Changelog

Release notes and version history for the VECU Identity Verification Web SDK.

v2.2.2-rc3 (Release Candidate)

Status: In testing — not yet released as stable. The current stable release is v2.2.1.

New Features

• Editable Personal Email at the address-confirmation step — New allowEmailOverride configuration option (default false) lets the user provide a separate personal email when their session was started with a company email. When enabled, the address-confirmation form renders an editable Personal Email field above a readonly Company Email field. The Personal Email is the value sent to the verification provider; the Company Email is informational only ("we already have this") and is not transmitted in the patch. Useful when the email known at session start (e.g. corporate / dealer email) is not the email the user wants verified. See Configuration → allowEmailOverride.

v2.2.1 (Latest)

Released: April 21, 2026

Bug Fixes

• Fix Incode reverification completion event — On reverification flows backed by the Incode provider, the onSuccess callback passed to startReverification was not firing on completion: the provider was emitting VERIFICATION_COMPLETED while the reverify-flow listener subscribes to REVERIFICATION_COMPLETED. Reverify-prefixed verification IDs now correctly emit REVERIFICATION_COMPLETED, matching the behavior already in place for the other provider.

v2.1.4

Released: March 24, 2026

Bug Fixes

• Name validation tightened to match verification provider requirements — Names containing special characters like /, !, @, #, $ were passing SDK validation but causing the verification provider to silently reject the request before document capture. The SDK now validates names against an allowlist of accepted characters (letters, digits, accented characters, spaces, hyphens, apostrophes, and periods) and returns a VALIDATION_ERROR with field-specific details so integrators can prompt users to correct their name before retrying.
• International phone numbers no longer rejected at init — Phone validation in startVerificationWithCustomer was hardcoded to US parsing, causing valid international numbers (e.g., North Macedonian, Bulgarian) to fail before any API call. Now uses the same fallback strategy as the address confirmation form: try international format first, then country hint from customer address data, then US default.

v2.1.3

Released: March 20, 2026

Bug Fixes

• Auto-close provider capture tab on mobile — In mobile in-app browsers, the provider's document capture opens in a new tab that stays open after upload, leaving users on a dead-end "verification complete" screen. The SDK now intercepts the tab reference when the provider opens it and automatically closes it when document upload completes, returning the user to the address confirmation step.

v2.1.2

Released: March 12, 2026

Bug Fixes

• Server time calibration now works correctly — The clock skew calibration introduced in v2.1.1 was not activating because the backend timestamps include a malformed timezone suffix (+00:00Z instead of Z), which JavaScript's Date parser rejects. The SDK now normalizes the timestamp before parsing, so the device-to-server time offset is correctly applied to address confirmation submissions.

v2.1.1

Released: March 12, 2026

Improvements

• Improved device clock skew handling — Refined the server time calibration introduced in v2.0.4 to use the UTC timestamp present in API response payloads rather than the HTTP Date response header. This ensures reliable time correction across all deployment environments and proxy configurations where response headers may vary.

v2.1.0

Released: March 12, 2026

New Features

• Editable phone number field — New allowPhoneEdit configuration option allows users to correct their phone number on the address confirmation form when the pre-populated number (from Central Dispatch via the identity provider) is a company number rather than a personal number. The SDK tracks whether the phone was edited and signals the backend accordingly.
• Hide email display — New hideEmailDisplay configuration option hides the email field from the address confirmation form while still including it in the API payload.

UX Improvements

• Updated address confirmation form title to "Verify Your Personal Information"
• Added a warning banner reminding users to use personal information
• Added helper text for address and phone fields

v2.0.4

Released: March 9, 2026

Bug Fixes

• Romanian National ID (CNP) validation corrected — Valid Romanian CNPs were being rejected for the majority of Romanian customers due to a regex flaw that only accepted a narrow subset of birth years. All valid 13-digit CNPs now pass validation correctly.
• International phone number pre-population fixed — Customers whose phone numbers are supplied in local national format without a + country prefix (common with Central Dispatch data for countries such as Bulgaria) would see an empty phone field with a US flag instead of their correct number. The SDK now uses the customer's country from their address data to resolve local-format numbers correctly.
• Address confirmation failure on devices with skewed clocks — Customers on devices whose system clocks were more than 60 seconds ahead of UTC would receive a generic error when submitting the "Confirm Information" form. The SDK now automatically calibrates against server time, so submissions succeed regardless of device clock accuracy.

v2.0.0

Released: February 4, 2026

Breaking Changes

• EIN removed from US National ID field — Employer Identification Number (EIN) is no longer offered as a document type for US customers. Only SSN (Social Security Number) and ITIN (Individual Taxpayer Identification Number) are supported. EIN is a business identifier and was causing confusion in an individual identity verification context.

