Currently the only way to request data from the APIs is to send the appropriate data via the "request" parameter. While this gives a lot of control it's also quite cumbersome to create a request. To make this simpler the requests should also support "direct parameters".
Examples
https://host.name/api/json/?m=categories&a=view&e=all&title=textView all categories that match the title "text".If the "m" parameter is set it should set up a Data object and setRequestValues, i....
The CMS should support "wizard" mode (yes the good ol' windows wizards...). This can be done using the "groups" to only display the fields in the relevant group. By clicking next, it goes to the next page (i.e. group). Once all required
fields are filled or it reaches the last group it'll shows the "submit" button.
The current MD5 file signatures allows end users to check whether the file is still in tact. However it doesn't garanty the file (and MD5) haven'/files/ field and API should support PGP signatures.
The password generator + validator should exclude certain characters from the character sets to avoid confusion and potential bugs, e.g.:capital i and lower l are confusing
capital o and zero are confusing
@ and : may ruin passwords in URL
As none of the values are per se incorrect it may make sense to just remove them from the generator but still leave them as "valid" values.
Typically any input should be trimmed, it makes sense to make this a default action which can be explicitly disabled. Instead of the current approach where it needs to be enabled explicitly.
Add a configuration option to "store"/files/ are used in the session. Currently it always store this information which clutters the session and is other than being displayed in the backend completely useless.
JAS should support Redis (http://redis.io/) next to (or maybe even instead of memcache) . What client should be used (see http://redis.io/clients#php)?