization-tag/:tagUid - endpoint now supports account, organization and jwtToken authentication
  • Organization tag responses now include counter fields: assignedDevicesCount, assignedLocationsCount, assignedPoliciesCount

[10.11.2] - 2026-01-19

[10.11.1] - 2026-01-14

Fixed

  • Graceful shutdown works again. When the service is stopping, it will drain all pending requests before exiting.
  • Add keepAlive to fix 502 errors when running with AWS ALB

[10.11.0] - 2026-01-13

Added

  • Telemetry supports INSTALLED_PACKAGES type for Android and newly also for Linux

[10.10.0] - 2026-01-12

Added

  • Endpoint GET /v1/device/applet allowing to list devices with their applet assignments

[10.9.0] - 2026-01-07

Added

  • API CRUD operations for ContentGuard
  • Endpoint GET /v1/device/export added support for account authentication
  • Endpoint POST /v1/export/:uid added support for account authentication

Fixed

  • POST /v1/custom-script and PUT /v1/custom-script/:customScriptUid now validate tags that are being assigned to the custom script
  • System log endpoints now return same result as in the box when no since query parameter is provided
  • Setting plugin properties are validated against plugin schema definitions
  • Setting runner properties are validated against runner input schema definitions
  • PUT /v1/timing/:timingUid correctly validates rights for "User" role
  • DEL /v1/timing/:timingUid correctly validates rights for "User" role
  • Prevent a possible memory leak around repeated parsing of OpenAPI specification

[10.8.0] - 2025-12-15

Fixed

  • GET /v1/firmware/version endpoint now avoids unused query.
  • GET /v1/device/screenshot issue where pagination sometimes returned invalid link

Added

  • Endpoint POST /v1/timing - endpoint now supports account, organization and jwtToken authentication
  • Endpoint GET /v1/timing - endpoint now supports account, organization and jwtToken authentication
  • Endpoint GET /v1/timing/:timingUid - endpoint now supports account, organization and jwtToken authentication
  • Endpoint PUT /v1/timing/:timingUid - endpoint now supports account, organization and jwtToken authentication
  • Endpoint DELETE /v1/timing/:timingUid - endpoint now supports account, organization and jwtToken authentication
  • Endpoint POST /v1/device/:deviceUid/applet - endpoint now supports account, organization and jwtToken authentication
  • Endpoint GET /v1/device/:deviceUid/applet - endpoint now supports account, organization and jwtToken authentication
  • Endpoint GET /v1/device/:deviceUid/applet/:assignmentUid - endpoint now supports account, organization and jwtToken authentication
  • Endpoint PUT /v1/device/:deviceUid/applet/:assignmentUid - endpoint now supports account, organization and jwtToken authentication
  • Endpoint DELETE /v1/device/:deviceUid/applet/:assignmentUid - endpoint now supports account, organization and jwtToken authentication
  • New endpoint GET /v1/timing/count
  • New endpoint GET /v1/device/:deviceUid/applet/count

[10.7.0] - 2025-12-08

Added

  • CORS headers are handled in application not at infrastructure level

Fixed

  • API requests counter is stable

[10.6.1] - 2025-12-05

Fixed

  • (internal) Prevent user enumeration possibility in authentication error messages, always return generic errors
  • Correctly parse parameters, when passing more than 21 elements in an array query parameter

[10.6.0] - 2025-12-04

Added

  • Endpoint POST /v1/device/verification - refactored to support account, organization and jwtToken authentication
  • Endpoint GET /v1/device/verification/:deviceVerificationUid - refactored to support account, organization and jwtToken authentication

[10.5.0] - 2025-12-03

Added

  • V1/device/telemetry/latest supports account authentication
  • V1/device/:deviceUid/telemetry/latest supports account authentication
  • V1/device/:deviceUid/telemetry/:type/latest supports account authentication

[10.4.0] - 2025-12-02

Added

  • GET /v1/js-api-version endpoint to get list of all available JS API versions
  • GET /v2/device now returns featureFlags field in device resources when set
  • GET /v2/device/:deviceUid now returns featureFlags field in device resource when set
  • PUT /v2/device/:deviceUid now accepts featureFlags field to enable/disable device features (screenshotCapture, systemLogs, cpuUsage, memoryUsage, customScripts, plugins, runners)
  • PUT /v1/account endpoint now supports updating favorites
  • accessLevel field to account resource in GET /v1/account
  • Connection to API DragonFly Redis database for request rate limiting and counting

[10.3.2] - 2025-11-20

Fixed

  • (internal) Fixed spamming command-handler for application version build requests with each file upload, build=false query parameter is used correctly.

[10.3.1] - 2025-11-20

Fixed

  • link and location headers protocol should not point to http

[10.3.0] - 2025-11-19

Added

  • (internal) Support for validating tokens against multiple auth0 tenants

[10.2.0] - 2025-11-12

Fixed

  • PUT /v1/location/:locationUid/unarchive now properly validates deleted locations
  • GET /v1/timing/:deviceUid/applet/:appletUid/command/:commandUid issues with record validation

Added

  • PUT /v1/location/:locationUid/restore
  • POST /v1/timing/:deviceUid/applet/:appletUid/command now returns Link header

[10.1.1] - 2025-11-10

[10.1.0] - 2025-11-10

Added

  • New middleware that automatically detects white label settings by hostname and Auth0 status from JWT tokens, injecting client context into API requests
  • Integrated CQRS command models pattern into API endpoints with automatic client context injection and mock command dispatcher for testing

Fixed

  • Properly handle command processing timeouts and return GatewayTimeoutError (504) on timeout.

[10.0.0] - 2025-11-04

Changed

  • Increased limit of JSON request body to 10mb

Fixed

  • E2E tests against SDK project

[9.5.0] - 2025-10-23

Added

  • GET /v1/device/tag listing devices with their tags

[9.4.0] - 2025-10-21

Added

  • Endpoint GET /v1/device/:deviceUid/power-action added support for account authentication
  • Endpoint POST /v1/device/:deviceUid/power-action added support for account authentication

[9.3.2] - 2025-10-16

Fixed

  • Fix POST /v1/firmware/version for SDK and CLI

[9.3.1] - 2025-10-15

[9.3.0] - 2025-10-14

Added

  • GET /v1/policy endpoint now supports account, organization and jwtToken authentication

Fixed

  • Endpoint POST /v1/applet also returns link header with the location of the created applet
  • Endpoint POST /v1/bulk-operation also returns link header with the location of the created bulk operation
  • Endpoint POST /v1/timing also returns link header with the location of the created timing
  • Endpoint POST /v1/policy also returns link header with the location of the created policy
  • Endpoint POST /v1/location also returns link header with the location of the created location
  • Endpoint POST /v1/emulator also returns link header with the location of the created emulator

[9.2.1] - 2025-10-13

[9.2.0] - 2025-10-10

Added

  • settings field to account resource in GET /v1/account and PUT /v1/account

[9.1.2] - 2025-10-08

Fixed

  • Endpoint Offline Ranges is deprecated and replaced with device/telemetry - ONLINE_STATUS

Fixed

  • GET /v1/applet endpoint now supports account, organization and jwtToken authentication
  • GET /v1/applet/:appletUid endpoint now supports account, organization and jwtToken authentication
  • DELETE /v1/applet/:appletUid endpoint now supports account, organization and jwtToken authentication
  • POST /v1/applet/:appletUid endpoint now supports account, organization and jwtToken authentication

Changed

  • TimingCommands reads from Loki instead of Mongo

[9.1.1] - 2025-10-01

Fixed

  • Endpoint GET /v1/emulator - refactored to use support account, organization and JWT tokens
  • Endpoint DELETE /v1/emulator/:emulatorUid - refactored to support account, organization and JWT tokens
  • Endpoint POST /v1/emulator - refactored to use support account, organization and JWT tokens

