Changelog

Learn about new developer features and improvements.

For the Qlik Cloud feature changelog, visit What's new in Qlik Cloud.

Qlik is enhancing security and data protection for the Extensions API and Themes API. These APIs allow customization of experiences in Qlik Sense by adding custom visualization objects, colors, and styling.

Currently, any user in the tenant can download the full archive of an extension or theme from the following endpoints:

To improve security, only users with the TenantAdmin or AnalyticsAdmin roles will be allowed to download the full archive. This brings these endpoints in line with the permissions for import endpoints.

This change will take effect no sooner than 60 days from the date on this changelog, on, or after October 21, 2024.

Endpoints affected:

  • GET /v1/extensions/{id}/file
  • GET /v1/themes/{id}/file

The reloads API allows for triggering data refreshes in Qlik Sense applications in Qlik Cloud.

The query log default value is being changed from true to false. This will reduce response size for the majority of queries where the log attribute in the response is not required.

The query parameter log can have a true or false value that controls whether the log attribute is sent in the response. Today, the default value of this log parameter is true, when not specified - hence the log is returned by default.

To continue receiving this attribute after the notice period, you should specify log=true in your request.

This change will take effect no sooner than 30 days from the date on this changelog, on, or after September 19, 2024.

Endpoints affected:

  • GET /v1/reloads

The current response, when no log query parameter is included in the request, returns the log field.

{
    "data": [
            {
                "id": "65ad4a0df4bd1ffb55555a51",
                "appId": "349216c2-5555-5555-5555-5555379f68bb",
                "tenantId": "xqFQ0k66vSR555555-55555QkiYrCpct",
                "userId": "nEgFMHPnm6ye55555555PSKuCUDzEtFO",
                "type": "chronos",
                "status": "SUCCEEDED",
                "log": "ReloadID: 65ad4a0df4bd1ffb55555a51\nStarted loading data\n(A detailed script progress log can be downloaded when the reload is finished)\nreload-result-join-22-23 \u003c\u003c reload-result-join-22-23 446,756 Lines fetched\n\nApp saved\nFinished successfully\n",
                "partial": false,
                "creationTime": "2024-01-21T16:45:01Z",
                "startTime": "2024-01-21T16:45:02.766Z",
                "endTime": "2024-01-21T16:45:10.125Z",
                "engineTime": "2024-01-21T16:45:07.915Z",
                "links": {
                    "self": {
                        "href": "https://tenant.region.qlikcloud.com/api/v1/reloads/65ad4a0df4bd1ffb55555a51"
                    }
                }
            },
        ]
}

In future, if the query param log=true is not specified, or is false, the log attribute will be omitted from the response:

{
    "data": [
            {
                "id": "65ad4a0df4bd1ffb55555a51",
                "appId": "349216c2-5555-5555-5555-5555379f68bb",
                "tenantId": "xqFQ0k66vSR555555-55555QkiYrCpct",
                "userId": "nEgFMHPnm6ye55555555PSKuCUDzEtFO",
                "type": "chronos",
                "status": "SUCCEEDED",
                "partial": false,
                "creationTime": "2024-01-21T16:45:01Z",
                "startTime": "2024-01-21T16:45:02.766Z",
                "endTime": "2024-01-21T16:45:10.125Z",
                "engineTime": "2024-01-21T16:45:07.915Z",
                "links": {
                    "self": {
                        "href": "https://tenant.region.qlikcloud.com/api/v1/reloads/65ad4a0df4bd1ffb55555a51"
                    }
                }
            },
        ]
}

Add query parameter log=true to return the log attribute in the response, such as in /reloads?appId=349216c2-5555-5555-5555-5555379f68bb&log=true:

{
    "data": [
            {
                "id": "65ad4a0df4bd1ffb55555a51",
                "appId": "349216c2-5555-5555-5555-5555379f68bb",
                "tenantId": "xqFQ0k66vSR555555-55555QkiYrCpct",
                "userId": "nEgFMHPnm6ye55555555PSKuCUDzEtFO",
                "type": "chronos",
                "status": "SUCCEEDED",
                "log": "ReloadID: 65ad4a0df4bd1ffb55555a51\nStarted loading data\n(A detailed script progress log can be downloaded when the reload is finished)\nreload-result-join-22-23 \u003c\u003c reload-result-join-22-23 446,756 Lines fetched\n\nApp saved\nFinished successfully\n",
                "partial": false,
                "creationTime": "2024-01-21T16:45:01Z",
                "startTime": "2024-01-21T16:45:02.766Z",
                "endTime": "2024-01-21T16:45:10.125Z",
                "engineTime": "2024-01-21T16:45:07.915Z",
                "links": {
                    "self": {
                        "href": "https://tenant.region.qlikcloud.com/api/v1/reloads/65ad4a0df4bd1ffb55555a51"
                    }
                }
            },
        ]
}

For more information on this API, review the Reloads API specification.

The AI assistant component brings you the Qlik Answers experience in embedded format, with the following tag:

<qlik-embed
  ui="ai/assistant"
  assistant-id="<assistant-id>"
></qlik-embed>

Review the ai/assistant parameters, or learn more about the other UIs and params in qlik-embed.

The DCaaS API provides the ability to create analytics data connections in your Qlik Cloud tenant.

In response to customer feedback, the functionalities of DCaaS were merged into the data-connections and data-sources APIs in March 2024, as announced in this changelog.

This post serves as notice that DCaaS will be deprecated no sooner than 120 days from the date of this changelog, on or after November 23, 2024.

Migrating from POST /v1/dcaas/actions/data-connections

You must move from POST /v1/dcaas/actions/data-connections to POST /v1/data-connections.

To prevent breaking changes for current users of POST /v1/data-connections, some parameter names have changed to incorporate the capabilities from POST /v1/dcaas/actions/data-connections. Namely:

  • The parameter for passing the name of the connection is qName rather than connectionName.
  • The parameter for passing the ID of the space to create the connection in is space rather than spaceId.

With POST /v1/dcaas/actions/data-connections, you sent:

curl --location "https://your-tenant.us.qlikcloud.com/api/v1/dcaas/actions/data-connections" ^
--header "Content-Type: application/json" ^
--header "Authorization: <ACCESS_TOKEN>" ^
--data "{
    \"dataSourceId\": \"DG_mysql\",
    \"connectionName\": \"<CONNECTION_NAME>\",
    \"spaceId\": \"<SPACE_ID>\",
    \"connectionProperties\": {
        \"gatewayInstance\": \"<GATEWAY_ID>\",
        \"host\": \"<HOST>\",
        \"port\": \"3306\",
        \"database\": \"<DATABASE_NAME>\",
        \"username\": \"<USERNAME>\",
        \"password\": \"<PASSWORD>\"
    }
}"

With POST /v1/data-connections, you should send:

curl --location "https://your-tenant.us.qlikcloud.com/api/v1/data-connections" ^
--header "Content-Type: application/json" ^
--header "Authorization: <ACCESS_TOKEN>" ^
--data "{
    \"dataSourceId\": \"DG_mysql\",
    \"qName\": \"<CONNECTION_NAME>\",
    \"space\": \"<SPACE_ID>\",
    \"connectionProperties\": {
        \"gatewayInstance\": \"<GATEWAY_ID>\",
        \"host\": \"<HOST>\",
        \"port\": \"3306\",
        \"database\": \"<DATABASE_NAME>\",
        \"username\": \"<USERNAME>\",
        \"password\": \"<PASSWORD>\"
    }
}"

Migrating from GET /v1/dcaas/actions/data-connections/{connectionId}

You must move from GET /v1/dcaas/actions/data-connections/{connectionId} to GET /v1/data-connections/{qID}.

