Aeon 5.2 Hotfix: API File Uploads, OAuth Email & Upload Improvements
Released - March 30th, 2026
Overview​
This hotfix delivers three changes to Aeon 5.2:
- API File Uploads - File uploads for photoduplication requests now use the Aeon API instead of the previous SFTP-based mechanism.
- OAuth Email (SMTP) - Outbound email delivery now supports OAuth 2.0 authentication for Microsoft 365 and Google Workspace.
- Photoduplication Upload Improvements - File type filtering and upload history improvements.
API File Uploads​
What Changed​
File uploads and downloads for photoduplication requests and user attachments now go through the Aeon API. The previous approach used an embedded SFTP server in the System Manager, which has been removed.
What You Need to Do​
- Set the Base API URL - After updating, configure the
BaseApiUrlcustomization key in Customization Manager under System > System. This should point to your Aeon API base URL (e.g.,https://yourserver/aeonapi). - Verify API accessibility - The Aeon Client must be able to reach the Web Platform API over HTTP/HTTPS for file operations to work.
- Firewall - Port 26710 (SSH) can be closed on the System Manager server as it is no longer used.
What's Removed​
- The
FileServicePortandFileServiceFingerprintcustomization keys are automatically removed during the update as they are no longer used. - The System Manager no longer runs an SFTP server.
OAuth Email (SMTP)​
What Changed​
Aeon can now use OAuth 2.0 Client Credentials authentication when sending email, in addition to traditional SMTP username and password authentication. This is necessary for institutions using Microsoft 365 or Google Workspace, which have deprecated or are deprecating basic SMTP authentication.
Supported Providers​
| Provider | Notes |
|---|---|
| Microsoft 365 | Requires Tenant ID, Client ID, and Client Secret from Microsoft Entra ID |
| Google Workspace | Requires Client ID and Client Secret from Google Cloud Console |
| Custom | For other OAuth-compatible email providers — all fields are manually configurable |
How to Configure​
- Register an OAuth application with your email provider:
- Microsoft 365: Register in Microsoft Entra ID and grant the
Mail.Sendpermission. - Google Workspace: Register in Google Cloud Console and enable the Gmail API.
- Microsoft 365: Register in Microsoft Entra ID and grant the
- In Aeon Customization Manager, navigate to System > Email.
- Click New Profile and select your provider type.
- Enter the required credentials (Tenant ID, Client ID, Client Secret).
- Ensure the
SMTPUserIDcustomization key is set to the email address that will send messages.
Important Notes​
- OAuth is optional. If no OAuth profile is configured, Aeon continues to use basic SMTP authentication. No action is required for sites that do not use Microsoft 365 or Google Workspace for email.
- If an OAuth profile is configured, it takes precedence over basic SMTP credentials.
- Only one OAuth profile can be configured at a time.
- The Client Secret is stored encrypted in the database. A
DatabaseUniqueIDcustomization key is auto-generated during the update to support this encryption. Do not modify this value.
Photoduplication Upload Improvements​
- When uploading files, you can now filter by file type (PDF, Images, or All Files). Your selected filter is remembered the next time you open the upload dialog.
- Upload history now includes the filename (e.g.,
"Photoduplication item uploaded: scan001.pdf") instead of a generic message. - Fixed an issue where TIFF files could fail to appear when using the Images filter in the upload dialog.