To support dynamic reload workloads, reload-time variable updates and variable
constraints have been added for Analytics apps.
Reload-time variable update
Using the new variables property on the Reloads API,
you can set variables directly in a reload request, enabling dynamic app behavior
without editing the load script. This reduces complexity, improves deployment
automation, and brings parity with QlikView-style task-driven customization.
Example request using reload-time variable update:
These variables will be applied before any load script, and will be overwritten
by any LET or SET calls for these variables during script execution, so ensure
you validate state of each variable prior to overwriting.
Use cases include:
Injecting customer-specific configuration at reload time, such as customer IDs,
customer names, or specific customer mappings.
Injecting situation-specific configuration at reload time, such as reconfiguring
the number of days of history to load into the app in case of break-glass incidents.
Supporting central control over app behavior across many apps or tenants.
Migrating QlikView tasks that used variable configuration, and Qlik Sense Enterprise
client-managed tasks which leveraged custom properties to pass configuration
to apps.
Variable constraints
To prevent accidental or unauthorized overrides, you can now constrain variables
in the load script. This ensures that certain variables must meet specified
criteria even when passed dynamically.
Example usage:
CONSTRAIN a = {"valuesnum": [2,3,4]}; // Require variable a to be a number of 2, 3, or 4
CONSTRAIN b = {"minnum": "3000"}; // Require variable b to be greater than 3000
CONSTRAIN c = {"maxnum": "4000"}; // Require variable c to be lesser than 4000
CONSTRAIN d = {"minnum": "3000", "maxnum": "4000"}; // Require variable c to be greater than 3000 and lesser than 4000
CONSTRAIN e = {"valuestext": ["Dept A", "Dept B", "Dept C"]}; // Require variable e to be text of `Dept A`, `Dept B`, or `Dept C`
This protects your app from:
Malicious or malformed variable input that might break app logic or SQL queries.
Unintended overrides in templated apps.
Use them separately or together
Reload-time variable updates can be used alone to streamline deployments.
Constraints can be used independently to validate variable values.
Together, they form a secure and flexible configuration model for large-scale,
multi-tenant, or dynamic deployments.
With the recent introduction of support for Qlik Automate in shared spaces, there are updates
to the Qlik Automate API to enable customers to take advantage of these features programmatically.
Space related properties have been added to relevant endpoints in the Qlik Automate API, and
two management endpoints have been released.
Examples of changes in current endpoints includes:
GET /automations:
New query parameter listAll allowing administrators to list all automations in the tenant.
New field spaceId supported in filter query enabling users to filter automations based on spaces.
POST /automations:
New field spaceId in the request payload expanding automation creation in shared spaces.
GET /automations/{id}/runs
New fields spaceIdownerIdexecutedById in filter query and API response for enhanced filtering.
New endpoints
New API endpoints have been added to move automations between spaces, and to change owners.
The Developer role in Administration > Manage users > Permissions is deprecated and will be removed before the
end of 2025.
To avoid disruptions, migrate affected users and groups to a custom role that includes the Manage API keys permission or
enable this permission in the User Default settings.
For more information about creating a replacement role, see Managing custom roles
on help.qlik.com.
The Enable API keys toggle in Administration > Settings and the api_keys_enabled option in the API keys API
are also deprecated and will be removed before the end of 2025.
After removal, API key creation will be controlled exclusively by the Manage API keys permission.
Users with this permission can create API keys from Profile settings > API keys.
For more information, see Generate your first API key.
A new release of qlik-cli has been published, which expands the set of covered APIs
to include most published REST APIs, removes some unused endpoints, and simplifies payload
property configuration.