[9.1.0] - 2025-09-29

Added

  • Support for custom sorting keys in API endpoints via sortKey query parameter (previously limited to createdAt only)
  • New viewer role for accounts
  • Endpoint GET /v1/account to get account details
  • Endpoint PUT /v1/account to update account details

Fixed

  • (internal) Database connection for deviceConnection models to DragonFly

[9.0.0] - 2025-09-23

Removed

  • Endpoint /v1/device/:deviceUid/offline-range is no longer available in favor to /v1/device/:deviceUid/telemetry/latest, /v1/device/telemetry/latest or /v1/device/:deviceUid/telemetry/ONLINE_STATUS

Changed

  • Aliveness is read from dedicated DragonFly database

[8.0.2] - 2025-09-16

Fixed

  • Properly update version of API in OpenAPI specification

[8.0.1] - 2025-09-15

[8.0.0] - 2025-09-12

Changed

  • Using new DragonFly telemetry database for monitoringLog latest

[7.9.4] - 2025-09-12

[7.9.3] - 2025-09-12

Fixed

  • added optional name property to body payload to POST /v1/applet/:appletUid/version/:appletVersion/file as it is sent by CLI

[7.9.2] - 2025-09-10

[7.9.1] - 2025-09-10

Fixed

  • Updated intro section of openapi documentation to be better formatted with valid markdown
  • Runner input encrypting
  • /v1/applet/:appletUid/version/:appletVersion/file - refactored to use new ACL
  • /v1/applet/:appletUid/version/:appletVersion/test - refactored to use new ACL
  • /v1/device/:deviceUid/applet-test/:appletUid/:appletVersion - refactored to use new ACL

Added

  • Endpoint GET /v1/device/screenshot now also includes createdAt and updatedAt in each item
  • Endpoint GET /v1/device/:deviceUid/screenshot now also includes createdAt and updatedAt in each item
  • Endpoint GET /v1/device/policy now also includes createdAt and updatedAt in each item
  • Endpoint GET /v1/license and GET /v1/license/:licenseUid now support deleted query parameter

[7.9.0] - 2025-09-04

Added

  • ADD_ORGANIZATION_TAGS device bulk action

Fixed

  • Remove deprecated OpenAPI telemetry specifications and add new for plugins and runners
  • Read screenshot data from mongo telemetry

[7.8.0] - 2025-08-25

Added

  • Update OpenAPI documentation and changelog for plugins and runners, plugins and runners feature has been released.
  • Runners get/set telemetry data.

[7.7.0] - 2025-08-19

Added

  • Revert "Endpoint GET /v1/organization now supports account, organization and jwtToken authentication" due to increased number of 400 responses in production. Needs further investigation.

[7.6.0] - 2025-08-19

Added

  • Plugins and runners can be assigned to devices via policies (coming soon).
  • Plugins get/set telemetry data (coming soon).

Fixed

  • Endpoint - GET /v1/firmware/version - refactored to support account, organization and jwtToken authentication
  • Endpoint - POST /v1/firmware/version - refactored to support account, organization and jwtToken authentication
  • Endpoint - GET /v1/firmware/version/:applicationType/:version/:type - refactored to support account, organization and jwtToken authentication

Fixed

  • Configuration Definition openapi schema for url
  • Improved error handling for policy creation and updates with encrypted values
  • Endpoint POST /v1/device/:deviceUid/connect - refactored to support account, organization and jwtToken authentication
  • Endpoint POST /v1/device/:deviceUid/disconnect - refactored to support account, organization and jwtToken authentication
  • Upgrade lib to v21.1.3 - Application won't exit if Redis connection is lost for a while. It will keep trying to reconnect forever or it apply provided retryStrategy instead
  • respond with SERVICE_UNAVAILABLE on redis error
  • Endpoint GET /v1/organization now supports account, organization and jwtToken authentication

[7.5.1] - 2025-07-31

Fixed

  • Upgrade UDM to v32.14.3 to leverage improved device search performance (/v1/device?search=<TERM>)

[7.5.0] - 2025-07-31

Added

  • New endpoint - /v1/plugin - (coming soon)
  • New endpoint - /v1/plugin/count - (coming soon)
  • New endpoint - /v1/plugin/:pluginUid - (coming soon)
  • New endpoint - /v1/plugin/:pluginUid/version - (coming soon)
  • New endpoint - /v1/plugin/:pluginUid/version/count - (coming soon)
  • New endpoint - /v1/plugin/:pluginUid/version/:version - (coming soon)
  • New endpoint - /v1/plugin/:pluginUid/version/:version/platform - (coming soon)
  • New endpoint - /v1/plugin/:pluginUid/version/:version/platform/:platform - (coming soon)
  • New endpoint - /v1/plugin/:pluginUid/version/:version/platform/:platform/archive - (coming soon)
  • New endpoint - /v1/runner - (coming soon)
  • New endpoint - /v1/runner/count - (coming soon)
  • New endpoint - /v1/runner/:runnerUid - (coming soon)
  • New endpoint - /v1/runner/:runnerUid/version - (coming soon)
  • New endpoint - /v1/runner/:runnerUid/version/count - (coming soon)
  • New endpoint - /v1/runner/:runnerUid/version/:version - (coming soon)
  • New endpoint - /v1/runner/:runnerUid/version/:version/platform - (coming soon)
  • New endpoint - /v1/runner/:runnerUid/version/:version/platform/:platform - (coming soon)
  • New endpoint - /v1/runner/:runnerUid/version/:version/platform/:platform/archive - (coming soon)

Fixed

  • Prefer reading from secondary replicas for MongoDB Telemetry to distribute the load across the replica set

[7.4.0] - 2025-07-25

Added

  • Endpoint GET /v1/location supports filtering by customId field
  • Endpoint v1/device/:deviceUid/applet-test/:appletUid/:appletVersion - refactored to use new ACL
  • Endpoint /v1/applet/{appletUid}/version/{appletVersion}/test - refactored to use new ACL

Fixed

  • Filtering by states and countries in the GET /v1/location endpoint
  • Endpoint GET /v1/location filters locations by partial match of customId and name fields
  • Device configuration connectionMethod is not required for changing configuration
  • API endpoints are not ordered alphabetically
  • Endpoint GET /v1/device - refactored to support account, organization and jwtToken authentication
  • Endpoint GET /v1/device/alive - refactored to support account, organization and jwtToken authentication
  • Endpoint GET /v1/device/:deviceUid - refactored to support account, organization and jwtToken authentication
  • Endpoint GET /v1/device/:deviceUid/alive - refactored to support account, organization and jwtToken authentication
  • Endpoint PUT /v1/device/:deviceUid - refactored to support account, organization and jwtToken authentication
  • Improved documentation of the GET /v1/location endpoints
  • Open Api specs correctly states the 'host' not as a {{host}} but as a real domain which limits the confusion to none

[7.3.0] - 2025-07-08

Added

  • Endpoint GET /v1/location now supports deleted and descending query parameters to fetch soft-deleted items and control sort order
  • Endpoint GET /v1/device/policy fetches list of all devices in organization and their policies

Fixed

  • The device/telemetry endpoint has better documentation of telemetry Type
  • The bulk-action endpoint has better documentation of the operationType
  • Added titles to configDefinition soecs for better readability

Fixed

  • Endpoint PUT /v1/device/:deviceUid/location/:locationUid no longer returns a 5xx error if the device actually exists
  • Endpoint DELETE /v1/device/:deviceUid/location/:locationUid no longer returns a 5xx error if the device actually exists

Added

  • Endpoint GET /v1/device/screenshot - added support for filtering out screenshots by specifying excluded image hashes
  • Endpoint GET /v1/device/:deviceUid/screenshot - added support for filtering out screenshots by specifying excluded image hashes

[7.2.2] - 2025-06-26

[7.2.1] - 2025-06-26

Fixed

  • Endpoint GET /device/:deviceUid/scheduled-power-action - performance issue fixed
  • Endpoint GET /v1/device/screenshot - refactored to use new ACL
  • Endpoint GET /v1/device/:deviceUid/screenshot - refactored to use new ACL
  • Endpoint POST /v1/device/:deviceUid/screenshot - refactored to use new ACL

