Using the change-owner REST API call for app objects or the qlik-cli app object change-owner command results in:

403 - Forbidden (empty response)

Resolution

This is a current limitation. As specified on the API call information page, the user running the call must be the owner of the object.  Even tenant admins won't be able to run the call, if they are not the object's current owners.

As the qlik-cli command uses the same API call, the behaviour is identical.

Cause 

The user running the call/command is not the object owner.

Environment

Qlik Cloud 

This is a sample of how to call the Qlik Cloud APIs to assign an Analyzer license to a user with PowerShell/JWT authentication.

Environment

• Qlik Cloud 

Resolution

In order to call Qlik Cloud API with JWT authentication, the first step is to call POST /login/jwt-session to get the necessary cookies. Which API can be called depends on the privileges the JWT user has been assigned.

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$hdrs = @{}
# Put your JWT token here
$hdrs.Add("Authorization","Bearer eyJhbGciOiJSU...pgacN8QqAjKug")
$url = "https://tenant.ap.qlikcloud.com/login/jwt-session"
$resp = Invoke-WebRequest -Uri $url -Method Post -ContentType 'application/json' -Headers $hdrs

#Fetch all required cookies
$AWSALB= [Regex]::Matches($resp.RawContent, "(?<=AWSALB\=).+?(?=; Expires)")
$AWSALBCORS= [Regex]::Matches($resp.RawContent, "(?<=AWSALBCORS\=).+?(?=; Expires)")
$eassid= [Regex]::Matches($resp.RawContent, "(?<=eas.sid\=).+?(?=; path)")
$eassidsig= [Regex]::Matches($resp.RawContent, "(?<=eas.sid.sig\=).+?(?=; path)")
$csrftoken= [Regex]::Matches($resp.RawContent, "(?<=_csrfToken\=).+?(?=; path)")
$csrftokensig= [Regex]::Matches($resp.RawContent, "(?<=_csrfToken.sig\=).+?(?=; path)")

$allCookies = "AWSALB="+$AWSALB.Value+";AWSALBCORS="+$AWSALBCORS.Value+";eas.sid="+$eassid.Value+";eas.sid.sig="+$eassidsig.Value+";_csrfToken="+$csrftoken.Value+";_csrfToken.sig="+$csrftokensig.Value

$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession

foreach ($cookiePair in $allCookies.Split((";"))) {
  $cookieValues = $cookiePair.Trim().Split("=")
  $cookie = New-Object System.Net.Cookie
  $cookie.Name = $cookieValues[0]
  $cookie.Value = $cookieValues[1]
  $cookie.Domain = "tenant.ap.qlikcloud.com"
  $session.Cookies.Add($cookie);
}

$hdrs = @{}
#Request that modify content such as POST/PATCH requests need the Qlik-Csrf-Token header
$hdrs.Add("Qlik-Csrf-Token",$csrftoken.value)

$body = '{"add":[{"subject":"DOMAIN\\user1","type":"analyzer"}]}'

$url = "https://tenant.ap.qlikcloud.com/api/v1/licenses/assignments/actions/add"
Invoke-RestMethod -Uri $url -Method Post -Headers $hdrs -Body $body -WebSession $session

This video will demonstrate how to use Qlik-CLI for SaaS to migrate Apps from your on-premises Qlik Sense environment to your Qlik Sense SaaS edition. Qlik-CLI makes it possible for scripting and automating App migration.

Environment

• Qlik Cloud 
• Qlik Sense Enterprise on Windows 

Related Content

• How to install and start using Qlik-CLI for SaaS editions of Qlik Sense 
• Qlik Sense: How to set up JWT authentication 
• Using Qlik Sense on Windows Repository API (QRS) with qlik-cli 
• NodeJS download
• JQ download
• Qlik Sense Business and Enterprise SaaS: App Size, Storage Size and Size for Data File 
• Migrate Apps from Qlik Sense on Windows to Qlik Sense SaaS 
• Migrating to Qlik Sense SaaS editions 
• How to Generate API Keys in Qlik Sense SaaS using APIs 

Transcript

When running the executescript goal a nullpointer exception occured when trying to execute the ChangeMavenVersion command.

Resolution

Remove --subjobs flag.

Cause

A --subjobs flag was used in the script, which caused the nullpointer exception:

java.lang.NullPointerException
at org.talend.commandline.util.ItemsHelper.getAllSubjobs(ItemsHelper.java:890)

Qlik Sense Repository Service API (QRS API) contains all data and configuration information for a Qlik Sense site. The data is normally added and updated using the Qlik Management Console (QMC) or a Qlik Sense client, but it is also possible to communicate directly with the QRS using its API. This enables the automation of a range of tasks, for example:

• Start tasks from an external scheduling tool
• Change license configurations
• Extract data about the system

Using Xrfkey header

A common vulnerability in web clients is cross-site request forgery, which lets an attacker impersonate a user when accessing a system. Thus we use the Xrfkey to prevent that, without Xrfkey being set in the URL the server will send back a message saying: XSRF prevention check failed. Possible XSRF discovered.


