Introduce Password Life to API Authentication

Supporting security best practices, we’ve introduced an additional layer of security access to WMS by implementing a password life validation check via legacy API. 

We’ve added a new company parameter, LEGACY_DISABLE_PASSWORD_LIFE _IN_DAYS_FOR_API.

• By default, this parameter is set to "yes," ensuring that API requests with expired user credentials will still be accepted. This provides a grace period for our valued customers to update their passwords and make any necessary adjustments to their integrations, without sudden disruptions.
• If the parameter is set to “no”, the API request with expired user credentials receives an error. But with valid user credentials, the user login proceeds successfully.

We encourage our customers to adopt best practices by changing their passwords at least once a year to ensure the security of their accounts and data.

Steps to Enable

1. Go to the Company Parameters UI.
2. Select the parameter LEGACY_DISABLE_PASSWORD_LIFE _IN_DAYS_FOR_API > click Edit. 
3. Enter the parameter value “yes”.
4. Click Save.

NOTE: In the upcoming 25C release, the default for the LEGACY_DISABLE_PASSWORD_LIFE _IN_DAYS_FOR_API company parameter will automatically be set to No.

Also be aware that in a future upcoming release, to support users adopting a more secure OAuth 2.0 sign-in, we will be deprecating this company parameter.