New commands
qlik-cli now supports the following commands:
qlik assistant - Assistants provide a chat interface for asking questions and getting personalized,
relevant answers for Qlik Answers.
qlik condition - Conditions are used by features such as data alerting and subscriptions to determine
when action should be taken, based on data in a Qlik app.
qlik data-alert - Supports chart sharing, chart monitoring and alerting features. The legacy sharing APIs refer to
chart sharing and chart monitoring, which is a feature that allows the user to send an email with an embedded chart
either manually (chart sharing) or in a recurring manner (chart monitoring). It also stores the history related to
these actions. The alerting/data-alerts APIs support the alerting feature, where a user is able to create alerts that
trigger notifications in case a condition in the dataset of an app is fulfilled.
qlik data-asset - Data assets are part of the catalog in Qlik Cloud. A data asset is a member of a data store,
and may contain multiple data sets.
qlik data-connection - Data connections are used by analytics apps and gateways to connect to external data
sources. Credentials are stored in data-credentials.
qlik data-credential - Data credentials are the stored credentials leveraged by the data-connections service
to connect to external data sources.
qlik data-quality - API for triggering data quality computations and retrieving global results to assess the
quality of your datasets.
qlik data-set - Data sets are part of the catalog in Qlik Cloud. A data set is a member of a data asset.
qlik data-source - Lists data sources available on the tenant for the creation of analytics data connections.
qlik data-store - Data stores are part of the catalog in Qlik Cloud. A data store may contain one or more data
stores, which in turn may contain multiple data sets.
qlik di-project - Data integration projects are containers for data tasks and provide the context for building,
monitoring, and controlling data integration pipelines.
qlik encryption - Tenants in Qlik Cloud can be encrypted with a key you provide via a supported KMS. This API
allows you to configure and manage encryption keys.
qlik knowledgebase - Knowledgebases are collections of individual data sources, that are indexed for use in
generating responses to user questions via Assistants for Qlik Answers.
qlik ml - The Machine Learning API allows you to generate profile insights to analyze datasets, create and
manage machine learning experiments, deploy models, and run predictions.
qlik notification - Notifications are resources representing the various notifications that notification-prep can
render.
qlik report - Reports are downloadable assets generated from data in analytics applications.
qlik report-template - Create and manage report templates.
qlik sharing-task - For scheduled capabilities such as reports, data alerts, subscriptions, and more, sharing tasks
define when these tasks execute, and tie together the resource definition with any conditions on execution.
qlik task - API for managing tasks and task chains in Qlik Cloud. The requesting user needs the “reload” permission
on the target resource to use this set of endpoints. A tenant administrator can use GET /v1/tasks and
DELETE /v1/tasks/{id} to perform administrative actions, even without the “reload” permission.
qlik ui-config - Pinned links are administrator-defined URLs which appear for all users under the More button in the
global navigation menu.
qlik web-notification - Web notifications are resource representing a user’s notifications.
Commands removed
The following unused commands have been removed and are no longer supported:
qlik data-file space-stats
qlik identity-provider auth-secrets
qlik note settings create - Use qlik note settings update or qlik note settings edit instead.
qlik user metadata - The underlying endpoint has been removed. Use qlik role ls instead.
Extended flag support for payload properties
qlik-cli now fully supports the use of flags for all properties of a payload, instead of plain JSON.
A common pain point this addresses is patch operations, which usually take an array of JSON-objects.
For example, you can now do:
Terminal window
qlikspacepatchSPACE_ID--opreplace--path/description--value"New and improved!"
In this example, the --op, --path, and --value flags can be used repeatedly and will
then correspond with that property of the nth object. For example, a second --op flag would
set the op property of the second object.
Note
The previous syntax using the --body flag is still supported.
The gauge visualization presents a single measure value and helps users interpret it in context.
It can be used to track KPIs and performance results in dashboards, with support for customization such as segment
colors, reference lines, and radial or bar styles.
With the new sn-gauge visualization, you can now easily embed gauges in your applications.
The Direct Access Agents API has been updated with new endpoints that allow you to
retrieve and update configuration files for individual connectors, including the File connector and the REST connector.
Configuration files must use a plain text format: flat, newline-delimited, and unescaped.
The following new endpoints give you more control over connector behavior on Direct Access gateways:
GET /v1/direct-access-agents/{agentId}/connectors/{connectorType}/files - Retrieve configuration files for the
specified connector.
GET /v1/direct-access-agents/{agentId}/connectors/{connectorType}/files/{fileType} - Retrieve the configuration
values from the flat file for the specified connector.
PUT /v1/direct-access-agents/{agentId}/connectors/{connectorType}/files/{fileType} - Replace the contents of the
flat file for the specified connector. Partial updates are not supported.
These new endpoints are supported from Direct Access Gateway 1.7.4 onward and are available only to users with the
Tenant Admin role.