Environments:

• Qlik Sense Enterprise on Windows 

Note: Please note that this example is related to token-based licenses and in case this is needed to be configured with Professional Analyser type of licenses you might need to use the following API calls:

• /qrs/license/professionalaccesstype/full
• /qrs/license/analyzeraccesstype/full

Furthermore, combining this with QlikCli and in case you need to monitor and more specifically remove users, the following link from community might be useful: Deallocation of Qlik Sense License 

Resolution:

This procedure has been tested in a range of Qlik Sense Enterprise on Windows versions.

• PowerShell 3.0 or higher (Installed by default in Windows 8 / Windows Server 2012 and later)
• Make sure the Qlik Repository service is up and running and port 4242 is open on the target server

Method 1: Authenticating through Qlik Proxy Service

1. Go to PowerShell ISE and paste the following script
2. In this example we are sending a GET request with a header of Xrfkey=12345678qwertyui and we are addressing the end point of /about. For more details on all end points, please refer to Connecting to the QRS API 

$hdrs = @{}
$hdrs.Add("X-Qlik-xrfkey","12345678qwertyui")
$url = "https://qlikserver1.domain.local/qrs/about?xrfkey=12345678qwertyui"
Invoke-RestMethod -Uri $url -Method Get -Headers $hdrs -UseDefaultCredentials

Method 2:  Use certificate and send direct request to Repository API

1. Open Qlik Management Console and export the certificate. Please refer to Export client certificate and root certificate to make API calls with Postman for procedure.
2. Make sure that port 4242 is open between the machine making the API call and the Qlik Sense server.
3. Import the certificate on the machine you will use to make API calls. This must be imported in the personal certificate store of your user in MMC. The following PowerShell script is fetching automatically the Qlik Client certificate from the Certificate Personal store for the current user. You may need to modify the script if you have QlikClient certificates imported from different Qlik Sense servers in the store)
4. Paste the below script in PowerShell ISE:

$hdrs = @{}
$hdrs.Add("X-Qlik-xrfkey","12345678qwertyui")
$hdrs.Add("X-Qlik-User","UserDirectory=DOMAIN;UserId=Administrator")
$cert = Get-ChildItem -Path "Cert:\CurrentUser\My" | Where {$_.Subject -like '*QlikClient*'}
$url = "https://qlikserver1.domain.local:4242/qrs/about?xrfkey=12345678qwertyui"
Invoke-RestMethod -Uri $url -Method Get -Headers $hdrs -Certificate $cert

Execute the command.

A possible response for the 2 above scripts may look like this (Note that the JSON string is automatically converted to a PSCustomObject by PowerShell) :
 

buildVersion      : 23.11.2.0
buildDate         : 9/20/2013 10:09:00 AM
databaseProvider  : Devart.Data.PostgreSql
nodeType          : 1
sharedPersistence : True
requiresBootstrap : False
singleNodeOnly    : False
schemaPath        : About

Related and advanced Content: 

If there are several certificates from different Qlik Sense server, these can not be fetched by subject as there will have several certificates with subject QlikClient and that script will fail as it will return as array of certificates instead of a single certificate. In that case, fetch the certificate by thumbprint. This required more Powershell knowledge, but an example can be found here: How to find certificates by thumbprint or name with powershell

To manage and browse executions of your Tasks, Plans and Promotions, please use the correct objects in the processing entity.

As per our API doc https://api.talend.com/apis/processing/2021-03/ and PlanExecutable section, the object step identifier(stepId) should be equivalent to stepExecutionID.

 For example:

{
"executable": "b91cf8b2-5dd1-4b18-915b-4c447cee5267",
"executionPlanId": "0798b8d1-0e12-472f-be02-a0f04e792daa",
"rerunOnlyFailedTasks": true,
"stepId": "09043c9f-02d0-41f6-b3cb-0ea53ffde377"
}

{{apiUrl}}/processing/executions/plans/:planExecutionId/steps

Environment

various Talend Products

The listed commands are unsupported by Qlik Replicate. The commands work, but Qlik cannot give a guarantee that they will continue to function in the future. 

If you do not have Qlik Enterprise Manager (QEM), then this is the option to script task starts and stops. If you do have QEM please look into using the restAPI calls to do the same things. You can reference the QEM developer's guide for information on this API.

To note:

• The repctl command is accessed from the directory \Attunity\replicate\bin
• Always run the command lines as Administrator.

You can start the task multiple ways based on the following parameters and flags:

Parameters:

1 = Start Full Load only
2 = Start Change Capture only
3 = Start Both

Flags Values:

0 = Resume
1 = Fresh Start (like starting as of now)

Three commands to start a task, check task statuses, or stop tasks:

Start a task:

repctl connect; execute task_name 3 Flags=0; disconnect

Get task status:

repctl connect; gettaskstatus task_name; disconnect

Stop a task:

repctl connect; stoptask task_name; disconnect

Notes:

• When running a full load only task you may want to have the batch file wait until the load completes:
  

  Repctl execute task=<task_name> 1 flags=1

• When running these commands in a batch file (maintenance job) you will want to do the Stop command followed by a loop that checks the status of the task (until it does stop)
• The execute command may take up to several minutes to complete

To run the command on a remote replicate machine:

repctl connect ip=192.168.165.11 port=3552 ; stoptask task; disconnect

Alternate (non-default) data directories must be provided using -d <path>
Alternatively in Windows use: ?set AREP_DATA=<path>

If the Replicate data folder is on another location you would need to set the path for repctl.

