v8.0.1 (October 3, 2024)

_Compatible with: [`smart-contract`](https://github.com/ndidplatform/smart-contract) v9.x.x_

BUG FIXES:

- Fix backward compatibility with old data structure (data saved by previous version) when getting request data from AS.

v8.0.0 (August 1, 2024)

_Compatible with: [`smart-contract`](https://github.com/ndidplatform/smart-contract) v9.x.x_

BREAKING CHANGES:

- API version 6.0
  - Change request body JSON schema of POST `/node/update`.
    - Remove `node_key`
    - Remove `node_key_type`
    - Remove `node_sign_method`
    - Remove `node_master_key`
    - Remove `node_master_key_type`
    - Remove `node_master_sign_method`
    - Add `signing_public_key`
    - Add `signing_key_algorithm`
    - Add `signing_algorithm`
    - Add `signing_master_public_key`
    - Add `signing_master_key_algorithm`
    - Add `signing_master_algorithm`
    - Add `encryption_public_key`
    - Add `encryption_key_algorithm`
    - Add `encryption_algorithm`
  - Change response body JSON schema of GET `/utility/nodes/:node_id`
    - Remove `public_key`
    - Remove `master_public_key`
    - Remove `proxy.public_key`
    - Remove `proxy.master_public_key`
    - Add `signing_public_key`
    - Add `signing_master_public_key`
    - Add `encryption_public_key`
    - Add `proxy.signing_public_key`
    - Add `proxy.signing_master_public_key`
    - Add `proxy.encryption_public_key`
  - Remove query string parameter `on_the_fly_support` from GET `/utility/idp`
  - Add query string parameter `supported_feature_list` (list of strings separated by `,`) to GET `/utility/idp`
  - Change response body JSON schema of GET `/utility/idp`.
    - Remove `on_the_fly_support` (boolean) property.
    - Add `supported_feature_list` (array of strings) property.
  - Remove query string parameter `on_the_fly_support` from GET `/utility/idp/:namespace/:identifier`
  - Add query string parameter `supported_feature_list` (list of strings separated by `,`) to GET `/utility/idp/:namespace/:identifier`
  - Change response body JSON schema of GET `/utility/idp/:namespace/:identifier`.
    - Remove `on_the_fly_support` (boolean) property.
    - Add `supported_feature_list` (array of strings) property.
  - Change response body JSON schema of GET `/utility/nodes/:node_id`.
    - Remove `on_the_fly_support` (boolean) property.
    - Add `supported_feature_list` (array of strings) property.
  - Change body JSON schema of sign and sign with master key external crypto service (KMS) callback API.
    - Change property name `hash_method` to `hash_algorithm`.
    - Change property name `key_type` to `key_algorithm`.
    - Remove `sign_method` property.
    - Add `signing_algorithm` property.
    - Add `key_version` (number) property.
  - Change body JSON schema of decrypt external crypto service (KMS) callback API.
    - Change property name `key_type` to `key_algorithm`.
    - Add `encryption_algorithm` property.
    - Add `key_version` (number) property.
  - Change response body JSON schema of GET `/rp/request_data/:request_id`
    - Change property name `signature_sign_method` to `signature_signing_algorithm`
    - Add `signature_signing_key_version`
  - NDID only APIs
    - Change request body JSON schema of POST `/ndid/init_ndid`.
      - Remove `node_key`
      - Remove `node_key_type`
      - Remove `node_master_key`
      - Remove `node_master_key_type`
      - Add `signing_public_key`
      - Add `signing_key_algorithm`
      - Add `signing_algorithm`
      - Add `signing_master_public_key`
      - Add `signing_master_key_algorithm`
      - Add `signing_master_algorithm`
      - Add `encryption_public_key`
      - Add `encryption_key_algorithm`
      - Add `encryption_algorithm`
    - Change request body JSON schema of POST `/ndid/register_node`.
      - Remove `node_key`
      - Remove `node_key_type`
      - Remove `node_sign_method`
      - Remove `node_master_key`
      - Remove `node_master_key_type`
      - Remove `node_master_sign_method`
      - Add `signing_public_key`
      - Add `signing_key_algorithm`
      - Add `signing_algorithm`
      - Add `signing_master_public_key`
      - Add `signing_master_key_algorithm`
      - Add `signing_master_algorithm`
      - Add `encryption_public_key`
      - Add `encryption_key_algorithm`
      - Add `encryption_algorithm`
    - Remove `on_the_fly_support` property for registering node (POST `/ndid/register_node`) and updating node (POST `/ndid/update_node`).
    - Add `supported_feature_list` property for registering node (POST `/ndid/register_node`) and updating node (POST `/ndid/update_node`).

