Is v3 of the ShareFile API going to last beyond 10/31/19?

  • 1
  • Question
  • Updated 2 weeks ago
We are looking at purchasing a 3rd party tool that interacts with the ShareFile API - I know on 10/31/19 the Enterprise Sync Tool is going away. I wanted to be sure the ShareFile API is going to live beyond this date. 


Also, is the API actively being worked on?
Photo of Paul H

Paul H

  • 4 Posts
  • 0 Reply Likes

Posted 2 weeks ago

  • 1
Photo of Andy Berryman

Andy Berryman, Software Engineer

  • 25 Posts
  • 7 Reply Likes
Yes ... V3 will continue ... AND is still under active development.

-Andy
Photo of Dale Smith

Dale Smith, Software Engineer

  • 186 Posts
  • 26 Reply Likes
Hi Paul,

That is correct, the Enterprise Sync Tool will be going away on that date. It actually uses a version of the api older than V3. The V3 version has active work (both maintenance and enhancements) being done on it and there are no plans to deprecate it at this point. Obviously that is subject to change, however notice will be given if V3 were to be deprecated, and there would be a period of time where it would be maintained after deprecation.

Dale
Photo of Paul H

Paul H

  • 4 Posts
  • 0 Reply Likes
Okay, thank you. 

One additional unrelated API question - for the OAUTH2 authentication flow - if the request to authorize (https://secure.sharefile.com/oauth/authorize) is for a code response_type - once that code is used to obtain a token, that code becomes invalid, correct? So it can only be used one time? 

Thanks.
Photo of Dale Smith

Dale Smith, Software Engineer

  • 186 Posts
  • 26 Reply Likes
That is correct. An Authorization code can only be used once, must be exchanged by the same oauth client that requested the authorization code, and also has an expiration on it, so that if it isn't exchanged within a given time, it can not be used.

Dale
Photo of Paul H

Paul H

  • 4 Posts
  • 0 Reply Likes
Awesome, thank you, Dale. Last and final question : ) for now - I believe the actual API calls go to our subdomain? At least that's what it seemed like when looking at the packet capture - can we restrict access by IP? We deal with highly sensitive data. 
Photo of Dale Smith

Dale Smith, Software Engineer

  • 186 Posts
  • 26 Reply Likes
If you have set up IP restrictions for your account (be it whitelist or blacklist) they will be respected using the authorization code flow, including access by third party applications or via our own first party applications.