Changes
3 October 2024
Core Services
The following table summarises which APIs are considered stable, in maintenance, or decommissioned:
Stable APIs | APIs in maintenance | Decommissioned APIs |
---|---|---|
Authorisation API v4 | Authorisation API v3 | Authorisation API v2 |
DID Registry API v5 | DID Registry API v4 | DID Registry API v3 |
Ledger API v4 | Ledger API v3 | Trusted Apps Registry API v3 |
Timestamp API v4 | Timestamp API v3 (read-only) | Trusted Issuers Registry API v3 |
Trusted Issuers Registry API v5 | Trusted Issuers Registry API v4 | |
Trusted Policies Registry API v3 | Trusted Policies Registry API v2 (read-only) | |
Trusted Schemas Registry API v3 | Trusted Schemas Registry API v2 (read-only) | |
Track and Trace API v1 (new!) |
- REST APIs' collection endpoints: if the query contains unsupported parameters, the server will return an error.
- Keep dependencies up-to-date.
- Timestamp API v3, Trusted Policies Registry API v2 and Trusted Schemas Registry API v2 become read-only.
- It is no longer possible to use an access token issued by Authorisation API v2 to get access to the JSON-RPC API of DID Registry API v4 and Trusted Issuers Registry API v4.
Core Libs
- Fix caching issue in VC library.
- Keep dependencies up-to-date.
8 August 2024
Core Services
- VP Tokens sent to Authorisation API v4 must have an expiration time of less than 5 minutes in the future.
- The validation of Trusted Issuers' proxies is more strict.
- Ledger API v4 doesn't expose the
eth_estimateGas
andeth_sendRawTransaction
methods anymore. - TAR API v4 is being decommissioned.
- Experimental: support EBSI URI scheme.
- TSR API v3 requires an access token with the
openid tsr_write
scope in order to query the JSON-RPC API. - TPR API v3 requires an access token with the
openid tpr_write
scope in order to query the JSON-RPC API. - The
openid tnt_authorise
scope is granted only if the requester has the proper policy in TPR.
Core Libs
- New library: @cef-ebsi/ebsi-uri (version: 0.1.0). Brand new library to convert EBSI URIs from/to regular URLs.
- New major versions of @cef-ebsi/verifiable-credential (version: 6.0.0) and @cef-ebsi/verifiable-presentation (version: 7.0.0) with the following changes:
- integrate @cef-ebsi/ebsi-uri library into the VC library.
- downgrade multiformats to v9.6.2.
- replace Transmute's vc.js library with DIF's did-jwt.
- all the JSON Schemas must be loaded from the same TSR API version, as defined in the config object (TSR API v3 is used by default).
- the VC and VP libraries now require the EBSI environment and hosts to be explicitly defined.
- the
EbsiIssuer
object now requires asigner
from thedid-jwt
library instead ofpublicKeyJwk
/privateKeyJwk
.
25 April 2024
Core Services
Service | API version | Changes description |
---|---|---|
Authorisation API | v2 | Patch Changes:
|
Authorisation API | v3 | Patch Changes:
|
Authorisation API | v4 | Patch Changes:
|
DID Registry API | v3 | Patch Changes:
|
DID Registry API | v4 | Patch Changes:
|
DID Registry API | v5 | Patch Changes:
|
Timestamp API | v4 | Patch Changes:
|
Track and Trace API | v1 | Minor changes:
|
Trusted Issuers Registry API | v3 | Patch Changes:
|
Trusted Issuers Registry API | v4 | Patch Changes:
|
Trusted Issuers Registry API | v5 | Patch Changes:
|
27 March 2024
- Support Verifiable Credentials with the
JsonSchema
credential schema type. - Authorisation API v4:
- support
jwt_vp_json
andjwt_vc_json
formats. - fix presentation definitions: add
ES256K
to supported algorithms fordidr_write
,didr_invite
,tnt_authorise
,tnt_create
andtnt_write
presentations
- support
- DIDR / Timestamp / TIR / Track and Trace JSON-RPC APIs: improve parameters validation.
19 Februrary 2024
Core Services
- Track & Trace API v1 is now available.
- Authorisation API v4 can deliver access tokens with the new "openid tnt_authorise", "openid tnt_create" and "openid tnt_write" scopes (required by Track & Trace API v1).
- The new Verifiable Attestation 2024-01 schema (VCDM 1.1) is now supported by all the services.
- DIDR API v5, Timestamp API v4, TIR API v5, TPR API v3 and TSR API v3: the JSON-RPC API returns more detailed errors when the request parameters are invalid.
- If you're using the JSON-RPC APIs, please be aware of the following changes:
- DIDR API v5, JSON-RPC method
rollVerificationMethod
: parameterrollArgs
renamed toargs
. - Timestamp API v4, JSON-RPC methods
insertHashAlgorithm
andupdateHashAlgorithm
: parametermultihash
renamed tomultiHash
. - Trusted Issuers Registry API v5, JSON-RPC method
setAttributeMetadata
: parameterattributeId
renamed torevisionId
, and parametertaoAttributeId
renamed toattributeIdTao
. - Trusted Policies Registry API v3, JSON-RPC methods
insertUserAttributes
anddeleteUserAttribute
: parameteraddress
renamed touser
. - Trusted Policies Registry API v3, JSON-RPC method
deleteUserAttribute
: parameterattributeName
renamed toattribute
.