[7.2.0] - 2025-06-23

Added

  • Endpoint POST /v1/bulk-operation/preview - preview the impact of bulk operation before it is created
  • Endpoint GET /v1/organization/:organizationUid supports account based authentication now
  • Endpoint GET /v1/company/count to count companies
  • New endpoint - GET /v1/company/:companyUid/credit-transaction
  • New endpoint - GET /v1/company/:companyUid/credit-transaction/:creditTransactionUid
  • New endpoint - GET /v1/company/:companyUid/credit-transaction/count

Fixed

  • Endpoint GET /v1/device/:deviceUid/storage - refactored to use new ACL
  • Endpoint GET /v1/device/:deviceUid/volume - refactored to use new ACL, supports pagination and sorting
  • Endpoint PUT /v1/device/:deviceUid/volume - refactored to use new ACL
  • Endpoint GET /v1/device/:deviceUid/application/version - refactored to use new ACL, supports pagination and sorting
  • Endpoint PUT /v1/device/:deviceUid/application/:applicationType/version - refactored to use new ACL
  • New endpoint GET /v1/device/volume/latest
  • New endpoint GET /v1/device/:deviceUid/volume/count
  • New endpoint GET /v1/device/:deviceUid/volume/latest
  • New endpoint GET /v1/device/application/version/latest
  • New endpoint GET /v1/device/:deviceUid/application/version/latest
  • New endpoint GET /v1/device/:deviceUid/application/version/count

[7.1.0] - 2025-05-27

Added

  • Endpoint PUT /v1/device/:deviceUid/application/:applicationType/version - check that requested Android application version is not older than current application version (Android doesn't support downgrading applications)
  • Preview of Plugin endpoints

Fixed

  • Endpoint GET /v1/license - status filter now takes into account all possible combinations of statuses

[7.0.0] - 2025-05-16

Changed

  • GET /export/:uid endpoint to sign uris on request, because when service which generated links previously dies all links expire

Added

  • Endpoint GET /v1/device/custom-script/latest to get latest executions for devices

Fixed

  • Improved documentation of telemetry endopoint with additional telemetry types and notes
  • Endpoint POST /v1/company/:companyUid/member - refactored to use new ACL
  • Endpoint POST /v1/organinzation/:organinzationUid/member - refactored to use new ACL
  • Endpoint GET /v1/license - change status filter valid to expired

[6.19.0] - 2025-05-07

Added

  • Endpoint POST /v1/device/deprovision to deprovision device by authHash

Fixed

  • Endpoint POST /v1/company - company network UID is added to a create company command and company network assignment is done in different service

[6.18.1] - 2025-04-23

Fixed

  • Endpoint PUT /v1/device/:deviceUid/location/:locationUid no longer returns a "device not found" error if the device actually exists
  • Endpoint DELETE /v1/device/:deviceUid/location/:locationUid no longer returns a "device not found" error if the device actually exists

[6.18.0] - 2025-04-17

Added

  • Endpoint POST /v1/custom-scripts/:customScriptUid/version now accepts frontAppletVersion field
  • Endpoint PUT /v1/custom-scripts/:customScriptUid/version now accepts frontAppletVersion field
  • New endpoint GET /v1/device/:deviceUid/location/:locationUid to retrieve the location assigned to a device
  • Endpoint PUT /v1/device/:deviceUid/location/:locationUid now supports account-based authentication
  • Endpoint DELETE /v1/device/:deviceUid/location/:locationUid now supports account-based authentication

Fixed

  • Endpoint POST /v1/bulk-operation no longer produces an error about invalid body properties. Previously, it incorrectly required deviceIdentityHash to be included in the request body.
  • Endpoint POST /v1/:deviceUid/deprovision refactored to use new ACL

[6.17.0] - 2025-04-09

Added

  • Endpoint PUT /v1/device/${deviceUid}/custom-script supports encrypted config values
  • Endpoint POST /v1/bulk-operation supports encrypted values for EXECUTE_CUSTOM_SCRIPT
  • Endpoint POST /v1/custom-script/{customScriptUid}/version supports adding configDefinition items with valueType encrypted

[6.16.0] - 2025-04-03

Added

  • tagUids for Custom Script

[6.15.0] - 2025-04-02

Added

  • Endpoint POST /v1/bulk-operation has activeAppletVersion in filter in request body

[6.14.0] - 2025-03-31

Added

  • Endpoint POST /v1/bulk-operation supports encrypted values for CREATE_TIMING and UPDATE_TIMING
  • New endpoint PUT /v1/device/:deviceUid/revoke-key to revoke device key for encryption
  • New endpoint GET /v1/device/:deviceUid/revoke-key to list device's key revocations
  • New endpoint GET /v1/device/:deviceUid/revoke-key/count to count device's key revocations
  • New endpoint GET /v1/device/:deviceUid/revoke-key/latest to get latest device's key revocation

Fixed

  • Endpoint GET /v1/device/screenshot and GET /v1/device/:deviceUid/screenshot doesn't return imageHashes if it's empty

[6.13.0] - 2025-03-31

Added

  • Endpoint POST /v1/license - added licenseType field to the command payload

[6.12.0] - 2025-03-26

Added

  • Endpoints return 503 Service Unavailable when the connection to MongoDB fails
  • Validations to POST /v1/license endpoint - license type, number of credits, description length and validity dates
  • Endpoint POST /v1/license/redeem - add possibility to redeem a license for a company network manager
  • Endpoint POST /v1/license - add possibility to create a license for an admin user

Fixed

  • Make date validation less strict for comparing dates in POST /v1/license endpoint
  • Endpoint GET /v1/custom-script allows filtering by title and name using $regex query parameter

[6.11.0] - 2025-03-20

Added

  • White-label settings to a POST /v1/company endpoint to create a new account properly with a white-labeled email

[6.10.0] - 2025-03-19

Added

  • Endpoint GET /v1/device/screenshot and GET /v1/device/:deviceUid/screenshot supports image hashes as a query parameter to filter by
  • Endpoint GET /v1/device/screenshot and GET /v1/device/:deviceUid/screenshot returns imageHashes for every screenshot

Fixed

  • Endpoint POST /v1/license uses credits instead of deviceCount and licensePeriodInMonths
  • Endpoint GET /v1/company now returns all required fields

[6.9.0] - 2025-03-14

Added

  • Endpoint GET /v1/device/:deviceUid/custom-script supports pagination, sorting and filtering by customScriptUids and versions
  • Endpoint DELETE /v1/device/:deviceUid/custom-script/:customScriptUid supports query parameter deleteVersions to delete all versions of the custom script as well
  • Endpoint GET /v1/device/:deviceUid/custom-script/:customScriptUid/version supports filtering by platforms
  • Endpoint GET /v1/device/:deviceUid/custom-script/:customScriptUid/version returns publishedAt and deprecatedAt
  • New endpoint GET /v1/device/:deviceUid/custom-script/count
  • New endpoint GET /v1/device/:deviceUid/custom-script/latest

[6.8.0] - 2025-03-06

Added

  • Endpoint GET /v1/custom-script returns additional fields supportedPlatforms, latestVersion, lastExecutedAt, createdBy and updatedBy
  • Endpoint GET /v1/custom-script allows filtering by platform
  • New endpoint POST /v1/company
  • New endpoint GET /v1/company

Fixed

  • Endpoint POST /v1/custom-script/:customScriptUid/version/:version/platform/:platform/archive converts base64 encoded md5 checksum to hexadecimal in the final file path.