Changes:

  • The qName property is used instead of connectionName.
  • The space property is used instead of spaceId.
  • The qID property is used instead of connectionId.
  • The legacy response of the data-connections API will be returned along with the DCaaS style response.

You must pass the parameter parseConnection=true to return the DCaaS style response.

With GET /v1/dcaas/actions/data-connections/{connectionId}, you sent:

curl --location "https://your-tenant.us.qlikcloud.com/api/v1/dcaas/actions/data-connections/{connectionId}" ^
--header "Authorization: <ACCESS_TOKEN>" 

With GET /v1/data-connections/{qID}, you should send:

curl --location "https://your-tenant.us.qlikcloud.com/api/v1/data-connections/{qID}?parseConnection=true" ^
--header "Authorization: <ACCESS_TOKEN>" 

Migrating from GET /v1/dcaas/actions/data-connections/api-specs

You must move from GET /v1/dcaas/actions/data-connections/api-specs to GET /v1/data-sources/{dataSourceId}/api-specs.

With GET /v1/dcaas/actions/data-connections/api-specs, the dataSourceId was a query parameter, and you sent:

curl --location "https://your-tenant.us.qlikcloud.com/api/v1/dcaas/actions/data-connections/api-specs?dataSourceId={dataSourceId}" ^
--header "Authorization: Bearer <API-key>"

With GET /v1/data-sources/{dataSourceId}/api-specs, you pass the dataSourceId in the path, so you should send:

curl --location "https://your-tenant.us.qlikcloud.com/api/v1/data-sources/{dataSourceId}/api-specs" ^
--header "Authorization: Bearer <API-key>"

Consider reviewing the guides on how to create data connections.

Qlik is making changes to the recently updated Automation Connections API to improve developer experience on this API. The change is being made to the response from three endpoints, to return all attributes at the root object, rather than in the data object. No changes are being made to payloads or parameters.

This change will take effect no sooner than sixty days from the date on this changelog entry.

Endpoints affected:

Current response, with data returned in data object:

{
    "data": {
        "id": "bf96da21-b36f-40d0-ad36-3322e95d218f",
        "name": "Qlik Cloud Services",
        "spaceId": "",
        "ownerId": "645a73ad73599192614c03c3",
        "isConnected": true,
        "connectorId": "61a87510-c7a3-11ea-95da-0fb0c241e75c",
        "oauthAccountName": null,
        "redirect": null,
        "params": [],
        "createdAt": "2024-07-09T08:42:43.000000Z",
        "updatedAt": "2024-07-09T08:42:43.000000Z"
    }
}

From today through to the removal date in 60 days, the API will return both the new and old structures:

{
    "id": "bf96da21-b36f-40d0-ad36-3322e95d218f",
    "name": "Qlik Cloud Services",
    "spaceId": "",
    "ownerId": "645a73ad73599192614c03c3",
    "isConnected": true,
    "connectorId": "61a87510-c7a3-11ea-95da-0fb0c241e75c",
    "oauthAccountName": null,
    "redirect": null,
    "params": [],
    "createdAt": "2024-07-09T08:42:43.000000Z",
    "updatedAt": "2024-07-09T08:42:43.000000Z",
    "data": {
        "id": "bf96da21-b36f-40d0-ad36-3322e95d218f",
        "name": "Qlik Cloud Services",
        "spaceId": "",
        "ownerId": "645a73ad73599192614c03c3",
        "isConnected": true,
        "connectorId": "61a87510-c7a3-11ea-95da-0fb0c241e75c",
        "oauthAccountName": null,
        "redirect": null,
        "params": [],
        "createdAt": "2024-07-09T08:42:43.000000Z",
        "updatedAt": "2024-07-09T08:42:43.000000Z"
    }
}

After the removal date in 60 days, the API will return:

{
    "id": "bf96da21-b36f-40d0-ad36-3322e95d218f",
    "name": "Qlik Cloud Services",
    "spaceId": "",
    "ownerId": "645a73ad73599192614c03c3",
    "isConnected": true,
    "connectorId": "61a87510-c7a3-11ea-95da-0fb0c241e75c",
    "oauthAccountName": null,
    "redirect": null,
    "params": [],
    "createdAt": "2024-07-09T08:42:43.000000Z",
    "updatedAt": "2024-07-09T08:42:43.000000Z"
}

Review the Automation Connections API specification for more information about this API.