FEATURES:

- Separate node key usage types (signing and encryption).
  - API version older than 6.0 uses node signing key as node encryption key.
- Support new key algorithms for node signing public key and node signing master public key.
  - EC
    - curve: secp256r1/prime256v1
    - curve: secp384r1
  - Ed25519
- Support new signing algorithms for node key and node master key.
  - `RSASSA_PKCS1_V1_5_SHA_384`: RSA PKCS #1 v1.5 SHA-384
  - `RSASSA_PKCS1_V1_5_SHA_512`: RSA PKCS #1 v1.5 SHA-512
  - `RSASSA_PSS_SHA_256`: RSA PSS SHA-256
  - `RSASSA_PSS_SHA_384`: RSA PSS SHA-384
  - `RSASSA_PSS_SHA_512`: RSA PSS SHA-512
  - `ECDSA_SHA_256` (EC key curve: secp256r1/prime256v1)
  - `ECDSA_SHA_384` (EC key curve: secp384r1)
  - `Ed25519`
- Support new encryption algorithms for node key supported.
  - `RSAES_OAEP_SHA_1`
  - `RSAES_OAEP_SHA_256`
- API version 6.0
  - Validate identifier with namespace `citizen_id` as Thai citizen ID (by validating check digit/checksum). Can be disabled by setting environment variable `VALIDATE_IDENTIFIER` to `false`.
    - On create request (mode 1 and mode 2,3 when `bypass_identity_check` is set to `true`)
    - On create identity
    - On add identity
  - New API: GET `/utility/nodes/:node_id/public_keys`: Get node public key list (including previous key versions).
  - New API: GET `/utility/node_supported_features`: Get valid node supported feature list.
  - New API: GET `/utility/supported_ial`: Get valid/supported IAL list.
  - New API: GET `/utility/supported_aal`: Get valid/supported AAL list.
  - New API: GET `/utility/accessors/:accessor_id`: Get accessor key details.
  - NDID only APIs
    - New API: POST `/ndid/add_allowed_node_supported_feature`: Add allowed node supported feature
    - New API: POST `/ndid/remove_allowed_node_supported_feature`: Remove allowed node supported feature
    - New API: POST `/ndid/set_supported_ial_list`: Set supported IAL list
    - New API: POST `/ndid/set_supported_aal_list`: Set supported AAL list
- API version 5.3
  - New API: GET `/utility/supported_ial`: Get valid/supported IAL list.
  - New API: GET `/utility/supported_aal`: Get valid/supported AAL list.
- Add environment variables.
  - `SIGNING_PRIVATE_KEY_PATH`: Path to node's private key for signing [Default: use pre-generated development key in development mode]
  - `SIGNING_PRIVATE_KEY_PASSPHRASE`: Passphrase for node's private key for signing
  - `SIGNING_MASTER_PRIVATE_KEY_PATH`: Path to node's master private key for signing [Default: use pre-generated development key in development mode]
  - `SIGNING_MASTER_PRIVATE_KEY_PASSPHRASE`: Passphrase for node's master private key for signing
  - `ENCRYPTION_PRIVATE_KEY_PATH`: Path to node's private key for encryption [Default: use pre-generated development key in development mode]
  - `ENCRYPTION_PRIVATE_KEY_PASSPHRASE`: Passphrase for node's private key for encryption
  - `NODE_BEHIND_PROXY_SIGNING_PRIVATE_KEY_DIRECTORY_PATH`: Directory path for nodes behind proxy private keys and passphrases for signing [Default: use pre-generated development key in development mode]
  - `NODE_BEHIND_PROXY_SIGNING_MASTER_PRIVATE_KEY_DIRECTORY_PATH`: Directory path for nodes behind proxy master private keys and passphrases for signing [Default: use pre-generated development key in development mode]
  - `NODE_BEHIND_PROXY_ENCRYPTION_PRIVATE_KEY_DIRECTORY_PATH`: Directory path for nodes behind proxy private keys and passphrases for encryption [Default: use pre-generated development key in development mode]
- `PRIVATE_KEY_PATH`, `PRIVATE_KEY_PASSPHRASE`, `MASTER_PRIVATE_KEY_PATH`, `MASTER_PRIVATE_KEY_PASSPHRASE`, `NODE_BEHIND_PROXY_PRIVATE_KEY_DIRECTORY_PATH`, and `NODE_BEHIND_PROXY_MASTER_PRIVATE_KEY_DIRECTORY_PATH` are still usable but considered deprecated.
- Add new environment variable options
  - `EXTERNAL_CRYPTO_SERVICE_CALLBACK_API_VERSION`: Callback API version for external crypto service (KMS). If not set, it will be the same as `CALLBACK_API_VERSION`.
  - `VALIDATE_IDENTIFIER`: Validate identifier on creating identity, adding identity, and creating request on API v6 and later. Defaults to `true`.
- Support simple API authentication.
  - Using API key set in HTTP header `X-API-Key`
  - Default config is NOT using API key auth. (Config can be set with environment variable `USE_API_KEY` and `API_KEY_HASH`.)

