Version 1.8.0

July 1022, 2024

What's new

• Added advanced options when creating or editing a Software Statement. This is visible to just Super Users or clients where roles of Directory type are present
• Fixed issue where reactivating an Authority Mapping inside Reference Data was returning an error 500.
• This change corrects a minor error in a JWK field name in the keystores JWKS file, changing the x5t#256 field to RFC-7517 compliant x5c#S256.
• Upgrade infrastructure for Directory persistence store.
• API Resources update:
• Add support for soft deletions of api resources.
• Remove hard deletions of api resources.
• Support re-activation of api resources that have been soft deleted.

Version 1.7.0

July 08, 2024

What's new

• Fix deprecatedDate and retirementDate field format on the participants endpoint to align with the expected format YYYY-MM-DD instead of list elements.
• Updated accepted format for API webhook Uri’s to also accept URLs with only one character after slash.
• Minor UX improvements for Domain user administration.
• Enhance visibility conditions for Advanced Software Statement configuration options in the UI.
• Now visible for software statements with a Directory type role or on all software statements when viewed as a super user.

Version 1.6.0

June 10, 2024

What's new

• Improved error message for invalid certification URI to specify the expected format.
• Modify the Regular Expression of the API Webhook URI field of Software Statements
• Removal of the validation code from the individual acceptance document to the Docusign directory – It will no longer be necessary to copy code to access received email
• Pentest Fixes:
• Improve password reset functionality to prevent user password enumeration and email flooding attack vectors.
• Added additional layers of sanitization to reject unsafe user input before it is handled.
• Improve error messages to obfuscate cloud service specific information.

Version 1.5.4

April 18, 2024

What's new

• Fixed issue where Family Complete field in API Resources wasn't being correctly updated.
• Field "API Webhook" for Software Statements is now available.
• Improve user error message for empty values in login.
• Flags are now available to configured for Organisations, Authorisation Servers and Software Statements. Flags are enabled in Reference Data and then available to be added by all users with write access to these resources.

Version 1.4.0

March 13, 2024

What's new

• Domain/Technical Users are now configurable in Reference Data. They can be set up by a Global Admin.
• Fixed issue where Family Complete field in API Resources wasn't being correctly updated.
• Adjusted UI label for field "UserEmail" inside the Organisation Administrators modal. It's now "Email".
• Fixed issues in API Resources when an API had two different mandatory versions.
• Fix API behaviour to disallow changing of certification types and variants, in line with UI and data layer.

Version 5.20.0

November 07, 2023

What's new

• Updated consents API family type with the new endpoint: "{consentId}/extends" found in v2.2
• Added new API Family Type: payments-recurring-consents and payments-pix-recurring-payments
• Platform changes:
• API Version field is now a dropdown list
• Updated the behaviour of the "?" button: Clicking it now opens a new tab by default.
• Added side-scrolling to Organisation Certificates and Software Statement Certificates table
• Updated tooltip information for API Certification URI in the UI
• Available Authorisation Server and Software Statement Certifications now can be configured in Reference Data
• Bug fixes:
• Fixed issue where trying to reset a password twice generated an error message
• Fixed issue where clicking on the "view" icon would open the table in Reference Data > Authorisation Domain Roles
• Fixed issue where selecting "New Domain Claim" before data loaded would sometimes cause data to not appear in the modal
• Resolved UI bug for organisations with over 50 domain users in a single role
• Resolved a UI inconsistency where the left menu title failed to refresh correctly after deleting Authorisation Servers
• Fixed UI issue in the Certificates View where sorting by date wasn't taking into account the whole date
• Resolved UI bug to correctly separate Roles with identical names under distinct Authority Claims.