Example:

repctl.exe  -d "E:\Attunity\Replicate\data" connect;

To run this on Linux you may need to add a back slash in front of the semi-colon:

repctl connect\; gettaskstatus task_name\; disconnect

In addition, while using Linux shell, you have to escape the semicolons with backslashes. 

Example:

?./repctl connect\; gettaskstatus task_name\; disconnect

Further note on usage: be certain to have blank space following the semi-colon command delimiter.

Environment

• Qlik Replicate command line using repctl

The information in this article is provided as-is and to be used at own discretion. Depending on tool(s) used, customization(s), and/or other factors ongoing support on the solution below may not be provided by Qlik Support.

This explains how to set up JWT authentication to call the NPrinting API.

This customization is provided as is. Qlik Support cannot provide continued support of the solution. For assistance, reach out to our Professional Services or engage in our active Integrations forum.

If you do not have a certificate, for testing purposes, it is possible to use certificates generated by default by NPrinting in C:\ProgramData\NPrinting\certificates:

cert.pem
key.pem

For production environments, for security purposes, we recommend that you use a certificate you have purchased or generated yourself.

Setting up JWT authentication in the NPrinting Console

1. Go to Admin > Settings > Authentication
2. Select "Enabled" for JWT authentication
3. Open cert.pem in a text editor, copy the content and paste it in JWT certificate
4. Choose "Authenticate user by email" and input a value for the attributes name, such as "mailaddress" (Authenticate user by Domain\Name can also be used if the user has a domain account filled in in his user information)
5. Click on "Update authentication settings" in order to save.

Generate a JWT token

It is possible to use the debugger on https://jwt.io in order to generate a JWT token.

1. Select algorithm: RS256
2. In Payload, input the following:

   {
     "mailaddress":"youremailaddress@email.com"
   }

   The email address should be the email address of an NPrinting user.
    
3. In "Verify signature", paste the content of cert.pem in the first field and the content of key.pem in the second field.
4. The JWT token is now ready to use and appear on the left.

Use the JWT token to call the NPrinting API:

Below is a PowerShell script that is calling the API using JWT authentication. The JWT token needs to be passed in the "Authorization" header and be preceded by the "Bearer" keyword, the same method can also be used in the Qlik Rest Connector or Postman.
 

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

$hdrs = @{}
$hdrs.Add("Authorization","Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...3TOMbQPF2gCb5xnzB9mKumqldotYBH_2OjKZakYHQzNTRzMNRoH5eG6UovkPBA")
$url = "https://nprinting01.domain.local:4993/api/v1/connections"
Invoke-RestMethod -Uri $url -Method Get -ContentType 'application/json' -Headers $hdrs | ConvertTo-Json -Depth 10

For information about running script in PowerShell see Qlik Sense QRS API using Xrfkey header in PowerShell

This custom solution is limited to NPrinting API's only and does not apply to Qlik Sense and NPrinting On Demand reporting (NPrinting On Demand with Qlik Sense support NTLM only. JWT is not supported for use with supported Qlik Sense NPrinting On Demand report objects)

This session addresses:
-Understanding new SaaS capability
-How to get started
-Troubleshooting common issues

Environment

• Qlik Sense Enterprise SaaS
• Qlik Application Automation

 

00:00 - Intro

01:08 - What is Qlik Reporting Service

01:45 - Difference from NPrinting

04:28 - 1st: Sheet Size should match Paper Size

05:32 - 2nd: Reports based on Public Sheets

06:18 - Creating an Automation from Templates

07:30 - Creating Report Automation from scratch

10:18 - Previewing the Report File Size

11:02 - Troubleshooting automation workflow

11:50 - How to skip a block

12:25 - Reviewing Automation logs in QMC Catalog

13:02 - Identifying and correcting errors

13:43 - Information to create a Support Case

14:34 - Limitations

15:18 - QnA: Can you see the file size of a report?

15:56 - QnA: Can you see how many times a report is downloaded?

16:18 - QnA: How does this compare to NPrinting?

16:59 - QnA: Does this work with QlikView?

17:08 - QnA: Can any app be used to generate a report?

17:32 - QnA: Can Reporting be added to a button?

18:12 - QnA: How can you preview the report?

18:55 - QnA: Email attachment or file storage for download?

19:31 - QnA: Is it available for QSEoW?

19:57 - QnA: Rights to generate reports?

20:10 - QnA: Possible to use different report colors than in App?

20:34 - QnA: Possible to adjust font size or resolution?

 

Resources:

Triggering an automation from a button on a sheet

Help page documentation - Limitations

Qlik Application Automation Info Checklist

Reporting Service Forum

 

Q&A:

 

Q: How does this compare to NPrinting?

A: NPrinting is a fully developed, on-premises product for QlikView and Qlik Sense, which offers a wider range of report formats besides pdf.

Q: How much of NPrinting functionality does Reporting Services cover and how is the roadmap?

A: Qlik Reporting Service is not a replacement of NPrinting; it is a new reporting service in Qlik Cloud. More features will be added. We have a dedicated forum: Reporting Service

If you have any ideas to improve the service, please submit it as feature request: Ideas

Q: How to send out emails with Excel reports? pdf is fine.

A: The current format option is pdf only.

