Released: August 2020
Configure JWT token expiry
Account Management now reads a new
AM_AUTH_JWT_EXPIRY_MINUTES environment variable that allows the expiry on generated JWT tokens to be overridden. If the environment variable is not specified, the default is 60 minutes.
Released: May 28, 2020
The external-id field on an account is now guaranteed to be a unique value for all accounts. It is also now possible to lookup an account using the external-id value, using the new lookup form.
When the database upgrade scripts run for the first time after upgrading to
2.4.3, the scripts first ensure that all of the accounts have a unique
external-id value. If duplicate accounts are found, one will be left alone and the others will have the account
GUID appended to the value to make it unique. The
external-id field will then have a unique constraint added in the database.
Released: February 26, 2020
Added support for token response validation according to the OpenID connect guidelines.
- Resolved the issue with store code that is added in Commerce Manager, but cannot be added in the Account Management service if the code is not alphanumeric.
- Resolved an issue with revoking static API access key token. You can no longer revoke the static API access key token in the Account Management service.
Released: February 10, 2020
- The roles claim from the identity provider can now be a string value or a JSON list.
- With the new logging options, you can now view the HTTP messages between the Account Management service and the identity provider when debugging.
- The JWT public key variable is removed from the Account Management API. The format of the private key is now validated when you start the Account Management service.
When you start the Account Management service, the log does not display the access token.
Released: January 23, 2020
Added event messaging capability
The Account Management API sends JMS (Java Messaging System) events when you create, update, or delete certain resources. With this capability, you can now integrate the Account Management service with other systems. For more information, see the Events API section.
Static API access key authentication
The Account Management API now supports authentication through a static API access key. You can now integrate other systems, such as a Customer Relationship Management (CRM) or Enterprise Resource Planning (ERP) to communicate with the Account Management API.
Cross-Origin Resource Sharing (CORS) Support
Account Management API now natively supports Cross-Origin Resource Sharing (CORS). As a result, the Account Management user interface no longer uses a proxy and the browser communicating directly with the API. If the
ADMIN_API_URL parameter is set to an internal only value for the Account Management user interface, it must be changed to a value that the browser can access.