Skip to main content
European CommissionEBSI European Blockchain

Changes


3 October 2024

Core Services

The following table summarises which APIs are considered stable, in maintenance, or decommissioned:

Stable APIsAPIs in maintenanceDecommissioned APIs
Authorisation API v4Authorisation API v3Authorisation API v2
DID Registry API v5DID Registry API v4DID Registry API v3
Ledger API v4Ledger API v3Trusted Apps Registry API v3
Timestamp API v4Timestamp API v3 (read-only)Trusted Issuers Registry API v3
Trusted Issuers Registry API v5Trusted Issuers Registry API v4
Trusted Policies Registry API v3Trusted Policies Registry API v2 (read-only)
Trusted Schemas Registry API v3Trusted Schemas Registry API v2 (read-only)
Track and Trace API v1 (new!)
  • REST APIs' collection endpoints: if the query contains unsupported parameters, the server will return an error.
  • Keep dependencies up-to-date.
  • Timestamp API v3, Trusted Policies Registry API v2 and Trusted Schemas Registry API v2 become read-only.
  • It is no longer possible to use an access token issued by Authorisation API v2 to get access to the JSON-RPC API of DID Registry API v4 and Trusted Issuers Registry API v4.

Core Libs

  • Fix caching issue in VC library.
  • Keep dependencies up-to-date.

8 August 2024

Core Services

  • VP Tokens sent to Authorisation API v4 must have an expiration time of less than 5 minutes in the future.
  • The validation of Trusted Issuers' proxies is more strict.
  • Ledger API v4 doesn't expose the eth_estimateGas and eth_sendRawTransaction methods anymore.
  • TAR API v4 is being decommissioned.
  • Experimental: support EBSI URI scheme.
  • TSR API v3 requires an access token with the openid tsr_write scope in order to query the JSON-RPC API.
  • TPR API v3 requires an access token with the openid tpr_write scope in order to query the JSON-RPC API.
  • The openid tnt_authorise scope is granted only if the requester has the proper policy in TPR.

Core Libs

BREAKING CHANGES
  • all the JSON Schemas must be loaded from the same TSR API version, as defined in the config object (TSR API v3 is used by default).
  • the VC and VP libraries now require the EBSI environment and hosts to be explicitly defined.
  • the EbsiIssuer object now requires a signer from the did-jwt library instead of publicKeyJwk/privateKeyJwk.

25 April 2024

Core Services

ServiceAPI versionChanges description
Authorisation APIv2Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
Authorisation APIv3Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
Authorisation APIv4Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
DID Registry APIv3Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
DID Registry APIv4Patch Changes:
  • Allow extra properties in verification method JWK.
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
DID Registry APIv5Patch Changes:
  • Allow extra properties in verification method JWK.
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
Timestamp APIv4Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
Track and Trace APIv1Minor changes:
  • Implement revocation in cascade.
Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
Trusted Issuers Registry APIv3Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
Trusted Issuers Registry APIv4Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.
Trusted Issuers Registry APIv5Patch Changes:
  • Validate dates of credentials linked in termsOfUse.
  • Verify if the credentials are valid at the current time.

27 March 2024

  • Support Verifiable Credentials with the JsonSchema credential schema type.
  • Authorisation API v4:
    • support jwt_vp_json and jwt_vc_json formats.
    • fix presentation definitions: add ES256K to supported algorithms for didr_write, didr_invite, tnt_authorise, tnt_create and tnt_write presentations
  • DIDR / Timestamp / TIR / Track and Trace JSON-RPC APIs: improve parameters validation.

