Skip to main content

Changelog


30 June 2025

This release includes performance improvements related to DID Registry API v5, Timestamp API v4, Track and Trace API v1, Trusted Issuers Registry API v5, Trusted Policies Registry API v3 and Trusted Schemas Registry API v3.

Some of these improvements required introducing breaking changes, so make sure to read the following list of changes carefully.

DID Registry API v5

No breaking change.

Timestamp API v4

No breaking change.

Track and Trace API v1

/documents/:documentId endpoint

Breaking change

The /documents/:documentId endpoint doesn't return the events property anymore. If you need to list the events related to a document, use the /documents/:documentId/events endpoint instead.

Before / after comparison:

{
"metadata": "metadata",
"timestamp": {
"datetime": "0x65b24e0d",
"source": "block",
"proof": "0x0000000000000000000000000000000000000000000000000000000000000006",
- "events": []
},
"creator": "did:ebsi:ztqWJAmfyuUEf9Jvh97p167"
}
Temporary fallback

If you still want to access the previous behaviour of the endpoint, you can append ?version=deprecated to the URL. Please note that this is a temporary solution, and it will be removed in the future.

Trusted Issuers Registry API v5

/issuers/:did endpoint

Breaking change

The attributes property of the /issuers/:did endpoint's response is now a link to /issuers/:did/attributes. If you need to list the attributes of an issuer, make sure to use the /issuers/:did/attributes endpoint.

In addition, a new hasAttributes property is now included in the response. It is true when the Trusted Issuer has accepted at least 1 attribute, and false otherwise.

Before / after comparison:

{
"did": "did:ebsi:zZeKyEJfUTGwajhNyNX928z",
- "attributes": [
- {
- "hash": "447867bafab4c4ad26d4f4650e2390f92a831b6343b7c36ecb7c51fee336fa14",
- "body": "...",
- "issuerType": "RootTAO",
- "tao": "did:ebsi:zZeKyEJfUTGwajhNyNX928z",
- "rootTao": "did:ebsi:zZeKyEJfUTGwajhNyNX928z"
- }
- ]
+ "attributes": "https://api-pilot.ebsi.eu/trusted-issuers-registry/v5/issuers/did:ebsi:zZeKyEJfUTGwajhNyNX928z/attributes",
+ "hasAttributes": true
}
Temporary fallback

If you still want to access the previous behaviour of the endpoint, you can append ?version=deprecated to the URL. Please note that this is a temporary solution, and it will be removed in the future.

/issuers/:did/attributes/:attributeId/revisions endpoint

Breaking change

The response of the /issuers/:did/attributes/:attributeId/revisions endpoint doesn't contain the attribute revisions anymore. Instead, it returns the list of revision IDs and their URL.

Before / after comparison:

{
"items": [
{
- "hash": "4ec707f1d31f0e98996ec662d7d9820874b4dd23cdc03f78a2ab1483c3969f3a",
- "body": "",
- "issuerType": "RootTAO",
- "tao": "did:ebsi:zZeKyEJfUTGwajhNyNX928z",
- "rootTao": "did:ebsi:zZeKyEJfUTGwajhNyNX928z"
+ "id": "4ec707f1d31f0e98996ec662d7d9820874b4dd23cdc03f78a2ab1483c3969f3a",
+ "href": "https://api-pilot.ebsi.eu/trusted-issuers-registry/v5/issuers/.../revisions/4ec707..."
}
]
}
Temporary fallback

If you still want to access the previous behaviour of the endpoint, you can append ?version=deprecated to the URL. Please note that this is a temporary solution, and it will be removed in the future.

/issuers/:did/attributes/:attributeId/revisions/:revisionId endpoint

  • New endpoint returning the attribute revision.

/issuers/:did/proxies endpoint

  • The results of the /issuers/:did/proxies endpoint are now properly paginated. You can use the page[size] and page[after] query parameters to adjust the pagination.

Trusted Policies Registry API v3

/users and /users/:user endpoints

Deprecation notice

The /users and /users/:user endpoints are now deprecated and will be completely removed in a future release. Please use the corresponding /subjects endpoints instead.

/subjects/** endpoints

4 new endpoints have been added in order to serve the requests in a more performant way:

  • /subjects
  • /subjects/:subject
  • /subjects/:subject/policies
  • /subjects/:subject/policies/:policyName

Trusted Schemas Registry API v3

/schemas/:schemaId/revisions endpoint

Breaking change

By default, the /schemas/:schemaId/revisions endpoint doesn't support the valid-at query parameter anymore.

If you want to use the valid-at parameter, you have to also set the version query parameter to deprecated — e.g. ?version=deprecated&valid-at=.... Please note that this is a temporary solution, and it will be removed in the future.

Other changes included in this release

  • Trusted Issuers Registry API v5 exposes a new removeIssuerProxy method that allows trusted issuers to remove a proxy.
  • Ledger API v3 and v4 expose the eth_getBlockReceipts JSON-RPC method.
  • Node.js and all the dependencies have been updated.

