Skip to main content

Changelog

2026-02-10

SDK

  • 3.4.12: Updated API domain from api.safepassage.live to api.safepassageapp.com following DNS migration. All SDK versions 3.3.1+ now use the canonical .com domain. Backwards compatible - no changes required for existing integrations.

2026-01-18

Portal API

  • externalUserId is now returned in session config (/sessions/:id/config) and mobile config (/sessions/:id/mobile-config) responses.

Verify UI

  • Redirect callbacks now include externalUserId when provided at session creation.
  • Session token and QR flows persist externalUserId through runtime config.

Documentation

  • Clarified externalUserId behavior for redirect parameters and validation responses.

2026-01-17

Analytics

  • Outcome breakdown is now mutually exclusive per session.
  • System/session errors (e.g., invalid sessions) are excluded from publisher outcome analytics.

2026-01-12

SDK

  • Added newTabTarget to control whether new-tab mode opens a popup window or full browser tab.
  • cancelUrl now redirects on new-tab cancellation (status=cancelled, sessionId, timestamp).
  • onCancel can return false to suppress the automatic cancelUrl redirect.

Verify UI

  • New-tab abandonment posts status=cancelled to the opener and attempts a cancelUrl redirect for server-side flows.

Portal API

  • Added verification.cancelled webhook event when sessions are cancelled.
  • Session completion/validation now returns status=cancelled for cancelled sessions.
  • Cancellation outcomes are recorded in analytics events.

2026-01-15

SDK

  • 3.4.10: Fixed npm package structure to ensure CDN loading works correctly. SDK files are now at package root instead of nested in /dist/.

2026-01-09

SDK

  • 3.4.9: Prevents onCancel from firing after a successful new-tab verification when the popup closes.

2026-01-07

Localization Support Added

Publishers can now offer the verification flow in multiple languages. The UI automatically follows the end user's browser language and can be switched in the footer. This lays the foundation for adding more languages over time.

2025-12-18

Dedicated Verifications Page

Individual verification sessions are now managed in a dedicated Verifications page, separate from Analytics.

New features:

  • Search: Find sessions by externalUserId or Session ID (UUID auto-detected)
  • Time Range presets: Last 24h, 7 days, 30 days, or custom date range
  • Dynamic Country filter: Filter by country, populated from your actual verification data
  • Outcome filter: View all completed (Success + Failed), or filter to Success or Failed only
  • Additional filters: Mode (L1/L2), Device type, API key or key pair
  • Click to copy: Easily copy Session ID or External User ID from results

Analytics page updates:

  • Now focuses strictly on aggregate metrics and trends
  • Removed export functionality (CSV/JSON export to be added to Verifications in future)

See the Dashboard Guide for details.

Role-Based Access Control

The Team page now supports role-based access control with four roles:

RoleAccess Level
OwnerFull account access including billing, team management, and account deletion
AdminFull product access and team management, but cannot modify Owners or delete the account
MemberAnalytics, API keys, and configuration access
ViewerRead-only analytics access

Key changes:

  • Role selection is now required when inviting team members
  • Owners and Admins can change member roles inline from the team list
  • Navigation automatically filters based on your role permissions

See the Team section in the Dashboard Guide for the full permissions matrix.

2025-12-17

Documentation

  • Restructured documentation for clearer developer navigation
  • Consolidated verification modes content to single authoritative page
  • Added explicit cross-links between related pages
  • Removed duplicate configuration content

2025-12-16

More Reliable Verification Completion

Verification results are now fully confirmed before users are redirected, preventing edge cases where results might not be immediately available to downstream systems.

2025-12-15

Multi-Webhook Endpoints

Configure up to 20 webhook endpoints per account, each with independent URLs, event subscriptions, and signing secrets.

New Features:

  • Multiple endpoints — Create up to 20 webhook endpoints per tenant
  • Per-endpoint secrets — Each endpoint has its own HMAC signing secret
  • Event filtering — Subscribe each endpoint to specific event types
  • API key pair scoping — Route webhooks to specific endpoints based on which API key pair initiated the verification (ideal for multi-site deployments)
  • Enable/disable — Toggle endpoints without deleting configuration

API Key Pair Scoping: For multi-site deployments, scope webhook endpoints to specific API key pairs. Events from Site A's API keys only go to Site A's webhook endpoint, while account-wide endpoints (no pair selected) receive all events.

Migration: Existing single-webhook configurations continue to work. Once you create a webhook endpoint, events are delivered to endpoints instead of the legacy URL. A migration prompt in the Dashboard helps preserve your existing configuration.

See Webhooks documentation for setup details.

2025-12-11

Faster Emblem Sign-In

We improved Emblem sign-in performance, significantly reducing wait times when initiating an Emblem authentication flow.

2025-12-03

Improved SDK Compatibility

We updated the SafePassage JavaScript SDK build to improve compatibility with popular bundlers and frameworks, reducing integration issues in modern build environments.

2025-11-07

Improved API Request Performance

We improved API key validation performance to reduce request latency, resulting in faster and more consistent response times across verification and analytics endpoints.

2025-10-14

Optional Streamlined Verification Flow

Integrators can now configure verification flows to skip the introductory and/or success screens, enabling a more seamless embedded experience while maintaining existing security checks.

See the SDK documentation for skipIntro and autoReturn options.

Improved Emblem Account Creation Reliability

We resolved a timing issue that could prevent Emblem account creation immediately after verification, ensuring a more reliable and consistent signup experience.

2025-10-01

SDK

  • Redirect flow uses returnUrl only with standard parameters (sessionId, status, timestamp)

Breaking Changes

  • Redirect flow no longer uses cancelUrl. For new-tab cancellations, use cancelUrl or onCancel.