[6.7.1] - 2025-03-03

Fixed

  • Added missing result to Custom Script execution in OpenAPI spec

[6.7.0] - 2025-03-03

Added

  • GET /v1/device/:deviceUid/custom-script returns originator for each execution
  • Filtering by $regex in description filter to GET /v1/license

[6.6.0] - 2025-02-28

Added

  • Company network as privilege entity to account privileges
  • API schema for licenses
  • Endpoint GET /v1/license
  • Endpoint POST /v1/license
  • Endpoint POST /v1/license/redeem
  • Endpoint GET /v1/license/:licenseUid
  • Endpoint DELETE /v1/license/:licenseUid
  • Possibility to use account tokens in API calls

[6.5.1] - 2025-02-28

Fixed

  • Endpoint GET /v1/company/:companyUid/public-key can be accessed by all roles in company

[6.5.0] - 2025-02-28

Added

  • New endpoint GET /v1/device/:deviceUid/custom-script

[6.4.0] - 2025-02-27

Added

  • New endpoints /v1/custom-script/*
  • New endpoint /v1/device/:deviceUid/custom-script
  • Endpoint PUT /v1/bulk-operation supports type EXECUTE_CUSTOM_SCRIPT

[6.3.0] - 2025-02-26

Added

  • Endpoints related to Device Telemetry are now loaded from MongoDB database instead of InfluxDB. This change is transparent to the user and should not affect the functionality of the API.

Fixed

  • Optimize resolving of organization privileges by company

[6.2.1] - 2025-02-25

Fixed

  • Calculating device current time for devices without specified timezone
  • Update privileges needed for endpoint POST /v1/policy/
  • Update privileges needed for endpoint PUT /v1/policy/
  • Occasional 404 on GET /v1/emulator after POST /v1/emulator call. (It was responding sooner than the emulator was written to the database)
  • Remove privilege check for reading the company. There are cases where a user needs access to a company's organizations but is only a guest in the parent company. The previous ACL check prevented this type of access. Removing the rule fixes the issue.

[6.2.0] - 2025-02-24

Added

  • ACL provider respects company owner and company manager user roles and allows them to manage company child organizations entities for account based authentication

[6.1.0] - 2025-02-21

Added

  • Endpoint PUT /v1/timing/:timingUid has optional active

Fixed

  • Response Location header for endpoint POST /v1/location
  • Response Location header for endpoint POST /v1/policy/
  • Response Location header for endpoint POST /v1/timing/

[6.0.1] - 2025-02-14

Fixed

  • Validation of fields startsAt and endsAt for endpoint POST /v1/timing/ is backwards compatible
  • Validation of fields startsAt and endsAt for endpoint PUT /v1/timing/:timingUid is backwards compatible
  • Permissions for policy when authenticated as an Account

[6.0.0] - 2025-02-12

Changed

  • Endpoint POST /v1/location response has 201 Created status code instead of 200 OK
  • Endpoint PUT /v1/location/:locationUid response has 204 No Content status code instead of 200 OK and contains no body
  • Endpoint DELETE /v1/location/:locationUid response has 204 No Content status code instead of 200 OK and contains no body
  • Endpoint PUT /v1/location/:locationUid/add-attachment response has 204 No Content status code instead of 200 OK and contains no body
  • Endpoint PUT /v1/location/:locationUid/remove-attachments response has 204 No Content status code instead of 200 OK and contains no body
  • Endpoint PUT /v1/location/:locationUid/archive response has 204 No Content status code instead of 200 OK and contains no body
  • Endpoint PUT /v1/location/:locationUid/unarchive response has 204 No Content status code instead of 200 OK and contains no body
  • Endpoint PUT /v1/location/:locationUid/organization-tag/:tagUid response has 204 No Content status code instead of 200 OK and contains no body
  • Endpoint DELETE /v1/location/:locationUid/organization-tag/:tagUid response has 204 No Content status code instead of 200 OK and contains no body
  • Endpoint POST /v1/policy/ response has 201 Created status code instead of 200 OK and contains no body
  • Endpoint PUT /v1/policy/:policyUid response has 204 No Content status instead of 200 OK and contains no body
  • Endpoint POST /v1/timing/ response has 201 Created status code instead of 200 OK and contains no body
  • Endpoint PUT /v1/timing/:timingUid response has 204 Created status code instead of 200 OK and contains no body

Fixed

  • Endpoint POST /v1/policy allows organizationUid in body even if authenticated with organization token, as long as it matches the authenticated organization

[5.4.0] - 2025-01-28

Added

  • Model for secrets manager service
  • Endpoint GET /v1/company/:companyUid/public-key to get company's public key

Fixed

  • Optimized v1/device/telemetry/latest endpoint
  • Optimized authentication process and dramatically sped up the overall response time of the API
  • Incorrect device export link in /v1/device/export response header

[5.3.0] - 2025-01-17

Added

  • Endpoint v2/device/export to start exporting devices and v2/device/export/:uid to get export status

[5.2.0] - 2025-01-15

Added

  • GET /v1/applet/(:appletUid?/)?command endpoint. It's more scalable, because it doesn't require to specify deviceUid and it's possible to list commands for all devices in the organization.

[5.1.4] - 2025-01-13

Added

  • Endpoint GET /v1/device/screenshot won't return screenshots of devices that have disabled screen capture.
  • Endpoints GET /v1/device/:deviceUid/screenshot and POST /v1/device/:deviceUid/screenshot fail with 403 Forbidden if device has disabled screen capture.

Fixed

  • (internal) system logs tests

[5.1.3] - 2024-12-10

Fixed

  • Location 404 error
  • issue with PUT /v1/policy/:policyUid endpoint when policy name and items were specified, but it still was throwing error: MISSING_ITEMS_OR_NAME_FIELD_TO_UPDATE_POLICY
  • validation of policy items in PUT /v1/policy/:policyUid endpoint

[5.1.2] - 2024-12-09

Fixed

  • default security headers added to all API responses
  • x-powered-by header removed from all API responses
  • Location api endpoint refactoring

[5.1.1] - 2024-11-15

Fixed

  • Limit max telemetry interval to 583 hours
  • (internal) Made it possible to pass a callback as an expectedBody parameter in testResource function

[5.1.0] - 2024-11-08

Added

  • Added support to allow set device capture settings in device policy
  • Endpoint v1/device/:deviceUid/screen-capture to get/set device screen capture status

[5.0.1] - 2024-10-30

Fixed

  • Fixed conversion of OpenAPI to Postman collection, prefilling x-auth header with <string> instead of {{x-auth}} and other headers and variables similarly.

[5.0.0] - 2024-10-30

Added

  • Endpoint v1/device/:deviceUid/system-log to get device system logs
  • Endpoint v1/system-log to get organization system logs

Fixed

  • Supports breaking changes in underlying location model

Removed

  • unused selective command consistency
  • not optimized minStorageStatusPercentage and maxStorageStatusPercentage from Device list endpoint

[4.16.4] - 2024-10-22

Fixed

  • /v1/device/screenshot Fixed screenshots pagination.

[4.16.3] - 2024-10-16

Fixed

  • Fixed an issue exposing the Mapbox access_token in HTTP error responses during Mapbox service failures

[4.16.1] - 2024-09-27

Fixed

  • Endpoint v1/device no longer returns 500 Internal Server Error when there are devices that didn't report timezone

[4.16.0] - 2024-09-24

Added

  • Added DeviceMonitoringType.STORAGE to device telemetries

[4.15.0] - 2024-09-23

Added

  • Log 500 error messages

[4.14.2] - 2024-09-12

Fixed

  • Removed a limitation in the DELETE device policy endpoint which required the deletion to be performed from the same organization the policy belonged to

[4.14.1] - 2024-09-03

Fixed

  • Policy supports telemetry intervals
  • Bulk operations support sending applet commands
  • Removed counter-productive conditions in setDeviceConfiguration method to make it actually work when called with a new configuration.

[4.14.0] - 2024-08-21

Added

  • Support for PUT /v1/alertRule/:alertRuleUid/unarchive endpoint

Fixed

  • Return a 404 Not Found code instead of a 500 Internal Server Error when the application version for the device is not found during the setting process.