To use these endpoints, you need the Direct Access Gateway agent ID (agentId).
This ID appears in the connector-agent logs as the agent-gateway-id after submitting a metadata request or reload,
for example:
[INFO ] DAG - ... Message=agent-gateway-id: llaIfam89pGBzccYd9R1W4S4wee-S1FH
The new Direct Access Agents API is now available for remotely managing Direct Access Gateway agents.
This API allows you to programmatically retrieve and update configuration settings, as well as restart Direct Access
Gateway agents.
This API is supported from Direct Access Gateway 1.7.2 onward and is available only to users with the Tenant Admin
role.
With the Direct Access Agents API, you can:
Retrieve configuration settings via GET /direct-access-agents/{agentId}/configurations.
Update configuration settings using JSON Patch via PATCH /direct-access-agents/{agentId}/configurations.
Restart the agent via POST /direct-access-agents/{agentId}/actions/{agentAction}.
To use this API, you need the Direct Access Gateway agent ID (agentId).
This ID appears in the connector-agent logs as the agent-gateway-id after submitting a metadata request or reload,
for example:
[INFO ] DAG - ... Message=agent-gateway-id: llaIfam89pGBzccYd9R1W4S4wee-S1FH
The new Data Quality API allows you to programmatically compute and retrieve data quality
results for datasets in Qlik Cloud.
The API allows evaluating the quality of a dataset based on a sample of its rows. It returns counts of valid, invalid,
and empty cells within the sample. This helps you assess the trustworthiness of your data, especially as it may be
consumed downstream by analytics, AI models, or other consumers.
The new endpoints are:
POST /v1/data-qualities/computations: Trigger a data quality computation.
GET /v1/data-qualities/computations/{computationId}: Retrieve the status of a data quality computation.
GET /v1/data-qualities/global-results: Retrieve global data quality results for a dataset.
The new Tasks API allows you to manage tasks and task chains in Qlik Cloud.
This API adds support for more complex workflows, including scheduled execution, event-based triggers, and task
orchestration with up to 10 tasks per resource.
Warning
Existing reload tasks can be migrated to the new tasks service.
However, once a Qlik Sense app has one or more tasks, reload tasks are turned off for that resource.
The new endpoints are:
GET /v1/tasks: List tasks the requesting user has access to
POST /v1/tasks: Create a new task
GET /v1/tasks/{id}: Get task details
PUT /v1/tasks/{id}: Update a task
DELETE /v1/tasks/{id}: Delete a task
POST /v1/tasks/{id}/actions/start: Start a task
GET /v1/tasks/{id}/runs: List task runs
GET /v1/tasks/resources/{id}/runs: List runs for a resource
GET /v1/tasks/{id}/runs/last: Get the most recent task run
GET /v1/tasks/{id}/runs/{runId}/log: Get a specific task run log
These operations require reload permission on the target resource.
Tenant admins can call GET /v1/tasks and DELETE /v1/tasks/{id}, even without this permission.
Qlik is announcing a change in behavior for the Users API,
which will take effect no sooner than March 31, 2025.
The Users API currently allows you to create a new user with an email that is
already associated with a disabled user in the tenant, and to update a user’s
email to the same address already associated to another invited or disabled user
in the tenant.
The Users API will be updated to enforce email uniqueness across all
user statuses (including: active, invited, provisioned, disabled).
The Spaces API has been updated to include new endpoints to manage
space shares.
This supports two tasks:
Sharing a resource (for example, a Qlik Sense application) to specific users or groups
in a tenant without giving them access to other content in that space.
Managing analytic links for Qlik Sense apps in a tenant with the anonymous
capability enabled.
The new endpoints are:
POST /api/v1/spaces/{spaceId}/shares - Share a resource in a space with specific users
or groups, or create a link share in an anonymous tenant.
GET /api/v1/spaces/{spaceId}/shares - Get a list of shares for a space.
GET /api/v1/spaces/{spaceId}/shares/{shareId} - Get a share by ID.
PATCH /api/v1/spaces/{spaceId}/shares/{shareId} - Update a share by ID.
DELETE /api/v1/spaces/{spaceId}/shares/{shareId} - Delete a share by ID.
