Updates to Extensions and Themes API permissions
Qlik is enhancing security and data protection for the Extensions API and Themes API. These APIs allow customization of experiences in Qlik Sense by adding custom visualization objects, colors, and styling.
Currently, any user in the tenant can download the full archive of an extension or theme from the following endpoints:
- GET
/v1/extensions/{id}/filefor extensions - GET
/v1/themes/{id}/filefor themes
To improve security, only users with the TenantAdmin or AnalyticsAdmin
roles will be allowed to download the full archive. This brings these endpoints
in line with the permissions for import endpoints.
This change will take effect no sooner than 60 days from the date on this changelog, on, or after October 21, 2024.
Endpoints affected:
- GET
/v1/extensions/{id}/file - GET
/v1/themes/{id}/file