28 May 2025

Release Update Notification

As part of our standard release process, we identified the need to perform a rollback. We are currently assessing the situation and will proceed with relaunching the changes in the near future.


6 February 2025

Core Services

This release contains mostly internal changes and bug fixes:

  • Node.js and all the dependencies have been updated.
  • DID Registry API v4 and v5, Timestamp API v4, Trusted Issuers Registry API v4 and v5, Track and Trace API v1, Trusted Policies Registry API v3 and Trusted Schemas Registry API v3 expose a new /abi endpoint which allows you to retrieve the ABI of the underlying smart contract.
  • Multiple changes have been made to enhance the stability of the APIs.
  • For Node Operators willing to run their own custom instance of the EBSI stack: the Core Services are more configurable and do not enforce EBSI-specific rules regarding the URLs to be trusted — e.g. in Verifiable Credentials.

Core Libs

Breaking changes

  • Drop support for EBSI's 2022-11_01 Verifiable Attestation schema.
WARNING

Verifiable attestations must now contain the type VerifiableAttestation in addition to VerifiableCredential.

  • Make the VC and VP libraries EBSI environment-agnostic. The functions now require a configuration object which defines the properties of the environment to be used: list of trusted hosts, URI scheme prefix, network name (and whether the network segment is optional or not in the URI), available services and their version number.
import type { EbsiEnvConfiguration } from "@cef-ebsi/verifiable-credential";

const config = {
hosts: ["api-pilot.ebsi.eu"],
scheme: "ebsi",
network: {
name: "pilot",
isOptional: false,
},
services: {
"did-registry": "v5",
"trusted-issuers-registry": "v5",
"trusted-policies-registry": "v3",
"trusted-schemas-registry": "v3",
},
} as const satisfies EbsiEnvConfiguration;

New features

  • Untrusted domains in VC URLs are automatically replaced with trusted domains.
  • Add possibility to include a custom jwk property in the VC / VP JWT header.

Internal changes

  • Replace ethers.js with @noble/hashes, replace elliptic with @noble/secp256k1.

3 October 2024

Core Services

The following table summarises which APIs are considered stable, in maintenance, or decommissioned:

Stable APIsAPIs in maintenanceDecommissioned APIs
Authorisation API v4Authorisation API v3Authorisation API v2
DID Registry API v5DID Registry API v4DID Registry API v3
Ledger API v4Ledger API v3Trusted Apps Registry API v3 and v4
Timestamp API v4Timestamp API v3 (read-only)Trusted Issuers Registry API v3
Trusted Issuers Registry API v5Trusted Issuers Registry API v4
Trusted Policies Registry API v3Trusted Policies Registry API v2 (read-only)
Trusted Schemas Registry API v3Trusted Schemas Registry API v2 (read-only)
Track and Trace API v1 (new!)
  • REST APIs' collection endpoints: if the query contains unsupported parameters, the server will return an error.
  • Keep dependencies up-to-date.
  • Timestamp API v3, Trusted Policies Registry API v2 and Trusted Schemas Registry API v2 become read-only.
  • It is no longer possible to use an access token issued by Authorisation API v2 to get access to the JSON-RPC API of DID Registry API v4 and Trusted Issuers Registry API v4.

Core Libs

  • Fix caching issue in VC library.
  • Keep dependencies up-to-date.

8 August 2024

Core Services

  • VP Tokens sent to Authorisation API v4 must have an expiration time of less than 5 minutes in the future.
  • The validation of Trusted Issuers' proxies is more strict.
  • Ledger API v4 doesn't expose the eth_estimateGas and eth_sendRawTransaction methods any more.
  • TAR API v4 is being decommissioned.
  • Experimental: support EBSI URI scheme.
  • TSR API v3 requires an access token with the openid tsr_write scope in order to query the JSON-RPC API.
  • TPR API v3 requires an access token with the openid tpr_write scope in order to query the JSON-RPC API.
  • The openid tnt_authorise scope is granted only if the requester has the proper policy in TPR.

Core Libs

BREAKING CHANGES
  • All the JSON Schemas must be loaded from the same TSR API version, as defined in the config object (TSR API v3 is used by default).
  • The VC and VP libraries now require the EBSI environment and hosts to be explicitly defined.
  • The EbsiIssuer object now requires a signer from the did-jwt library instead of publicKeyJwk/privateKeyJwk.

25 April 2024

Core Services

ServiceAPI versionChanges description
Authorisation APIv2Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
Authorisation APIv3Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
Authorisation APIv4Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
DID Registry APIv3Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
DID Registry APIv4Patch Changes:
  • Allow extra properties in verification method JWK.
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
DID Registry APIv5Patch Changes:
  • Allow extra properties in verification method JWK.
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
Timestamp APIv4Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
Track and Trace APIv1Minor changes:
  • Implement revocation in cascade.
Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
Trusted Issuers Registry APIv3Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
Trusted Issuers Registry APIv4Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
Trusted Issuers Registry APIv5Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.