[4.13.1] - 2024-08-09

Fixed

  • Backward compatibility installing package (from uri) in bulk operation. Prefill applicationType and specs with defaults

Security

  • Updated @aws-sdk to 3.626.0 to fix vulnerability issue

[4.13.0] - 2024-08-02

Added

  • GET /v1/organization/:organizationUID/security-token endpoint
  • Bulk operation for SET_RM_SERVER, SET_VPN, UPDATE_TELEMETRY_CHECK_INTERVALS

Fixed

  • Bulk operation for INSTALL_PACKAGE (specs if required), INSTALL_PACKAGE_FROM_URI (applicationType and specs if required)

[4.12.4] - 2024-07-24

Fixed

  • AWS sdk updated to V3
  • autodetect AWS credentials

[4.12.3] - 2024-07-11

Fixed

  • revert: autodetection for AWS credencials

[4.12.2] - 2024-07-09

Fixed

  • autodetect AWS credentials

[4.12.1] - 2024-06-21

Fixed

  • GET /v2/device pagination
  • Login using Auth0. Endpoint POST /v1/account/security-token

[4.12.0] - 2024-06-07

Added

  • Allow filtering devices by the hasPolicy filter property, which indicates whether a device has any policy assigned or not

[4.11.0] - 2024-06-07

Added

  • GET /v1/device/:deviceUid/applet endpoint
  • POST /v1/device/:deviceUid/applet endpoint
  • GET /v1/device/:deviceUid/applet/:assignmentUid endpoint
  • PUT /v1/device/:deviceUid/applet/:assignmentUid endpoint
  • DELETE /v1/device/:deviceUid/applet/:assignmentUid endpoint

[4.10.0] - 2024-06-05

Added

  • Alive endpoint allows to specify deviceUids in body
  • Allow to specify location uid and location tags in alert rule
  • Implement dummy API endpoint for device security settings
  • POST /v1/device/:deviceUid/pin-code dummy implementation for refreshing PIN on device

[4.9.0] - 2024-05-31

Added

  • Optional policy items payload in the policy creation endpoint

[4.8.0] - 2024-05-22

Fixed

  • vpn server api url helm values for staging and experimental

Added

  • GET /v1/organization/:organizationUid/client-vpn-config Get VPN configuration list
  • POST /v1/organization/:organizationUid/client-vpn-config Generate vpn client vpn configuration and add it to VPN server
  • GET /v1/organization/:organizationUid/client-vpn-config/:uid Get VPN configuration
  • DELETE /v1/organization/:organizationUid/client-vpn-config/:uid Revoke VPN configuration

[4.7.0] - 2024-05-15

Added

  • test API resources against OpenApi documentation
  • report of untested resources
  • report undocumented resources
  • report resources without objects schema
  • suggest schema by example

Fixed

  • get rid of request-promise
  • speed up tests

[4.6.0] - 2024-05-01

Added

  • PUT /v2/device/:deviceUid enables to set platformUri, staticBaseUrl, uploadBaseUrl, weinreUri, extendedManagementUrl

[4.5.0] - 2024-04-25

Added

  • Added VPN support for devices
  • POST /v1/management/account endpoint to create account. It's called by Auth0.
  • PUT /v1/management/account/:accountId endpoint to update account. It's called by Auth0.

Fixed

  • PUT /v1/management/account/activate ignores authenticationStrategy parameter. Instead, it only uses the account's email to try to pair it with a Company by email domain, if it exists.

[4.4.1] - 2024-04-08

Fixed

  • /PUT /device/:deviceUid/organization add missing body schema in docs

[4.4.0] - 2024-04-03

Added

  • Snooze and unsnooze alert per device

[4.3.2] - 2024-03-22

Fixed

  • /v1/device/:deviceUid/applet/:appletUid/command documentation discrepancies

[4.3.1] - 2024-03-21

Added

  • GET /v1/device/:deviceUid/applet/:appletUid/command and GET /v1/device/:deviceUid/applet/:appletUid/command/:commandUid response contains command field instead of commandPayload. This makes it consistent with JS API where the command event contains command field. It still contains commandPayload field as a duplicate for backwards compatibility.

Fixed

  • device UID validation

[4.3.0] - 2024-03-21

Added

  • /v1/device/:deviceUid/applet/:appletUid/command expects body to contain command field instead of commandPayload. This makes it consistent with JS API where the command event contains command field. The commandPayload field is still supported for backwards compatibility.
  • /admin/device/:deviceUid/organization api endpoint (only for internal use, admin privileges required)

[4.2.0] - 2024-03-18

Added

  • Exports MongoDB connection metrics

[4.1.0] - 2024-03-13

Added

  • Access logs

Fixed

  • (internal) new AAPT2 service (returning parsed output)
  • (internal) AAPT2 parser removed
  • Better error message when authenticating with Organization token where Account token is expected

[4.0.0] - 2024-02-26

Added

  • Export Prometheus metrics for HTTP requests

Removed

  • Removed GET /v1 endpoint

[3.10.1] - 2024-02-15

Fixed

  • Login with username and password via Auth0 for the first time, when the account existed prior in our system. Then Auth0 will call API to validate the email and password. If the email was a substring of another email that also exists in the system, sometimes it would validate for the wrong account.

[3.10.0] - 2024-02-14

Added

  • (internal) fields targetSdkVersion and veresionCode to Android package specs
  • (internal) updatedAt field to policy items

Fixed

  • Firmware upgrade for devices with new Core App reporting firmware type (and firmware is uploaded without type limitation)

[3.9.0] - 2024-01-28

Fixed

  • Wrong path in documentation for GET /device/:deviceUid/applet/:appletUid/command/:timingCommandUid
  • AndroidPackageParser refactored to use new lambda aapt2 service
  • Improve performance and stability of /applet/:appletUid/version/:version/file endpoint

Security

  • CVE-2023-28155
  • CVE-2022-25883
  • CVE-2023-26136
  • CVE-2023-37466
  • CVE-2023-37903

Added

  • Added device RM server api endpoints

[3.8.1] - 2023-12-21

Fixed

  • Invalid production helm configuration

[3.8.0] - 2023-12-21

Fixed

  • Ensured support of MongoDB 4.4
  • Fixed various security vulnerabilities

Security

  • CVE-2021-29469
  • Address security issues

Added

  • Abstracted Auth0AuthenticationClient to @signageos/lib

[3.7.1] - 2023-11-08

Fixed

  • (internal) SAML auto assign to company

[3.7.0] - 2023-11-07

Added

  • (internal) auto assign SAML account to company

Fixed

  • Upgraded Zod library because of faulty email validation

[3.6.1] - 2023-10-27

Fixed

  • Fix accidental mentions of policy in alerts documentation

[3.6.0] - 2023-10-25

Added

  • Added bulk provisioning api endpoints
  • Added upload of CSV for bulk provisioning
  • Added serialNumber into devices listing filter

[3.5.1] - 2023-10-12

Fixed

  • Auth0 enabled (bug) - fixed issue with auth0 enabled for CLI tool

[3.5.0] - 2023-09-25

Added

  • (internal) Add legacy authentication method override for account security-token endpoint
  • Added a comma-separated method to express list query parameters

Fixed

  • Organization tag router archived endpoint now deletes tag
  • Endpoints now accept single item query parameter lists. Previously, validation failed because the item was not recognized as an array

[3.4.0] - 2023-09-12

Added

  • brand and osVersion to deviceV2 get endpoint
  • /v2/device supports filtering by locations, alerts, applets, brand, policy, model, FW, OS version and tags

[3.3.0] - 2023-09-07

Added

  • set minimum bulk operation rolling update batch delay to one minute

[3.2.1] - 2023-08-31

Fixed

  • (internal) Abstract terms & condition variable to common place
  • (internal) CLI username login with enabled auth0

