# Backend API 17.7.0

### New Features

* Workflow API for KeeperPAM - This feature enables a KeeperPAM admin to mandate approval requests before initiating a connection or tunnel.
* Expanded workflow notifications so requestors and approvers get timely updates on access status and check-in/check-out events.
* Added new ARAM event messages and logging for workflow actions, approvals, denials, session changes, and escalations to improve audit ability and compliance reporting.
* Introduced new API endpoints and enforcement options to manage who can configure workflow settings and to support bulk approval-status updates.
* Enhanced two‑factor authentication workflows with new router-based 2FA operations and audit events for failed 2FA attempts.

### Improvements

**KA-7750:** Added new API endpoints to support 2FA operations via the Keeper Router, including push, validation, and WebAuthn challenge to support Workflow capabilities.

**KA-7814:** Added notifications for access request workflows and check-in/check-out events. Both requestors and approvers receive timely updates about access status and resource availability.

**KA-7962:** Introduced standardized ARAM event messages for workflow actions such as approvals, denials, and session changes. These events enhance monitoring and compliance reporting for workflow activities.

**KA-8025:** Share approval notifications now include the "request" category tag. This ensures that user action-required items appear correctly in the Notification Center "Requests" tab.

**KA-8042:** Added a role enforcement policy for managing workflow settings under the Privileged Access enforcement screen. Admins can now assign or remove this permission to control workflow configuration access.

**KA-8099:** Implemented a new API endpoint to update Notification Center approval statuses. Supports bulk updates and improves notification handling for workflow approvals and denials.

**KA-8295:** Upgraded Netty libraries to address recent security vulnerabilities. This update resolves CVE-2026-33870 (HTTP smuggling) and CVE-2026-33871 (HTTP/2 DoS).

**KA-4870:** Enhanced ARAM to generate events for failed two-factor authentication attempts. This provides better visibility for security-related login failures.

### Bug Fixes

**KA-7729:** Improved Notification Center to ensure all relevant notifications, including account creation, are displayed. This update enhances user awareness of important account events.

**KA-7798:** Fixed an issue where sharing requests did not trigger notification syncs. Notifications for sharing actions now appear instantly without manual refresh.

**KA-8023:** Resolved an issue where re-sending the "last read" status for a notification caused errors. Notifications now handle repeated read status updates gracefully.