Q: Is this available on Qlik Forts?

A: No, Qlik Reporting Service cannot access data stored in Qlik Forts.

Q: Can we deliver a report as a spreadsheet? If not, is that a feature for the future?

A: You can accomplish it by using Qlik Application Automation: Using Qlik Application Automation to create and distribute Excel reports in Office 365

Q: Does this apply to QlikView, as well?

A: QlikView is not supported.

Q: Does it matter how many people are distributed to in an automation "run"?

A: No limit on the number of report recipients, but automation jobs have limitations such as the duration of execution. Qlik Application Automation limitations

Q: If we purchase the additional license there will be another additional limitation?

A: It would be up to its license. For further information, please contact your account manager.

Q: Does QRS use our organizations SMTP Server? If so, is the send rate customizable, one of the issues with NPrinting is that the send rate exceeds the allowable by Office365?

A: Any SMTP server should work.

Q: Isn't it possible to combine content from different applications/tabs?

A: A report is generated from a single app.

Q: Is report automation intended for normal users of the application? If so, what security rules are needed to enable this capability?

A: You can only make a report automation with Qlik Sense apps you have permission to access.

Q: Can't the report filter data for each different user that is going to receive it?

A: Yes, you can. Please watch this demo: Did you say Report Bursting? Show me more!

Q: Could you please let me know how can we migrate our Qlik Sense apps from Qlik Sense Enterprise on Windows as well as QlikView apps to Qlik Sense SAAS?

A: Please refer to our help site: Moving from client-managed Qlik Sense to Qlik Sense SaaS

Q: Will the generated reports look exactly like the sheet export to pdf? What happens to elements like tables that don't fit the screen? As far as I remember, they are simply cut in the pdf extract but can flow over to a next page in NPrinting.

A: Please leverage Manual download in PDF. The preview shows you a final outcome in advance.

Q: What about the 100 reports mentioned on the price list?

A: The limitation are listed here: Qlik Reporting Service specifications and limitations

Limitations have updated with the 4th of April, 2024. See Reporting Service Packaging Changes.

Q: Is it possible to add filters based on the different user when distributing the report, like NPrinting, Example John Doe only wants to see Country US, but Jane Doe want to see US & Canada?

A: Yes, you can. Please watch this demo: Did you say Report Bursting? Show me more!

Q: What NPrinting functions cannot be done in Qlik Reporting? My question is: why the client usually makes those evaluations about what functionality he will not have anymore if he has to choose to change from NPrintng to Qlik Repoprting?

A: Qlik Reporting Service is a part of the Qlik Application Automation Connector, which facilitates the report distribution tasks. While NPriting is a separate on-premises product with more mature features. Having said that, more features on the road map.

Q: Where can you send the files to?

A: You can send a report as attachment or a public storage using the following connectors: Amazon S3, Dropbox, FTP, Google Cloud Storage, SFTP.

Q: Hi, about launch an automation from a Qlik Sense app, which rights are needed so users  can launch this automation or report?

A: You don’t need a specific right unless your tenant admin disable the Application Automation.

Q: Is there a limit of the size of the PDF that can be generated?

A: No file size limit, there are other factors you may want to consider. Please see the limitations: Qlik Reporting Service specifications and limitations

Q: When will other file formats (for example, PowerPoint) be supported?

A: They are on road map, so please stay tuned.

Q: Can you use only complete sheets or also specific diagrams?

A: Yes, as long as they are public sheet. You may want to consider the size of the sheet; otherwise, the sheet may not fill a report well.

Q: Can you repet please how much reports can we send for free?

A: Number of reports per tenant per day: 10,000.

Q: Can you "print" a whole Table? Or only the first 20 Rows, which are seen?

A: You can make a selection in a block and filter it. Add a selection to the report

Q: Hi, you talk about 5000 free runs : it is about automation or report number ?

A: The limitation are listed here: Qlik Reporting Service specifications and limitations

Limitations have updated with the 4th of April, 2024. See Reporting Service Packaging Changes.

Q: Can you use filter?

A: Yes. Creating a Qlik Reporting Service report

Q: Are there plans to be able to send Excel format as the report?

A: Application Automation can distribute data in a Excel format: Using Qlik Application Automation to create and distribute Excel reports in Office 365

Q: Can you add the company graphical profile?

A: If you can add it as image on a sheet, then yes.

Q: In the future will be possible to generate other report formats such as PowerPoint?

A: If you have an idea, please submit it in our Ideation: Ideas

Q: Can you include 3rd party chart types (e.g., Vizlib charts) in Qlik Reporting Service?

A: Yes, what you can see in the sheet will be in a report.

Q: If you need native reports as PPT you should use NP?

A: Yes, Qlik Reporting Service only generates a report in PDF.

Q: Do you have central place to monitor all automation/reporting tasks? To see errors, last execution time or status?

A: Tenant admin is able see all the automation on the list in Management Console.

Q: Any plans on bringing this to Qlik Sense Enterprise on Windows?

A: No, this is a feature in Qlik Cloud.

Q: Please forgive if this has already been covered as I joined late, can we select landscape or portrait paper format?

A: You can adjust a sheet size, which will be your report size.

Q: When do combination of apps in one report come?

