Release notes

The release notes describe new features, enhancements, and fixes for the ReachFive platform. The latest release notes are found below. For previous releases, check out the sidebar.

For upcoming changes that require your attention, see the Attention page.

Other releases

The following shows other ReachFive releases for your convenience.

Latest version Release page Docs


identity core


identity ui


MavenCentral 9.1.0




SFCC Cartridge 20.7.0

16 May 2024 (v2.112)

ReachFive v2.112 introduces a few improvements and needed bug fixes.

We have delivered a new account recovery process for users with identification keys. We are happy to announce that we have added TikTok to our social provider options. You can now also trigger password reset flows with custom identifiers. To ensure user profile data freshness, you can use the new check_updated_at request body field in certain Management API endpoints.

As always, we made some general improvements and fixed a few items for you.

Release highlight

Recover accounts using identification keys

Users can now recover accounts that use identification keys. Much like the ability to reset a password for those users using traditional credentials, the new API endpoints and templates for account recovery allow users using identification keys to successfully recover their account.

  • New templates

  • New endpoints

There is a new Account recovery template for both email and SMS.

You can find this on the ReachFive Console at Settings  Emails  Templates and Settings  SMS  Templates.

For more, see Email templates and SMS templates.

2112 accountRecoveryTemplate

TikTok social provider

We’ve added a new option to our growing list of social providers, TikTok. ReachFive collects the following user information from TikTok.

  • open_id

  • union_id

  • avatar_url

  • username

For more details on using this social provider, see TikTok.

Trigger password reset flow with custom identifier

You can now trigger the reset password flow using a custom identifier. Previously, you could only achieve this with an email or phone number.

2112 forgotPassword

For more details, see the /forgot-password endpoint in the Identity API.

New check_updated_at field for validating user data freshness

We have a new check_updated_at field that you can pass that prevents profile data from being updated if the updated_at value in the payload is older than the updated_at value in the ReachFive user database.

Affected endpoints:

Why is this important? 🤔

You may have several contributing stakeholders in your technical ecosystem that handle use profile data. The updated_at value is critical in knowing how fresh the user data is, and when many stakeholders contribute to that data, you don’t want stale data to remain or accidentally remove the latest data.

  • Updates user data

  • Does not update user data

The following scenarios result in the user profile data being updated with the request.

Scenario 1:

check_updated_at is false or null

In this case, it doesn’t matter if the updated_at value is the same age, older, or newer.

Scenario 2:

check_updated_at is true

If the payload’s updated_at value is newer than the database updated_at value, the update proceeds with the newer request data.

check_updated_at is true

If the payload’s updated_at value is older (or the same age as) than the database updated_at value, the update does not occur and you receive an error response.

400 Bad Request “Can't update the profile since updated_at value passed is anterior to the current record”

Other improvements

  • We made some minor cosmetic improvements to the Recent Activity for user profiles on the ReachFive Console.


Item Fixed

It was possible to bring in invalid provider values when importing identities.

The error for failed discoverable login attempts for the WebAuthn signup flow was inconclusive. We improved this error messaging to state explicitly that "Your account is not associated with the provided credentials" when this happens.