Qlik has added the com.qlik.v1.analytics.analytics-app-client.sheet-view.opened event to the audit service in Qlik Cloud. This event is triggered whenever a sheet is displayed in Qlik Sense, allowing for detailed analysis of how many times a sheet in an app has been viewed and by which user.

The audit entry structure is as follows:


{
  "id": "auditEntryId",
  "data": {
    "appId": "appId",
    "sheetId": "sheetId",
    "sheetState": "analysis|edit|simpleEdit"
  },
  "eventId": "eventId",
  "eventTime": "2024-05-01T01:13:16.000Z",
  "eventType": "com.qlik.v1.analytics.analytics-app-client.sheet-view.opened",
  "source": "com.qlik/analytics",
  "tenantId": "tenantId",
  "userId": "userId"
}

A view will be recorded each time the sheet is navigated to by users accessing via the Qlik Sense client, via iFrame, or via the classic/app interface with qlik-embed. Events are not generated for any other embedding approaches. Actions such as toggling between edit and view mode without changing sheet will not register as additional views of the sheet.

The value of sheetState details the consumption mode active when the user opened the sheet:

This event is available via the Audits API and can also be viewed in the Events section of the Management Console.

charts on the fly

qlik-embed 1.2.0 adds the popular charts on the fly feature to the analytics/chart ui. This allows you to generate charts from data in a Qlik Sense app, without the chart existing in the app. You pass a definition, and the chart is created as requested by your web app.

Here’s an example using qlik-embed web components:

<qlik-embed
  id="visualization"
  ui="analytics/chart"
  app-id="<appid>"
  type="barchart"
  dimensions='["Dimension1"]'
  measures='["Measure1", "=Sum(Expression2)", "=Avg(Expression2)"]'
  properties='{ orientation: "horizontal", barGrouping: { grouping: "stacked" } }'
></qlik-embed>

Note: charts on the fly works only with charts available in the analytics/chart ui in qlik-embed. Please consult the chart compatibility table for a list of compatible charts. Use the Viz on the fly ID for the type property.

Update for using context property

Previously an html attribute to the <qlik-embed /> tag could include :json or :number to indicate which type the string in the attribute should be parsed to. In some environments the : is not allowed as a html parameter so it is now possible to also use ___ (triple underscore) as a delimiter.

This means you can now set context like this: <qlik-embed context___json='{ theme: "Breeze" }' ... /> and it will be parsed as json.

Qlik is removing the com.qlik.user-identity.impersonation event from the audits service in Qlik Cloud. Events of this type will no longer appear in the Events panel in your tenant’s management console and responses from the audits API will no longer include this event.

This change is a result of analysis which found the event added little customer value, with a better solution being to add the actor attribute to service events to indicate when a user was impersonated. This reduces audit complexity for customers, as well as the volume of events a customer needs to process to determine the actions their users are generating in the platform.

Note: The com.qlik.user-identity.impersonation is not deprecated, it is simply being removed from a service that aggregates and surfaces events for external consumption.

This change will take effect no sooner than sixty days from the date on this changelog entry.

qlik-embed web components script src attribute changes

A change to the latest release of qlik-embed web components requires references to the index.min.js file be specified for the library to run.

If you are using qlik-embed web components it is recommended you update the src property of the script element declaring the full path to the library.

Update the attribute to include /dist/index.min.js in the path. Here is an example of the new path for the src attribute: src="https://cdn.jsdelivr.net/npm/@qlik/embed-web-components@1/dist/index.min.js".

Note: If you do not want to use the latest version of qlik-embed web components, it is possible to set the version in the path.

