03 November 2020 (v2.43)


Hosted Pages

Release Highlight

We have even more improvements to our Hosted Pages feature with:

  • a new Hosted Page that lets your users manage their FIDO2 devices, making it easier for them to authenticate using biometrics.

  • activated Hosted Page links under each enabled page.

  • the ability to override the UI JS SDK's origin attribute with an origin query parameter for a Hosted Page.

243 rn hosted pages highlights

Import jobs

It is now possible to configure a webhook in import jobs to be notified with the job result. This new import webhook is called the End Job Notification Webhook.

For more information, check out the End Job Notification Webhook page.


  • The WebAuthn functions now display an error if the device used does not support the WebAuthn API.


We now display a validation message if the required minimum strength of password is fulfilled.

User events

We’ve differentiated between the password change and password reset event processes. Previously, we would trigger a password_updated event for both processes. Now, we trigger a password_changed and a password_reset event, respectively.

For a complete list of user events, check out the User Events data model.


Allowed origins

We now accept all valid URL schemes as allowed origins. There is no need to provide a URL starting with http or https.

User suspension

Users that are indefinitely suspended cannot request a password reset anymore. These are the users that are suspended with the allow_password_reset parameter set to false or those users suspended via the ReachFive Console.

For more information about user suspension mechanism, check out the User suspension page.


We have fixed the following items:

  • For security reasons, access_tokens are forbidden as query parameters in all of our management endpoints.

  • Imports and export job fields are correctly validated to avoid inserting corrupt values in the configuration.