Fraud Prevention
- feat: Introducing CIAM Secure through IDO journeys
Fraud Prevention
- BREAKING CHANGE: The
serverPathparameter is now required. In previous versions, it defaulted to the US region. To ensure correct routing to your region, you must update your configuration to include theserverPathproperty as specified in the documentation. - BREAKING CHANGE: The DRS module is no longer initialized by default. If your application uses DRS, you must explicitly include the
drsconfiguration object in your initialization. - BREAKING CHANGE: DRS user identification APIs have been changed:
unidentifiedUser()→clearUser()identifyUser()→setAuthenticatedUser()setUser()→setAuthenticatedUser()
Identity Verification
- BREAKING CHANGE: The
serverPathparameter is now required. In previous versions, it defaulted to the US region. To ensure correct routing to your region, you must update your configuration to include theserverPathproperty as specified in the documentation.
Orchestration
- feat: Introducing CIAM Secure through IDO journeys
- feat: IDO module now uses separate typing files. You may need to update imports if your application consumes IDO types.
Webauthn
- BREAKING CHANGE: All major SDK methods have been refactored to use a single parameter object pattern instead of multiple positional parameters.
Fraud Prevention
- Add getSecureSessionToken public method for generating cryptographically signed session tokens
- Support optional actionType and expirationMinutes parameters in secure session token generation
Orchestration
- fix: Update ido-web-sdk to version 0.0.78 - Fix correlationId serialization to persist across external redirects
- Fixes issue where correlationId was lost during external redirects (e.g., IDV, external IDP)
- Ensures single correlation_id per invocation_id for consistent tracking
- Maintains backward compatibility with existing serialized states
Identity Verification
- feat: Add document silhouette on front image capture to help users do auto-capture
Fraud Prevention
- feat: Improved mouse movement sampling rate by using Pointer Events API.
- feat: Improved device identification speed by sending device data immediately.
- feat: Add current
publicKeyIDtracking for session token injection protection.
Identity Verification
- feat: Use ZXing lib for extraction of barcode data
- feat: Improve camera selection for capturing documents
- fix: Stability manager counter issue
Identity Verification
- feat: Use separate configuration for back, front, selfie stable frames threshold for autocapture
Fraud Prevention
- feat: Crypto binding - resolved race condition in key rotation 'init' message handling
- feat: Read the strings from IDV backend sdk settings
Fraud Prevention
- feat: Temporary multi-clientID support for DRS customers, by supporting
drs.clientIdinitialization parameter
Identity Verification
- fix: Fix image capturing order issue
- feat: Add package LICENSE file
Fraud Prevention
- fix: Update
getSessionTokenerror format from object to string. - improve device event performance and reselience.
Orchestration
- feat: Add Generic OTP Authentication step type
Fraud Prevention
- feat: Improve resilience of building encrypted request's body.
- feat: Add
missing_configdisabled reason for when the configuration orsdkEnabledflag is missing.
Identity Verification
- fix: Add translation for approve and retake buttons on selfie capture
- feat: Support installing SDK via npm install @transmitsecurity/platform-web-sdk
- feat: Provide detailed reasons when the RiskID-SDK is disabled.
- fix: Improved error handling in device attributes collection
- fix: Crypto binding - resolved initialization issue in Safari
- feat: Deploy a fix for Orchestration (ido) sdk
- feat: Add NPM support for Platform SDK
Fraud Prevention
- feat: Add support for rotating crypto-binding keys
Orchestration
- feat: Optimize risk recommendation flow
- feat: Add Select Organization step type
Fraud Prevention
- feat: Add support for passing custom attributes to the
triggerActionEvent
Identity Verification
- Correct and update UI texts
- fix: prevent race condition during crypto binding keys generation
Fraud Prevention
- feat: Added support for buffer interval flush after X seconds
- fix: Fix keys for buffer flush after certain interval or events threshold
Webauthn
- Add the possibility to have ':' char in the approval data schema.
Orchestration
- fix: Fixed content type header of the key_exchange requests
- fix: prevent race condition during crypto binding keys generation
- fix: Fix encryption headers lost after IDV redirect causing unencrypted API calls (FLOP-2912)
Fraud Prevention
- fix: improve getSessionToken flow to ensure it is not called while the SDK is not initialized
Identity Verification
- fix: Hide loading block when API request completes
Fraud Prevention
- Add enhanced and descriptive error codes to the
triggerActionEventmethod to improve granularity and explainability of errors - Improve SDK resilience during initialization, ensuring proper handling of configuration refresh failures
Identity Verification
- fix: improve session recapture logic
Fraud Prevention
- feat: Add support for reporting claimedUserIdType in triggerActionEvent method
Webauthn
- fix: Handle limitSingleCredentialToDevice validation error
Orchestration
- fix: Improved PKCS7 unpadding validation and error handling during double encryption
- fix: Include
clientIdquery param in/key_exchangecalls to allow cloudflare worker to route to the correct tenant application - feat: Introduce
StartSsoJourneyOptions, currently with onlyencrypted:? boolean. The implementation defaults tofalseif unspecified.
