Indivo X 1.0.0 Release Notes

The Indivo X 1.0.0 release is Indivo’s first production release, meant for production use. It has been tested extensively for security and stability, and is ready to support real data in the real world.

Change Log

Indivo Server


  • New API calls to permanently delete app-specific documents and record-app-specific documents
  • New API calls to rename and delete carenets
  • Added Templates for activation, welcome, and forgot-password emails
  • Performance fixes leading to an average 2x improvement in reporting calls.
  • Large expansion of the Test Suite, including 80+ new tests, a new framework for loading test data, close to 9x faster test running time, and better management of testing transactional code.
  • Better handling of database-level integrity errors
  • Brand new documentation system written in Sphinx, with autogenerated API and source code documentation
  • Reworked, neater settings file. MAKE SURE TO MOVE TO THE NEW FILE IF YOU ARE UPGRADING!!
  • Added and tested compatibility with Django 1.3, python2.7, MySQL
  • New reset script which avoids the need to drop/recreate the database every time
  • New API calls to manage the autonomous app oAuth workflow

Behavior Changes

  • Many calls that used to cause 500 errors now return 400s. Examples:
    • Attempting to reuse external_ids on documents, records, or messages
    • submitting invalid documents when XML validation is turned on
    • creating accounts with duplicate emails
  • All XML returned from API calls is now stripped of whitespace between tags
  • The 1-hour deletion rule for documents was removed: record-specific documents can NEVER be deleted.
  • Document Status History now produces an iso8601 timestamp in the created_at field
  • New Account email and username policy: all names are case insensitive.
  • HTTP Methods are now enforced for all API calls. Making an API call with an unsupported HTTP method now results in an HTTP 405 error.
  • The call to POST /records/{RECORD_ID}/shares/{OTHER_ACCOUNT_ID}/delete is deprecated. Use DELETE /records/{RECORD_ID}/shares/{OTHER_ACCOUNT_ID} (which is more RESTful) instead.
  • The call to POST /records/{RECORD_ID}/notify is deprecated. Use POST /records/{RECORD_ID}/notifications/ (which is more RESTful) instead.
  • The call to GET /id, which wasn’t ever very useful, has been removed.
  • The XML describing Messages (returned from calls to the account inbox or to fetch individual messages) now describes attachments’ saved document ids with the ‘doc_id’ attribute, which is only present if the attachment has been successfully saved.
  • Dropped support for Django 1.1. MAKE SURE TO UPGRADE to 1.2+ when you move to the new release.


  • Template Rendering of Reports now includes all Doc metadata
  • Procedure XSLT now captures correct value for ‘location’
  • Carenet filtering now works correctly with nevershares and implicit sharing
  • Now enforcing unique message_ids per sender.
  • DB errors due to failed unique constraints (i.e. duplicated external_ids) now return 400s not 500s
  • Accepting Message attachment returns 400 on documents that don’t validate, not 500
  • API calls to invalid URLS now return 405 instead of a misleading 403
  • Getting latest documents now sorts in the correct order
  • Document metadata correctly renders the id of the document it replaces.
  • Document Status History now produces an iso8601 timestamp in the created_at field
  • Now attempting to version a document that isn’t the latest version raises an error
  • document creation by relationship now returns a 400 if the new doc fails validation, not a 404
  • Paging of results is no longer nondeterministic when breaking ties on the primary ordering
  • Attempting to assign the same name to two different carenets now returns a 400, not a 500
  • Creating accounts with duplicate emails returns a 400, not 500
  • Document Size is now calculated properly, and not overwritten when the doc is processed.
  • Document Types are now assigned to all XML docs, even ones that don’t match the core schemas
  • Replacing Documents now updates their MIME types correctly
  • Resolved inefficient DB access in reporting calls
  • when XML Syntax Validation is on, now validates all documents, not just those that match core schemas
  • HTTP Methods are now enforced for all API calls
  • XML describing Indivo Messages now reports attachment size correctly, and renders dates in iso8601 format.
  • XML describing Notifications now outputs dates in iso8601 format
  • tests no longer fail if settings.MEDIA_ROOT hasn’t yet been created in the filesystem
  • Get-latest-document algorithm no longer relies on timestamps (which might be tied)
  • Creating binary files no longer saves their content twice

Indivo UI Server

  • New configuration options for:
    • allowing users to add records
    • controlling the ability of users to register, and the level of involvement required by administrators
    • minimum password length
    • automatically creating a first record for accounts
  • A New Sharing Management interface, with:
    • drag and drop functionality
    • The ability to create, delete, and rename carenets
    • The ability to add and remove accounts from carenets
  • A New App Settings interface, with:
    • Drag and drop functionality
    • The ability to enable and disable apps
    • The ability to add or remove apps from carenets
  • Updated JavaScriptMVC components to version 3.2
  • Increased error handling and message/status displays
  • Improvements to Inbox usability and functionality
  • Improvements to workflow for non-framed apps

Python Client


  • New custom call to create records, with or without pre-built contact XML
  • Added call to verify_surl()
  • Added calls to get reports from within a carenet
  • Added calls to get info about a userapp and list all userapps
  • Added call to enable a userapp on a record
  • Added calls for the new autonomous app oauth workflow
  • Added call to get the owner of a record
  • Added a call to unshare a userapp from a carenet

Behavior Changes

  • create_session() now raises exceptions if the response status wasn’t a 200
  • removed unimplemented/deprecated calls to /oauth/authorize and /oauth/access_token
  • delete_share and record_notify no longer user deprecated paths


  • create_account() now uses all POST data, including contact emails
  • account_secret_resend now uses correct HTTP method
  • account_forgot_password() now uses correct path

Some Things You Should Know

  • This release Drops support for Django 1.1. MAKE SURE TO UPGRADE TO 1.2+ when you move to the new release.
  • Because of licensing restrictions, we are not able to distribute SNOMED and UMLS concept codes, so the codingsystems functionality is not very developed right now.

Project Versions

Table Of Contents

Previous topic

Unimplemented API Calls

This Page