- DIDR API v5, JSON-RPC method
Core Libs
- VC library: new
skipCredentialSubjectValidation
option (boolean, default:false
) to disable thecredentialSubject
validation. - VC and VP libraries return more detailed error messages when a schema validation fails. Also, the new
verbose
option (boolean, default:false
) will make the VC or VP library return richerJsonSchemaValidationError
objects.
31 January 2024
This release does not affect Pilot, it only affects Conformance and EBSIHub environments.
Conformance testing v3.2
Service | API (previous version) | API (new version) | Changes description |
---|---|---|---|
Conformance | Conformance API v3 | NO new version |
|
EBSI Hub
Content | Changes description |
---|---|
Best practices section | The folder is renamed from "Best practices" to "How-To's". |
JSON Schemas Table | The page is renamed from "JSON Schemas Table" to "Data model registry". Also added the following changes in the content of the page:
|
Issuer Trust Model | The page "Issuer Trust Model" is separated in two new pages: Both pages will be visible from the "Trust Model" sidebar, the "issuer-trust-model-v3" page will be marked as current(Green) and the "issuer-trust-model-v4" page as upcoming(Yellow). |
How to register a DID document (old DID registry guidelines) | This page is relocated to "Best practices" section. |
DID Method for Legal Entities | A link to "How to register a DID document" is added at the bottom of the page. |
DID Method for Natural Person | A link to "How to register a DID document" is added at the bottom of the page. |
How to obtain an access token (old Authorisation API guidelines) | This page is relocated to "Best practices"section. |
E-signing and e-sealing (JAdES profile) | The page "E-signing and e-sealing" is separated in two new pages: Both pages will be visible from the "E-signing and e-sealing" sidebar, the "e-signing-v3" page will be marked as current(Green) and the "jades-v4" page as upcoming(Yellow). |
Build your solution - Introduction | Added a disclaimer warning the user that the content of the page is not fully aligned with the current specifications. |
Design your solution - Design your trust chain | Added a disclaimer warning the user that the content of the page is not fully aligned with the current specifications. |
Design your solution - Design your data model | Added a disclaimer warning the user that the content of the page is not fully aligned with the current specifications. |
Design your solution - Define the signature profile | Added a disclaimer warning the user that the content of the page is not fully aligned with the current specifications. |
12 December 2023
Core Services
- (new) Ledger API v4: new version of the Ledger API, relying on the latest APIs and smart contracts.
- (updated) Authorisation API v4 and Timestamp API v4: the authorisation mechanism of Timestamp API has been refactored in order to use OpenID for Verifiable Presentations with the
timestamp_write
scope.
Core libs
- Breaking changes affecting all the libraries: drop Node.js v16 support, export ES modules only.
Other
- Decomissions
- Storage API
- Proxy Data Hub
- Notifications API
8 August 2023
This release patches the smart contracts vulnerabilities reported during the security audit. These changes are not backward compatible. The EBSI team is currently working on additional improvements that will be applied together with the upcoming release. Please see the details of the release and the affected endpoints in the table below.
Additionally, please note that once all the changes related to this upcoming version are stable, you will receive an email confirming this. The current stable version will be substituted and will enter maintenance mode for 6 months, after which it will stop being supported by EBSI.
Service | API (previous version) | API (new version) | Changes description |
---|---|---|---|
DID Registry | DID API v4 | DID API v5 | Change the version number of the endpoint called.API endpoints affected:
|
Trusted Issuers Registry | TIR API v4 | TIR API v5 (new) | Change the version number of the endpoint called.API endpoints affected:
|
Trusted Apps Registry | TAR API v3 | TAR API v4 (new) | Change the version number of the endpoint called.API endpoints affected:
|
Trusted Policies Registry | TPR API v2 | TPR API v3 (new) | Change the version number of the endpoint called.API endpoints affected:
|
Trusted Schemas Registry | TSR API v2 | TSR API v3 (new) | Change the version number of the endpoint called.API endpoints affected:
|
Timestamp | Timestamp API v3 | Timestamp API v4 (new) | Change the version number of the endpoint called.Changes in API endpoints: NO |
Authorisation | Authorisation API v3 | Authorisation API v4 (new) | Change the version number of the endpoint called.The new Authorisation API is connected to the new APIs to verify authorisations and issue access tokens.This new API also integrates the functionalities of Authorisation API v2 (needed for TAR, TSR, Timestamp, and TPR) and Authorisation API v3 (needed for DID Registry and TIR). |
Conformance | Conformance API v3 | Conformance API v4 (to be published in October) | Change the version number of the endpoint called.New conformance service to be able to do the Wallet Conformance Testing v3 by interacting with the new APIs and correlated data sources. This new version of the WCT will be made available in October. |
Ledger | Ledger API v3 | NO new version | There is no new version or breaking change in Ledger API.Ledger API v3 is updated to be able to validate access tokens issued by Authorisation API v3 and Authorisation API v4 |