13 June 2024 (v2.114)

ReachFive v2.114 introduces a few improvements and needed bug fixes. We have added additional metadata in the response when retrieving passkey credentials for a user. We’ve also improved some of our user event messaging and created a new endpoint to help you get a list of blocked IPs.

As always, we made some general improvements and fixed a few items for you.

Metadata in passkeys response

To help better manage passkey identifiers, we have added metadata to the response when you retrieve a user’s passkey credentials.

Now, when calling either the /webauthn/registration/{id} endpoint or /webauthn/registration endpoint, you’ll get information such as a unique identifier for the key, when the key was created and last used, a friendly name, and in some cases, the Authenticator Attestation Global Unique Identifier, also known as the aaguid which helps to identify the passkey provider.

Example response
{
  "friendly_name": "My Sweet key",
  "aaguid": "adce0002-xxxx-0000-yyyy-0b25f1f05503",
  "created_at": "2024-06-04T13:24:46.505Z",
  "last_used_at": "2024-06-05T08:38:46.270Z",
  "id": "f7nfAfGW…​NA_lRoPQo="
}


Improved user event messaging

Previously, when an email, SMS, or hook (such as a webhook or Pub/Sub hook) failure occurred, we only logged generally that an error had occurred. Now, more information is provided when the error occurs, so you’re able to more easily resolve the issue.

We have updated one existing user event and also added a new event to help with this:

  • failed_hook_message now contains both the message and error code so you have more specific information handling errors.

    ...
  "failed_hook_message": "{\"detail\": \"Duplicated external id\", \"code\": \"711\"}"
...

  • New failed_message_error is a new user event field gives more information about why an email or SMS attempt failed.

For more details, see User Events.


Retrieve list of blocked IPs

We have created a new management endpoint that allows you to retrieve a list of blocked (banned) IPs so you have a comprehensive view of those IPs that have been blocked by our security protocol.

New endpoint: GET /api/v2/ips

Example response
{
    "total": 2, (1)
    "items": [ (2)
        {
           "ip" : "1.1.1.1",
           "report": {
                "expires": "2024-11-21T13:51:50Z",
                "created_at": "2024-11-25T13:51:50Z"
           }
        },
        {
           "ip" : "2.2.2.2",
           "report": {
                "expires": "2024-11-21T13:51:50Z",
                "created_at": "2024-11-25T13:51:50Z"
           }
        }
    ]
}
1 Lists the total of blocked IPs.
2 Blocked IPs are sorted by the most recent first. The list is paginated to ensure there are no performance issues.


Other improvements

  • We improved the error messages provided to end users through the UI SDK as they were not specific enough for the user to understand why the error occurred.


Fixes

Item Fixed

In some limited cases, newly-created lite profiles containing an email from an existing managed profile weren’t properly associated with the managed profile as expected.

It was temporarily possible to attempt to delete compromised profiles before the Identity Fraud Protection feature was enabled, meaning the deletion attempt would fail.

There was a small discrepancy when editing custom fields in the ReachFive Console whether the expected response should be camelCase or snake_case.

For more details, see Management API: Custom field schemas.