A: Please submit your idea in our ideation page: Ideas

Q: Is multi-format reporting on the roadmap for QRS? or will multi-format reporting stay with NPrinting only? Do you believe that eventually QRS can complete all NPrinting tasks?

A: Qlik Reporting Service is a different feature in Qlik Cloud. If you are looking for a solutin in Excel format, you can use Application Automation to generate and distribute a Excel spreadsheet: Using Qlik Application Automation to create and distribute Excel reports in Office 365

Q: Can you use it for on-demand reporting?

A: You can trigger a report from the sheet by implementing an action button: Triggering an automation from a button on a sheet

Q: The actual limit of 100 report, is 100 runs or 100 reports? I mean, can I send one report to 200 users with 200 different filters?

A: The limitation are listed here: Qlik Reporting Service specifications and limitations

Limitations have updated with the 4th of April, 2024. See Reporting Service Packaging Changes.

Q: I heard about a limit of 100 free reports by tenant by months?

A: The limitation are listed here: Qlik Reporting Service specifications and limitations

Limitations have updated with the 4th of April, 2024. See Reporting Service Packaging Changes.

Q: Can you show us how you set the screen size of the report so that it matches the page layout?

A: You set the sheet size in the app, which will be your report. The reporting service will try to optimize for portrait/landscapes.

Click here for video transcript

 

Web browsers blocking third-party cookies impacts embedded analytics

In case you missed it, Google finally set Q3 2024 as the date for 100% blocking all content relying on third-party cookies rendered on web pages in Chrome. At Qlik, the date is not a surprise to us, and to all our customers who embed Qlik Sense, we appreciate your collaboration and patience. We’ve been working hard for two years to prepare our products to handle this change and the impact it has on your end users. Here’s some additional information we believe will help you understand the changes Google and other browser makers have made to their software and how to configure Qlik Cloud and Qlik Sense Enterprise Client-Managed to keep embedded analytics working smoothly with your web applications and mashups.

Browser changes

Browser makers are handling third-party cookie blocking in different ways. You can learn more about the browsers Qlik supports for Qlik Cloud and Qlik Sense Enterprise Client-Managed and how those browsers handle third-party cookies and the changes they’re making by reviewing Google's Privacy Sandbox pages, and Saying goodbye to third-party cookies in 2024. Here’s a quick recap for popular browsers:

• Google Chrome: 100% of all third-party cookies will be blocked beginning Q3 2024. Today, Chrome is blocking 1% of third-party cookies in Q1 2024 according to their documentation, and it’s possible your company is enforcing third-party cookie blocking through automated browser settings management. So blocking Qlik embedded content is likely going to be a surprise without mitigation

• Apple Safari: By default, the “Prevent cross-site tracking" setting is on, blocking all third-party cookies Safari for Mac and iOS.

Microsoft Edge & Mozilla Firefox do not currently break Qlik Sense embedding with default privacy or cookie configurations. Please refer to your browser provider for up-to-date information.

Mitigating third-party cookies

If you're embedding Qlik Sense into a web app or mashup, we recommend reviewing configurations and deployments end-to-end to ensure they implement best practices for operating in browsers blocking third-party cookies. By default, Qlik Cloud and Qlik Sense Enterprise Client-Managed utilize cookies to maintain an authenticated session between the client browser and Qlik services. Because of the browser changes your solution may not display embedded content. To mitigate this issue, you can augment your solution to change how Qlik maintains an authenticated connection from your application to Qlik Sense.

• For Qlik Cloud: use OAuth clients to connect your web application to Qlik.
• For Qlik Sense Enterprise Client-Managed: use a domain certificate so the web application and Qlik server use the same domain.

Qlik Cloud (SaaS editions)

Since release at the end of 2022, embedding analytics from Qlik Cloud is possible using OAuth2 tokens for a cookie-less session. You can learn more by reading our authentication best practices for Qlik Cloud.

Using OAuth2 works with many of our embedding frameworks, including the new qlik-embed framework, capability APIs, nebula and enigma, and the various SDKs.

If you are using classic embedding libraries like the app integration and single integration APIs, you can use a session cookie proxy for Qlik Cloud, although you should look to use qlik-embed where possible in place of these experiences.

 Qlik Sense Enterprise Client-Managed

The easiest way to mitigate third-party cookie blocking is to use a trusted domain certificate issued by a valid certificate provider. This will enable your web application and the Qlik Sense server to share the same root domain name (e.g. example.com). Therefore, there will be no third-party cookie issue with embedded content between the Qlik server and your web application. The typical implementation uses a wildcard certificate so that your web application and the Qlik Sense server share the same root domain but have their own subdomain names. For example, with a wildcard certificate “*.example.com”, your web application would be “web-app.example.com”, and your Qlik server would be “qlik-sense.example.com”.  You can learn more about adding a signed server certificate on help.qlik.com.

This article provides an example on how to use the Qlik Enterprise Manager Python API to start a task from timestamp. The example runs a task by cdcposition using Python API.

This customization is provided as is. Qlik Support cannot provide continued support for the solution. For assistance, reach out to Professional Services.