[3.2.0] - 2023-08-30

Added

  • (internal) Auth0 rollout for cli

[3.1.1] - 2023-08-29

Fixed

  • Typos in documentation for PUT /v1/device/:deviceUid/time
  • (internal) AccessLevel for newly created auth0 account

[3.1.0] - 2023-08-23

Added

  • (internal) Endpoint POST /v1/management/account/prepare now marks terms and conditions as agreed if parameter shouldAgreeWithTermsAndConditions (boolean) is provided in body of the request

[3.0.3] - 2023-08-16

Fixed

  • POST /v1/organization has new limit for fields name from 50 to 255 characters and title from 100 to 255. Field name can contain only letters and numbers separated by dashes and it must start and end with a letter or a number
  • PUT /v1/organization/:organizationUid has new limit of for field title from 100 to 255 characters
  • PUT /v1/device/:deviceUid/peer-recovery attribute autoEnableTimeoutMs is required
  • PUT /v1/device/:deviceUid/auto-recovery attribute autoEnableTimeoutMs is required

[3.0.2] - 2023-08-07

Fixed

  • Timing create works when called from SDK, which got broken in the previous release

[3.0.1] - 2023-07-31

Fixed

  • Timing update endpoint handles old format of finishEvent object
  • Documentation for POST /v1/device/:deviceUid/screenshot contained explicit empty body which caused issues in Postman
  • Timing create/update changed these fields to optional - startsAt, endsAt, position, finishEvent, finishEventType, finishEventData. They are deprecated and shouldn't be used anymore

[3.0.0] - 2023-07-12

Removed

  • Remove provision and deprovision device actions from bulk operations

[2.45.0] - 2023-06-28

Fixed

  • Field urlLauncherAddress when enabling Peer recovery process

Added

  • (internal) PUT /v1/management/account/:id/activate endpoint to activate account

[2.44.0] - 2023-06-08

Fixed

  • (internal) replaced outdated test coverage tool nyc with c8
  • (internal) Updated node version from 12 to 16 and npm from 6 to 8

Added

  • (internal) Auth0 authentication
  • (internal) auth0_enabled flag

[2.43.2] - 2023-05-03

Fixed

  • setTelemetryIntervals returns error when value is more than 1 year

[2.43.1] - 2023-04-14

Fixed

  • Error messages for location endpoint

[2.43.0] - 2023-04-04

Added

  • Response with Open API YAML format on public endpoint /openapi.yml

Fixed

  • GET /v2/device returns "websocket" in connectionMethod field instead of "ws"

[2.42.2] - 2023-03-24

Fixed

  • POST /timing won't automatically generate random configuration.identification if non is provided

[2.42.1] - 2023-03-23

Fixed

  • Allow remove all device schedule power actions
  • Finalize bulk operation validations
  • (internal) Fix variables validation

Deprecated

  • Endpoints Device Connect renamed parameter remoteIp to appletPublicUrl and mark old name as deprecated

[2.42.0] - 2023-03-15

Fixed

  • (internal) Refactor config/parameters.js to config/parameters.ts and fixed type issues

Added

  • (internal) POST /v1/management/account to create siple account, which will not be used for authentication
  • (internal) Basic token authentication on /v1/management/account endpoints

[2.41.0] - 2023-02-22

Fixed

  • (internal) Restricted node and npm versions to 12 and 6 respectively
  • (internal) Updated company dependencies
  • (internal) BillingPlan type
  • (internal) Replaced AccessLevel with common-types type
  • Clarify combination usage of size, framerate and resolution
  • /device/:deviceUid/time didn't accept certain timezones like US/Central

Added

  • Endpoint /v1/device/configuration/:deviceUid/telemetry-intervals for configuring device telemetry intervals

[2.40.0] - 2023-01-25

Added

  • Endpoint /v1/device/:deviceUid/tag for managing device tags (assign, list, remove)
  • (internal) Add code coverage

[2.39.0] - 2022-12-14

Added

  • (internal) Endpoint /account/credentials/validate for validation of the user credentials against old auth DB
  • (internal) Add tests to cover query parsing of /account/credentials/validate endpoint

[2.38.1] - 2022-12-12

Fixed

  • Update PUT /location endpoint now show proper error message when payload is invalid.
  • List GET /v2/device accepts search param

[2.38.0] - 2022-11-30

Added

  • Endpoint /v1/company/:companyUid/member for management of company members
  • Endpoint /v1/organization/:organization/member for management of organization members

Fixed

  • Upload applet version files will not produce a failed applet build anymore

[2.37.0] - 2022-11-02

Added

  • Endpoint POST /emulator responds with a header Location that contains an URL pointing to the created emulator device

Fixed

  • Added missing telemetry types to documentation

[2.36.0] - 2022-10-19

Added

  • Endpoint /device/:deviceUid/auto-recovery to get/set device auto recovery
  • Endpoint /device/:deviceUid/peer-recovery accepts optional field autoEnableTimeoutMs when disabling device peer recovery
  • Support for unrecognized keys used in Zod error parsing

Fixed

  • Endpoint POST /v1/bulk-operation return type to return correct bulk operation uid

[2.35.0] - 2022-10-05

Added

  • Endpoint PUT /v1/bulk-operation/archive/:bulkOperationUid to archive bulk operation
  • Enhance description of Uptime response documentation
  • Filter of emulator list endpoint GET /v1/emulator by organizationUid query parameter
  • Show OS version in device resource

Fixed

  • Creating of organization
  • Device configuration connectionMethod field is set to null = automatic instead of WS by default
  • (internal) format check in CI imported from common place instead of declared in local CI
  • (internal) Type check
  • (internal) Removed unused code

[2.34.0] - 2022-09-21

Fixed

  • Package version upload: Understand multi-arch APKs

Added

  • Show device brand in device resource

[2.33.0] - 2022-09-07

Added

  • Endpoint PUT /v1/organization/:organizationUid to update organization title

Fixed

  • Endpoint GET /v1/device/screenshotoptimization of slow request

[2.32.1] - 2022-08-31

Fixed

  • /v1/device/:deviceUid/telemetry/:telemetryType output format

[2.32.0] - 2022-08-30

Added

  • Endpoint GET /v1/device/screenshot to get list of latest screenshots, one per each device

Fixed

  • Sorting in /v1/device/:deviceUid/telemetry/:telemetryType endpoint

[2.31.0] - 2022-08-24

Added

  • Endpoint /v1/device/:deviceUid/telemetry/:telemetryType to get history of telemetry readings of one type of telemetry for one device
  • (internal) prettier for formatting

Fixed

  • Endpoint /v1/bulk-operation implements standard link pagination like other endpoints that return list
  • Bulk operation contains list of organizations that it belongs to
  • (internal) replaced deprecated tslint with eslint

[2.30.1] - 2022-08-17

Fixed

  • (internal) MongoDB connection of bulk operations to the separated replica set
  • It's possible to send Applet Commands to device that runs an applet from another organization

[2.30.0] - 2022-08-17

Added

  • Endpoint /v1/organization-tag for getting organization tags
  • Endpoint /v1/device/:deviceUid/action-log/:actionUid for getting single action log
  • Endpoints for setting device properties (i.e. brightness, firmware type, etc.) respond with "Link" header that contains a link to the result of the operation, since it's asynchronous in nature

Fixed

  • Slow/unresponsive GET /v2/device

[2.29.0] - 2022-07-27

Fixed

  • Move documentation of Tag endpoints from Organization/Tags to Tag directory
  • It's now possible to create a timing with any applet, even if it's from another organization
  • Organization tag security issue
  • Added async requests flow diagram and documentation

Added

  • enable/disable extended telemetry and setPeerRecovery to bulk operation validation schemas