Pinned links are now available in the Qlik Cloud navigation menu. Pinned links
allow you to create and manage your own links which appear under the More
section in the navigation menu, providing a way of surfacing important links to
your users via the global navigation controls.
This feature can only be set via the Pinned Links API. By
default, your tenant contains no links, and the More section will not be shown.
When the first link is added, it will be visible to all users in the tenant.
For example, to create a link to qlik.dev and qlik.com:
Custom Groups are a powerful new capability designed to give enterprise customers greater flexibility and control over
user and group management.
With Custom Groups, organizations that do not rely on Identity Provider (IdP) groups for access control can now create
and maintain user-to-group relationships directly in Qlik Cloud. This enables seamless group-based provisioning for both
administrative access and product feature controls.
Use Cases Solved
Public Sector Flexibility: Manage group memberships within Qlik Cloud to streamline resource access without
relying on IdP-provided groups, simplifying integration with third-party applications.
Enterprise Autonomy: Gain full control over user and group assignments without being tied to IT-managed Active
Directory groups, empowering teams to adapt quickly to evolving needs.
Embedded Analytics: With qlik-embed and OAuth2 Machine-to-Machine impersonation, use Custom Groups to handle
user group membership using only REST APIs and the qlik-api framework, reducing complexity.
Custom Groups offer enhanced usability and autonomy, making access management easier and more aligned with your unique
organizational structure.
API example: Create a custom group
Here’s an example of how to create a custom group and assign a role to it using the Groups API:
Note: This is a non-breaking addition to the Groups API. Group creation requests sent without a providerType
will continue to be created as an IdP group.
Updated on January 16, 2025: Paths to the invoke and stream endpoints were corrected.
Qlik Answers leverages two services - Knowledgebases and Assistants - to first build the
data leveraged by an assistant and then configure the assistant. The Knowledgebases API
and Assistants API are now published and generally available
for programmatic use cases.
These APIs support both the configuration of Qlik Answers, as well as asking questions
to an Assistant by using the /api/v1/assistants/{assistantId}/threads/{threadId}/actions/invoke
or /api/v1/assistants/{assistantId}/threads/{threadId}/actions/stream
endpoints, allowing you to create your own embedded version of Qlik Answers.
This release complements the previously available qlik-embed support for Qlik Answers,
which allows you to embed the native user interface into your web applications
and portals.
The Machine Learning API is now available. This public API allows you to train, deploy, and make predictions with
machine learning models using Qlik AutoML. You can use this API to integrate the power of Qlik AutoML and predictive
analytics into your own software applications.
With the Machine Learning API, you can:
Start the automated machine learning process by creating machine learning experiment and training models.
Deploy the trained models to make predictions on the outcome of your business problems.
Explore the variables that impact the predicted outcome, and gain a thorough understanding of your data.
For more information about the new Machine Learning API:
New export/import APIs for Qlik Talend Cloud Pipelines offer a programmatic way
to export and import projects across tenants and spaces for deployment purposes.
They allow programmers to export projects as a .zip file. They also include
creating projects and reading or updating the project variables (referred to as bindings)
before importing project contents.
New endpoints allow you to create, update, and delete custom roles, as well as
configure the default scopes assigned to all users in a tenant via userDefault.
The selection bar can now be styled using custom themes.
Style the selection bar and listboxes with custom definitions for the dataColors properties.
These properties can be configured in the top-level theme definition, and at the chart level for the listBox object.
Qlik is enhancing security and data protection for the Extensions API
and Themes API. These APIs allow customization of experiences in Qlik Sense
by adding custom visualization objects, colors, and styling.
Currently, any user in the tenant can download the full archive of an extension or
theme from the following endpoints:
To improve security, only users with the TenantAdmin or AnalyticsAdmin
roles will be allowed to download the full archive. This brings these endpoints
in line with the permissions for import endpoints.
This change will take effect no sooner than 60 days from the date on this changelog, on,
or after October 21, 2024.
The reloads API allows for triggering data refreshes in Qlik
Sense applications in Qlik Cloud.
The query log default value is being changed from true to false. This
will reduce response size for the majority of queries where the log attribute
in the response is not required.
The query parameter log can have a true or false value that controls
whether the log attribute is sent in the response. Today, the default value of
this log parameter is true, when not specified - hence the log is returned
by default.