Version 5.17.0

August 22, 2023

What's new

• FIDO2 Certifications are now available for Authorisation Server Certifications
• New API family type "Enrolments" is now available in the Directory
• Created a new "Origin URI" field on the Software Statement and SSA
• Updated API family type’s “Variable Income" (broker note ID endpoint list)
• Platform Improvements:
• Improved icons for all actions
• Added SS and Org. Certificates “Show Active Only” default filter
• AS Server Certifications Dates are now shown in one field
• Fixed issue where T&C version was not properly showing
• Removed unused Resource Server Transport certificate option
• Fixed issue where users couldn't be added to the same "System" and different "Contact Roles"
• OpenID Provider (Login) codebase has been upgraded

Version 5.13.0

July 20, 2023

What's new

• Role Audit: History of role updates will be displayed in the UI to organisation admins and super users. This is available in Authority Domain Role Claims -> Role Change History
• Participants UI: We've released a user interface for the participants endpoint. This will allow users to quickly verify information that is available on the endpoint in a friendlier way. It can be accessed in "web.directory.openbankingbrasil.org.br/participants" or "web.sandbox.directory.openbankingbrasil.org.br/participants"
• Added phase 4b APIs
• UI / UX changes:
• Toggle actions will now only display the available action, reducing confusion

Version 5.7.0

May 31, 2023

What's new

• Open Data Automatic Recertification Implementation: Endpoints will be tested on a specific frequency and API Certification Status field will be updated. Test will now also send the organization_id value.
• Added new Software Statement API Webhook field.
• Added new CAs: Serasa SSL EV V4 and CertiSign SSL EV G4
• Updated role permissions: Admins can add or re-add roles but can't remove and FORTEC providers can't add other roles.
• Super Users will now have the capability to reissue completed Terms and Conditions.
• UI / UX changes:
• Added Created dates for Authorisation Servers and Software Statements
• Added Deactivated dates for organisation and software statement certificates. These will only appear for certificates deactivated after the release.
• Added "new" label to recently added (3 days) certificates.
• Improved display for Authorisation Server "Supports" columns and warning message.
• Added a sign-posting tooltip icon to guide users when creating a new API Discovery Endpoint

Version 5.4.1

April 24, 2023

What's new

• Enabled phase 4 Open Data APIs on Production
• Backend improvement was conducted and general UI navigation will be faster
• Environment Super Users will now be listed in the reference data (only available to other Super Users)
• For Super Users, process of unlocking a Software Statement is now easier: Instead of the button being inside “Software Statement Detail”, it’s on the Actions column

Version 5.0.0

March 30, 2023

What's new

• Improved API registration for phase 2 / 3 APIs. Endpoints are now automatically generated after base URI and version is added
• Added two new public endpoints:
• data.directory.openbankingbrasil.org.br/roots_directory.jwks
• data.directory.openbankingbrasil.org.br/roots.jwks
• Open Finance Sandbox support added for new root / intermediate CA
• Small UI improvements

Version 4.6.0

February 27, 2023

What's new

• Added new domain users
• Metrics Control Platform - Primary / Secondary PCM Contact (PPCMC)
• Production Validation Tool - Primary / Secondary FVP Contact (PFVPC)
• Cleaned up organization tags, available ones are now: “Instituicao Bancaria”, “Instituicao de Pagamento”, “Cooperativa de Credito Singular, Central e Confederacao”,“Corretora e Distribuidora de Titulos e Valores Mobiliarios”,“Outra Instituicao de Credito”,“ITP Habilitada”.
• Separated certificate upload options for Sandbox and Production, removing “brcac” and “brseal” from Production – leaving just Production certificates.
• Fixed issue where some API discovery endpoints weren’t being correctly registered in the UI.

• Added “copy” button on Access Code message for T&Cs.
• Fixed a bug where deleted T&Cs couldn’t be reissued.
• Added “initiated date” column in the organisation T&C history.

