Support for application-specific REST API calls
Valid from Pega Version 8.5
You can now call an authenticated REST API in the context of any application that is listed on an operator record by using the application alias URL. With the application alias URL, you can also develop REST services without changing the access group in the service package. REST services run in the context of the access group that points to the provided application, instead of the access group that is specified in the service package.
For more information, see Invoking a REST service rule.
Automatic separation of date input
Valid from Pega Version 8.5
Date fields in Date Time controls now automatically divide strings of input into days, months, and years. In single fields, the system adds slashes (/) as the user types the value. For example, an input string of 10102020 becomes 10/10/2020. In separate day/month/year fields, the system automatically switches from one field to the next as the user types the value. This enhancement improves the user experience by helping to users provide input in a more convenient and time-efficient manner.
For more information, see Configuring a Date Time control.
Improvements to OAuth 2.0 Services with Token Introspection Service and Token Denylist Service
Valid from Pega Version 8.5
Increase the security of user sessions by using the newly supported Token Introspection and Denylist services for OAuth 2.0.
Token Introspection service
Use the Token Introspection service to validate JSON Web Tokens (JWT). The Token Introspection service requires authentication.
Pega now uses OAuth 2.0 access tokens called Authorized Access Tokens (AAT).
Token Introspection service endpoint
The Token Introspection service endpoint provides the information about the status of access token and refresh token. Token introspection can be used to validate if a given token is still active or inactive. The token introspection endpoint determines whether the token is valid. The status indicates whether an access token or refresh token is valid or invalid:
- Valid tokens have the
“active”:true
status - Invalid tokens have the
“active” :false
status.
The inactive status can also be due to revocation.
Token Denylist service
You can add tokens to the deny list in cases where suspicious activity might have occurred. The Token Denylist service provides a method for denying user access to the application by revoking the user's access token. This service can prevent a token from being used more than the specified number of times, which can be helpful in preventing replay attacks. Stolen tokens should be revoked using this service. A GET API is also available to get the list of denied tokens.
Keys endpoint
Pega Platform™ is changing from using opaque tokens to JSON Web (JWT) tokens. If this JWT is used by any other system, the public key is needed for signature verification. A new endpoint is exposed to provide these public keys in JWK format: https://host:port/prweb/api/oauth2/v1/token/keys.
For more information, see OAuth 2.0 Management Services.
Improved identification and handling of code assembly errors
Valid from Pega Version 8.5
Code assembly error logs are now more meaningful and help you identify root causes with better accuracy. Pega Platform™ now also invalidates erroneous assembly to facilitate successful reassembly when the code is accessed again. For example, if a section is not correctly assembled when a user first signs in to the system, the application attempts to reassemble that section the next time a user signs in. In this way, you can avoid lingering issues and improve stability.
PRServlet not required in PRPC URLs
Valid from Pega Version 7.1.6
PRServlet is no longer required in a URL when accessing PRPC. A URL typically written like this:
http://example.com/prweb/PRServlet?[QueryString]
Can instead be written like this:
http://example.com/prweb/?[QueryString]
Enhanced tables in Cosmos React UI
Valid from Pega Version 8.5
The Pega Platform™ Cosmos React UI environment now includes improved tables. The updated tables use a revamped graphic design and support a number of new run-time behaviors, including column freezing and advanced filtering. The added features improve the user experience by giving case workers more control over data in tables, while the revised architecture enhances efficiency and reliability.
Response timeout configuration for predictions
Valid from Pega Version 8.5
You can now set a response timeout for your predictions in Prediction Studio. By setting a response timeout, you control how Prediction Studio registers customer responses that later serve as feedback data for your predictions.
For more information, see Customizing predictions.
Custom shortcuts for mobile apps
Valid from Pega Version 7.1.6
When using a mobile web browser to access your mobile app, you can create a shortcut to a specific URL by selecting "add to home screen" from your web browser's menu when on the page. The shortcut icon displays showing the Pega 7 mobile app icon by default, but the icon can be customized in Designer Studio. When you tap the icon, the mobile device's default web browser opens directly to the saved URL.
See Using the Pega 7 mobile app.
Restructured Process & Rules landing pages
Valid from Pega Version 7.1.6
The Designer Studio > Process & Rules > Tools landing page menu has been restructured for better navigation and access:
- The Find Rules by Custom Field wizard now launches as a tab in Designer Studio.
- A new Find Rules menu item consolidates previous wizards. It launches a single landing page with different search criteria options:
Convert cases to case types using the Configure for Reuse feature
Valid from Pega Version 7.1.6
An operator can use the Configure for Reuse feature available on the ad hoc dashboard and on the ad hoc user forms to convert an ad hoc case into a case type that can be reused throughout the organization.
An operator must belong to an access group references the standard pyPega-ProcessEngine:CaseDesigner role, which contains the privilege pyCaseInstitutionalize.