27 March 2024

  • Support Verifiable Credentials with the JsonSchema credential schema type.
  • Authorisation API v4:
    • support jwt_vp_json and jwt_vc_json formats.
    • fix presentation definitions: add ES256K to supported algorithms for didr_write, didr_invite, tnt_authorise, tnt_create and tnt_write presentations.
  • DIDR / Timestamp / TIR / Track and Trace JSON-RPC APIs: improve parameters validation.

19 February 2024

Core Services

  • Track & Trace API v1 is now available.
  • Authorisation API v4 can deliver access tokens with the new "openid tnt_authorise", "openid tnt_create" and "openid tnt_write" scopes (required by Track & Trace API v1).
  • The new Verifiable Attestation 2024-01 schema (VCDM 1.1) is now supported by all the services.
  • DIDR API v5, Timestamp API v4, TIR API v5, TPR API v3 and TSR API v3: the JSON-RPC API returns more detailed errors when the request parameters are invalid.
  • If you're using the JSON-RPC APIs, please be aware of the following changes:
    • DIDR API v5, JSON-RPC method rollVerificationMethod: parameter rollArgs renamed to args.
    • Timestamp API v4, JSON-RPC methods insertHashAlgorithm and updateHashAlgorithm: parameter multihash renamed to multiHash.
    • Trusted Issuers Registry API v5, JSON-RPC method setAttributeMetadata: parameter attributeId renamed to revisionId, and parameter taoAttributeId renamed to attributeIdTao.
    • Trusted Policies Registry API v3, JSON-RPC methods insertUserAttributes and deleteUserAttribute: parameter address renamed to user.
    • Trusted Policies Registry API v3, JSON-RPC method deleteUserAttribute: parameter attributeName renamed to attribute.

Core Libs

  • VC library: new skipCredentialSubjectValidation option (boolean, default: false) to disable the credentialSubject validation.
  • VC and VP libraries return more detailed error messages when a schema validation fails. Also, the new verbose option (boolean, default: false) will make the VC or VP library return richer JsonSchemaValidationError objects.

31 January 2024

info

This release does not affect Pilot, it only affects Conformance and EBSIHub environments.

Conformance testing v3.2

ServiceAPI (previous version)API (new version)Changes description
ConformanceConformance API v3NO new version
  • The latest APIs are now used during the tests: Authorisation API v4, DID Registry API v5, Ledger API v4, Trusted Issuers Registry API v5, Trusted Schemas Registry API v3 and Trusted Policies Registry API v3.
  • Credential type renames: CTWalletSameInTimeCTWalletSameAuthorisedInTime, CTWalletCrossInTimeCTWalletCrossAuthorisedInTime, CTWalletSameDeferredCTWalletSameAuthorisedDeferred, CTWalletCrossDeferredCTWalletCrossAuthorisedDeferred, CTWalletSamePreAuthorisedCTWalletSamePreAuthorisedInTime, CTWalletCrossPreAuthorisedCTWalletCrossPreAuthorisedInTime.
  • New Holder Wallet and Issue to Holder pre-authorised and deferred flows with CTWalletSamePreAuthorisedDeferred and CTWalletCrossPreAuthorisedDeferred types.

12 December 2023

Core Services

  • (new) Ledger API v4: new version of the Ledger API, relying on the latest APIs and smart contracts.
  • (updated) Authorisation API v4 and Timestamp API v4: the authorisation mechanism of Timestamp API has been refactored in order to use OpenID for Verifiable Presentations with the timestamp_write scope.

Core libs

  • Breaking changes affecting all the libraries: drop Node.js v16 support, export ES modules only.

Other

  • Decommissions
    • Storage API
    • Proxy Data Hub
    • Notifications API

8 August 2023

This release patches the smart contracts vulnerabilities reported during the security audit. These changes are not backward compatible.

ServiceAPI (previous version)API (new version)Changes description
DID RegistryDID API v4DID API v5Change the version number of the endpoint called. The rollVerificationMethod JSON-RPC call now requires rolling the arguments in a JSON schema.
Trusted Issuers RegistryTIR API v4TIR API v5 (new)Change the version number of the endpoint called. Issuer management replaced by management of issuer proxy and attribute. AttributeData replaced by AttributeID.
Trusted Apps RegistryTAR API v3TAR API v4 (new)Change the version number of the endpoint called. Endpoints affected: /jsonrpc, /apps/:appName, /apps/:appName/authorizations/:authId, /apps/:appName/public-keys/:publicKey.
Trusted Policies RegistryTPR API v2TPR API v3 (new)Change the version number of the endpoint called. Endpoints affected: /jsonrpc, /users/:address, /policies/:policyId.
Trusted Schemas RegistryTSR API v2TSR API v3 (new)Change the version number of the endpoint called. Endpoints affected: /jsonrpc.
TimestampTimestamp API v3Timestamp API v4 (new)Change the version number of the endpoint called. No API endpoint changes.
AuthorisationAuthorisation API v3Authorisation API v4New Authorisation API connected to the new APIs. Integrates functionalities of Authorisation API v2 (TAR, TSR, Timestamp, TPR) and v3 (DID Registry, TIR).
LedgerLedger API v3NO new versionNo breaking change. Ledger API v3 updated to validate access tokens from Authorisation API v3 and v4.