Hoppa till innehåll
  • Det finns inga förslag eftersom sökfältet är tomt.

Core 5.7.4 / 6.0.0 Admin API Migration Guide for Partners

This article explains the required updates for partners and API integrators when upgrading to Core 5.7.4 and preparing for Core 6.0.0. Core 5.7.4 will be released on 24 February 2026 and introduces important security improvements and API restructuring. Several legacy methods are now deprecated and will be removed completely in Core 6.0.0.

Partner Action Required

All partners must ensure their integrations are updated immediately after upgrading to Core 5.7.4. 

Core 5.7.4 will be released on 24 February 2026 in production.

Legacy authentication methods and deprecated APIs will no longer work in Core 6.0.0.

1. Migration from MD5 to HMAC-SHA256 Authorization Signature

Older Core versions used an MD5-based signature for Admin and Management APIs.

From Core 5.7.4, this has been replaced with a stronger signing method:

  • Based on OAuth 1.0 signing principles (RFC5849)

  • Uses HMAC-SHA256

  • Includes improved replay attack protection through:

    • Timestamp

    • Random nonce

Key Changes

Area Legacy Method New Method
Algorithm MD5 HMAC-SHA256
Secret format Hex string Base64 encoded (RFC4648)
Replay protection Limited Timestamp + nonce

Ticket Compatibility

Existing API tickets can still be used, but partners must ensure:

  • The new Base64 secret format is used

  • Tickets should ideally be revoked and recreated after upgrade

Important Notice

Legacy MD5 signing will be removed in Core 6.0.0.

Partners must migrate to HMAC-SHA256 as soon as Core is upgraded to 5.7.4.

2. Updated Ticket Management (User Ticket API)

The User Ticket API has been updated with new methods.

Several legacy ticket methods are now deprecated and will be removed in Core 6.0.0.

2.1 User Ticket Creation (New Secure Method)

Previously, Bearer tickets could be created by MD5 hashing the user password.

This has been replaced with a new secure method that:

  • Uses username and password directly

  • Supports Bearer tickets for all Core User API calls

  • Requires two-factor authentication (2FA) if enabled for the user

Deprecation Notice

Password-based ticket creation will be removed in Core 6.0.0.

Partners must update integrations now.

2.2 Admin Ticket Creation

A new Admin API method has been introduced to create User (Bearer) tickets.

This replaces the previous legacy Admin ticket method.

See the updated User Ticket API documentation for details.

3. Migration to New User Administration and Secret APIs

The legacy User Admin API has been replaced with three new APIs:

  • User Administration API

  • Bulk User Administration API

  • User Secret API

Deprecation Notice

The existing User Admin API is deprecated from Core 5.7.4 and will be removed in Core 6.0.0.

Partners must migrate to the new APIs.

3.1 User Administration API

User management is now handled through the User Administration API.

Main difference:

  • Passwords, PINs and device secrets are no longer part of user objects
    They have been moved to the User Secret API.

Removed or Changed Attributes

The following legacy fields are no longer supported:

  • field1 – field6 removed and replaced by dirFields

  • resetPassword is no longer supported

  • callRecordingAgentDesktop has been removed

  • pincode moved to User Secret API

  • password moved to User Secret API

  • thirdPartyPhone replaced by thirdPartyPhoneType

User Listing Update

Legacy methods:

  • List users

  • List users with primary numbers

Have been replaced by a single method:

  • List users

3.2 Bulk User Administration API

Bulk user operations have moved to the Bulk User Administration API.

CSV Export Changes

  • Column ResetPassword is no longer included

  • Only full-view CSV format is supported

3.3 User Secret API

Passwords, PIN codes and third-party device secrets are now handled via the User Secret API.

Security improvements:

  • Secrets can only be set, never read back

  • Only clear-text password setting is supported

  • Legacy MD5 password format is no longer supported

New User Creation Behavior

When creating a new user:

  • Password will be automatically generated by the system

4. Identifying Deprecated API Usage

Core 5.7.4 adds improved visibility into deprecated API usage.

Audit Log Enhancements

Two new fields help partners detect legacy integrations:

ticketType

Shows which authentication method was used:

Value Meaning
noauth_token Deprecated MD5 signing used
password_based Password-based Bearer ticket used

Both will be removed in Core 6.0.0.

deprecated

Included when deprecated API endpoints are called:

 
"deprecated":{"forRemoval":true,"since":"5.7.4"}

Partners should ensure no deprecated calls remain before upgrading.

Partner Checklist Before Upgrading to Core 6.0.0

Before upgrading, partners must:

  • Replace MD5 signing with HMAC-SHA256

  • Update ticket creation to new User Ticket API methods

  • Migrate from User Admin API to the new APIs

  • Use audit logs to confirm no deprecated endpoints are used

120 31