All notable changes to the Futurae Admin API will be documented in this file. [1.23.0] - 2025-06-12 Fixed: DELETE /srv/admin/v1/enrollments/ now correctly returns a 400 error for enrollments that have already succeeded or expired. [1.23.0] - 2025-05-19 Added: - User Allowed Factors and User Device capabilities extended with `hwtoken_hotp`. [1.22.0] - 2025-05-19 Added: - Enrollment success callbacks now include enrollment_id. [1.21.0] - 2025-04-23 Added: - Endpoint DELETE /srv/admin/v1/devices/{id} now returns archived_at in the response. [1.20.0] - 2024-09-12 Added: - Endpoint POST /srv/admin/v1/users now returns activation_code_universal_link in the response. - Endpoint POST /srv/admin/v1/users/{id}/devices now returns activation_code_universal_link in the response. [1.19.0] - 2024-05-17 Added: - Endpoint GET /srv/admin/v1/users/{id}/devices includes device integrity information in the response. - Endpoint GET /srv/admin/v1/devices includes device integrity information in the response. - Endpoint GET /srv/admin/v1/devices/{id} includes device integrity information in the response. [1.18.0] - 2024-04-16 Added: - New endpoints to manage Enrollments via enrollment ID: - GET /srv/admin/v1/enrollments/enrollment_id/{enrollment_id} - PUT /srv/admin/v1/enrollments/enrollment_id/{enrollment_id} - DELETE /srv/admin/v1/enrollments/enrollment_id/{enrollment_id} [1.17.0] - 2024-04-05 Added: - The following enroll endpoints now accept a boolean flag to allow Trusted Session Binding for Account Recovery flow: - POST /srv/admin/v1/users - POST /srv/admin/v1/users/{id}/devices - Endpoint GET /srv/admin/v1/enrollments returns boolean flag regarding the state of Account Recovery flow for each enrollment. - Endpoint GET /srv/admin/v1/enrollments/{id} returns boolean flag regarding the state of Account Recovery flow. - Endpoint PUT /srv/admin/v1/enrollments/{id} accepts boolean flag to set Account Recovery. - Endpoint GET /srv/admin/v1/devices returns boolean flag regarding the state of Account Recovery flow for each User Device. - Endpoint POST /srv/admin/v1/devices accepts boolean flag to set Account Recovery for User Device. - Endpoint GET /srv/admin/v1/devices/{id} returns boolean flag regarding the state of Account Recovery flow for User Device. - Endpoint PUT /srv/admin/v1/devices/{id} accepts boolean flag to set Account Recovery for User Device. - Endpoint GET /srv/admin/v1/users/{id}/devices returns boolean flag regarding the state of Account Recovery flow for each User Device. - Endpoint POST /srv/admin/v1/users/{id}/devices accepts boolean flag to set Account Recovery for User Device. [1.16.0] - 2024-03-29 Added: - The following enroll endpoints now accept a boolean flag to allow Trusted Session Binding for Enrollment flow: - POST /srv/admin/v1/users - POST /srv/admin/v1/users/{id}/devices [1.15.0] - 2023-05-07 Deleted: - The Statistics endpoints from the Admin API. [1.14.0] - 2023-05-16 Added: - Apply restrictions to the since parameter on the following endpoints: - /srv/admin/v1/activity - /srv/admin/v1/users/{id}/activity - /srv/admin/v1/stats/activity - /srv/admin/v1/stats/geo [1.13.0] - 2023-04-18 Added: - Apply restrictions to device's display name. Display name can be a string with spaces and with category L letters, numbers ([0-9]), or the characters `- + / . ( )`. [1.12.1] - 2023-03-08 Patched: - Fix 404 response to follow the error response format [1.12.0] - 2023-01-16 Added: - Add session_timeout param to PUT /srv/admin/v1/info - Return new session_timeout field on GET /srv/admin/v1/info [1.11.0] - 2023-01-11 Added: - Endpoint to update service information PUT /srv/admin/v1/info - Return new accounts_migration_callback_url field on GET /srv/admin/v1/info [1.10.0] - 2022-11-24 Changed: - Return 403 Forbidden and error code 40303 in /users and /users/{id}/devices when no SMS sender name is set. [1.9.0] - 2022-07-20 Added: - Automatic account recovery information fields (migrated_from_device_id, migrated_to_device_id, migrated_at) in Device resource. [1.8.0] - 2022-06-01 Changed: - User max_attempts default value to 15. [1.7.0] - 2022-05-20 Deleted: - Soundproof capability and factor [1.6.0] - 2022-05-18 Added: - activation_code response field to POST /srv/admin/v1/users - activation_code response field to POST /srv/admin/v1/users/{id}/devices - activation_code response field to GET /srv/admin/v1/enrollments - activation_code response field to GET /srv/admin/v1/enrollments/{id} [1.5.0] - 2021-05-28 Added: - Add callback authentication using JWS signatures. [1.4.1] - 2021-02-01 Added: - Add the ability to lookup and order users by display_name in "GET /srv/admin/v1/users" [1.4.0] - 2021-01-18 Added: - Add support for authentication using FIDO2/WebAuthn. [1.3.0] - 2020-11-23 Added: - All activation QR codes are now returned inline in data URI format as well, avoiding the need to use the public URL to retrieve the QR code. [1.2.0] - 2020-07-03 Added: - Add support for TOTP and QR code hardware tokens supplied by Futurae. Introduce new endpoints and make necessary, non-breaking adjustments to existing ones. [1.1.2] - 2019-11-08 Changed: - Increase the maximum validity of one-time codes generated via /users/{id}/one_time_code to 7 days ("valid_secs" param). [1.1.1] - 2019-08-19 Changed: - Adjust various enrollment related endpoints with the addition of the short activation code feature. [1.1.0] - 2019-06-07 Added: - "Get Active Users" endpoint to query fοr the active users of a service. - "Get List of Devices" endpoint can now be filtered by "sms" device type (in "type" query parameter). [1.0.2] - 2019-05-02 Added: - Endpoint to query for the devices of a service (including filters and pagination). - New filter parameters to the GET /srv/admin/v1/activity endpoint. [1.0.1] - 2019-01-30 Added: - Include the device_id of the newly enrolled device in enroll success callback. - Enable to programmatically set the user status to locked_out. - Enable to programmatically set the user max_attempts. [1.0.0] - Initial Futurae Admin API release