API Changes in ArangoDB 3.7
A summary of the changes to the HTTP API and other interfaces that are relevant for developers, like maintainers of drivers and integrations for ArangoDB
UTF-8 validation
The ArangoDB server will now perform more strict UTF-8 string validation for incoming JSON and VelocyPack data. Attribute names or string attribute values with incorrectly encoded UTF-8 sequences will be rejected by default, and incoming requests containing such invalid data will be responded to with errors by default.
In case an ArangoDB deployment already contains UTF-8 data from previous
versions, this will be a breaking change. For this case, there is the startup
option --server.validate-utf8-strings
which can be set to false
in order to
ensure operability until any invalid UTF-8 string data has been fixed.
Metrics
The following existing metrics for monitoring that are exposed via the HTTP
REST endpoint /_admin/metrics
have been renamed in ArangoDB 3.7:
agency_agent_read_no_leader
agency_agent_read_ok
agency_agent_write_hist
agency_agent_write_no_leader
agency_agent_write_ok
The new names are:
arangodb_agency_agent_read_no_leader
arangodb_agency_agent_read_ok
arangodb_agency_agent_write_hist
arangodb_agency_agent_write_no_leader
arangodb_agency_agent_write_ok
This change was made to put the metrics into the “arangodb” namespace, so that metrics from different systems can unambiguously combined into a single monitoring system.
The REST endpoint /_admin/metrics
also returns additional metrics in 3.7,
compared to the list of metrics that it returned in 3.6.
HTTP RESTful API
Privilege changes
The access privileges for the REST API endpoint at /_admin/cluster/numberOfServers
can now be controlled via the --server.harden
startup option. The behavior is
as follows:
- for HTTP GET requests, all authenticated users can access the API if
--server.harden
isfalse
(which is the default). - for HTTP GET requests, only admin users can access the API if
--server.harden
istrue
. This is a change compared to previous versions. - for HTTP PUT requests, only admin users can access the API, regardless of the value
of
--server.harden
.
Endpoints API return value changes
The REST API endpoint at /_api/cluster/endpoints
will now return HTTP 501 (Not
implemented) on single server instead of HTTP 403 (Forbidden), which it returned
previously.
When invoked via the PUT HTTP verb with an empty JSON object, the REST API
endpoint at /_admin/cluster/numberOfServers
will now return with the
following response body:
{"error":false,"code":200}
In previous releases, calling that endpoint with an empty JSON object as
the request body returned a JSON response that was just true
.
Precondition failed error message changes
The REST API endpoints for updating, replacing and removing documents using a
revision ID guard value now may return a different error message string in case
the document exists on the server with a revision ID value other than the
specified one. The API still returns HTTP 412, and ArangoDB error code 1200 as
previously, but the error message string in the errorMessage
return value
attribute may change from “precondition failed” to “conflict”,
“write-write conflict” or other values.
REST endpoints added
The following REST API endpoints have been added in 3.7:
- HTTP POST
/_admin/server/tls
: this endpoint can be used to change the TLS keyfile (secret key as well as public certificates) at run time. The API basically makes thearangod
server reload the keyfile from disk. - HTTP POST
/_admin/server/jwt
: can be used to reload the JWT secrets of a local arangod process without having to restart it (hot-reload). This may be used to roll out new JWT secrets throughout an ArangoDB cluster. This endpoint is available only in the Enterprise Edition. - HTTP POST
/_admin/server/encryption
can be used to reload the user-supplied key(s) used for encryption at rest, after they have been changed on disk. This endpoint is available only in the Enterprise Edition.
Using these endpoints requires superuser privileges.
REST endpoints augmented
The REST API endpoint for inserting documents at POST /_api/document/<collection>
will now handle the URL parameter overwriteMode
.
This URL parameter supports the following values:
"ignore"
: if a document with the specified_key
value exists already, nothing will be done and no write operation will be carried out. The insert operation will return success in this case. This mode does not support returning the old document version using thereturnOld
attribute.returnNew
will only set thenew
attribute in the response if a new document was inserted."replace"
: if a document with the specified_key
value exists already, it will be overwritten with the specified document value. This mode will also be used when no overwrite mode is specified but theoverwrite
flag is set totrue
."update"
: if a document with the specified_key
value exists already, it will be patched (partially updated) with the specified document value."conflict"
: if a document with the specified_key
value exists already, return a unique constraint violation error so that the insert operation fails. This is also the default behavior in case the overwrite mode is not set, and the overwrite flag is false or not set either.