v1.7.1

Released: February 4, 2026

Technical Details

• Updated Event types: SdkEvent enum introduced instead of plain strings (e.g., 'verification:completed' becomes SdkEvent.VERIFICATION_COMPLETED)

v1.5.5

Released: January 7, 2026

Bug Fixes

• Backend Validation Error Propagation: Fixed error handling to surface specific backend validation error messages (e.g., "The zip code is invalid") instead of generic "No provider document ID received" errors
• SDK now checks error field BEFORE checking providerDocumentId for correct error precedence in both verification and reverification flows

New Features

• New Validation Error Codes: INVALID_ZIP_CODE, INVALID_ADDRESS, INVALID_STATE, INVALID_CITY, INVALID_PHONE
• Enhanced Error Response Structure: Errors now include code, message, category, recoverable, timestamp, and provider fields
• Recoverable Error Flag: Validation errors marked as recoverable, allowing applications to guide users to correct data and retry

Technical Details

• Added new helper function handleBackendValidationError() to process and throw validation errors with full context
• Updated startVerificationWithCustomer() and startReverification() to check error field before providerDocumentId
• Comprehensive test coverage added in backendErrorPropagation.test.ts covering all validation error scenarios

v1.5.4

Released: December 16, 2025

Technical Details

• Simplified Bundle Build Pipeline: Bundle now outputs directly to bundle.js instead of bundle.min.js, eliminating redundant copy step
• Eliminated copy:bundle script from prepublishOnly - simplified from two commands to one
• Updated documentation to reference bundle.js instead of bundle.min.js
• No functional changes to SDK behavior

v1.5.3

Released: December 15, 2025

Bug Fixes

• CRITICAL: Script Tag Loading Error: Fixed "Uncaught ReferenceError: ALLOW_CUSTOM_API_URL is not defined" error that affected users loading SDK via script tag in versions 1.5.1 and 1.5.2
• API URL Resolver: Fixed incorrect API URL resolver in SDK configuration (now uses getAccessTokenApiUrl() instead of getTokenExchangeApiUrl())

Technical Details

• Removed broken bundle build section from rollup.config.js that did not properly replace constants
• Updated prepublishOnly script to properly build and copy bundle files
• Proper separation of dev (custom URL allowed) and prod (deployment stage only) bundles maintained

v1.5.2

Released: December 11, 2025

New Features

• Anti-Tampering Detection for Readonly Fields: Added client-side defense-in-depth feature that detects when users modify pre-filled (verified) email and phone fields during address confirmation
• Tampering Behavior Configuration: New tamperingBehavior config option controls how the SDK responds to field tampering: 'warn' (default) emits warning events but allows submission, or 'block' prevents form submission
• Tampering Events: New event types for tampering detection: address:field_tampering_detected and address:field_tampering_blocked provide audit trail and early user feedback
• Improved Document Verification Flow: Enhanced processing for passports and documents without MRZ address data, with contact information (email/phone) now pre-populated when available

Bug Fixes

• Fixed ~23 second loading delay when verifying passports and documents without MRZ by improving status polling logic
• Fixed missing email/phone fields in address confirmation for documents without MRZ address data

Technical Details

• Refactored API client architecture with new BaseAPIClient, TokenAPIClient, and VecuIdvApiClient classes for improved maintainability
• Enhanced workflow management with new ActionManager class featuring exponential backoff for verification status polling
• Test infrastructure improvements for better CI/LLM compatibility (changed default test behavior to run-once mode)
• Verification completion flow reliability improvements with temporary fallback for API response mapping

v1.5.0

Released: November 17, 2025

New Features

• Country Selection Fields: Aligned National ID, Address, and Phone Number with consistent options and styling, plus validation improvements
• Authentication Error Events: Added authentication:token_failure event that emits when bearer token exchange fails during runtime operations
• TokenExchangeError Class: New dedicated error class for token exchange failures with structured error information
• Automatic 401 Token Retry: SDK automatically retries API requests when receiving 401 Unauthorized by refreshing the access token
• Conditional Email/Phone Fields: Added showEmail and showPhone configuration options to control field visibility in address confirmation
• Pre-Verification Validation: Email and phone formats are now validated before API calls using libphonenumber-js