Orchestration
- feat: Support transport
Double Encryption, for IDO SDK initially
Identity Verification
- fix: show custom feedback if error is of type restriction criteria
Fraud Prevention
- feat: Add session token refresh in case session token is expired
Fraud Prevention
- fix: Avoid print an empty error on CDPR check
Webauthn
- fix: Support Mosaic URL wildcard (Internal use)
Orchestration
- feat: Add support for
Web to Mobile AuthenticationandWeb to Mobile Transaction Signingactions
Identity Verification
- feat: Add support for auto-capture capabilities
Fraud Prevention
- feat: Send sessionToken backend-maintain signal in every event
Fraud Prevention
- feat: Store Session Token in browser
- feat: Immediate sessionToken retrieval in case of identification event
- feat: Receive and store backend reported userId on any event sent
- feat: On any clearUser call - send clear user event
Identity Verification
- fix: Stop pulling status after moving from capturing steps.
Orchestration
- feat: Add support for
Transaction Signingwith passkeys action.
Webauthn
feat: Allow anonymous transaction signing, (without username parameter).
Identity Verification
feat: Add error handling for expired session status
Fraud Prevention
- feat: Increase session token resilience within the session
Orchestration
- refactor: change request logging to debug level
Identity Verification
- feat: Sign images with crypto-binding
Fraud Prevention
- feat: Persist userId if reported with successful authentication through action result interface
Identity Verification
- feat: Improve texts on capturing pages
Webauthn
- fix: Authentication timeout configuration issue
Fraud Prevention
- fix: Improve event consistency in network failures and re-send also in mid-sessions
Identity Verification
- fix: fix Portuguese lang initial
- feat: add support to french-canadian
Orchestration
- feat: added support for Transaction Signing with TOTP action.
- fix: made the save SDK data operation synchronous to ensure it won't be interrupted.
Fraud Prevention
- feat: setAuthenticatedUser enhancement
- feat: Event consistency improvement
Orchestration
- feat: Support saving data in IndexedDB for Ido SDK
Identity Verification
- feat: Add new resubmit reason "Restricted document"
Identity Verification
- fix: Fixing marked import issue
- feat: Automatic migration of clientId dependent crypto binding keys to clientId independent, in sdk upgrade
Fraud Prevention
- feat: Support identifiers migration under first-party domains
- feat: Add version field
Fraud Prevention
- fix: Reduce final DRS bundle size by 30%
Orchestration
- fix: fix escape failure presentation type
- fix: remove default applicationId from the SDK interface
- feat: sdk pass escapes to the application
- feat: introduce invokeSsoJourney()
- feat: add validate email and phone actions
Fraud Prevention
- fix: Remove challenge data object from triggerAction response
Identity Verification
- feat: Support dynamic document acquisition failure by restriction criteria custom message
- feat: Error messages improvements
Identity Verification
- feat: add support for custom video capture settings
Orchestration
- feat: handle optional resource param
Identity Verification
- feat: add message for customer support guidance
Fraud Prevention
- feat: Support new datapoints related to audio fingerprint and device data
- feat: Support payer.bankIdentifier new field in transactionData optional action property
Identity Verification
- feat: add error message to error callback
Orchestration
- feat: handle expired OTP passcode
- feat: support invoke external idp action (oidc)
- feat: support the new variant of the login-form action
Fraud Prevention
- feat: Enforced encrypted communication
Fraud Prevention
- fix: Remove datapoint for efficiency improvement
Fraud Prevention
- fix: Update collected datapoints when page is loaded
Fraud Prevention
- feat: Support new datapoints when page is loaded and device data
Webauthn
- feat: added support for approval signing
- feat: saving clientId in memory with fallback to localStorage
- feat: Add the ability to limit single credential to device
- feat: Support set timeout for webauthn registration and authentication modals
Fraud Prevention
- feat: Support sending device data also in every action (per customer need)
- feat: Add new datapoints to SDK: navigatorOnLine, navigatorIsUserActive, navigatorVirtualKeyboard, windowHistoryLength
Fraud Prevention
- fix: Enhance sessionToken consistency
Identity Verification
- feat: support trigger drs session token api
Orchestration
- fix: correctly handle server's assertion errors in sdk
- feat: add support for otp retry and resend
- feat: support auto replay in register / validate device actions
Identity Verification
- feat: support new refinement failure reasons
Orchestration
- feat: provide correct client response for OTP authentication actions.