If overwriteMode
is not set, the behavior is as follows:
- if the
overwrite
URL parameter is not set, the insert will implicitly use the"conflict"
overwrite mode, i.e. the insert will fail in case of a primary key unique constraint violation. - if the
overwrite
URL parameter is set to true, the insert will implicitly use the"replace"
overwrite mode, i.e. the insert will replace the existing document in case a primary key unique constraint violation occurs.
The main use case of inserting documents with overwrite mode "ignore"
is
to make sure that certain documents exist in the cheapest possible way.
In case the target document already exists, the "ignore"
mode is most
efficient, as it will not retrieve the existing document from storage and
not write any updates to it.
Note that operations with overwrite
or overwriteMode
parameter require
a _key
attribute in the request payload, therefore they can only be performed
on collections sharded by _key
.
The REST API endpoints for creating collections at POST /_api/collection
as well
as listing and changing collection properties at PUT/GET
/_api/collection/<collection>/properties
will now make use of the additional
attribute schema
. The attribute can be used so specify document schema
validation at collection level. See
Schema Validation.
The REST API endpoint for creating a graph at POST /_api/gharial
is now able
to accept the string value "satellite"
as an option parameter for the
attribute replicationFactor
. Only numeric values were allowed before. Setting
the replicationFactor
to "satellite"
will lead to a SatelliteGraph being
created. SatelliteGraph creation will ignore the option parameters
numberOfShards
, minReplicationFactor
and writeConcern
, as all of them
will be set automatically. Additionally, the REST API endpoint for reading the
graph definitions of all graphs at GET GET /_api/gharial
or a graph
definition of a single graph at /_api/gharial/{graph}
will include an
additional boolean attribute called isSatellite
.
The REST API endpoint for creating a graph at POST /_api/gharial
accepts a
new boolean parameter isDisjoint
. In combination with smartGraphAttribute
it allows to create the newly introduced graph type Disjoint SmartGraph.
isDisjoint
defaults to false
, which will create a regular SmartGraph.
Additionally, the REST API endpoint for reading the graph definitions of all
graphs at GET /_api/gharial
or a graph definition of a single graph at
GET /_api/gharial/{graph}
will include an additional boolean attribute
called isDisjoint
in case of Disjoint SmartGraphs.
The REST endpoint /_admin/metrics
also returns additional metrics in 3.7,
compared to the list of metrics that it returned in 3.6.
REST endpoints moved
The following existing REST APIs have moved in ArangoDB 3.7 to improve API naming consistency:
- the endpoint at
/_admin/clusterNodeVersion
is now merely redirecting requests to the/_admin/cluster/nodeVersion
endpoint. The new endpoint will handle incoming requests in the same way the old endpoint did. - the endpoint at
/_admin/clusterNodeEngine
is now merely redirecting requests to the endpoint/_admin/cluster/nodeEngine
. The new endpoint will handle incoming requests in the same way the old endpoint did. - the endpoint at
/_admin/clusterNodeStats
is now merely redirecting requests to the endpoint/_admin/cluster/nodeStatistics
. The new endpoint will handle incoming requests in the same way the old endpoint did. - the endpoint at
/_admin/clusterStatistics
is now merely redirecting requests to the endpoint/_admin/cluster/statistics
. The new endpoint will handle incoming requests in the same way the old endpoint did.
The above endpoints are part of ArangoDB’s exposed REST API, however, they are not supposed to be called directly by drivers or client
REST endpoints removed
The REST API endpoint at /_admin/aql/reload
has been removed in ArangoDB 3.7.
There is no necessity to call this endpoint from a driver or a client application
directly.
The REST API endpoint at /_api/collection/<collection>/rotate
has been removed
in ArangoDB 3.7. This endpoint was previously only available for the MMFiles
storage engine, but not for the RocksDB storage engine.
JavaScript API
Functions removed
The rotate
function has been removed on the ArangoCollection object. This
means the following JavaScript code will not work in ArangoDB 3.7, neither in
the ArangoShell nor in arangod (when using Foxx):
db.<collection>.rotate();
The rotate
function was previously only supported for the MMFiles storage
engine, but not for the RocksDB storage engine.
ArangoDB Server Environment Variables
Variables added
The following ArangoDB Server environment variables have been added:
ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
can be used to override the automatic detection of the total amount of RAM present on the system.ARANGODB_OVERRIDE_DETECTED_NUMBER_OF_CORES
can be used to override the automatic detection of the number of CPU cores present on the system.ARANGODB_OVERRIDE_CRASH_HANDLER
can be used to toggle the presence of the built-in crash handler on Linux deployments.