1. Create the file cdctimestamp.py with the following content:

   """
   @author: Vinay Vitta
   """
   
   import json, glob, os, sys, base64, requests, re, time, urllib3
   from datetime import datetime
   from datetime import timedelta
   from calendar import monthrange
   from enum import Enum
   from copy import copy
   
   urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) # Don't want to print out warnings
   
   
   RepServer='79' #change Replicate Server name
   RepTask='mysql2file' #change for task name
   
   api_base_url = "https://snsql2014a/attunityenterprisemanager/api/v1/" #change for QEM server
   auth_string = "Basic c25zcWwyMDE0YVxhZG1pbmlzdHJhdG9yOmhheWV6aXJh" # Change for base64 hash user password ,, make sure to keep the Basic
   
   login_headers = {}
   login_headers["Authorization"] = auth_string
   print(login_headers)
   session = requests.Session()
   response = session.get(url=api_base_url + 'login', headers=login_headers, verify=False)
   # print(response.json())
   if response.status_code == 200:
   session_id = response.headers['EnterpriseManager.APISessionID']
   
   api_session_header = {}
   api_session_header["EnterpriseManager.APISessionID"] = session_id
   session.headers.update(api_session_header)
   
   urlResumeTime='servers/' + RepServer + '/tasks/' + RepTask + '?action=run&option=RESUME_PROCESSING_FROM_TIMESTAMP'
   print(api_base_url + urlResumeTime)
   data = {"cdcposition": "2023-07-14T01:01:01"} # change for the CDCposition
   resumeTimeResponse = session.post(url=api_base_url + urlResumeTime, headers=login_headers, json=data, verify=False)
   print(resumeTimeResponse.headers)

2. Call cdctimestamp.py
   
   Example: 
   
   C:\Python37\Scripts>python cdctimestamp.py
   
   Output:
   
   {'Authorization': 'Basic c25zcWwyMDE0YVxhZG1pbmlzdHJhdG9yOmhheWV6aXJh'}
   https://snsql2014a/attunityenterprisemanager/api/v1/servers/79/tasks/mysql2file?action=run&option=RESUME_PROCESSING_FROM_TIMESTAMP
   {'Cache-Control': 'no-cache, no-store', 'Content-Length': '38', 'Content-Type': 'application/json; charset=utf-8', 'Server': 'Microsoft-HTTPAPI/2.0', 'Date': 'Mon, 17 Jul 2023 21:57:43 GMT'}

Example from the log file of the task executing from timestamp:

00008888: 2023-07-17T16:57:34 [TASK_MANAGER ]I: Task 'mysql2file' running CDC only in fresh start mode, starting from log position: 'timestamp:2023-07-14T01:01:01' (UTC). (replicationtask.c:1770)
00008888: 2023-07-17T16:57:34 [TASK_MANAGER ]I: Feature flags for process are: (ar_feature_flags.c:232)

Environment

Qlik Enterprise Manager 

Qlik Cloud has a built-in method to export apps from your managed spaces, along with APIs available which allow for automation. 

Content:

• Export apps from Managed spaces (native method)
• Export apps using the Rest API
• Method One: REST APIs
• Method Two: Qlik-Cli:
• Unpublish an app with the REST API
• Method One: REST APIs
• Method Two: Qlik-Cli

Export apps from Managed spaces (native method)

This is the recommended method.

As of the 30th of January 2024, Qlik Cloud has introduced the functionality to Export apps from Managed Spaces.

Space Owner and users with the "Can Manage" role, can now export Qlik Cloud apps from Managed Spaces.

These apps can only be exported without data. Storytelling is not exported.

This possibility allows you to re-establish a parent - child relation of your source and published apps, in case the source app was accidentally deleted.

For more information, see:

• Exporting apps from managed spaces
• Exporting apps from Managed Spaces (Vidyard video)

Export apps using the Rest API 

You can also export the app from a managed space without data through the REST API or Qlik Cli in a supported way. 

These apps can only be exported without data, even if the NoData parameter is not set to true. Storytelling is not exported.

Method One: REST APIs

Requirements:

• PowerShell
• API keys enabled
• The App ID
• Your tenant URL

$hdrs = @{}
$hdrs.Add("Authorization","Bearer eyJhbGciOiJFUzM4NCIsImtpZCI6IjUzYj...VJaO0zSKZs7Q")
$tenanturl =  "https://yourtenant.ap.qlikcloud.com"
$appid = "7972e3ae-df5c-4ed3-81f4-e2220d76972d"
$url = $tenanturl+"/api/v1/apps/"+$appid+"/export?NoData=true"
 
$output = "C:\temp\MyExportedApp.qvf"
$firstcall=Invoke-WebRequest -Uri $url -Method Post -Headers $hdrs
 
$url2= $tenanturl+$firstcall.Headers.Location
echo $url2
Invoke-RestMethod -Uri $url2 -Method Get -Headers $hdrs -ContentType 'multipart/form-data' -OutFile $output

Reference: 

 Exports a specific app | Qlik Developer

Method Two: Qlik-Cli:

qlik app export 7972e3ae-df5c-4ed3-81f4-e2220d76972d --NoData > C:\temp\MyExportedApp.qvf

Reference:

app export | Qlik Developer

Unpublish an app with the REST API

Alternatively, an app can be unpublished from a Managed space and obtained for editing. This method maintains data, including storytelling.   

Use this method at your own risk. Direct API calls make changes which bypass safety nets and the end result can lead to unexpected results. 

