Changes
8 August 2024
Core Services
- VP Tokens sent to Authorisation API v4 must have an expiration time of less than 5 minutes in the future.
- The validation of Trusted Issuers' proxies is more strict.
- Ledger API v4 doesn't expose the
eth_estimateGasandeth_sendRawTransactionmethods anymore. - TAR API v4 is being decommissioned.
- Experimental: support EBSI URI scheme.
- TSR API v3 requires an access token with the
openid tsr_writescope in order to query the JSON-RPC API. - TPR API v3 requires an access token with the
openid tpr_writescope in order to query the JSON-RPC API. - The
openid tnt_authorisescope is granted only if the requester has the proper policy in TPR.
Core Libs
- New library: @cef-ebsi/ebsi-uri (version: 0.1.0). Brand new library to convert EBSI URIs from/to regular URLs.
- New major versions of @cef-ebsi/verifiable-credential (version: 6.0.0) and @cef-ebsi/verifiable-presentation (version: 7.0.0) with the following changes:
- integrate @cef-ebsi/ebsi-uri library into the VC library.
- downgrade multiformats to v9.6.2.
- replace Transmute's vc.js library with DIF's did-jwt.
BREAKING CHANGES:
- all the JSON Schemas must be loaded from the same TSR API version, as defined in the config object (TSR API v3 is used by default).
- the VC and VP libraries now require the EBSI environment and hosts to be explicitly defined.
- the
EbsiIssuerobject now requires asignerfrom thedid-jwtlibrary instead ofpublicKeyJwk/privateKeyJwk.
25 April 2024
Core Services
| Service | API version | Changes description |
|---|---|---|
| Authorisation API | v2 | Patch Changes:
|
| Authorisation API | v3 | Patch Changes:
|
| Authorisation API | v4 | Patch Changes:
|
| DID Registry API | v3 | Patch Changes:
|
| DID Registry API | v4 | Patch Changes:
|
| DID Registry API | v5 | Patch Changes:
|
| Timestamp API | v4 | Patch Changes:
|
| Track and Trace API | v1 | Minor changes:
|
| Trusted Issuers Registry API | v3 | Patch Changes:
|
| Trusted Issuers Registry API | v4 | Patch Changes:
|
| Trusted Issuers Registry API | v5 | Patch Changes:
|
27 March 2024
- Support Verifiable Credentials with the
JsonSchemacredential schema type. - Authorisation API v4:
- support
jwt_vp_jsonandjwt_vc_jsonformats. - fix presentation definitions: add
ES256Kto supported algorithms fordidr_write,didr_invite,tnt_authorise,tnt_createandtnt_writepresentations
- support
- DIDR / Timestamp / TIR / Track and Trace JSON-RPC APIs: improve parameters validation.
19 Februrary 2024
Core Services
- Track & Trace API v1 is now available.
- Authorisation API v4 can deliver access tokens with the new "openid tnt_authorise", "openid tnt_create" and "openid tnt_write" scopes (required by Track & Trace API v1).
- The new Verifiable Attestation 2024-01 schema (VCDM 1.1) is now supported by all the services.
- DIDR API v5, Timestamp API v4, TIR API v5, TPR API v3 and TSR API v3: the JSON-RPC API returns more detailed errors when the request parameters are invalid.
- If you're using the JSON-RPC APIs, please be aware of the following changes:
- DIDR API v5, JSON-RPC method
rollVerificationMethod: parameterrollArgsrenamed toargs. - Timestamp API v4, JSON-RPC methods
insertHashAlgorithmandupdateHashAlgorithm: parametermultihashrenamed tomultiHash. - Trusted Issuers Registry API v5, JSON-RPC method
setAttributeMetadata: parameterattributeIdrenamed torevisionId, and parametertaoAttributeIdrenamed toattributeIdTao. - Trusted Policies Registry API v3, JSON-RPC methods
insertUserAttributesanddeleteUserAttribute: parameteraddressrenamed touser. - Trusted Policies Registry API v3, JSON-RPC method
deleteUserAttribute: parameterattributeNamerenamed toattribute.
- DIDR API v5, JSON-RPC method
Core Libs
- VC library: new
skipCredentialSubjectValidationoption (boolean, default:false) to disable thecredentialSubjectvalidation. - VC and VP libraries return more detailed error messages when a schema validation fails. Also, the new
verboseoption (boolean, default:false) will make the VC or VP library return richerJsonSchemaValidationErrorobjects.
31 January 2024
info
This release does not affect Pilot, it only affects Conformance and EBSIHub environments.