To continue receiving this attribute after the notice period, you should
specify log=true in your request.
This change will take effect no sooner than 30 days from the date on this changelog, on,
or after September 19, 2024.
Endpoints affected:
GET /v1/reloads
The current response, when no log query parameter is included in the request, returns the log field.
{
"data": [
{
"id": "65ad4a0df4bd1ffb55555a51",
"appId": "349216c2-5555-5555-5555-5555379f68bb",
"tenantId": "xqFQ0k66vSR555555-55555QkiYrCpct",
"userId": "nEgFMHPnm6ye55555555PSKuCUDzEtFO",
"type": "chronos",
"status": "SUCCEEDED",
"log": "ReloadID: 65ad4a0df4bd1ffb55555a51\nStarted loading data\n(A detailed script progress log can be downloaded when the reload is finished)\nreload-result-join-22-23 \u003c\u003c reload-result-join-22-23 446,756 Lines fetched\n\nApp saved\nFinished successfully\n",
Add query parameter log=true to return the log attribute in the response,
such as in /reloads?appId=349216c2-5555-5555-5555-5555379f68bb&log=true:
{
"data": [
{
"id": "65ad4a0df4bd1ffb55555a51",
"appId": "349216c2-5555-5555-5555-5555379f68bb",
"tenantId": "xqFQ0k66vSR555555-55555QkiYrCpct",
"userId": "nEgFMHPnm6ye55555555PSKuCUDzEtFO",
"type": "chronos",
"status": "SUCCEEDED",
"log": "ReloadID: 65ad4a0df4bd1ffb55555a51\nStarted loading data\n(A detailed script progress log can be downloaded when the reload is finished)\nreload-result-join-22-23 \u003c\u003c reload-result-join-22-23 446,756 Lines fetched\n\nApp saved\nFinished successfully\n",
To prevent breaking changes for current users of POST /v1/data-connections,
some parameter names have changed to incorporate the capabilities from
POST /v1/dcaas/actions/data-connections.
Namely:
The parameter for passing the name of the connection is qName rather than connectionName.
The parameter for passing the ID of the space to create the connection in is space rather than spaceId.
With POST /v1/dcaas/actions/data-connections,
you sent:
Qlik is making changes to the recently updated Automation Connections
API to improve developer experience on this API. The change is being made to the response
from three endpoints, to return all attributes at the root object, rather than
in the data object. No changes are being made to payloads or parameters.
This change will take effect no sooner than sixty days from the date on this changelog entry.
Qlik has added the com.qlik.v1.analytics.analytics-app-client.sheet-view.opened
event to the audit service in Qlik Cloud. This event is triggered whenever a sheet is
displayed in Qlik Sense, allowing for detailed analysis of how many times a sheet
in an app has been viewed and by which user.
A view will be recorded each time the sheet is navigated to by users
accessing via the Qlik Sense client, via iFrame, or via the classic/app
interface with qlik-embed. Events are not generated for any other embedding approaches.
Actions such as toggling between edit and view mode without changing sheet will
not register as additional views of the sheet.
The value of sheetState details the consumption mode active when the user
opened the sheet:
qlik-embed 1.2.0 adds the popular charts on the fly feature to the analytics/chart
ui. This allows you to generate charts from data in a Qlik Sense app, without
the chart existing in the app. You pass a definition, and the chart is created as
requested by your web app.
Here’s an example using qlik-embed web components:
Note: charts on the fly works only with charts available in the analytics/chart
ui in qlik-embed. Please consult the
chart compatibility table
for a list of compatible charts. Use the Viz on the fly ID for the type property.
Update for using context property
Previously an html attribute to the <qlik-embed /> tag could include :json or :number
to indicate which type the string in the attribute should be parsed to. In some environments
the : is not allowed as a html parameter so it is now possible to also use ___
(triple underscore) as a delimiter.
This means you can now set context like this:
<qlik-embed context___json='{ theme: "Breeze" }' ... /> and it will be parsed as json.
Qlik is removing the com.qlik.user-identity.impersonation event from the audits service
in Qlik Cloud. Events of this type will no longer appear in the Events panel in your
tenant’s management console and responses from the audits API will no longer include
this event.