Here is an example of the src attribute referencing a pinned version of qlik-embed web components: src="https://cdn.jsdelivr.net/npm/@qlik/embed-web-components@1.1.1/dist/index.min.js".

qlik-embed oauth callback page src attribute changes

Update the oauth-callback page used to handle connectivity between qlik-embed web components and your Qlik Cloud tenant. Set the src attribute to use oauth-callback.min.js.

The resulting src attribute should look something like this: src="https://cdn.jsdelivr.net/npm/@qlik/embed-web-components@1/dist/oauth-callback.min.js".

You can learn more about qlik-embed on the Why qlik-embed page.

Introducing classic/chart

classic/chart is a new UI for qlik-embed. classic/chart renders visualizations that have not been converted to nebula.js or use the classic extension API.

Using classic/chart

Like other UIs available through qlik-embed, when you want to use classic/chart in an embedded analytics context, set the ui property to classic/chart. If you use qlik-embed web-components it will look something like this:

<qlik-embed
    ui="classic/chart"
    app-id="<appId>"
    object-id="<objectId>"
></qlik-embed>

classic/chart compatibility

classic/chart will render supported visualizations from Qlik Sense applications. For a full support matrix, refer to the supported charts page.

Third-party extensions

Third-party extensions may not render properly within embedded contexts compared to the native Qlik Sense experience if the extension manipulates private code such as CSS. Manipulating CSS in the native experience is not supported by Qlik, therefore, it’s not supported in qlik-embed.

Additionally, for best compatibility, it is suggested to enable iframe mode when working with extensions:

<qlik-embed
    ui="classic/chart"
    app-id="<appId>"
    object-id="<objectId>"
    iframe="true"
></qlik-embed>

To learn more about third-party extension compatibility with qlik-embed, please contact the extension author.

Limitations

classic/chart does not support the following features:

  • Right-click context menu
  • Export data

You can learn more about qlik-embed on the Why qlik-embed page, or review the classic/chart example.

When you embed Qlik Cloud into your web applications, you likely require an authentication strategy that mitigates the blocking of third-party cookies by browsers.

Qlik is introducing support for OAuth impersonation tokens, which can be generated using a confidential OAuth machine-to-machine client for users in your Qlik Cloud tenant. Impersonation tokens are ideal for scenarios where:

  • The identity provider for your web application does not match the one configured for your Qlik Cloud tenant.
  • You wish to handle authentication on your backend.
  • You wish to avoid client-side redirects in the browser.

If you intend to implement a client-side (front-end) authentication strategy or if your web application does not have a back-end component, you should leverage OAuth SPA for your application.

Considerations if moving from JWT

This capability provides a comparable experience to using JWT to authenticate from a web application to Qlik Cloud, with the benefit of not being blocked by third-party cookie restrictions.

The key difference is that OAuth impersonation requires that users already exist in the tenant and uses pre-existing user group mappings, rather than supporting update of groups on the fly during token requests. This means that:

  • Users must exist in the tenant prior to requesting an impersonation token. You can accomplish this with qlik-api as part of the login flow.
  • You cannot update user-to-group mappings when requesting the impersonation token. If you wish to leverage groups for your security model, you should first impersonate a user login on the backend using JWT to associate the required groups with your user.

Learn more about OAuth impersonation

To discover more:

The admin.apps scope has additional permissions granting OAuth tokens with this scope applied non-interactive access to the personal and private resources end users in tenants can create and curate.

This update helps administrators address several management use cases involving resources in personal spaces and unpublished content in Qlik Sense applications.

Situations where this new ability is helpful include:

  • Access orphaned resources and content when users are removed from the tenant.
  • Change ownership from one user’s personal space to another.
  • Programmatically publish content in Qlik Sense applications located in shared or managed spaces.
  • Extract private content from Qlik Sense applications in managed spaces for app lifecycle management, such as promoting content to base-level.
  • Backup and version control resource metadata, such as Qlik Sense applications, automations, data pipeline definitions, and more.
  • Migrating resources and content from client-managed Qlik Sense to Qlik Cloud Analytics, or between Qlik Cloud tenants.