Conformance testing v3.2
| Service | API (previous version) | API (new version) | Changes description |
|---|---|---|---|
| Conformance | Conformance API v3 | NO new version |
|
EBSI Hub
| Content | Changes description |
|---|---|
| Best practices section | The folder is renamed from "Best practices" to "How-To's". |
| JSON Schemas Table | The page is renamed from "JSON Schemas Table" to "Data model registry". Also added the following changes in the content of the page:
|
| Issuer Trust Model | The page "Issuer Trust Model" is separated in two new pages: Both pages will be visible from the "Trust Model" sidebar, the "issuer-trust-model-v3" page will be marked as current(Green) and the "issuer-trust-model-v4" page as upcoming(Yellow). |
| How to register a DID document (old DID registry guidelines) | This page is relocated to "Best practices" section. |
| DID Method for Legal Entities | A link to "How to register a DID document" is added at the bottom of the page. |
| DID Method for Natural Person | A link to "How to register a DID document" is added at the bottom of the page. |
| How to obtain an access token (old Authorisation API guidelines) | This page is relocated to "Best practices"section. |
| E-signing and e-sealing (JAdES profile) | The page "E-signing and e-sealing" is separated in two new pages: Both pages will be visible from the "E-signing and e-sealing" sidebar, the "e-signing-v3" page will be marked as current(Green) and the "jades-v4" page as upcoming(Yellow). |
| Build your solution - Introduction | Added a disclaimer warning the user that the content of the page is not fully aligned with the current specifications. |
| Design your solution - Design your trust chain | Added a disclaimer warning the user that the content of the page is not fully aligned with the current specifications. |
| Design your solution - Design your data model | Added a disclaimer warning the user that the content of the page is not fully aligned with the current specifications. |
| Design your solution - Define the signature profile | Added a disclaimer warning the user that the content of the page is not fully aligned with the current specifications. |
12 December 2023
Core Services
- (new) Ledger API v4: new version of the Ledger API, relying on the latest APIs and smart contracts.
- (updated) Authorisation API v4 and Timestamp API v4: the authorisation mechanism of Timestamp API has been refactored in order to use OpenID for Verifiable Presentations with the
timestamp_writescope.
Core libs
- Breaking changes affecting all the libraries: drop Node.js v16 support, export ES modules only.
Other
- Decomissions
- Storage API
- Proxy Data Hub
- Notifications API
8 August 2023
This release patches the smart contracts vulnerabilities reported during the security audit. These changes are not backward compatible. The EBSI team is currently working on additional improvements that will be applied together with the upcoming release. Please see the details of the release and the affected endpoints in the table below.
Additionally, please note that once all the changes related to this upcoming version are stable, you will receive an email confirming this. The current stable version will be substituted and will enter maintenance mode for 6 months, after which it will stop being supported by EBSI.
| Service | API (previous version) | API (new version) | Changes description |
|---|---|---|---|
| DID Registry | DID API v4 | DID API v5 | Change the version number of the endpoint called.API endpoints affected:
|
| Trusted Issuers Registry | TIR API v4 | TIR API v5 (new) | Change the version number of the endpoint called.API endpoints affected:
|
| Trusted Apps Registry | TAR API v3 | TAR API v4 (new) | Change the version number of the endpoint called.API endpoints affected:
|
| Trusted Policies Registry | TPR API v2 | TPR API v3 (new) | Change the version number of the endpoint called.API endpoints affected:
|
| Trusted Schemas Registry | TSR API v2 | TSR API v3 (new) | Change the version number of the endpoint called.API endpoints affected:
|
| Timestamp | Timestamp API v3 | Timestamp API v4 (new) | Change the version number of the endpoint called.Changes in API endpoints: NO |
| Authorisation | Authorisation API v3 | Authorisation API v4 (new) | Change the version number of the endpoint called.The new Authorisation API is connected to the new APIs to verify authorisations and issue access tokens.This new API also integrates the functionalities of Authorisation API v2 (needed for TAR, TSR, Timestamp, and TPR) and Authorisation API v3 (needed for DID Registry and TIR). |
| Conformance | Conformance API v3 | Conformance API v4 (to be published in October) | Change the version number of the endpoint called.New conformance service to be able to do the Wallet Conformance Testing v3 by interacting with the new APIs and correlated data sources. This new version of the WCT will be made available in October. |
| Ledger | Ledger API v3 | NO new version | There is no new version or breaking change in Ledger API.Ledger API v3 is updated to be able to validate access tokens issued by Authorisation API v3 and Authorisation API v4 |