Versioning

How we version

The API is versioned by URL segment (for example /api/v1/... where applicable) and described by a published OpenAPI document. Additive changes (new endpoints, new optional fields) are backward compatible; breaking changes are announced here with a migration note before removal.

2026-06

Added
  • Published a machine-readable OpenAPI specification for the public API surface and a generated, always-current API reference.
  • Resource-scoped authorization: manage hierarchical resource scopes and per-member allow/deny policies, evaluated by the scoped authorization check (nearest scope wins; deny overrides allow at equal depth).
  • Device-bound, proof-of-possession access tokens: prove device possession at /connect/token (signed device proof or mTLS) to receive policy-gated, device-aware tokens carrying device_id, device_risk_state, and an attestation-weighted device_trust_level. See the device-token guide.
  • Sender-constrained device tokens — DPoP (cnf.jkt, RFC 9449) and mTLS (cnf.x5t#S256, RFC 8705) — so device-aware tokens cannot be replayed off the device.
  • Continuous Access Evaluation: opt resource endpoints into live device re-evaluation (RequireDeviceTrust()), plus an OpenID Shared Signals (CAEP) transmitter — /.well-known/ssf-configuration + JWKS, receiver stream management, and RFC 8935 push of signed Security Event Tokens.
  • Application environments: per-application development/staging/production environments via /api/applications/{applicationId}/environments, governed by a plan MaxEnvironments quota. See application environments.
  • Documentation: structured getting-started path, integration guides, SDK guidance, help & support, and troubleshooting sections.
Changed
  • Service-to-service integrations follow a scope-composition standard: machine tokens carry the API access scope plus a narrow capability scope. Capability scopes reserved for first-party services cannot be granted to tenant application clients.
Notes
  • The .NET SDK (Nexin.SharedAuth) is now split into focused packages so consumers take only the integration concern they need, with runnable reference samples for interactive web, machine-to-machine, and device activation. Public-registry distribution is being finalized. See SDKs.

Stay informed

For breaking-change timelines and deprecation windows relevant to your integration, reach out through Help & Support.