You can use this capability with qlik-cli, qlik-api, or calling tenant REST apis directly. This capability is not available in Qlik Cloud graphical user interfaces.

To learn more about how to configure and use this capability, please see the tutorial on managing personal and private content.

@qlik/api is a collection of javascript modules which each exposes an api built to make the integration process for javascript solutions as easy as possible. The library is built for both browser and NodeJS usage and will seamlessly integrate with qlik-embed libraries.

@qlik/api provides Qlik Cloud REST endpoints and access to the Qlik Analytics Engine (QIX).

REST

@qlik/api REST interfaces are generated from open-api specifications released from those Qlik Cloud services that exposes a restful API. The code generation tool runs using the specs, building typescript for all api calls documented in the specification. One module per api is generated.

You can learn more about the available modules in the REST section of the typescript types repository on Qlik Open Source.

QIX

Qlik’s Analytics Engine Service (QIX) is the runtime service for Qlik Sense applications and several analytics services in Qlik Cloud. @qlik/api offers a fully typed api for connecting to and consuming Qlik Sense Applications including “Qlik Sense mixins” which previously only was used internally by in-house Qlik developers.

More info about QIX can be found in the qix section.

Learn more about @qlik/api in the toolkits section.

This changelog provides 60 days’ deprecation notice of the Typescript version of the Platform SDK. The library is being replaced with the Qlik API.

The Qlik API offers the same capabilities and access to Qlik Cloud REST APIs and the Analytics engine, with the addition of officially supported Typescript types.

Switching from the Platform SDK to the Qlik API is straightforward, requiring only a few modifications to your code. The major change is in handling authentication when connecting to your Qlik Cloud tenant.

Authentication with @qlik/api:


//Backend applications
import { auth } from "@qlik/api";
auth.setDefaultHostConfig({
    authType: "oauth2",
    host: "<hostname>.<region>.qlikcloud.com",
    clientId: "<OAuth2_Client_ID>",
    clientSecret: "<OAuth2_Client_Secret>",    
  });

Authentication with Typescript Platform SDK:

const Qlik = require('@qlik/sdk').default;
const { AuthType } = require("@qlik/sdk");

const config =  {
  authType: AuthType.OAuth2,
  host: "<hostname>.<region>.qlikcloud.com",
  clientId: "<OAuth2_Client_ID>",
  clientSecret: "<OAuth2_Client_Secret>",
};

(async () => {
  const qlik = new Qlik(config);
  await qlik.auth.authorize();
})();

For more information about @qlik/api, refer to the release changelog for @qlik/api or visit the toolkit page at qlik-api.

Qlik is announcing a change in behavior for the Roles API. This API currently returns a list of all available roles on the tenant, and a change is being made to who can access this API.

As of April 9, 2024, only users assigned the Tenant Admin role will be able to access the roles API. All other users will be denied access with a http 403 error.

How to access role information for non-Tenant Admin users

Today, any user can retrieve role records as shown below. Once the change is made, any user without the TenantAdmin role will receive a http 403 forbidden response.

curl "https://<TENANT>/api/v1/roles" \
 -H "Authorization: Bearer <ACCESS_TOKEN>"
# Http 200 - Ok
{
    "data": [
        {
            "id": "<ROLE_ID>",
            "tenantId": "<TENANT_ID>",
            "name": "<ROLE_NAME>",
        },
        ...
    ],
    "links": {
        "self": {
          "href": "https://<TENANT>/api/v1/roles"
        }
    }
}

Although users without the Tenant Admin role will not be able to return all roles in the tenant, they remain able to list the roles that they are assigned either directly, or via group membership. They can do this via the /api/v1/users/me endpoint.