Technical Details

• Applications can now subscribe to authentication:token_failure events using sdk.on() to handle bearer token expiration gracefully
• Token retry logic moved to fetchWithRetry method for proper 401 interception at network layer
• Event emission integrated with error handling in init(), startVerificationWithCustomer(), and startReverification()
• ValidationError class added for structured validation error handling

v1.3.9

Released: November 7, 2025

New Features

• Identity Reverification: Added new startReverification() method to enable returning users to re-verify their identity by reusing existing document data and capturing a fresh selfie
• Streamlined User Experience: Reverification automatically skips address confirmation for completed verifications, reducing friction for returning users
• Reverification Events: Added new event types for reverification flow: reverification:started, reverification:progress, reverification:completed, and reverification:failed
• Automatic Flow Detection: SDK automatically detects reverification flows based on verification ID pattern (starts with "reverify")
• Optional SMS Notifications: Reverification supports optional phoneNumber parameter for SMS notifications to user's mobile device

Technical Details

• Reverification uses a dedicated internal endpoint with dynamic status polling
• Event system extended to support separate reverification event types
• Flow detection implemented using verification ID prefix matching
• Provider integration updated to support reverification flow with minimal code duplication

v1.3.8

Released: November 4, 2025

Bug Fixes

• Address Confirmation Skip Logic: Fixed address confirmation to use providerData.status instead of top-level status field for determining when to skip address confirmation screen. This ensures proper handling of verification status when status is CLOSED.

v1.3.7

New Features

• Emulator Provider Support: Added support for emulator provider in SDK for testing and development scenarios
• Enterprise Error Handling: Added enterprise-level error handling with custom error classes for better error tracking and debugging

Bug Fixes

• Name Validation: Fixed validation to properly support special characters in names (hyphens, apostrophes, etc.)
• Phone Input Overflow: Resolved phone input overflow issues and updated tests to match permissive validation
• Date Input Display: Prevented date input overflow by adding max-width constraint for better mobile display
• Error Code Detection: Fixed double-nested event data structure that was causing error code detection failures

v1.3.6

New Features

• Intelligent National ID Selector: Added smart National ID field with auto-detection for SSN/ITIN/EIN. The field automatically detects and validates the appropriate ID type based on input format.
• Enhanced National ID UX: Improved user experience with better validation feedback and mobile Safari date input overflow fixes

Improvements

• Backward Compatibility: Maintained backward compatibility for showSsnOnInitialForm configuration option

v1.3.5

Released: October 17, 2025

New Features

• Date of Birth Field: Added mandatory Date of Birth (DOB) field to information confirmation screen with validation and auto-population support
• Enhanced Identity Verification: DOB data improves identity verification accuracy and matching
• Updated Success Messages: Changed success message to "Information Updated Successfully!" to reflect multiple data points being verified

Technical Details

• Added dateOfBirth field to IAddressData interface
• DOB field pre-populates from providerData.dob when available
• Validation: required, age 18-120, no future dates, 4-digit year
• Format: YYYY-MM-DD (ISO 8601 date format)
• Verification scores and national ID flags are automatically tracked

v1.3.4

Bug Fixes

• API Routing: Fixed API routing to correctly route requests to appropriate backend services

v1.3.3

New Features

• SSN Field Visibility Control: Added showSsnOnInitialForm configuration option to control visibility of SSN/National ID field in information confirmation form
• Enhanced Input Validation: Improved sanitization and validation for SSN/National ID field

// Hide SSN field for GDPR compliance
await sdk.startVerificationWithCustomer('#container', {
  customerInfo: {
    /* ... */
  },
  config: {
    showSsnOnInitialForm: false, // Hide SSN field
  },
});

v1.3.2

Bug Fixes

• VECU IDV Endpoints: Updated VECU IDV endpoints

v1.3.1

Bug Fixes

• CiP Token Exchange Endpoint: Fixed token exchange endpoint handling for CiP verifications

v1.3.0

New Features

• Token Exchange Authentication: Implemented token exchange authentication flow with dual endpoint architecture
• X-SDK-Version Header: Added automatic SDK version header inclusion for API requests
• Enhanced Information Verification: Added optional SSN/National ID field to information verification form
• Contact Info Pre-population: Email and phone fields now auto-populate from verification response data

v1.2.1

Improvements

• Enhanced modal handling with seamless transitions between verification steps
• Improved loading experience with immediate visual feedback
• Better error handling for address confirmation with 409 conflict resolution

v1.2.0

New Features

• Resumable Verifications: Existing verifications can now be resumed using the same referenceId. Verification Status will be in_progress while case is awaiting address confirmation

Breaking Changes

• referenceId is now required: This field is now required for verification tracking and resumability
• Country field in address object is now optional
• Address object is now completely optional in customer information

Version Format Guide

Version Numbers

The SDK follows semantic versioning (SemVer): MAJOR.MINOR.PATCH

• MAJOR: Breaking changes that require code updates
• MINOR: New features that are backward-compatible
• PATCH: Bug fixes and small improvements

Pre-release Tags

• alpha: Early development versions
• beta: Feature-complete versions undergoing testing
• rc: Release candidates ready for production