Altostrat logo
Dashboard
Change Log

Weekly Changelog: New SSH & SMTP Actions, CHAP Support, and Major API Upgrades

This week's update introduces powerful new SSH and SMTP workflow actions, adds CHAP authentication support, and delivers major API and security enhancements.

-

✨ New Features

  • New Workflow Actions: SSH & SMTP: Automate even more of your operations! We've introduced two powerful new nodes for your workflows:
    • SSH Action: Securely connect to remote servers to execute shell commands directly from a workflow. It supports both private key and password authentication using secrets from your Vault.
    • SMTP Action: Send emails through any standard SMTP server. Customize your messages with dynamic content, attachments, and custom headers.
  • CHAP Authentication Support: Our authentication service now supports the Challenge-Handshake Authentication Protocol (CHAP), providing broader compatibility with a wider range of network devices and clients.
  • Comprehensive Access Auditing: For better security and oversight, we now record which user creates a Transient Access session. This information is available in the session details via the API.
  • New Reseller Data API: A new API endpoint is now available to provide a paginated list of official device resellers, complete with location, contact details, and filtering by country.
  • Advanced Developer Protocol & Discovery: We've rolled out a new, powerful protocol endpoint for programmatic interaction with tools, prompts, and resources. To simplify integration, we've also added standard OAuth 2.0 and health check discovery endpoints.

🚀 Enhancements

  • API & Developer Experience: We've made several improvements to make our APIs more robust and easier to use:
    • CORS Support: Web applications can now directly interact with our APIs from different domains, enabling richer browser-based integrations.
    • Improved Authentication & Error Handling: API error messages for authentication and actions like SMTP are now more descriptive and actionable. We've also standardized 401 Unauthorized responses to help clients diagnose issues faster.
    • Pagination for Large Datasets: Key API endpoints that list items like tools, prompts, and resources now support cursor-based pagination for more efficient data retrieval.
    • Helpful API Counts: API responses for users and groups now include counts of their memberships, providing a quick at-a-glance overview.
  • Increased Notification Group Capacity: You can now associate up to 800 sites with a single notification group, a 4x increase from the previous limit of 200.
  • Full History for Transient Access: The API for listing Transient Access sessions now includes expired sessions, giving you a complete historical record of all temporary access.
  • Improved Data Integrity & Reliability:
    • Group management operations are now fully atomic, preventing race conditions and ensuring data consistency.
    • The crawling process for reseller and product data is now automated and more reliable, ensuring the information you access is always current.
    • We added a security check to ensure users can only authenticate through network devices belonging to their own organization.
  • Enhanced System Monitoring: A new system event is now published when a site is deleted, improving integration with external monitoring and notification tools.

🛠️ Bug Fixes

  • Reliable User & Group Management: We resolved a critical data integrity issue by switching to stable, immutable IDs for all user and group associations.
  • Improved Membership Listings: Fixed performance issues that could cause slow or incomplete results when listing group members or a user's group memberships.
  • Comprehensive User Deletion: A bug was fixed where deleting a user did not always remove all their associated data (like group memberships). Deletions are now fully comprehensive.
  • URL & Image Processing: Corrected an issue where malformed URLs could prevent product images and reseller logos from being processed correctly.
  • Corrected OAuth Configuration: Fixed an issue where an incorrect URL was returned by our OAuth discovery endpoint, improving standards compliance for API clients.