Contents
Changelog
July 14, 2020
Announced: July 14, 2020
July 14, 2020
Improved protection of user data
We have now improved the security of user data.
What has changed?
When returning the User
object, the following API endpoints
will have all fields except for id
, name
and email
set to null
if the user is unverified in the company (which is always the case for the POST /users
endpoint).
This also affects endpoints of other entities such as Deals, Persons, Organizations, Notes, etc., which may contain related User objects.
Who is affected?
Anyone with functionality built on top of the previous behaviour, for example: anyone who strictly relies on the values in the response of the aforementioned endpoints and related webhooks.
The list of affected fields in User
endpoints:
phone: string
created: string (date)
modified: string (date)
default_currency: string
locale: string
lang: int
timezone_name: string
timezone_offset: string
signup_flow_variation: string
icon_url: string
The field lang
will return the default value of 1
.
Published on July 14, 2020