IMPROVEMENTS:

- Update dependencies.
- [Docker] Change Node.js version used in images to 20.

BUG FIXES:

- Fix telemetry incorrectly enabled on node with NDID role. (Node with `NDID_NODE` environment variable set to `true`.)
- Fix error in master-worker mode when master receives error from worker processing MQ message.

OTHERS:

- Compatibility with validations on CheckTx when making transactions to Tendermint/ABCI app.
- Change telemetry events timer trigger behavior to wait for response from telemetry server before starting the next interval / try sending again.

Update Dockerfile base image

v7.1.0 (August 18, 2022)

_Compatible with: [`smart-contract`](https://github.com/ndidplatform/smart-contract) v8.x.x_

FEATURES:

- Support dcontract request type.
  - Integrity check on IdP side. If fail, the platform automatically responses with error code `31000`. (Config can be set with environment variable `DCONTRACT_VALIDATE`.)

OTHERS:

- Increase minimum Node.js version requirement to 15.

v7.0.0 (August 11, 2022)

_Compatible with: [`smart-contract`](https://github.com/ndidplatform/smart-contract) v8.x.x_

BREAKING CHANGES:

- ABCI transaction and query data format change.

v6.0.0 (May 13, 2022)

_Compatible with: [`smart-contract`](https://github.com/ndidplatform/smart-contract) v7.x.x_

FEATURES:

- Identity modification notification (mode 2) can be suppressed. Suppressed notification from (actor) node IDs can only be set by regulator (NDID).
- API version 5.2
  - Allow `min_as` to be `0` in data request list on create request (API: POST `/rp/requests/:namespace/:identifier`). All requested ASs are able to response to a data request.
  - Add query string parameter `service_id` to GET `/utility/service_price_min_effective_datetime_delay`. Calling the API without `service_id` will return a global / fallback value.
  - Add `request_type` to create request (API: POST `/rp/requests/:namespace/:identifier`) parameter.
  - New API: GET `/utility/request_types`: Get valid request type list.
  - Change response body JSON schema of GET `/utility/requests/:request_id`.
    - Add `request_type` (string) property.
  - Change body JSON schema of request status update callback API (type: `request_status`) on RP, IdP, and AS.
    - Add `request_type` (string) property.
    - Add possible value `partial_completed` to `status` for cases where there is a service in data request with `0` min AS and at least one success data response(s) (AS signed response and RP has set data received) in any service.
  - Change body JSON schema of incoming request callback API (type: `incoming_request`) on IdP.
    - Add `request_type` (string) property.
  - Change body JSON schema of data request callback API (type: `data_request`) on AS.
    - Add `request_type` (string) property.
  - New API: GET `/utility/suppressed_identity_modification_notification_node_ids`: Get suppressed identity modification notification node ID list.
  - New API: GET `/utility/suppressed_identity_modification_notification_node_ids/:node_id`: Check identity modification notification suppressed status by node ID.
  - NDID only APIs
    - Add parameter `service_id` to POST `/ndid/set_service_price_min_effective_datetime_delay` to set service price minimum effective datetime delay by service ID. Calling the API without `service_id` will set a global / fallback value.
    - New API: POST `/ndid/add_request_type`: Add request type
    - New API: POST `/ndid/remove_request_type`: Remove request type
    - New API: POST `/ndid/add_suppressed_identity_modification_notification_node`: Add suppressed identity modification notification node (ID)
    - New API: POST `/ndid/remove_suppressed_identity_modification_notification_node`: Remove suppressed identity modification notification node (ID)

IMPROVEMENTS:

- Support Node.js 16.
- Support Tendermint 0.35.
  - Block result spec change.
- Update dependencies.
- Remove duplicate data when setting expected Tx metadata.
- Optimize raw MQ message write to redis. (Don't serialize JSON when setting raw message received from MQ to redis, set it as binary (Buffer) instead.)
- Reduce data from AS write to redis on RP side.
- [Docker] Change Node.js version used in images from 12 to 16.

