02 July 2020 (v2.36)


Reset password process

  • We’ve increased the strength of the verification code when requesting a reset password link (from 6 to 9 digits)

Deprecated endpoint

  • /identity/v1/token-info endpoint is deprecated and no longer supported. Please use /oauth/introspect instead. You can also fully decode your tokens by following this procedure.

User data management

Signup invitation

  • First release of the signup invitation flow, you can now capitalize on your Lite profiles data and accelerate your users signup process.

    For more information, please read this page.

Email update

  • The endpoint /api/v2/users/{user_id} can be used to update the profile’s email with the email of an existing Lite profile. The profiles will be merged after this update.

  • You can now activate and customize a notification message that will be sent to the old email address after an email update. This option is configurable in the ReachFive Console in the email update template:

    email update notification



  • Webhooks now accept all 2xx HTTP status codes as response and do not trigger retry mecanism for these statuses anymore

  • We’ve updated the retry mecanism to trigger at 15s / 30s / 60s and eventually throwing an error

    For more information about our Webhook mecanism, please read this page.

Apple Sign-In

  • The Domain Verification File has been deleted from Apple Sign-In configuration in the ReachFive Console. This parameter is no longer mandatory. For more information on Apple Sign-In configuration, please read this page.

OpenID well-known configuration

  • If a custom domain is set for your Account, the link of the ReachFive Console to visit your OpenID well-known configuration now redirects to that custom domain


  • Fixed an issue where a user could retrieve password from some configuration pages in the ReachFive Console

  • Fixed an issue where the port of an IPv4 address wasn’t properly parsed when making some call with a whitelisted address and resulted in the blocking of the request

  • Fixed security issue in some forms of the ReachFive Console to prevent re-use of complete configurations for SFTP or Amazon S3 storage providers

  • Fixed an issue with WebAuthn RSA signature that prevented from using some devices