Version 4.0.0

January 09, 2023

What's new

• CertiSign’s SSL EV3 is now accepted on both the Keystores and Directory Gateway
• Added “x5dn” field on the Directory JWKS
• Implemented read-access policy for Organisation Admins / Domain Users to enable suppliers access to this information via APIs
• Improved UI of the API resources page, improving load time and usability
• Authorisation Server’s List columns of “Supports DCR”, “Supports CIBA” now are properly updated when a server certification is added. Also created a new “Supports Redirect” column

• Tooltips now disappear after 4 seconds
• Improved “Sorting” on organisation views

Version 3.14.0

November 22, 2022

What's new

• Added warning labels to Authorisation Servers list whose Security Certifications are missing
• New optional fields in Authorisation Servers: Deprecated Date, Retirement Date and SupersededByAuthorisationServerID
• If a Software Statement is Locked, the UI will now display the Software Statement Assertion when accessing the page
• Fixed Tags issue not appearing in “Participants” API
• Added additional countries into SMS field option when creating a new account
• Created public “unauthorised” page that is displayed when a user ends session while in the account registration process

• Added filter toggle to display and hide organisation level certificates while navigating software statement certificates
• When creating a new Software Statement, correctly display as “required” the field for RedirectURIs
• Added “click to copy” button for certificate generation commands
• Added option to download BRCAC_2022 automatic generated configuration for Windows & Linux

Version 3.6.0

September 29, 2022

What's new

• Software Statement webhook field is now available. Institutions can register a webhook notification field to receive updates
• Tag called “Habilitado Iniciacao Pagamento” can be added to organisations by SuperUsers
• OrganisationName field is returned to user information API response_body
• Non-ASCII characters are no longer allowed on the field “Name” and “City” while creating new Organisations
• Discontinue the old U.I. All requests to the old U.I (ui.directory) will be redirected to the main one.

• New menu experience when entering the directory for the first time: organisation options menu doesn’t directly appear
• Active items are now shown first in specific list views such as Organisation Adminstrators, Authorisation Servers and Software Statements
• Screens will no longer exit when clicking outside of the view area, reducing issues of exiting without saving
• New Organisation Domain User: Contact Role field text improved for clarity (i.e PTC to Primary Technical Contact)
• “Hide inactive organisations” filter added to organisation list
• Added “Issued Date” field to certificates list table
• Added menu information tooltips to the organisation menu that will be displayed when hovering
• Organisation Details date field format display changed to a more user-friendly pattern

• Fixed Software Statement Wizard that added wrong Org UID when using the automatic certificate configuration to generate BRCACs
• Configured Authorisation Server’s well-known field to be non-mandatory unless specific API resources that require it are added.

Version 3.5.1

September 09, 2022

What's new

• Sandbox - We are addressing a reported issue preventing the new BRCAC_2022 certificate profile being recognised as a valid certificate for token authentication.

Version 3.5.0

August 31, 2022

What's new

• Sandbox - New BRCAC_2022 certificate can now be used to access the Directory APIs.

• Added regex for API resource endpoint registration:
• Credit cards accounts: transactions-current
• Accounts: transactions-current
• Reordered Organisation Details page
• Edited wrong name in Organisation Certificates header page

• Updated logos

Version 3.4.0

August 25, 2022

What's new

• Sandbox - Updated BRCAC certificate to have both new model (called BRCAC_2022) and old. This will allow institutions to generate BRCAC’s with the new “organizationIdentifier = OFBBR-” prefix

• Added Software Statement wizard feature – 4-steps wizard that facilitates Software Statements creation, improving tooltips and making the process of creating the resource more intuitive to the end user

• Changed Open Finance logo
• For the new BRCAC Certificate, updated the certificate generator wizard
• Improved left menu usability when selecting sub-options
• Deactivating administrators with “+” email should no longer error out
• Reference Data field is now only shown to SuperAdmins
• When creating a new organization, tags and segment options now correctly appear
• When selecting organization that has no Authority Domain Role Claims, left menu now correctly shows
• Organisation Domain Users: Added “System” column to improve visibility
• Renamed field “Authority Claims” inside Software Statements to “Software Authority Claims”
• “Server Certifications” menu is now correctly shown
• Changed “TnC” text to “Terms & Conditions” on directory messages
• Changed “Legal Name” to “Organisation Name” in Organisation List
• Improved UI breadcrumbs navigation