OTHERS:

- Identity modification notification callback will not be sent if the modification action is done by node ID listed in suppressed identity modification node list.

v5.2.0 (January 9, 2022)

_Compatible with: [`smart-contract`](https://github.com/ndidplatform/smart-contract) v6.x.x_

OTHERS:

- Change AS response maximum uncompressed data size from 20 MB to 10 MB.

v5.1.0 (December 2, 2021)

_Compatible with: [`smart-contract`](https://github.com/ndidplatform/smart-contract) v6.x.x_

BUG FIXES:

- Fix message queue send success trigger when send retry timed out.

OTHERS:

- Move effective datetime check from ABCI app to API when AS sets service price since there’s an issue with block time drift to the future.
- Check effective datetime delay when AS sets service price (by comparing with current time on local machine).

v5.0.0 (July 27, 2021)

_Compatible with: [`smart-contract`](https://github.com/ndidplatform/smart-contract) v6.x.x_

BREAKING CHANGES:

- Change request message salt derivation. Now includes identity (namespace and identifier).
- AS response data compression
  - Compression algorithm: gzip
  - Maximum uncompressed data size is 20 MB.
  - Maximum compressed data (or data to be sent to other nodes) size is 3MB.
  - Sender side compresses AS resposne data only when size is at least configured size. (Config can be set with environment variable `AS_DATA_COMPRESS_MIN_LENGTH`.)
- Move AS response data data URL parsing from MQ message serialization to app layer.
- MQ message compression
  - Compression algorithm: gzip
  - Default config is no compression (Config can be set with environment variable `COMPRESS_MQ_MESSAGE`.)
  - Sender side compresses MQ message only when size is at least configured size. (Config can be set with environment variable `MQ_MESSAGE_COMPRESS_MIN_LENGTH`.)
  - Receiver side accepts compressed MQ message that uncompressed size is not larger than 25MB
- Change MQ message data format
  - Add `message_compression_algorithm`.
  - `AsDataResponseMqMessage` message type
    - Remove `data_data_url_prefix`.
    - Remove `data_bytes`.
    - Add `packed_data_metadata`.
    - Add `packed_data_bytes`.
- API version 5.1
  - NDID only APIs
    - `on_the_fly_support` (boolean) is a required property for registering node (POST `/ndid/register_node`) and updating node (POST `/ndid/update_node`).

FEATURES:

- API version 5.1
  - New API: POST `/as/service_price/:service_id`: Set AS service price/fee.
  - New API: GET `/utility/as/price/:service_id`: Get AS service price/fee list (including history sorted by latest first).
  - New API: GET `/utility/service_price_ceiling`: Get service price ceiling (set by NDID).
  - Change response body JSON schema of GET `/utility/nodes/:node_id`.
    - Add `on_the_fly_support` (boolean) property (only when `node_id` is IdP node).
  - Add query string parameter `on_the_fly_support` to GET `/utility/idp`
  - Change response body JSON schema of GET `/utility/idp`.
    - Add `on_the_fly_support` (boolean) property.
  - Add `lial` and `laal` properties to POST `/identity`.
  - Add query string parameter `on_the_fly_support` to GET `/utility/idp/:namespace/:identifier`
  - Change response body JSON schema of GET `/utility/idp/:namespace/:identifier`.
    - Add `on_the_fly_support` (boolean) property.
    - Add `lial` and `laal` (boolean) properties.
  - New API: GET `/identity/:namespace/:identifier/lial`: Get identity's LIAL.
  - New API: POST `/identity/:namespace/:identifier/lial`: Set identity's LIAL.
  - New API: GET `/identity/:namespace/:identifier/laal`: Get identity's LAAL.
  - New API: POST `/identity/:namespace/:identifier/laal`: Set identity's LAAL.
  - New API: POST `/rp/messages`: Save message to blockchain.
  - New API: GET `/utility/messages/:message_id`: Get saved message and its metadata/info from blockchain.
  - NDID only APIs
    - New API: POST `/ndid/set_service_price_ceiling`: Set service price ceiling
    - New API: POST `/ndid/set_service_price_min_effective_datetime_delay`: Set service price minimum effective datetime delay (compared to latest block's time)

SECURITY FIXES:

- Include identity (namespace and identifier) to request message salt derivation to be able to verify the identity of IdP response signature later (if there's a dispute) for mode 1 requests. This change prevents IdPs from spoofing AS.

v4.3.2 (July 27, 2021)

_Compatible with: [`smart-contract`](https://github.com/ndidplatform/smart-contract) v5.x.x_

BUG FIXES:

- Fix retry transact data on redis doesn't get removed after successful retry.
- Fix retry transact after process restart.

OTHERS:

- [Main] Add environment variable option alias `TELEMETRY_DB_HOST` for `TELEMETRY_DB_IP` to match with telemetry client module.