Skip to main content
5.8 Release notes

API Policies and Private Application tokens

E
Written by Erkka Honkavaara
Updated over a month ago

Breaking changes in 5.8 release

API Policy migration

We've strived to make the update and migration process as smooth as possible, but due to difference in the configuration model for the new API Policy based authentication and authorization, the following should be noted:

  • An API Process which has OAuth in the OpenAPI Specification and it's path is included in the API Key rulesets was previously only accessible through OAuth, but now it will be accessible with both authentication methods because it had a matching API Key ruleset. This can be reconfigured by modifying the API Policy

  • The update and migration might be blocked if there are inconsistencies between the OpenAPI Specification and Process deployments

Legacy Agent

We strongly recommend updating to the Cross-platform Agent to be able to use the latest technology and solutions possible. Some features will not be supported by it, like the HTTP monitoring which was released in Frends 5.7.

  • Legacy Agent are being retired, their End of Life is in 18 months, meaning that any releases after 1.1.2026 will no longer support the Legacy Agent

Note: These following changes were already present in 5.5 and are listed here for visibility


Frends API changes (for pre 5.7 installations)

The Frends API has been now released and the old v0.9 path has been retired, so you will need to update any calls to the API to target the new v1 path. Also the error result for the API calls has been changed, otherwise the APIs will work the same way as before. Also there are changes to the internal API which is not fully supported for outside use, so if you have used that, you will need to verify everything works separately.
More info here

Frends Agent container image path changed

The path for the assemblies inside of the container image is now /app. If there are modifications to the official container image, the new path should be taken into account.

Agents required to have access to the UI

The Agents now fetch their Process and Task packages through the UI, so firewalls on the Agents need to allow outbound access to the Frends UI: <tenant>.frendsapp.com on port 443.

OpenId Connect (SSO)

Customers who use their own O365 or Azure AD (Entra) for Frends Authentication will need to modify the App Registration they created as of Frends version 5.7, The Redirect URI needs to include the Application (client) ID:

Service Bus for Windows (for pre 5.5 installations)
Support for Service Bus for Windows Server is removed, when updating to 5.5+ switching to RabbitMQ for full on-premise deployments is mandatory. This also means that using the Service Bus Trigger no longer works with Service Bus for Windows Server.


Remote Subprocesses (for pre 5.5 installations)

Because of changes to the message busses used by Frends, Agent groups within an Environment should be reinstalled at the same time. This is required when Remote Subprocesses are being used.


Frends.Tasks.Attributes support to be removed

Frends Tasks Attributes was a way of modifying the Parameter editor for Tasks before Frends 4.5.6, when it was deprecated and support for it was removed in 5.5.3. Previously imported Tasks will continue to work normally, but new Task imports will require migration to System.ComponentModel.Annotation to support conditional parameter displays etc.

SQL Server requirements

The minimum supported version of SQL Server is now MS SQL Server 2017 for on-premise deployments.

What has changed

5.8.1

13th of September (hotfixed 8th of October)

UI and Log Service

Improvements

  • Importing a Template verifies that the needed Tasks exist on the Frends Tenant during import

  • API Policy migration now provides more information about conflicts during update

  • SignalR now only uses Web socket connections to work better with load balancers without connection affinity

  • New management API endpoint for getting a single Process execution

  • New management API endpoint for Tags

  • Private applications and Tokens now have the same default values as the UI

  • Improved validation for Private application Token creation

  • It is now possible to view HTTP request and response payloads in API Monitoring

  • It is now possible to revoke all Tokens for a Private Applications

Bug fixes

  • Management API now correctly uses the Name filter

  • Importing a Template which has been previously deleted works correctly

  • Fixed issue with Log Service file logging on Linux/Docker hosts

  • Agent status page handles Agent statuses from older Agent versions (which may be missing data) more gracefully

  • Fixed product tour links for API page

  • Process variables are no lo longer lost when a Process is automatically updated by a Task update

  • Policy updates now also takes into account and send updates to Agent groups that were previously included in the Policy targets

  • Fixed page crash when deleting the sub claim from a Private Application

  • The display name of an Agent Group is now shown when selecting Remote Subprocess target

Agent

Improvements

  • Legacy Agent is now supported in Frends 5.8

  • Agent can now log HTTP request and response payloads

Bug fixes

  • Added missing file to Cross-platform Agent Windows installer

  • (hotfix) Fixed issue with resolving some System package dependency versions, e.g. System.Text.Json

5.8.0

27th of June 2024

New feature - API Policies

API Policies centralize and harmonize the way access to HTTP and API endpoints are managed. This is done by decoupling the authentication from the Process level and moving API Key access management (previously API Key rulesets), OAuth (Previously OpenAPI specifications/API Policies) and the new Private Application tokens under one central view.

API Policies allow configuring access to different endpoints (path and HTTP method) for different Agent Groups with different access options, such as having API Keys used for development and OAuth for production use and you can even have different authorization options available at the same time for a single Process.

Previously throttling was only available for use with API Keys, but now you can use it with other authentication methods and even unauthenticated requests.

Because the authentication is now decoupled from the Process, API passthroughs can now leverage the different authorization options available in Frends.

New feature - Private applications

Private applications are meant to increase the security for simple authentication/authorization. You can now create Private Application tokens which are provided by the Frends Management UI with a specified lifetime and claims. These claims can be used by the API Policies to manage access to your endpoints, and to provide contextual information about the identity inside of Processes. The tokens support revocation, so if for some reason your token would be compromised, you can easily revoke it and issue a new token in its stead.

Other notable changes

UI

Improvements

  • It is now possible to download the NuGet package for a Process with it's generated source code from the Process changelog

  • It is now possible to search for a used parameter value in the Process Editor

  • Subprocess argument value validation has been relaxed to allow setting references as default values for Subprocess parameters

Bug fixes

  • Fixed issue with cleaning up the most recent Process version

  • Fixed issue with completed Processes not being shown as completed when auto-refresh is on

  • Fixed issue with importing a Process Template which shared Tags with its contained Process

  • Fixed issue with importing a Process Template that had been previously deleted

  • It is no longer possible to set negative version numbers when updating a Process Template

  • The Management UI now batches configuration messages when doing a synchronization to mitigate possible out of memory errors

  • Empty URLs are no longer allowed for HTTP Triggers

  • Fixed issue with Test executions causing Process versions diffs to show changes even though there were none

Agent

Bug fixes

  • Logging a null JObject property value for a Process step no longer causes the step to be not logged

Updating to 5.8

We will start doing updates to Frends 5.8 in August.

Did this answer your question?