This change is a result of analysis which found the event added little customer
value, with a better solution being to add the actor attribute to service events to
indicate when a user was impersonated. This reduces audit complexity for customers,
as well as the volume of events a customer needs to process to determine the actions
their users are generating in the platform.
Note: The com.qlik.user-identity.impersonation is not deprecated, it is simply
being removed from a service that aggregates and surfaces events for external
consumption.
This change will take effect no sooner than sixty days from the date on this changelog entry.
qlik-embed web components script src attribute changes
A change to the latest release of qlik-embed web components requires references
to the index.min.js file be specified for the library to run.
If you are using qlik-embed web components it is recommended you update the src
property of the script element declaring the full path to the library.
Update the attribute to include /dist/index.min.js in the path. Here is an example of
the new path for the src attribute:
src="https://cdn.jsdelivr.net/npm/@qlik/embed-web-components@1/dist/index.min.js".
Note: If you do not want to use the latest version of qlik-embed web components, it is
possible to set the version in the path.
Here is an example of the src attribute referencing a pinned version of qlik-embed
web components:
src="https://cdn.jsdelivr.net/npm/@qlik/embed-web-components@1.1.1/dist/index.min.js".
Update the oauth-callback page used to handle connectivity between qlik-embed web components
and your Qlik Cloud tenant. Set the src attribute to use oauth-callback.min.js.
The resulting src attribute should look something like this:
src="https://cdn.jsdelivr.net/npm/@qlik/embed-web-components@1/dist/oauth-callback.min.js".
You can learn more about qlik-embed
on the Why qlik-embed page.
Like other UIs available through qlik-embed, when you want to use classic/chart
in an embedded analytics context, set the ui property to classic/chart. If you use
qlik-embed web-components it will look something like this:
<qlik-embed
ui="classic/chart"
app-id="<appId>"
object-id="<objectId>"
></qlik-embed>
classic/chart compatibility
classic/chart will render supported visualizations from Qlik Sense applications.
For a full support matrix, refer to
the supported charts page.
Third-party extensions
Third-party extensions may not render properly within embedded contexts compared
to the native Qlik Sense experience if the extension manipulates private code
such as CSS. Manipulating CSS in the native experience is not supported by Qlik,
therefore, it’s not supported in qlik-embed.
Additionally, for best compatibility, it is suggested to enable iframe mode when
working with extensions:
<qlik-embed
ui="classic/chart"
app-id="<appId>"
object-id="<objectId>"
iframe="true"
></qlik-embed>
To learn more about third-party extension compatibility with qlik-embed,
please contact the extension author.
Limitations
classic/chart does not support the following features:
Qlik is introducing support for OAuth impersonation tokens, which can be generated
using a confidential OAuth machine-to-machine client for users in your
Qlik Cloud tenant. Impersonation tokens are ideal for scenarios where:
The identity provider for your web application does not match the one
configured for your Qlik Cloud tenant.
You wish to handle authentication on your backend.
You wish to avoid client-side redirects in the browser.
If you intend to implement a client-side (front-end) authentication strategy or
if your web application does not have a back-end component, you should leverage
OAuth SPA
for your application.
Considerations if moving from JWT
This capability provides a comparable experience to using JWT to authenticate
from a web application to Qlik Cloud, with the benefit of not being blocked by
third-party cookie restrictions.
The key difference is that OAuth impersonation requires that users already
exist in the tenant and uses pre-existing user group mappings, rather than
supporting update of groups on the fly during token requests. This means that:
Users must exist in the tenant prior to requesting an impersonation token. You can
accomplish this with qlik-api as part of the login flow.
You cannot update user-to-group mappings when requesting the impersonation token.
If you wish to leverage groups for your security model, you should first impersonate
a user login on the backend using JWT to associate the required groups with your user.
Learn more about OAuth impersonation
To discover more:
Review the guiding principles
for using OAuth impersonation in Qlik Cloud.
The admin.apps scope has additional permissions granting OAuth tokens with
this scope applied non-interactive access to the personal and private resources
end users in tenants can create and curate.
This update helps administrators address several management use cases involving
resources in personal spaces and unpublished content in Qlik Sense applications.
Situations where this new ability is helpful include:
Access orphaned resources and content when users are removed from the tenant.