Version 2.14.0

July 15, 2022

What's new

• Block the publication for duplicated APIs: directory will not allow two major APIs of the same family type to be published -> this won’t affect already published API resources
• New software statements will automatically have either “sandbox” or “production” value set on the environment field when created
• CustomerFriendlyName field length restricted to 40 characters
• Update directory trusted clients list to allow integration with FVP results page
• Improved directory error messages - Server should always sends error details together with HTTP error code
• Open Finance branding implemented
• Certificate generation: Removed BRCAC/BRSEAL fields “commonName” and “DNS” rule to no longer require SubjectAlternateName or Wildcard
• Updated unauthorised participant message
• Added Poland to list of accepted countries for sign-up
• Swagger changes:
• Domain Role Name length changed to 60 characters -> this won’t impact existing domain role names
• UI:
• Corrected T&C status bar message to match DocuSign status
• Updated Phase 1 APIs to not require certification URI
• Fixed issue where software statements from one organisation weren’t shown to organisation administrators from other organisations
• Participants are now able to click the resign button in the Orgs T&C History view
• Software Statement certificates are now showing after 10 counts
• Improved table item selection, where in some cases it was showing incorrect item
• Improved certificate upload functionality: now correctly refreshes when uploading two certificates in sequence

Version 2.5.0

Sandbox: June 9, 2022

Production: June 16, 2022

What’s new

• Improved directory webhook response format, which now will include the timestamp of the update and the path of the updated resource
• Updated the directory public swagger file to match the more recent changes
• Corrected an issue that made the Phase 2 API Family unarranged-accounts-overdraft to not appear on the New U.I.
• Increase length of field of AuthorisationDomainRoleName field from 30 characters to 40 characters
• Improved naming of the sandbox generated transport and signing certificates
• Administrator user changes email now correctly identify if it’s production or sandbox
• New UI Updates:
  • Fixed issue when trying to revoke BRSEAL certificates
  • Fixed no menu shown when user has no authority domain role claim and selects the menu
  • Added options to Segments and Tags when creating a new organisation
  • Adjusted the Organisation Details page
  • Added pagination to Software Statements, Authorisation Servers and Certificates views
  • Users should now get correctly logged out when session is expired
  • Small UI changes:
  • Active/Inactive buttons are no longer “clickable”
  • Logo added when in the “User” profile

Version 2.3.0

Sandbox: May 18, 2022

Production: May 19, 2022

What’s new

• Added release-notes area. This can accessed by going to https://data.sandbox.directory.openbankingbrasil.org.br/release-notes (sandbox) and https://data.directory.openbankingbrasil.org.br/release-notes (production)
• Updated API Family Type size to 128
• UI Updates:
  • Fixed two issues with automatic config generation for BRCAC
  • Added “No Organisation Selected” when user is unauthorised
  • “Self-Certified” option when editing API resource is now available and set as default. It wasn’t available in the selectable options.
  • Improved overall UX/UI:
    • Selectable tables now have correct mouse pointer
    • Added Software Statement title when creating adding a new software statement certificate
    • Disabled icons when the user doesn’t have correct permission
  • Changed default value for “auto registration supported” to false. This field is not used at the moment.
  • Fixed issue when an organisation administrator is trying to see information from an organisation he doesn’t have access.
• Other fixes:
  • Adjusted issue with Terms & Conditions status
  • Improved organisation search -> should return nothing if no matching records