curl "https://<TENANT>/api/v1/users/me?fields=assignedGroups,assignedRoles" \
 -H "Authorization: Bearer <ACCESS_TOKEN>"
# Http 200 - Ok
{
  "id": "<USER_ID>",
  "assignedRoles": [
      {
        "id": "<ROLE_ID>",
        "name": "<ROLE_NAME>",
        "type": "default",
        "level": "user"
      },
      ...
  ],
  "assignedGroups": [
    {
      "id": "<GROUP_ID>",
      "name": "<GROUP_NAME>",
      "assignedRoles": [
        {
          "id": "<ROLE_ID>",
          "name": "<ROLE_NAME>",
          "type": "default",
          "level": "user"
        },
        ...
      ]
    },
    ...
  ],
  "links": {
      "self": {
        "href": "https://<TENANT>/api/v1/users/me?fields=assignedGroups,assignedRoles"
      }
  }
}

Qlik is announcing a 30-day deprecation window for an unpublished endpoint on the Groups API.

No sooner than 30 days from the date of this notice, GET /api/v1/groups/user-claims/:userID will be removed from the Groups API.

To migrate to a published endpoint, use GET /api/v1/users/:id.

curl "https://<TENANT>/api/v1/users/<USER_ID>?fields=groups" \
 -H "Authorization: Bearer <ACCESS_TOKEN>"
# Http 200 - Ok
{
  "id": "<USER_ID>",
  "groups": [
    "accounting",
    "developer"
  ]
}

This changelog provides 30 days’ notice of the deprecation and removal of two attributes in the POST /v1/sharing-tasks endpoint. This endpoint is used to create new sharing tasks. Other methods are not affected.

Previously, the attributes allowed you to provide a different name for an asset than the system name. With the upcoming changes, the service will no longer apply user-provided values, instead, it will use the system name of the asset.

The attributes are:

  • root>appName - the name of the source Qlik Sense application
  • root>excelData>name - the name of the report template used to generate output

No changes are needed to your code, as the API will continue to accept payloads with these attributes, but it will ignore any provided values.

Changes will be made no fewer than 30 days from the date of this notice.

For more information on Qlik’s API policies, please refer to the API policy page.

For more information on this API, please review the Sharing tasks API specification.

This changelog provides 60 days notice of deprecation and removal of the /v1/automations/settings endpoints.

These endpoints turn on and off Qlik Application Automation on a tenant, and this capability was superceeded by the addition in July 2023 of a new role, Automation Creator. This new role provides much greater flexibility in who can use automations, including at tenant, group, and user level.

For more information on Qlik’s API policies, please refer to the API policy page.

Migrating to use the automation creator role

To provide all users in the tenant with access to create and run automations, you must add the AutomationCreator role to the Everyone group.

Assuming the Everyone group already had the PrivateAnalyticsContentCreator role assigned, you would send a request to replace the assignedRoles with the new list of PrivateAnalyticsContentCreator and AutomationCreator:

curl -L -X PATCH "https://<TENANT>/api/v1/groups/000000000000000000000001" ^
-H "Authorization: Bearer <ACCESS_TOKEN>" ^
-H "Content-type: application/json" ^
-H "Accept: application/json" ^
-d "[{\"op\": \"replace\", \"path\": \"/assignedRoles\", \"value\": [{\"name\": \"PrivateAnalyticsContentCreator\"}, {\"name\": \"SharedSpaceCreator\"}]}]"

If successful, an empty response with an http 204 code is returned.

In a similar way, you can also assign access to groups from your Identity Provider, or to individual users.

For more information, please review the configure application automation topic.

Say hello to the new Example section on qlik.dev. This new section provides you with quick access to commonly used code snippets and scripts you can adapt and integrate into your projects.

Every example in this section will have a card providing a brief description and the language or tool you can use with it.

There are a lot of examples to share with you, and they’re being added to the gallery frequently, so make sure to subscribe to the changelog using the RSS link at the top of the page so you can stay up to date.

If you experience an issue with a snippet, please open an issue at the Qlik Cloud examples repository on Qlik’s open source Github. Include a link to the example, the problem, and if you have one, your proposed solution.

