# Backend API 17.5.0 ### New Features * **KA-6804**: API support for Biometric passkey login method * **KA-6464**: API support for Editable One-Time Share feature * **KA-6890**: API support for Crowdstrike NG SIEM integration * **KA-5994**: API support for automatically rotating a password after Connection and Tunnel close * **KA-4855**: API Support for new `Wi-Fi Password` record type * **KA-5783**: API support for Google Chronicle SIEM integration * **KA-6495**: API support for new Notification Center feature * **KA-6529**: API support for new Device Management features * **KA-6373**: API support for new role enforcement policies preventing the transfer of personal and business information between linked Business and Personal vaults: * `RESTRICT_PERSONAL_USING_BUSINESS_DOMAINS` - domains that are not allowed * `WARN_PERSONAL_USING_BUSINESS_DOMAINS` - domains that should trigger a warning * `RESTRICT_PERSONAL_USING_BUSINESS_SITES` - sites that are not allowed * `WARN_PERSONAL_USING_BUSINESS_SITES` - sites that should trigger a warning * **KA-6224**: Support for `RESTRICT_TOTP_FIELD` role enforcement policy which allows the Keeper administrator to restrict the use of TOTP fields in Keeper records. * **DU-444**: Added support for `USE_DEFAULT_BROWSER_FOR_SSO` enforcement policy * **KA-6747**: Implemented pagination for SCIM groups ### Improvements * **KA-5013**: The string “Province of China” has been removed from location data provided by IP2location * **KA-5776**: The Log Analytics Agent has been retired and migrated to Azure Monitor Agent. Functionality remains the same with a different provider * **KA-5922**: Created API functionality for deactivating an alias from a user who may no longer want the account being accessible from the alias. * **KA-6036**: User Names are now trimmed when they are created with extra non-printable characters. * **KA-6095**: Registering a device in a region now raises an error if the device is already registered in the region with a different token * **KA-6326**: Backend is now implementing structured delays in sync behavior when large numbers of users have to sync a change to a record or folder * **KA-6384**: All instances of a server using the Trust Manager have been removed and the Trust Manager has been deprecated * **KA-6410**: Check added for updates to primary third party libraries. * **KA-6565**: Migrated the current AWS MySQL to AWS wrapper * **KA-6643**: Upgraded KeeperApp with new Protobuf version * **KA-6707**: Added Rust SDK Client Version identifier to backend * **KA-6750**: Updated all primary third party libraries * **KA-6818**: Clean up of PAM Enforcement to check for a valid PAM License * **KA-6875**: Introduced handling for legacy rotation enforcement and backwards compatibility of old clients before PAM * **TRAN-5254**: Finnish and Swedish translation add for new SSO Connect Sync message * **TRAN-5579**: Changed wording for multiple languages for “Contact your administrator” * **TRAN-6856**: Support File strings updated in all supported languages * **TRAN-6857**: Language changes in support messages were updated in all supported languages * **KA-6760**: Created a new error message when deleting PAM configurations without KSM enforcement * **KA-6732**: Updated support email address to the support URL * **TRAN-7002**: String updates translated to Finnish, Italian and Swedish * **TRAN-7003**: A string message translation updated for US, GB and Germany ## Bug Fixes * **KA-6898**: Sharing relationships are currently not bi-directional. Establishing a share in one direction should also allow it in the reverse direction. * **KA-5583**: Improvement to prevent restored deleted shared folders and records from corrupting the vault * **KA-5642**: Restriction to enforce license use to initial email account for enterprise licenses. Restricts changing email to a restricted domain. * **KA-5680**: Implements new checks for multiple node endpoint checks and returns all item checks that prevent the node from being deleted * **KA-5802**: Fix to the audit event client logging for unsaved compliance report export * **KA-5848**: Implements “Add and Remove” a user to a team with the Manage Teams permission * **KA-5865:** Updated “throttled” text in message dialog to the correct translation of the client language * **KA-5943**: SCIM now normalizes email when logging audit events and converts emails to lowercase characters * **KA-5984**: Added Granular Role Enforcement for directly shared records when “Cannot share or receive” is enforced on account * **KA-6034**: Improved how Legacy records are added to a subfolder without generating "access denied" error * **KA-6041**: Transaction is now created on success when adding a role managed node * **KA-6064**: An audit log is now created when a new username is created or replaced by an existing one * **KA-6065**: Audit Events are now generated for a pending user deletion * **KA-6066**: SCIM no longer generates “enable\_user” for event for every User Patch * **KA-6116**: Fixed Automator to not error out when a team encrypted team user is null * **KA-6119**: Fixed issue when get deleted shared folders and records API returns incorrect data for folders and shared teams * **KA-6145** : Fixed issue with legacy domain specific policies not converting properly * **KA-6170**: Fixed issue where two active users were able to have active sessions on a device without calling logout before calling start login * **KA-6238**: Fixed issue where editing a user bypasses domain reservations * **KA-6239**: Fixed issue where a SCIM admin can edit a user's email to a personal address * **KA-6306**: Fixed issue with deleted records still being displayed in the console and BreachWatch audit dashboard table * **KA-6327**: Fixed issue where a user was able to create a one-time share with view only permissions in a shared folder * **KA-6431**: Fixed external logging error of connection errors on setup to AWS S3 * **KA-6612**: Fixed error in sync response for change owner results * **KA-6717**: Fixed issue with adding and deleting images to general records * **KA-6719**: Fixed issue with upload counts and file usage when uploading and saving files * **KA-6740**: Fixed Security Score data that was not syncing properly between clients * **KA-6742**: Created validation for Privileged Access Manager Add-on License Limit after purchase * **KA-6748**: Fixed transfer issue with “null import key” error in table * **KA-6755**: Fixed issue with update time in a record reference * **KA-6758**: Fixed issue with SSH Agent ARAM events reported as Client Report Events * **KA-6797**: Fixed Commander issue with imports of folder, imported folders and records. Partial Sync Down fails for imported record * **KA-6805**: Optimized large requests for set\_ecc\_key\_pairs * **KA-6817**: Fixed issue with exception when moving enterprise from California to US * **KA-6823**: Fixed issue with Role Polices not allowing connections when sharing PAM resource records * **KA-6830**: Fixed issue with trial users needing a PAM license validation * **KA-6886**: Fixed Push Server Errors where we were unable to decrypt encrypted payload * **KA-6889**: Fixed Exception errors during attempted log of get enterprise setting * **KA-6894**: Fixed randomly delayed password strength data in console * **KA-6916**: Fixed issue with Elliptical Curve adding and updating records * **KA-6936**: Fixed 500 error for invalid origin and destination in initiate pre-transfer * **KA-6943**: Fixed exception error when sending notification requesting device verification * **KA-6602**: Fixed issue where a user is able to approve device through email after a request was declined through a vault notification dialog * **KA-6856** : Fixed issue where Automator was skipped and a manual device approval occured after MFA timeout --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keeper.io/release-notes/backend/backend-api/backend-api-17.5.0.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.