Pure's logos
Pure Help Center for Pure Administrators

If you are a researcher, or other non-admin at your institution, click here.

  • Home
  • Announcements
  • Release Notes
  • Training
  • Events
  • Support
  • Contact Us
  • Home
  • Release Notes
  • 5.20
  • 5.20.2

How Can We Help?

Search Results

Filter By Category

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Contact us

5.20.25.20.2

Hosted customers:

  • Staging environments (including hosted Pure Portal) will be updated 7th of April 2021 (APAC + Europe) and 8th of April 2021 (North / South America)
  • Production environments (including hosted Pure Portal) will be updated 7th of April 2021 (APAC + Europe) and 8th of April 2021 (North / South America)
 

Users of the new Pure API key is highly recommended to update to this release, to avoid exposing API keys in history and comments

 

New Pure API keys no longer exposed in history and comments

Operations performed with the new Pure API are audit logged using the API key. It has come to our attention that this results in an unforeseen side effect: the API key is shown in the history and comments section for content modified through the API. Users who are able to view the comment section could copy the key and use it to modify content in Pure through the API.
As the content supported in the new Pure API is available to a small set of user roles in Pure, we hope the impact has been limited.

Click here for more details...

History and comments view
Starting with the 5.20.2 release, the API key will no longer be shown in the history and comments section.
Instead, the history will list the username (1) of the user associated with the API key.

Previously
Now

The audit log will still use the API key. However, this is not an immediate security risk as access to the audit log is restricted to the administrators who see the API keys.
In a future release we will also update this logic and remove API key information from the audit log. More details will follow once the update is implemented.

API keys: lock/delete existing keys and add new ones 

If you set up API keys prior to 5.20.2, it is highly recommended that you either lock or delete them so they can no longer be used. Calls to the API with an API key which has been locked will fail.
You can edit the API key(s) in Administrator > Pure API > User API Access. The editor window shows the user (1) and allows to lock the key for them (2).

Once you have installed the 5.20.2 update, we recommend creating new API keys to replace the old ones, and either deleting the old ones, or keeping them locked for tracking purposes. In either case, you should communicate the change to those you have shared the API key with so that they can update their application(s).

If an API key has only been used to read data, there is no need to lock it as it will not be exposed anywhere.

Note: This information has been shared directly with the clients who we know are actively using the Pure API in production.

 
 

Updated at July 27, 2024

Download
Table of Contents
  1. New Pure API keys no longer exposed in history and comments
Related Articles
  • 5.20.2 Upgrade Notes
Keywords
  • release info
  • pure version
  • 5.20.2
  • 5.20
  • 5.20.2 release notes

Was this article helpful?

Yes
No
Give feedback about this article

    About Pure

  • Announcements

    Additional Support

  • Events
  • Client Community
  • Training

    Need Help?

  • Contact Us
  • Submit a Support Case
  • My Cases
  • Linkedin
  • Twitter
  • Facebook
  • Youtube
Elsevier logo Relx logo

Copyright © 2024 Elsevier, except certain content provided by third parties.

  • Terms & Conditions Terms & Conditions
  • Privacy policyPrivacy policy
  • AccesibilityAccesibility
  • Cookie SettingsCookie Settings

Knowledge Base Software powered by Helpjuice

Expand