19 Februrary 2024

Core Services

  • Track & Trace API v1 is now available.
  • Authorisation API v4 can deliver access tokens with the new "openid tnt_authorise", "openid tnt_create" and "openid tnt_write" scopes (required by Track & Trace API v1).
  • The new Verifiable Attestation 2024-01 schema (VCDM 1.1) is now supported by all the services.
  • DIDR API v5, Timestamp API v4, TIR API v5, TPR API v3 and TSR API v3: the JSON-RPC API returns more detailed errors when the request parameters are invalid.
  • If you're using the JSON-RPC APIs, please be aware of the following changes:
    • DIDR API v5, JSON-RPC method rollVerificationMethod: parameter rollArgs renamed to args.
    • Timestamp API v4, JSON-RPC methods insertHashAlgorithm and updateHashAlgorithm: parameter multihash renamed to multiHash.
    • Trusted Issuers Registry API v5, JSON-RPC method setAttributeMetadata: parameter attributeId renamed to revisionId, and parameter taoAttributeId renamed to attributeIdTao.
    • Trusted Policies Registry API v3, JSON-RPC methods insertUserAttributes and deleteUserAttribute: parameter address renamed to user.
    • Trusted Policies Registry API v3, JSON-RPC method deleteUserAttribute: parameter attributeName renamed to attribute.

Core Libs

  • VC library: new skipCredentialSubjectValidation option (boolean, default: false) to disable the credentialSubject validation.
  • VC and VP libraries return more detailed error messages when a schema validation fails. Also, the new verbose option (boolean, default: false) will make the VC or VP library return richer JsonSchemaValidationError objects.

31 January 2024

info

This release does not affect Pilot, it only affects Conformance and EBSIHub environments.

Conformance testing v3.2

ServiceAPI (previous version)API (new version)Changes description
ConformanceConformance API v3NO new version
  • The latest APIs are now used during the tests: Authorisation API v4, DID Registry API v5, Ledger API v4, Trusted Issuers Registry API v5, Trusted Schemas Registry API v3 and Trusted Policies Registry API v3.
  • The following credential types have been renamed:
    • CTWalletSameInTimeCTWalletSameAuthorisedInTime
    • CTWalletCrossInTimeCTWalletCrossAuthorisedInTime
    • CTWalletSameDeferredCTWalletSameAuthorisedDeferred
    • CTWalletCrossDeferredCTWalletCrossAuthorisedDeferred
    • CTWalletSamePreAuthorisedCTWalletSamePreAuthorisedInTime
    • CTWalletCrossPreAuthorisedCTWalletCrossPreAuthorisedInTime
  • New Holder Wallet and Issue to Holder pre-authorised and deferred flows with CTWalletSamePreAuthorisedDeferred and CTWalletCrossPreAuthorisedDeferred types.
  • The APIs and libraries now support the update Verifiable Attestation schema (2024-01) (VCDM 1.1):
    • issuer can be a URI or an object
    • credentialSubject can contain single or multiple subjects
    • proof is removed
    • evidence can contain single or multiple evidences
  • Bug fixes:
    • Follow PEX v2 specifications regarding the path properties, fix JSONPath values. Please make sure to update the path in your presentation submissions accordingly.
    • Share 3 valid VCs during the Verifier tests, as required by the presentation definition.
    • Use nonce defined by the client in the Verifier tests' VP JWT.

EBSI Hub

ContentChanges description
Best practices sectionThe folder is renamed from "Best practices" to "How-To's".
JSON Schemas TableThe page is renamed from "JSON Schemas Table" to "Data model registry". Also added the following changes in the content of the page:
  • A new introductory section.
  • A new section called "JSON Schemas Tables". This section will contain two tables, one with relevant information about the latest schemas versions and another with the upcoming ones.
Issuer Trust ModelThe page "Issuer Trust Model" is separated in two new pages: Both pages will be visible from the "Trust Model" sidebar, the "issuer-trust-model-v3" page will be marked as current(Green) and the "issuer-trust-model-v4" page as upcoming(Yellow).
How to register a DID document (old DID registry guidelines)This page is relocated to "Best practices" section.
DID Method for Legal EntitiesA link to "How to register a DID document" is added at the bottom of the page.
DID Method for Natural PersonA link to "How to register a DID document" is added at the bottom of the page.
How to obtain an access token (old Authorisation API guidelines)This page is relocated to "Best practices"section.
E-signing and e-sealing (JAdES profile)The page "E-signing and e-sealing" is separated in two new pages: Both pages will be visible from the "E-signing and e-sealing" sidebar, the "e-signing-v3" page will be marked as current(Green) and the "jades-v4" page as upcoming(Yellow).
Build your solution - IntroductionAdded a disclaimer warning the user that the content of the page is not fully aligned with the current specifications.
Design your solution - Design your trust chainAdded a disclaimer warning the user that the content of the page is not fully aligned with the current specifications.
Design your solution - Design your data modelAdded a disclaimer warning the user that the content of the page is not fully aligned with the current specifications.
Design your solution - Define the signature profileAdded a disclaimer warning the user that the content of the page is not fully aligned with the current specifications.