You can peruse the examples section here.

This changelog provides 60 days notice of deprecation and removal of some undocumented attributes from the response of the /v1/licenses/assignments endpoint.

Qlik is making changes to ensure removal of user names and other identifiable information from APIs where the data is available via other, more appropriate APIs.

For more information on Qlik’s API policies, please refer to the API policy page.

Deprecation of response attributes

The attributes name and userId will be removed from the response from the /v1/licenses/assignments endpoint. These are optional, undocumented attributes that can be set when assigning a license. It will still be possible to use these attributes in the API filter.

Note: The endpoint will continue to return the user’s subject as their primary identifier. Qlik recommends not using personally identifiable information (PII) in the subject attribute in Qlik Cloud. A good practice is to use system generated GUIDs to uniquely identify users.

When set on a license assignment, the response currently looks like:

{
    "subject": "QLIKBOT\\f0e92f326ac77427df155940fec39e6b",
    "type": "professional",
    "userId": "637390ec6541614d3a88d6c1",
    "name": "EU OAuth Client",
    "excess": false,
    "created": "2023-06-29T12:24:34.639Z"
}

After deprecation, the endpoint will return:

{
    "subject": "QLIKBOT\\f0e92f326ac77427df155940fec39e6b",
    "type": "professional",
    "excess": false,
    "created": "2023-06-29T12:24:34.639Z"
}

If you need to look up the userId and name, you can retrieve these using the list users endpoint.

curl --get --location 'https://<tenant>.<region>.qlikcloud.com/api/v1/users' ^
--header 'Authorization: Bearer <token>' ^
--header 'Content-type: application/json' ^
--header 'Accept: application/json' ^
--data-urlencode 'filter=subject eq "QLIKBOT\\f0e92f326ac77427df155940fec39e6b"'

This will return the full user information for the user with that subject, including the most current name and userId (returned as id) attributes.

{
   "data":[
      {
         "id":"637390ec6541614d3a88d6c2",
         "tenantId":"BL4tTJ4S7xrHTcq0zQxQrJ5qB1_Q6cSo",
         "clientId":"f0e92f326ac77427df155940fec39e6b",
         "status":"active",
         "subject":"qlikbot\\f0e92f326ac77427df155940fec39e6a",
         "name":"EU OAuth Client",
         ...

For more information on the license assignment endpoint, please review the v1/licenses/assignments specification.

OAuth 2.0 Authorization

OAuth is a standard security protocol for authorization and delegation. It allows third party applications to access API resources without disclosing the end-user credentials.

Qlik Cloud supports OAuth 2.0 Authorization Code and Client Credentials flows. The OAuth client can obtain an authorization code or send client credentials header to exchange it with an access token that can be used to access Qlik Cloud APIs.

Alongside this delivery you will also get OAuth support for tools and libraries.

Full tutorial OAuth single page applications with nebula.js can be found here

Beginning November 1, 2022, Qlik is enforcing rate limits to API requests on Qlik Cloud REST APIs. This means any API request originating to a REST API endpoint on Qlik Cloud is subject to rejection if the number of requests to an endpoint exceeds the allowed amount in a specified duration on that endpoint.

NOTE: Read on to learn more about how you may be impacted by API rate limits.

Learn more about API rate limiting at these resources:

Subscribe to receive update notifications

The qlik.dev changelog has an rss feed you can subscribe to by adding the URL https://qlik.dev/rss.xml to your preferred feed reader. Now updates from qlik.dev come to you in your inbox or wherever you consume syndicated content.

Are you looking for a way to consume the latest API updates in the Qlikosphere? Wondering what new tutorials have been added without having to visit every page on qlik.dev? Need to find out if you are using the most current version of qlik-cli? Or maybe you want to know what new APIs are available to you since the last time you visited?

The developer changelog on qlik.dev is the source for all of this and more!

Check out the blog to learn more.