[2.28.1] - 2022-07-20

Fixed

  • Package Version endpoint identified by UID only

[2.28.0] - 2022-07-20

Added

  • Loading of timing commands from telemetry database
  • Additional information about organization (name) and account (email) to bulk operations
  • Endpoints GET /v2/device and GET /v2/device/:deviceUid return new field connectionMethod, which can be http or websocket
  • Endpoint PUT /v2/device/:deviceUid to set fields name and connectionMethod (http/websocket) to device
  • Package and Package Version endpoints
  • Endpoint PUT/POST /v1/applet/:appletUid/version/:version/file/* optionally accepts build boolean query param which can prevent building applet version

Fixed

  • (internal) telemetry imports
  • (internal) Add check dependencies ignore list
  • Documentation default example header settings. Removed charset=utf-8, so raw json can be used for request body
  • Organization account limit wrongly included all account tokens
  • Updated Postman documentation
  • Forbid to upload node_modules/ files as applet files

[2.27.0] - 2022-06-29

Fixed

  • Endpoint device/:deviceUid/peer-recovery to enable/disable peer recovery on device and to fetch history of peer recovery settings
  • (internal) change of builder tool from webpack (4.40.2) to esbuild
  • (internal) speedup tests start by replacing builder from ts-node/register to esbuild-runner/register
  • (internal) check-types script removal from initial start of tests. Which speed up the process. check-types can be ran manually or it will be running in CI
  • (internal) Esbuild production build. Added external dependencies
  • (internal) Postman documentation update. Schema handling after access removal to dev account
  • (internal) Request rate limiter now doesn't throw 500 error, when invalid route is provided. But skips the request limitation instead

Added

  • (internal) validateRequestRateLimiter utility script for validating new requestRateLimiter configs before they are added to db

[2.26.0] - 2022-06-22

Added

  • (internal) Better universal pagination
  • (internal) Better parsing of query, params and body from request
  • (internal) Better validation of inputs with zod

Fixed

  • (internal) Open api file structure, so it is matching 1:1 to postman

[2.25.2] - 2022-06-08

Fixed

  • Endpoints /device/alive and /device/:deviceUid/alive added fallback aliveAt value as null

[2.25.1] - 2022-05-26

Fixed

  • improved documentation for /v1/device and /v2/device
  • improved documentation for /v1/device/:deviceUid and /v2/device/:deviceUid

[2.25.0] - 2022-05-25

Fixed

  • improved v1/device and v1/device/:deviceUid performance
  • (internal) Fixed alertRule documentation
  • UDM deviceTelemetry modules imports
  • (internal) createRouterGetListHandler default sorting by descending
  • Fixed response data format for endpoints /device/telemetry/latest and /device/:deviceUid/telemetry/latest

Added

  • added v2/device and v2/device/:deviceUid endpoints
  • Endpoints might have limited request rate in within defined time window
  • Endpoints /device/alive and /device/:deviceUid/alive to fetch when device was last time alive. List and single device
  • Additional fields configurationSet and configurationRemoveKeys for update timings payload in bulk operations
  • Endpoint /device/telemetry/latest to fetch list of devices with all their latest telemetries
  • Endpoint /device/:deviceUid/telemetry/latest to fetch a single device with all its latest telemetries

[2.24.1] - 2022-04-27

Fixed

  • Location enhancement of Add attachment content type validation
  • Error messages when user put wrong values
  • GET devices endpoint is using cached values of telemetry to optimize performance

[2.24.0] - 2022-04-13

Added

  • Location search enhancement
  • Location validation by organization enhancement
  • (internal) OpenAPI Documentation
  • Location attachments upload management. On Add attached file can be added. On Delete attached files can be deleted
  • (internal) Location generated documentation fix
  • (internal) Add OpenAPI Editor

Fixed

  • Replace delete location by archive location
  • (internal) Load device application version from influxdb
  • Location (GET) no longer returns all locations, but only the ones that belong to the client's organization.
  • (internal) Load device temperature from influxdb

[2.23.0] - 2022-04-06

Added

  • Location now saves also city and countryCode fields
  • Endpoint /device/:deviceUid/offline-range to fetch data about device connectivity
  • Alert rule periodicity is now object with interval and activeTimeWindows fields

Fixed

  • (internal) Missing documentation for storage abstraction

[2.22.0] - 2022-03-16

Added

  • Add bulk operation api endpoints
  • Location to organization tag relation (assign and unassign)
  • Organization tag get one, create, update and delete (archive)
  • Uptime computed by device or organization
  • Location create and update endpoints simplification of the feature parameter into two coordinates: { lat: number; long: number } and address: string. Where now the feature params is obtained programmatically from the mapbox API

Fixed

  • Location properties adjustment. Removal of floor and addition of the customId, attachments and description.
  • Location properties adjustment. Replaced address and coordinates with feature field of type Feature<Point>
  • Alert and alert rule creation

[2.21.0] - 2022-02-09

Fixed

  • Request count is correctly saved and counted
  • Returns ntpServer address, when is set on /device{deviceUid} endpoint

Added

  • Location resource

[2.20.0] - 2022-01-26

Added

  • Policy status for given device by policyUid or itemType or their combination
  • Array supportedResolutions into device endpoints

[2.19.0] - 2022-01-19

Added

  • Latest telemetry data
  • Endpoint routeDateTime (/device/:deviceUid/time) now accept UNIX timestamp or date time. With or without offset, if with offset is ignored. Offset is now take from the time zone and then transformed into correct UNIX timestamp.

[2.18.3] - 2021-12-23

Fixed

  • Remote control API has additional parameters aliases locked & kiosk which are reversed values of enabled.

[2.18.2] - 2021-12-15

Fixed

  • Device info (e.g. storageStatus in device route) is fetched from separated telemetry database
  • Resolution & Orientation PUT api error message

[2.18.1] - 2021-12-10

Fixed

  • Race condition in updating device name & fetching devices using name filter
  • Alert & alert rules related bugs

[2.18.0] - 2021-12-08

Added

  • Device action log (history of the device) resource
  • Counting api requests per resource and organization - storing them to redis

Fixed

  • Error reporting for timing create/update when config is missing

[2.17.0] - 2021-11-17

Added

  • Missing automatic pagination for /device/:deviceUid/power-action resource using since & until (page has size 5000)

Fixed

  • (internal) pagination is consistent in all paginated endpoints

[2.16.2] - 2021-11-10

Fixed

  • Applet version test suite resource accepts / (slashes) in identifier name

[2.16.1] - 2021-10-13

Fixed

  • Timeout POST/PUT requests by 504 with additional command ID info
  • Optimization: Prepared separation of telemetry from other resources

[2.16.0] - 2021-09-01

Added

  • Optional frame rate can be set along with resolution

[2.15.2] - 2021-08-11

Fixed

  • Prevent falling api when device connections or pings are temporarily unavailable (return undefined values instead)

[2.15.0] - 2021-07-28

Added

  • Alert and AlertRule resources

[2.14.0] - 2021-06-23

Added

  • Allow to fetch company organizations
  • Allow to to fetch organization statistics with devices count
  • Only test and 3.0 organizations can create device policies

[2.13.3] - 2021-05-26

Fixed

  • Slow responding write requests
  • Limit the max number of fetched devices to 4000 in a single request

[2.13.0] - 2021-03-31

Added

  • Policy archive resource
  • Archived filter to get policies list resource

Fixed

  • Device policy assign/unassign resource by UID
  • Only one policy can be assigned to device
  • Improve currentTime of /device resource

[2.12.0] - 2021-03-24

Fixed

  • Some resources where failing when new organization token was used
  • Policy resource response correctly when items or name haven't changed

Added

  • Policy clone resource

[2.11.0] - 2021-03-17

Added

  • Firmware can be uploaded for Android & signageOS (linux) devices (including firmware type. E.g.: rpi, rpi4, benq_sl550)
  • Policies resources
  • Resource PUT /device/:uid/time optionally accepts ntpServer property in body

Fixed

  • Missing uid in PowerActionSchedule PolicyItems

[2.10.2] - 2021-03-03

Fixed

  • Uploading firmware can be done up to 2GB

[2.10.1] - 2021-02-18

Fixed

  • Resources /device/{deviceUid}/brightness & /device/{deviceUid}/resolution correctly accepts number values even for URL encoded body.

