All notable changes to the Futurae Admin API will be documented in this file.

[1.18.0] - 2024-04-16

Added:

- New endpoints to manage Enrollments via enrollment ID:
  - GET    /srv/admin/v1/enrollments/enrollment_id/{enrollment_id}
  - PUT    /srv/admin/v1/enrollments/enrollment_id/{enrollment_id}
  - DELETE /srv/admin/v1/enrollments/enrollment_id/{enrollment_id}

[1.17.0] - 2024-04-05

Added:

- The following enroll endpoints now accept a boolean flag to allow Trusted Session Binding for Account Recovery flow:
  - POST /srv/admin/v1/users
  - POST /srv/admin/v1/users/{id}/devices
- Endpoint GET /srv/admin/v1/enrollments returns boolean flag regarding the state of Account Recovery flow for each enrollment.
- Endpoint GET /srv/admin/v1/enrollments/{id} returns boolean flag regarding the state of Account Recovery flow.
- Endpoint PUT /srv/admin/v1/enrollments/{id} accepts boolean flag to set Account Recovery.
- Endpoint GET /srv/admin/v1/devices returns boolean flag regarding the state of Account Recovery flow for each User Device.
- Endpoint POST /srv/admin/v1/devices accepts boolean flag to set Account Recovery for User Device.
- Endpoint GET /srv/admin/v1/devices/{id} returns boolean flag regarding the state of Account Recovery flow for User Device.
- Endpoint PUT /srv/admin/v1/devices/{id} accepts boolean flag to set Account Recovery for User Device.
- Endpoint GET /srv/admin/v1/users/{id}/devices returns boolean flag regarding the state of Account Recovery flow for each User Device.
- Endpoint POST /srv/admin/v1/users/{id}/devices accepts boolean flag to set Account Recovery for User Device.

[1.16.0] - 2024-03-29

Added:

- The following enroll endpoints now accept a boolean flag to allow Trusted Session Binding for Enrollment flow:
  - POST /srv/admin/v1/users
  - POST /srv/admin/v1/users/{id}/devices

[1.15.0] - 2023-05-07

Deleted:

- The Statistics endpoints from the Admin API.

[1.14.0] - 2023-05-16

Added:

- Apply restrictions to the since parameter on the following endpoints:
  - /srv/admin/v1/activity
  - /srv/admin/v1/users/{id}/activity
  - /srv/admin/v1/stats/activity
  - /srv/admin/v1/stats/geo


[1.13.0] - 2023-04-18

Added:

- Apply restrictions to device's display name. Display name can be a string with spaces and with category L letters, numbers ([0-9]), or the characters `- + / . ( )`.

[1.12.1] - 2023-03-08

Patched:

- Fix 404 response to follow the error response format

[1.12.0] - 2023-01-16

Added:
- Add session_timeout param to PUT /srv/admin/v1/info
- Return new session_timeout field on GET /srv/admin/v1/info

[1.11.0] - 2023-01-11

Added:

- Endpoint to update service information PUT /srv/admin/v1/info
- Return new accounts_migration_callback_url field on GET /srv/admin/v1/info

[1.10.0] - 2022-11-24

Changed:

- Return 403 Forbidden and error code 40303 in /users and /users/{id}/devices when no SMS sender name is set.

[1.9.0] - 2022-07-20

Added:

- Automatic account recovery information fields (migrated_from_device_id, migrated_to_device_id, migrated_at) in Device resource.


[1.8.0] - 2022-06-01

Changed:

- User max_attempts default value to 15.


[1.7.0] - 2022-05-20

Deleted:

- Soundproof capability and factor


[1.6.0] - 2022-05-18

Added:

- activation_code response field to POST /srv/admin/v1/users
- activation_code response field to POST /srv/admin/v1/users/{id}/devices
- activation_code response field to GET /srv/admin/v1/enrollments
- activation_code response field to GET /srv/admin/v1/enrollments/{id}


[1.5.0] - 2021-05-28

Added:

- Add callback authentication using JWS signatures.


[1.4.1] - 2021-02-01

Added:

- Add the ability to lookup and order users by display_name in "GET /srv/admin/v1/users"


[1.4.0] - 2021-01-18

Added:

- Add support for authentication using FIDO2/WebAuthn.


[1.3.0] - 2020-11-23

Added:

- All activation QR codes are now returned inline in data URI format as well,
  avoiding the need to use the public URL to retrieve the QR code.


[1.2.0] - 2020-07-03

Added:

- Add support for TOTP and QR code hardware tokens supplied by Futurae.
  Introduce new endpoints and make necessary, non-breaking adjustments to existing ones.


[1.1.2] - 2019-11-08

Changed:

- Increase the maximum validity of one-time codes generated via /users/{id}/one_time_code to 7 days ("valid_secs" param).


[1.1.1] - 2019-08-19

Changed:

- Adjust various enrollment related endpoints with the addition of the short activation code feature.


[1.1.0] - 2019-06-07

Added:

- "Get Active Users" endpoint to query fοr the active users of a service.
- "Get List of Devices" endpoint can now be filtered by "sms" device type (in "type" query parameter).


[1.0.2] - 2019-05-02

Added:

- Endpoint to query for the devices of a service (including filters and pagination).
- New filter parameters to the GET /srv/admin/v1/activity endpoint.


[1.0.1] - 2019-01-30

Added:

- Include the device_id of the newly enrolled device in enroll success callback.
- Enable to programmatically set the user status to locked_out.
- Enable to programmatically set the user max_attempts.


[1.0.0]

- Initial Futurae Admin API release