Release notes for Optimizely CMS and Customized Commerce updates

Fixed an issue that did not update a token in the cache when the session ID expired and used an expired token to retry authentication.

The newly supported authentication method lets customers leverage Salesforce OAuth flows using Salesforce users, no longer requiring a one-off Pardot only user.

Upon form submission, Checkbox or Multi-Select custom fields are not being saved in the prospect properties.

Pardot API returns a maximum of 200 records in one API call. If there are more than 200, multiple requests must be made to fetch the remaining custom fields.

There was a recent change to the way authentication is done for a few API calls, like getting a prospect and getting custom fields. The user_key and api_key must be sent in an HTTP Authorization header or the body of a POST request, instead of query string parameters.

Endpoint being used to check if the email exists was
https://pi.pardot.com/api/prospect/version/4/do/read/id/<email>
It should be
https://pi.pardot.com/api/prospect/version/4/do/read/email/<email>

Form and form field mappings are lost if the database is upgraded from 3.x to 4.x via the updateDatabaseSchema attribute of the <episerver.framework> element in the web.config.

In Pardot, the API Key is valid for 60 minutes, after which a new key is generated. This procedure works fine for other API calls, like retrieving prospect fields and prospect data. But when saving a prospect, the outdated key was being used. This caused a failure in the API call with the error message: "Either the user and/or API keys are incorrect, or the API key has expired."

If credentials are saved and the site/database is deployed to a server whose machine key is different, the site throws cryptographic error and becomes unusable.

If the credentials are saved and the site/database is deployed to a server whose machine key is different, the site throws cryptographic error and becomes unusable.