[2.10.0] - 2021-02-03

Added

  • New endpoint to set organization of device
  • Optional descending parameter for list of device screenshot, optional limit parameter to set page size

Fixed

  • More than one emulator can be created for one account
  • Exception handling refactored, more precise messages for user, backward compatibility preserved

[2.9.0] - 2021-01-27

Added

  • New endpoint to manage organization tokens which are scoped for specific account

[2.8.0] - 2021-01-22

Added

  • Added routes to get emulators and create emulator assigned to authenticated account
  • Added endpoint to delete emulator

[2.7.0] - 2021-01-13

Added

  • Organization tokens are scoped for an account where every account has a unique personal organization token
  • Screen size with certain width, height in pixels can be set instead of pre-defined HD_READY, FULL_HD resolution values
  • New endpoints to allow sent data for connect, disconnect computer from device in local network

Security

  • Prevent creating and updating timing for applet from foreign company regardless organization

[2.6.0] - 2020-10-28

Added

  • Missing automatic pagination for /device resource using createdSince & createdUntil (page has size 200)

[2.5.0] - 2020-10-21

Added

  • Added route for deleting existing organization

Fixed

  • 10x faster account API security token encryption
  • Strong consistency model of device feature tests
  • Allow account authentication against real API security token clientId, not substitution of username or email of account (much faster)

[2.4.4] - 2020-10-14

Fixed

  • Selective consistency of resources (not responding write requests)

[2.4.3] - 2020-10-14

Fixed

  • HTTP server terminated after all pending requests resolved thus it prevents 5xx status codes
  • Update name of device, deprovisioning & power actions will always respond
  • Get current list of uploaded multifile applet files

[2.4.2] - 2020-09-22

Fixed

  • Power action write requests uses new strong consistency model

[2.4.1] - 2020-09-16

Fixed

  • Originator added to all commands being send in API

Security

  • Prevent creating timing for applet from another organization

[2.4.0] - 2020-09-03

Added

  • Video orientation landscape flipped

Fixed

  • Updated model where productionSince and MaxDevicesCount fields of organization's were moved to organizationModel

[2.3.4] - 2020-08-22

Fixed

  • Response of resources occasionally failing

[2.3.3] - 2020-08-19

Fixed

  • Internally memory optimized processing of write operations

[2.3.2] - 2020-08-19

Fixed

  • Race condition in consistency of REST API requests which sometimes returned 404 or 403 in fast sequence of calls
  • New internals for installing packages to device

[2.3.1] - 2020-07-21

Fixed

  • Decide new organization device plan according to default company settings

[2.3.0] - 2020-07-09

Fixed

  • device plans namings (i.e. from basic -> 1.0)
  • Fixed logic of validation of organization subscriptionType and default subscriptionType of creating organization
  • Fixed content-type. It can be omitted when uploading file (back compatibility for cli 0.7.0)

Added

  • Acl permission based authorization

[2.2.2] - 2020-06-23

Fixed

  • Missing content-type in applet version file response

[2.2.1] - 2020-06-22

Fixed

  • REST API for uploading applet files accepts content type for update files as well.

[2.2.0] - 2020-06-15

Added

  • Tracking applet version files when uploading them (multifile applet timing support)
  • DUID (duid) physical device UID is available in /v1/device/... REST API

[2.1.0] - 2020-05-27

Added

  • Add limit of verify devices count for non production organizations

Fixed

  • Upgrade sentry logging
  • Remove deprecations of mongoose

[2.0.0] - 2020-04-28

Fixed

  • Rethink device models replaced by mongo device aciton log model
  • Add error handler for duplicate identifier case in test suite
  • Rethink models replaced by mongo models
  • Device resolution and orientation params validation on changing
  • Attach company when creating organization
  • Added originator to originator aware actionLog commands
  • Added new STARTER billing plan
  • Listing companies and changing it's plan now uses dedicated company commands

Added

  • Device package start resource
  • Companies endpoints. Added ability to get companies and set their billing plans
  • Ability to set organizations's subscription type

Removed

  • IntroPage and IntroMetadata models removed

[1.15.0] - 2019-12-23

Added

  • Multi file firmware support
  • Endpoints for firmware files management
  • Multi file applets support
  • Endpoints for applets files management
  • Redis storage added, device connections are now retrieved directly from Redis deviceConnectionModel

Fixed

  • Applet Version endpoint POST and PUT return link to resource
  • Optimize loading of data using mongodb instead of rethinkdb

[1.14.0] - 2019-12-02

Added

  • GET resource for fetching latest device feature test /v1/device/:deviceUid/feature-test
  • PUT resource to update device feature test /v1/device/:deviceUid/feature-test
  • GET resource for fetching latest device applet test /v1/device/:deviceUid/applet-test
  • PUT resource to update device applet test /v1/device/:deviceUid/applet-test

Fixed

  • Replacement of all invalid imports from rethink by corresponding user-domain-model imports
  • Little code readability refactoring and typos fixes

[1.13.0] - 2019-10-17

Added

  • Default subscription type of organization is based on account subscription

[1.12.0] - 2019-10-14

Added

  • Ability to have multiple api security tokens per account

Fixed

  • Change device subscriptionType after the device is paired

[1.11.0] - 2019-09-21

Added

  • Updating and Creating applet version with applet binary in request body

[1.10.0] - 2019-09-17

Fixed

  • Updating and Creating applet version with bundled front-applet
  • Unified the format of error and success HTTP REST response bodies

Added

  • Routes for managing applet test suites (CRUD)

[1.9.1] - 2019-08-28

Fixed

  • Allow to omit frontAppletVersion in appletVersion

[1.9.0] - 2019-08-25

Added

  • Accept username or email in authentication for organization manipulation (not only accountId)
  • Allow get and recreate account API security token for account by password login
  • GET resource for list of organizations /organization

[1.8.4] - 2019-07-18

Fixed

  • device deprovisioning 403 error

[1.8.3] - 2019-07-04

Fixed

  • Optimize loading of device info (storage, online, batter etc. resources)

[1.8.2] - 2019-06-21

Fixed

  • Applet POST API response contains Link to created entity in header
  • Some resources are loaded from more optimal MongoDB (device reports, monitoring, screenshots, temperatures and timing commands)

[1.8.0] - 2019-05-29

Added

  • Windows Application type support

[1.7.0] - 2019-02-13

Added

[1.6.0] - 2019-01-14

Added

  • New resource to get current firmware versions GET /v1/firmware/version
  • Device temperature can be filtered by additional query parameters createdSince & createdUntil GET /v1/device/:deviceUid/temperature

[1.5.5] - 2018-11-17

Fixed

  • Applet Dispatch commands (Timing commands) POST can be done to any applet. Even without organization access to it.

[1.5.0] - 2018-09-05

Added

Fixed

  • Scheduled power action resource is standardized & response header contains location to created resource

[1.4.0] - 2018-08-14

Fixed

Added

  • Simple GET /organization/:organizationUid resource
  • Create POST /organization resource returns reference to just created organization in Location header (with code 201)

[1.3.0] - 2018-07-19

Added

[1.2.2] - 2018-07-13

Fixed

  • Volume can be set also to 0 (zero) value

[1.2.1] - 2018-07-13

Fixed

  • GET device timing - when there is no current timing, last outdated timing will be returned

[1.2.0] - 2018-07-09

Added

Fixed

  • Optimized fetching of device screenshots

[1.1.3] - 2018-06-20

Added

  • Security token based authentication - to create new organization without client ID/client secret
  • An API resource for creating a new organization

[1.1.2] - 2018-06-18

Fixed

  • Optimized device reports GET methods

[1.1.0] - 2018-06-08

Added

  • Changelog file containing all changes in current project
  • Explicit video orientation different from screen orientation