Change ownership from one user’s personal space to another.
Programmatically publish content in Qlik Sense applications located in shared
or managed spaces.
Extract private content from Qlik Sense applications in managed spaces for
app lifecycle management, such as promoting content to base-level.
Backup and version control resource metadata, such as Qlik Sense applications,
automations, data pipeline definitions, and more.
Migrating resources and content from client-managed Qlik Sense to Qlik Cloud
Analytics, or between Qlik Cloud tenants.
You can use this capability with qlik-cli, qlik-api, or calling tenant REST apis
directly. This capability is not available in Qlik Cloud graphical user
interfaces.
@qlik/api is a collection of javascript modules which each exposes an api
built to make the integration process for javascript solutions as easy as
possible. The library is built for both browser and NodeJS usage and will
seamlessly integrate with qlik-embed libraries.
@qlik/api provides Qlik Cloud REST endpoints and access to the Qlik Analytics
Engine (QIX).
REST
@qlik/api REST interfaces are generated from open-api specifications released
from those Qlik Cloud services that exposes a restful API. The code generation
tool runs using the specs, building typescript for all api calls documented in
the specification. One module per api is generated.
You can learn more about the available modules in
the REST section
of the typescript types repository on
Qlik Open Source.
QIX
Qlik’s Analytics Engine Service (QIX) is the runtime service for Qlik Sense
applications and several analytics services in Qlik Cloud. @qlik/api offers a
fully typed api for connecting to and consuming Qlik Sense Applications
including “Qlik Sense mixins” which previously only was used internally by
in-house Qlik developers.
More info about QIX can be found in
the qix section.
Learn more about @qlik/api in the toolkits section.
This changelog provides 60 days’ deprecation notice of the Typescript version of
the Platform SDK. The library is being replaced with the Qlik API.
The Qlik API offers the same capabilities and access to Qlik Cloud REST APIs
and the Analytics engine, with the addition of officially supported Typescript
types.
Switching from the Platform SDK to the Qlik API is straightforward, requiring only a few modifications
to your code. The major change is in handling authentication when connecting
to your Qlik Cloud tenant.
Authentication with @qlik/api:
//Backend applications
import { auth } from"@qlik/api";
auth.setDefaultHostConfig({
authType:"oauth2",
host:"<hostname>.<region>.qlikcloud.com",
clientId:"<OAuth2_Client_ID>",
clientSecret:"<OAuth2_Client_Secret>",
});
Authentication with Typescript Platform SDK:
constQlik=require('@qlik/sdk').default;
const { AuthType } =require("@qlik/sdk");
constconfig= {
authType:AuthType.OAuth2,
host:"<hostname>.<region>.qlikcloud.com",
clientId:"<OAuth2_Client_ID>",
clientSecret:"<OAuth2_Client_Secret>",
};
(async () => {
constqlik=newQlik(config);
awaitqlik.auth.authorize();
})();
For more information about @qlik/api, refer to
the release changelog
for @qlik/api or visit the toolkit page
at qlik-api.
Qlik is announcing a change in behavior for
the Roles API. This API
currently returns a list of all available roles on the tenant,
and a change is being made to who can access this API.
As of April 9, 2024, only users assigned the Tenant Admin role will be able to
access the roles API. All other users will be denied access with a http 403 error.
How to access role information for non-Tenant Admin users
Today, any user can retrieve role records as shown below. Once
the change is made, any user without the TenantAdmin role
will receive a http 403 forbidden response.
Terminal window
curl"https://<TENANT>/api/v1/roles"\
-H"Authorization: Bearer <ACCESS_TOKEN>"
Terminal window
# Http 200 - Ok
{
"data": [
{
"id":"<ROLE_ID>",
"tenantId":"<TENANT_ID>",
"name":"<ROLE_NAME>",
},
...
],
"links":{
"self":{
"href":"https://<TENANT>/api/v1/roles"
}
}
}
Although users without the Tenant Admin role will not be able to return all roles in the tenant,
they remain able to list the roles that they are assigned either directly, or via group membership.
They can do this via the /api/v1/users/me endpoint.
This changelog provides 30 days’ notice of the deprecation and removal of two attributes
in the POST /v1/sharing-tasks endpoint. This endpoint is used to create new sharing
tasks. Other methods are not affected.