Version 2.1.0

May 12, 2022

What’s new

• Updated API endpoint version field to allow semantic versioning (x.x.x). This change won’t affect already registered API endpoints
• Implemented wizard to support the certificate configuration generation for BRCAC and BRSEAL certificates
• Authentication will now redirect to the new UI, which will have the web.directory as its DNS - Previously it was ui.directory. Old UI will still be accessible over ui.directory
• UI Updates:
  • Removed the banner that says that the UI will be replaced on the future date
  • Improved overall UI (added breadcrumbs to menus and edited views to improve user navigation)
  • Adjusted translations and misspellings
  • Changed “Reset” button to “Refresh”
  • Phone Number field is now required when creating a new Contact
  • Fixed issues with Organisation Administrators:
  • Adjusted status toggle functionality
  • Removed incorrect icons
  • Organisation Administrators can now correctly edit and delete a “Contact” and a Domain User
  • Sign Terms & Conditions: added correct response when pressing “save” button
  • Corrected the displayed options for Authorisation Domain Names and Authorisation Domain Role Claims as they weren’t being properly filtered.
  • Added missing Member State field to Authority Domain Role Claim Authorisation
  • Added raw JSON information to user profile
  • Added “OPB - Directory” title to HTML page

Version 1.2.0

April 13, 2022

What’s new

• Added warning header on the old U.I about the new U.I and future deprecation of the old U.I
• Applied changes to T&Cs status banner in the old U.I
• New UI changes:
  • Authority Domain Claim:
    • Correct issue with no action happening when clicking on the view button
    • Added Authority Name column inside the Authority Domain Claim
  • When creating a new Authority Domain Role Claim, display only the Roles that are enabled by the domain claim authority
  • Authorisation Servers:
    • Added “Active/Inactive” text in the Status column
    • When creating a new Authorisation server, terms of service URI is no longer marked as required
    • When editing an Authorisation Server, you now can edit the Customer Friendly Name and OpenID Discovery Document URI fields
  • Software Statements:
    • When editing an unlocked Software Statement, you can now edit the Client Name field
    • When creating a new Software Statement, the Terms of Service and Policy URI fields are no longer marked as required
  • T&Cs:
    • Correct issue with no action happening when clicking on the signing icon
    • Replaced signing icon to better reflect action
  • Organisation Certificates:
  • Standardized icons inside the actions column
  • Reviewed button colors

Version 1.0.4

March 25, 2022

What’s new

• Authorization Server Security certification table
  • Self-Certified will now be the default status on all the existing certifications, both on UI and on an API level
  • New U.I. allows super users and certificate managers to assign self-certified status to a certification.
  • Participants endpoint will now include self-certified API resources and Authorisation Server certifications
• New U.I. Fixes/Improvements
  • Fix the issue where Phase 4 Families were not Appearing on the screen
  • Update the translation of field “Historia TnC” to “Histórico dos Termos e Condições”
  • When an organization is selected on the directory a grey bar will appear showing that it has been selected
  • Remove the cursor hovering hand from the “Active/Inactive” button
  • Whenever you hover over an icon, a tooltip will appear stating what action the button will perform
  • Wrapped pages into virtual horizontal sliders when page content is too big - Example Long Resource URIs
  • Whenever something is deleted a pop up will now appear asking you to confirm the deletion of said element
• General
  • On Registration, change the “Do You have an E-CPF” set switch to have its default value set to “no”
  • Fix the issue where customer friendly logo URI would display an error message despite the Uri being in the correct format

Version 1.0.3

March 17, 2022

What’s new

• New U.I. Changes
  • Translation Improvements
  • Change on Background Colours
  • Update the buttons for inactive users
  • Set the “show my orgs” to default to true
• Authorization Server Certification Changes
  • When a new certification is added, default status will be Self-Certified
  • Set rules regarding who can set and change the Self-Certified status on certification
• SS and SSA Updates
  • Allow users to add an Inactivated EXT_BRCAC as long as it’s valid on production
  • Disable the claim/field software_subject_type when the SSA is generated