Compatibility between TigerGraph 3.10 and TigerGraph 4.1

Upgrading from TigerGraph 3.10 to 4.1 introduces important changes to security, privileges, and REST APIs. While the upgrade process automatically handles some migrations, certain features have been removed or modified in ways that require users to make their own adjustments.

This page highlights the changes you need to review and the steps you may need to take to ensure your applications, queries, and integrations continue to work smoothly after the upgrade.

TigerGraph versioning branched after 3.10. From 3.10, you can upgrade either to 3.11 or to 4.1. 4.1 is not the successor to 3.11. They are two separate upgrade paths.

TigerGraph Compatibility changes from 3.10 to 4.1

Version	Description	Recommendation
4.1.0	Plain-text tokens generated before the upgrade remain valid until they expire. However, if you export a database from 3.x and import it to 4.x, the plain-text tokens are not imported. Version 4.1 introduces JWT (JSON Web Token) as the default and more secure format for authentication. New tokens are created in JWT format.	Use JWT tokens for all authentication starting from version 4.1. Update your scripts and applications to use the new token format and endpoints. See Authentication.
4.1.0	Port usage for REST API requests has changed. The RESTPP service (port 9000) is no longer publicly accessible. Use the GSQL server (port 14240) for API requests on self-managed systems, and port 443 for TigerGraph Cloud.	Review your API client configuration and update endpoints accordingly. See Changing Ports.
4.1.0	The URIs and authentication format for many REST API endpoints were changed in order to follow OpenAPI standards and to be more consistent.	Review and update API calls to match the new endpoints and authentication. See the REST API reference.
4.1.0	A full export package now includes access policies and template queries.	Verify that exports include the new components when migrating or restoring data.
4.1.0	Access Control Lists (ACLs) are no longer supported. ACL privileges are automatically migrated to object-based privileges during upgrade.	Verify migrated privileges after upgrading from 3.x to 4.x. See Query privilege migration.
4.1.0	Vertex-level Access Control (VLAC) and VLAC methods are removed.	Remove any references to VLAC features in queries or applications. Use RBAC Row Policies instead.
4.1.0	The WRITE_DATA RBAC privilege is deprecated.	Replace usage of WRITE_DATA with the appropriate object-based privileges.

Version

Description

Recommendation

4.1.0

Plain-text tokens generated before the upgrade remain valid until they expire. However, if you export a database from 3.x and import it to 4.x, the plain-text tokens are not imported.

Version 4.1 introduces JWT (JSON Web Token) as the default and more secure format for authentication. New tokens are created in JWT format.

Use JWT tokens for all authentication starting from version 4.1. Update your scripts and applications to use the new token format and endpoints. See Authentication.

4.1.0

Port usage for REST API requests has changed. The RESTPP service (port 9000) is no longer publicly accessible.

Use the GSQL server (port 14240) for API requests on self-managed systems, and port 443 for TigerGraph Cloud.

Review your API client configuration and update endpoints accordingly. See Changing Ports.

4.1.0

The URIs and authentication format for many REST API endpoints were changed in order to follow OpenAPI standards and to be more consistent.

Review and update API calls to match the new endpoints and authentication. See the REST API reference.

4.1.0

A full export package now includes access policies and template queries.

Verify that exports include the new components when migrating or restoring data.

4.1.0

Access Control Lists (ACLs) are no longer supported. ACL privileges are automatically migrated to object-based privileges during upgrade.

Verify migrated privileges after upgrading from 3.x to 4.x. See Query privilege migration.

4.1.0

Vertex-level Access Control (VLAC) and VLAC methods are removed.

Remove any references to VLAC features in queries or applications. Use RBAC Row Policies instead.

4.1.0

The WRITE_DATA RBAC privilege is deprecated.

Replace usage of WRITE_DATA with the appropriate object-based privileges.