Previously, the attributes allowed you to provide a different name for an asset than the system name.
With the upcoming changes, the service will no longer apply user-provided values,
instead, it will use the system name of the asset.
The attributes are:
root>appName - the name of the source Qlik Sense application
root>excelData>name - the name of the report template used to generate output
No changes are needed to your code, as the API will continue to accept payloads with
these attributes, but it will ignore any provided values.
Changes will be made no fewer than 30 days from the date of this notice.
For more information on Qlik’s API policies, please refer to
the API policy page.
This changelog provides 60 days notice of deprecation and removal of
the /v1/automations/settings endpoints.
These endpoints turn on and off Qlik Automate on a tenant, and this
capability was superseded by the addition in July 2023 of a new role, Automation Creator.
This new role provides much greater flexibility in who can use automations, including
at tenant, group, and user level.
For more information on Qlik’s API policies, please refer to
the API policy page.
Migrating to use the automation creator role
To provide all users in the tenant with access to create and run automations,
you must add the AutomationCreator role to the Everyone group.
Assuming the Everyone group already had the PrivateAnalyticsContentCreator role
assigned, you would send a request to replace the assignedRoles with the new list
of PrivateAnalyticsContentCreator and AutomationCreator:
Say hello to the new Example section on qlik.dev.
This new section provides you with quick access to commonly used code snippets
and scripts you can adapt and integrate into your projects.
Every example in this section will have a card providing a brief description and
the language or tool you can use with it.
There are a lot of examples to share with you, and they’re being added to the
gallery frequently, so make sure to subscribe to the changelog using the RSS
link at the top of the page so you can stay up to date.
If you experience an issue with a snippet, please open an issue at the
Qlik Cloud examples
repository on Qlik’s open source Github. Include a link to the example, the problem,
and if you have one, your proposed solution.
This changelog provides 60 days notice of deprecation and removal of some
undocumented attributes from the response of the /v1/licenses/assignments endpoint.
Qlik is making changes to ensure removal of user names and other identifiable
information from APIs where the data is available via other, more appropriate
APIs.
For more information on Qlik’s API policies, please refer to
the API policy page.
Deprecation of response attributes
The attributes name and userId will be removed from the response from the
/v1/licenses/assignments endpoint. These are optional, undocumented attributes
that can be set when assigning a license. It will still be possible to use these
attributes in the API filter.
Note:
The endpoint will continue to return the user’s subject as their primary
identifier. Qlik recommends not using personally identifiable information (PII)
in the subject attribute in Qlik Cloud. A good practice is to use system
generated GUIDs to uniquely identify users.
When set on a license assignment, the response currently looks like:
OAuth is a standard security protocol for authorization and delegation.
It allows third party applications to access API resources without disclosing
the end-user credentials.
Qlik Cloud supports OAuth 2.0 Authorization Code and Client Credentials flows.
The OAuth client can obtain an authorization code or send client credentials header
to exchange it with an access token that can be used to access Qlik Cloud APIs.
Full tutorial OAuth single page applications with nebula.js can be found here
Capability APIs?
Already have a Client Id? just switch the webIntegrationId config with the clientId instead,
that’s it. See example code in the
Build a simple mashup using capability APIs
tutorial.
Beginning November 1, 2022, Qlik is enforcing rate limits to API requests on
Qlik Cloud REST APIs. This means any API request originating to a REST API
endpoint on Qlik Cloud is subject to rejection if the number of requests to an
endpoint exceeds the allowed amount in a specified duration on that endpoint.
NOTE: Read on to learn more about how you may be impacted by API
rate limits.
Learn more about API rate limiting at these resources:
The qlik.dev changelog has an rss feed you can subscribe to by adding the
URL https://qlik.dev/rss.xml to
your preferred feed reader. Now updates from qlik.dev come to you in your inbox
or wherever you consume syndicated content.
Are you looking for a way to consume the latest API updates in the
Qlikosphere? Wondering what new tutorials have been added without
having to visit every page on qlik.dev? Need to find out if you are
using the most current version of qlik-cli? Or maybe you want to know
what new APIs are available to you since the last time you visited?
The developer changelog on qlik.dev is the source for all of this and more!