Requirements:

• PowerShell
• API keys enabled
• The App ID
• Your tenant URL

Method One: REST APIs

This will move the app from a Management Space to your Personal space with the REST API.

1. Create an API key to perform the call. First of all. See https://qlik.dev/tutorials/generate-your-first-api-key
2. Using PowerShell, execute the following:
   

   [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
   
   $body='{"spaceId":""}'
   $hdrs = @{}
   $hdrs.Add("Authorization","Bearer eyJhbGciOiJM4ImtpZCI6IjBkZmQ5YzM2LTcy...YLmG54QLpd")
   $hdrs.Add("content-type","application/json")
   $url = "https://yourtenant.eu.qlikcloud.com/api/v1/apps/APPID/space"
   Invoke-RestMethod -Uri $url -Method Put -Headers $hdrs -Body $body

   
   Replace: 
   
   eyJhbGciOiJM4ImtpZCI6IjBkZmQ5YzM2LTcy...YLmG54QLpd with the API key you've generated
   yourtenant.eu.qlikcloud.com with your tenant URL
   APPID with your app ID 
   
   Tip: Get the App ID directly from the hub URL when you have the App open.
   
   
   
   
3. After the command is executed, the App will be moved to your personal space. This operation will retain bookmarks and sheets, though not their original owners. 

Troubleshooting:

See following article if any TLS/SLL error are output when running the PowerShell script:
Qlik Sense API: Could not create secure SSL/TLS channel (Powershell)

Method Two: Qlik-Cli

This will move the app from a Management Space to your Personal space with the REST API, wrapped in the QLIK-CLI.

Alternatively, if qlik-cli is installed, the following commands can be used. In the code, replace APPID with the correct one (e.g. 68aae8b0-3770-435d-951d-7b97469fb78b​). 

1. Set the qlik-cli user as the owner (this is necessary if you don't want the app to go the original owner's personal space, in case they have left the company):
   

   qlik app owner APPID

2. Move the app to the owner's personal space:
   

   qlik app space update APPID

3. (Optional) once moved to the personal space, create a duplicate (to use as the new source app), and put back the original app in the original space. This way, all the dependencies and links to the published app will be kept:
   

   qlik app space update APPID​ --spaceId SPACEID​

The admin using the qlik-cli commands will need to have full permissions on the Managed space that hosts the app.

Use this method at your own risk. The direct API calls used in this workaround make changes which bypass safety nets and the end result can lead to unexpected results. 

QMSEDX is a community-provided customization. Qlik does not provide support or direct assistance for this solution. For assistance, contact our Professional Services or engage in our QlikView Integrations forum.

EDX is a trigger mechanism for starting a QlikView reload or task from an external source, such as a scheduler or application. To start a task using EDX the QlikView Management API must be used and this is delivered in the form of a Web Service.

QMSEDX is a third-party app designed to perform said mechanism. For more information, see Using EDX in QlikView 11. 

QMSEDX is an open source tool that is developed by CwolfX on sourceforge where you can find more information and maybe support: https://sourceforge.net/p/qmsedx/wiki/Home/ Also keep in minde that as it is an opensource it could have other developers making there version available online, juste make sure to contact the one that made the version you are using

For custom developments. Documentation about QMS API is available at Qlik Help.

Related Content:

QMS API is available at Qlik Help
Using EDX in QlikView 11

This is a sample to create ODAG links with the ODAG API using PowerShell.

Environment

Qlik Sense Enterprise on Windows 

Sample using JWT authentication:

$body = '{"name": "ODAGLink",
    "selectionApp": "67a7d998-fdcb-414f-9049-7b6350234b9d",
    "templateApp": "13617037-cfa5-4205-93a7-87aac10c1676",
    "rowEstExpr": "Count(Dim1)",
    "properties": {
        "rowEstRange": [
        {
            "context": "*",
            "highBound": 100000
        }]
    }
}'
$hdrs = @{}
$hdrs.Add("X-Qlik-xrfkey","12345678qwertyui")
$hdrs.Add("Authorization","Bearer eyJhbGciOi...GYyMdkVoQLxRFYP7r7mLbGaamCwUIApcHtUc7b3LEg")
$url = "https://qlikserver1.domain.local/jwt/api/odag/v1/links?xrfkey=12345678qwertyui"
Invoke-RestMethod -Uri $url -Method Post -Headers $hdrs -Body $body -ContentType 'application/json'

Sample using ticket authentication:

#Paste the ticket here
$ticket='5PEtidGu2GjhLn2k'

$body = '{"name": "ODAGLink",
    "selectionApp": "67a7d998-fdcb-414f-9049-7b6350234b9d",
    "templateApp": "13617037-cfa5-4205-93a7-87aac10c1676",
    "rowEstExpr": "Count(Dim1)",
    "properties": {
        "rowEstRange": [
        {
            "context": "*",
            "highBound": 100000
        }]
    }
}'
$hdrs = @{}
$hdrs.Add("X-Qlik-xrfkey","12345678qwertyui")
$url = "https://qlikserver1.domain.local/api/odag/v1/links?qlikticket="+$ticket
Invoke-RestMethod -Uri $url -Method Post -Headers $hdrs -Body $body -ContentType 'application/json'

Sample using certificates:

