This files describes API changes in /webservice/*
This information is intended for authors of webservices, not people writing webservice clients.

=== 19.1.5 ===

* Updated \webservice::authenticate_user in lib.php to support using encrypted tokens.
* Updated \webservice_server::authenticate_by_token in lib.php to support using encrypted tokens.

=== 19.1.1 ===

* Updated the handling of authentication tokens and username/password combinations for REST web services.
  These parameters must now be provided via POST only - passing them as GET parameters is no longer supported.
  This change can be reverted up until Totara version 20.0.0 by setting the revert_TL_42916_until_t20 flag. To do so, add the following line to your configuration:
    `$CFG->revert_tl_42916_until_t20 = true;`
* Minor internal change to the \webservice_protocol_is_enabled function to default to an empty string when $CFG->webserviceprotocols is unset.
* Added security check for when insecure (SOAP, XML-RPC) protocols are enabled.

=== 10 ===

* webservice->get_external_functions now returns the external function list ordered by name ASC.
* The filearea optional parameter has been removed from webservice/upload.php.
  Since Moodle 3.1 all the uploads go to the draft area.
* external_format_text() function: component, filearea and itemid are now optional parameters.
  In some contexts those parameteres are not necessary because is not required to do a file rewrite via
  file_rewrite_pluginfile_urls.
* External function get_site_info now returns the site course ID. This new field is marked as VALUE_OPTIONAL for backwards compatibility.
* The xmlrpc backend has changed, Zend_XmlRpc has been dropped and there might be slight differences in
  responses. Fault strings that were generated by Zend_XmlRpc_XXX_Exception exceptions (i.e. 'Method
  "[methodname]" does not exist') are no longer used which may display a different error message depending
  on the string returned by the getMessage() method of the thrown exception.
* The xmlrpc server is no longer enabled when the Mobile service is activated.
* Support for the AMF protocol has been dropped completely.
* As Zend Framework has been removed, the webservice_zend_* classes have also been removed.
* Zend_SOAP has been dropped. The native PHP SoapClient and SoapServer classes are now being used instead. WSDL is now
  generated by the new class webservice_soap_wsdl. For fault strings, a different error message might be shown depending
  on the string returned by the getMessage() method of the thrown exception.
* With Zend_SOAP dropped, moodle_zend_soap_server is now also deprecated.
* As mentioned in the 2.9 notes, deprecated web service functions have now been removed.
* Since our new XML-RPC server implementation does not support introspection, it is critical that all clients send
  parameters in the correct order.
* File uploading to the user private file area via the webservice/upload.php script is not supported anymore.
  Only uploads to the draft area are allowed.