12 December 2023

Core Services

  • (new) Ledger API v4: new version of the Ledger API, relying on the latest APIs and smart contracts.
  • (updated) Authorisation API v4 and Timestamp API v4: the authorisation mechanism of Timestamp API has been refactored in order to use OpenID for Verifiable Presentations with the timestamp_write scope.

Core libs

  • Breaking changes affecting all the libraries: drop Node.js v16 support, export ES modules only.

Other

  • Decomissions
    • Storage API
    • Proxy Data Hub
    • Notifications API

8 August 2023

This release patches the smart contracts vulnerabilities reported during the security audit. These changes are not backward compatible. The EBSI team is currently working on additional improvements that will be applied together with the upcoming release. Please see the details of the release and the affected endpoints in the table below.

Additionally, please note that once all the changes related to this upcoming version are stable, you will receive an email confirming this. The current stable version will be substituted and will enter maintenance mode for 6 months, after which it will stop being supported by EBSI.

ServiceAPI (previous version)API (new version)Changes description
DID RegistryDID API v4DID API v5Change the version number of the endpoint called.API endpoints affected:
  • /jsonrpc
    • Changes in the call rollVerificationMethod when building an unsigned transaction to roll a verification method. It now requires rolling the arguments in a JSON schema and not by attribute as in the previous version, the data informed is still the same.
Trusted Issuers RegistryTIR API v4TIR API v5 (new)Change the version number of the endpoint called.API endpoints affected:
  • /jsonrpc
    • Substituted the the Issuer management by the management of a issuer proxy and attribute. And consequently substituting parameters linked to them like the AttributeData by a AttibuteID.
  • /policies (removed)
Trusted Apps RegistryTAR API v3TAR API v4 (new)Change the version number of the endpoint called.API endpoints affected:
  • /jsonrpc
  • /apps/:appName (response updated)
  • /apps/:appName/authorizations/:authId (response updated)
  • /apps/:appName/public-keys/:publicKey (response updated)
Trusted Policies RegistryTPR API v2TPR API v3 (new)Change the version number of the endpoint called.API endpoints affected:
  • /jsonrpc
  • /users/:address (response updated)
  • /policies/:policyId (response updated)
Trusted Schemas RegistryTSR API v2TSR API v3 (new)Change the version number of the endpoint called.API endpoints affected:
  • /jsonrpc
TimestampTimestamp API v3Timestamp API v4 (new)Change the version number of the endpoint called.Changes in API endpoints: NO
AuthorisationAuthorisation API v3Authorisation API v4 (new)Change the version number of the endpoint called.The new Authorisation API is connected to the new APIs to verify authorisations and issue access tokens.This new API also integrates the functionalities of Authorisation API v2 (needed for TAR, TSR, Timestamp, and TPR) and Authorisation API v3 (needed for DID Registry and TIR).
ConformanceConformance API v3Conformance API v4 (to be published in October)Change the version number of the endpoint called.New conformance service to be able to do the Wallet Conformance Testing v3 by interacting with the new APIs and correlated data sources. This new version of the WCT will be made available in October.
LedgerLedger API v3NO new versionThere is no new version or breaking change in Ledger API.Ledger API v3 is updated to be able to validate access tokens issued by Authorisation API v3 and Authorisation API v4