$body = '{"name": "ODAGLink",
    "selectionApp": "67a7d998-fdcb-414f-9049-7b6350234b9d",
    "templateApp": "13617037-cfa5-4205-93a7-87aac10c1676",
    "rowEstExpr": "Count(Dim1)",
    "properties": {
        "rowEstRange": [
        {
            "context": "*",
            "highBound": 100000
        }]
    }
}'
$hdrs = @{}
$hdrs.Add("X-Qlik-User","UserDirectory=DOMAIN;UserId=Administrator")
$cert = Get-ChildItem -Path "Cert:\CurrentUser\My" | Where {$_.Subject -like '*QlikClient*'}
$url = "https://qlikserver1.domain.local:9098/v1/links"
Invoke-RestMethod -Uri $url -Method Post -Headers $hdrs -Body $body -ContentType 'application/json' -Certificate $cert

This article explains how to connect to the QMS API using HTTPS with the QVClient certificate.

Prerequisites:

1. Certificates trust must be configured in the QlikView environment. Please see  Certificate trust
2. You will need an API client to connect (see QlikView: Connect to QMS API with Visual Studio on how to create one)

Environment:

QlikView 

Export QVProxy certificate from the QlikView Server machine

1. Log into the virtual machine as the user running QlikView services
2. Open Microsoft Management Console (Start - Run - mmc)
3. Add the Certificates snap in (File - Add/Remove snap-in - Certificates - Add)
4. Choose "Computer account" in the dialogue box
5. "Local Computer" should be selected
6. Next - Finish - OK
7. Expand the View: Certificates - Personal - Certificates
8. Right click the QVProxy certificate - All Tasks - Export
9. Next
10. Check the box for exporting the private key and click Next
11. Click Next with default options
12. Fill in and remember the password (It will be used when importing the certificate)
13. Give it a name - put it somewhere where you can reach it from the machine running the client - Finish
     

Import QVProxy certificate to the machine running the client

1. Open Microsoft Management Console (Start - Run - mmc) on the computer running the client
2.  Add the Certificates snap-in (File - Add/Remove snap-in - Certificates - Add)
3. Choose "Computer account" in the dialogue
4. "Local Computer" should be selected
5. Next - Finish - OK
6. Expand the View: Certificates - Personal - Certificates
7. Right-click on the Certificates folder - All tasks - Import
8. Next
9. Look for the exported file (change the type to .pfx)
10. Next
11. Type in the password
12. Choose Personal store
13. Done

Modify the QMS Service reference to use HTTPS

In Visual Studio, once you have followed the procedure in QlikView: Connect to QMS API with Visual Studio then you can just right-click on the QMS API reference in the solution explorer and choose "Configure service reference".
Modify "http" to "https" in the connection address.

Modify app.config in the client code

In Visual Studio solution explorer, find App.config and double-click to edit it.

This customization is provided as is. Qlik Support cannot provide continued support of the solution. For assistance, reach out to our Professional Services or engage in our active Integrations forum.

Add this section to the app.config inside the <system.serviceModel> ... </system.serviceModel> tags:

 <behaviors>
   <endpointBehaviors>
     <behavior name="ServiceKeyEndpointBehavior">
       <clientCredentials>
         <clientCertificate findValue="CN=QVProxy" x509FindType="FindBySubjectDistinguishedName" storeLocation="LocalMachine" storeName="My" />
         <serviceCertificate>
           <authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck"/>
         </serviceCertificate>
       </clientCredentials>
     </behavior>
   </endpointBehaviors>
 </behaviors>

Note:If you get the following error "The client certificate is not provided. Specify a client certificate in ClientCredentials." add behaviorConfiguration="ServiceKeyEndpointBehavior" to all of the "endpoint" sections in the app.config 

Deleting spaces through the Qlik Cloud management console requires the space to be empty. This is to ensure that content (apps, data) is not orphaned.

However, APIs do not follow the same checks as the management console and can therefore be used to accidentally delete a space which still has content in it. The content is then orphaned. 

Resolution

To delete the spaces gracefully, it is necessary to delete each resource in the space first.

Refer to the below links for deleting apps and other resources:

DELETE app: https://qlik.dev/apis/rest/apps/#%23%2Fentries%2Fv1%2Fapps%2F-appId-delete
DELETE item: https://qlik.dev/apis/rest/items/#%23%2Fentries%2Fv1%2Fitems%2F-itemId-delete

Cause 

This is currently working as designed. Qlik is investigating the possibility of adjusting the current workflow, but as it stands, the prompt for space deletion is implemented as a functionally of the management console and is not a part of the API. APIs, in general, are intended to be used in a standalone capacity and will therefore often bypass checks.

Internal Investigation ID(s) 

QB-21853

Environment

Qlik Cloud 

Qlik Enterprise Manager allows Personal Access Token authentication with OIDC. We provide detailed instructions on how to integrate with Okta. See Setting up Personal Access Token authentication for the API for more information. 

Qlik Enterprise Manager OIDC integration does not currently support Azure Active Directory. 

See Support AzureAD for OIDC access to API for the status of a suggestion to support Azure Active Directory. You can track its status there (open, closed, delivered) and vote on it. 

Environment

Qlik Enterprise Manager 

Internal Investigation ID(s)

QB-21476  
RECOB-7510