Published Release Notes

Access REST services and APIs by using OAuth 2.0

You can now allow external client applications to access REST services on your behalf by using the OAuth 2.0 protocol client credentials grant. The Pega 7 Platform acts as an OAuth 2.0 provider to grant trusted applications access to functions in Pega 7 Platform applications. Additionally, you can provide access to the Pega API by using OAuth 2.0.

Experimental high-speed data page support

An experimental implementation of high-speed, read-only data pages is available. This implementation is useful when data pages are used to hold static data that is used repeatedly. You can enable this feature for a specific read-only data page from the Load Management tab of the data page rule form by clicking Enable high-performance read-only data page. This feature does not support full clipboard page functionality; use with caution.

The following functionality is supported:

• Basic page and property access (read and write properties) for all normal data types
• Hierarchical data page structure (pages within pages)
• Dictionary validation mode
• Read-only data pages

The following functionality is not supported:

• Declarative rules
• Page messages
• Complex property references
• Saving pages to a database
• API access to the data page

Pega Connect-CMIS support for NTLM authentication

Support is now available for using Connect-CMIS rules and NTLMv1 authentication with enterprise content management (ECM) systems such as Microsoft Sharepoint. This capability is provided by the underlying Apache Chemistry OpenCMIS libraries that impose the following restrictions:

• Only a single NTLM-enabled CMIS connector can be used per node (JVM).
• Only Basic Authentication and NTLMv1 are supported as authentication methods with Connect-CMIS.

Automatically generate OpenAPI Specification documentation for application REST APIs

You can now access a clear, standard view of all the REST APIs in your application by using autogenerated OpenAPI Specification (OAS) documentation. In App Studio, you can view the OAS documentation generated for application-specific REST APIs by using the new Application tab in the API channel. Additionally, service package rules now include an OpenAPI tab where you can view the automatically generated OAS documentation for all the REST services included in the service package. With these enhancements, you can easily find, visualize, and test the REST APIs in your application.

For more information, see Generating OpenAPI Specification documentation for application-specific REST APIs.

Information Mashup section for OAuth 2.0 provider authorization

You can now add an Information Mashup (pxInformationMashup) section to a layout, a region, another section, or a cell in a layout to delegate access to OAuth 2.0-protected resources. Configure the section with an OAuth 2.0 authentication profile, mashup section, and authorization section to connect to an external application at run time. For example, users can log on to Facebook from the Pega 7 Platform by using this section and access photographs in their Facebook account.

For more information, see Access protected API resources by using OAuth 2.0.

Authorization code grant for OAuth 2.0 providers

You can now connect to OAuth 2.0-protected APIs by selecting the authorization code grant type on the OAuth 2.0 Provider rule form. Enter the authorization code, access token, and revoke token endpoints as indicated by your OAuth 2.0 provider, for example, Box or Facebook.

For more information, see Access protected API resources by using OAuth 2.0.

Updates to the Authentication Profile rule form

You can now create OAuth 2.0 authentication profiles by using the enhanced rule form. For this profile type, you can select an OAuth 2.0 Provider data instance, a grant type, and the client information that you obtained from your OAuth 2.0 provider, such as Box or Facebook. You can also revoke issued access tokens on this rule form.

For more information, see Access protected API resources by using OAuth 2.0.

REST APIs for VTable cache management and quiesce operations

You can access, control, and manage in-memory VTable in cache for a specific rule class and instance name by using new Nodes REST APIs. You can reassemble and reload rules across the cluster and obtain cache entries for a specific node in the cluster. You can also start and cancel the quiesce process on any node in the cluster by using either immediate drain or slow drain.

For more information, see Pega API for Pega Platform 7.4 and Pega API.

Elasticsearch reports support string comparison operators

To improve performance, reports that use string comparison operators in filters can now run queries against Elasticsearch instead of querying the database. The following operators are now supported for Elasticsearch queries.

• Starts with, Ends with, Does not start with, and Does not end with
• Contains and Does not contain
• Greater than, Less than, Greater than or equal, and Less than or equal

In cases where a query cannot be run against Elasticsearch, the query is run against the database, for example, if the query includes a join. To determine if a query was run against Elasticsearch, use the Tracer and enable the Query resolution event type. For more information, see Tracer event types to trace.

Connect to external REST APIs by using OAuth 2.0

You can now connect to external REST services that are provided by web applications, such as Twitter and Facebook, by using the OAuth 2.0 protocol client credentials grant. Your Pega 7 Platform application acts as an OAuth 2.0 client to access protected API resources. For example, you can connect to Twitter by using OAuth 2.0 to obtain a collection of tweets that match a specific query.

For more information, see Accessing protected API resources by using OAuth 2.0.