Orchestration
- feat: added support for TOTP Registration
Identity Verification
- feat: use state manager as single source to decide next step in flow
Identity Verification
- feat: send api error code on error callback
Orchestration
- feat: allow cross site cookies Identity Verification
- feat: use containing element as reference to calculate width to support landscape in tablets
Identity Verification
- feat: accept CSS variables defined by implementor to set font and font weight
- feat: Global crypto-binding keys are clientId independent for consistency
Fraud Prevention
- feat: Use crypto-binding clientId independent
Webauthn
- fix: unhandled errors on unsupported browsers
Orchestration
- feat: Use crypto-binding clientId independent
Orchestration
- fix: Serialized state to handle with unicode characters
Identity Verification
- fix: log
DRSacquire action token error
Fraud Prevention
- feat: expose
getSessionTokenpublic function interface
Orchestration
- feat: changed
clientResponseOptionsto be an object instead of a map - feat: added
failure_datatoIdoServiceResponse
Webauthn
- feat: added support for the Australian domain
api.au.transmitsecurity.io
- feat: added support for Edge 18
Fraud Prevention
- feat: improved performance in user mouse events attributes collection
WebAuthn
- feat: added
onReadyhandler to activate autofill - fix: caught autofill abort signal error
Orchestration
- fix: changed WebAuthn registration action internal name
Fraud Prevention
- fix:
AuditFingerprintedge case in Safari iOS
Orchestration
- feat: added New Authentication action
- fix:
WaitForAnotherDeviceaction
Identity Verification
- fix: missing
initparam bug
Identity Verification
- feat: removed default API endpoint URL
Orchestration
- feat: added the new
generateDebugPinaction - feat: simplified the journey response fields,
typeis now deprecated
Fraud Prevention
- feat: added support for collecting
mouseup&mousedowninteraction events, added pressing indication for mouse events
Orchestration
- fix:
Validate deviceaction
Orchestration
- fix:
Register/Validate deviceactions
Fraud Prevention
- fix: sending new
navigator.userAgentDatain every event for retrieving the latest OS & browser versions in Chromium-based browsers Orchestration - fix: version
Orchestration
- feat: supported
Register/Validate deviceactions - feat: added journey completion token to
IdoServiceResponse
Orchestration
- feat: supported
WebAuthn registrationaction
Orchestration
- feat: supported
DRS triggeraction - feat: supported
IDV hostedaction
Identity Verification
- fix: added validation on camera video stream start before submitting an image
Fraud Prevention
- feat: added tracking crypto-binding identifiers on every action
WebAuthn
- feat: added support for cross-device flow
Identity Verification
- feat: allowed BI event API to be used with generated interfaces
Identity Verification
- fix: selfie placeholder frame missing on iOS 17
Fraud Prevention
- improvements and fixes
Fraud Prevention
- feat: added new data points for better detection abilities
Orchestration
- feat: supported
crypto binding validationaction
Identity Verification
- feat: added multiple stream validation for camera
Identity Verification
- fix: error thrown when initializing the SDK without IDV params
Orchestration
- feat: added support for
Wait for CSMaction
Identity Verification
- fix: issues starting video source
Identity Verification
- fix: camera feed starts in zoom
Identity Verification
- fix: SDK hosted app unexpected back behavior
WebAuthn
- feat: exposed GET default WebAuthn API paths function
WebAuthn
- BREAKING CHANGE: SDK init on event instead of invocation init
WebAuthn
- BREAKING CHANGE: introduced WebAuthn backend registration
- BREAKING CHANGE: introduced backend authentication SDK
- feat: added
autofillhandler - feat: implemented new SDK errors and removed SDK rejection
- feat: moved WebAuthn support indication functions to a new version of SDK
- feat: introduced a new structure for WebAuthn SDK
- fix: activate
autofillagain after aborting - fix: added
start registrationendpoint - fix: converted type to interfaces
- fix: interfaces and documentation
- fix: removed async from
autofillactions - fix: removed redundant allowed keys from local storage
- fix: removed unused dependencies and upgraded vulnerable packages
- fix: set device user in registration and changed interface
- fix: upgraded dependencies
- fix: wrong RP error handler
- feat: added
idomodule
- feat: added
idvmodule
- feat: added
drsmodule - feat: added
webauthnmodule