All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog.
Warning
This version is compatible with the stellar/stellar-disbursement-platform-frontend version 3.7.0.
- Update integration test to wait for the payment to be processed by TSS/Circle with a retry mechanism. #585
- Add Circle Payouts API to the e2e integration test. #586
- A React app for the SEP-24 interactive deposit flow. This app is served by the backend and is accessible at
/wallet-registration/start. #560 - A new endpoint
GET /sep24-interactive-deposit/infoto kick off the SEP-24 interactive deposit flow. #560 - Add GH Workflow to automatically set the pull request assignee. #591
- Added
priorityClassNameandtopologySpreadConstraintsproperties to helm charts. #601 - Added
nodeSelector,tolerationsandaffinityglobal defaults to helm charts. #607
- Allow the AWS configuration to be handled by the AWS session if the static credentials and region are not all passed to the SDP function. #565
- GET
/organization/logois changed to be a public (unauthenticated) endpoint. #564 - ReCAPTCHA is now optional for the SEP-24 interactive deposit flow. #560
- Simplified Helm Charts, added documentation and instructions for local set-up, auto-generation of secrets. #596
- Fix CLI tests and test assertions. #587
- Upgrade AWS and stellar/go dependencies. #581
- Bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2. #588
- Add support for Decaf wallet on Pubnet. #611
Warning
This version is compatible with the stellar/stellar-disbursement-platform-frontend version 3.6.0.
- Add support to send payments with memos if the receiver wallet was registered with a memo, or when the flag
organizations.is_memo_tracing_enabledis set totrue. #537 - Add support to memos when ingesting CSV files with known wallet addresses. #572
- Add new CMD
distribution-account rotateto rotate distribution account keys. #579
- Reuse column names in SQL queries (DRY principle). #535
- Improve UX on the reset-password flow by embedding the reset token in the URL so it can be parsed by the FE without human intervention. #557
- Make create disbursement atomic. #554
- Refactor the PR checklist to be more user-friendly and easier to follow. #568
- Enabled scheduler instead of Kafka in the default environment variable template
.env.example. #573 - Change
{CIRCLE_API}/pingmethod to validate only the response status code and not the body. #580
- Preserve port numbers in SEP-24 invitation links #567
POST /usersfails with 500 during validation errors. #562- Preserve port numbers in SEP-24 invitation links #567
- Bump golang in the all-docker group. #552, #570
- Bump the all-actions group. #569, #578
- Bump golang.org/x/net from 0.34.0 to 0.36.0. #575
- Bump checks versions so they work with the latest Golang versions. #576
- Bump the minor-and-patch group across 1 directory with 8 updates #577
- GET
/disbursementsbreaks when one of the users is deactivated. #550
Warning
This version is compatible with the stellar/stellar-disbursement-platform-frontend version 3.5.0.
- Added short linking for Wallet Registration Links. #523
- Added a new
is_link_shortener_enabledproperty toGETandPATCHorganizations endpoints to enable/disable the short link feature. #523 - Added receiver contact info for Payments export. #538
Release of the Stellar Disbursement Platform v3.4.0. This release adds support for q={term} query searches in the
GET /payments endpoint, and updates the CSV parser to ignore BOM (Byte Order Mark) characters.
Warning
This version is compatible with the stellar/stellar-disbursement-platform-frontend version 3.4.0.
- Update the
GET /paymentsendpoint to acceptq={term}query searches. #530 - Update the CSV parser to ignore BOM (Byte Order Mark) characters. #531
- Bump golang in the all-docker group. #507
- Bump the all-actions group. #514
- Bump the minor-and-patch group. #529
Release of the Stellar Disbursement Platform v3.3.0. This release adds support to Circle's Transfers API, as an
alternative to the Payouts API. It also adds audit functionality for the receivers table to track changes.
Warning
This version is compatible with the stellar/stellar-disbursement-platform-frontend version 3.3.0.
- Audit functionality for the
receiverstable to track changes. #520 - Support for Circle API type
TRANSFERS, and allow users to choose betweenTRANSFERSandPAYOUTSthrough theCIRCLE_API_TYPEenvironment variable. It defaults toTRANSFERS. #522
- Refactor MFA and reCAPTCHA handling for better modularity in preparation for API-only usage. #499
- Removed
EC256_PUBLIC_KEYenvironment variable as it can be derived from theEC256_PRIVATE_KEY#511 - Removed
nginx.ingress.kubernetes.io/server-snippetannotation from SDP and AP ingress resources. #510
Release of the Stellar Disbursement Platform v3.2.0. This release focuses on enhancing the platform’s reliability and
data tracking capabilities. Users can now patch already confirmed verification fields for receivers, providing greater
flexibility in managing locked-out accounts. Additionally, audit logging has been introduced to track changes made to
critical verification data, ensuring improved accountability and transparency.
Warning
This version is compatible with the stellar/stellar-disbursement-platform-frontend version 3.2.0.
- Dynamic Audit Table Creation through the
create_audit_tablePostgres function. This is initially applied to the receiver_verifications table to track changes. #513
- Enabled patching of already confirmed verification fields for receivers, addressing scenarios where users might get locked out of a partner’s system. #512
Release of the Stellar Disbursement Platform v3.1.0. This release introduces key updates, including the migration to
Circle's Payouts API, aligning with Circle's latest recommendations. It also enhances platform functionality by enabling
data export through dedicated endpoints, allowing users to export disbursements, payments, and receivers with filters.
Additionally, users now have the ability to delete disbursements in DRAFT or READY status, streamlining data
management workflows.
Warning
This version is only compatible with the stellar/stellar-disbursement-platform-frontend version 3.1.0.
- Export functionality, allowing users to export:
- Option to delete a disbursement in
DRAFTorREADYstatus. #487 - Add futurenet as one of the e2e tests scenarios applied to the e2e GitHub Action. #472
- Update Circle API to use Circle payouts, which is the new officially suggested (and supported) API. #486, #491
- Only execute the GitHub e2e tests workflow prior to publishing Docker images, removing it from the pull requests test suite. #479
- Simplify docker compose by making Kafka optional and defaulting to scheduled jobs. #481
- Make Dashboard User E-mails case insensitive. #485
- Fix XLM support on the integration tests. #470
- Fix
main.shscript so that it doesn't kill non-sdp containers. #480 - Skip patching transaction in AP for known-wallet address payments. #482
- Workaround for Circle's bug where retries are not handled correctly when a trustline is missing. #504
- Fix default tenant resolution during SEP24 registration. #505
- Prevent any html (encoded or not) in the invite templates set by staff users. 494
- Bump dependencies:
- github.com/stretchr/testify from 1.9.0 to 1.10.0. #471
- github.com/nyaruka/phonenumbers from 1.4.2 to 1.4.3. #483
- minor-and-patch group with 3 updates. #489
- golang.org/x/crypto from 0.30.0 to 0.31.0. #492
- minor-and-patch group across 1 directory with 5 updates. #498
- github.com/twilio/twilio-go from 1.23.8 to 1.23.9. #500
- Bump docker/build-push-action from 6.9.0 to 6.11.0 in the all-actions group. #484, #501
- Bump golang from 1.23.3-bullseye to 1.23.4-bullseye in the all-docker group. #488
Release of the Stellar Disbursement Platform v3.0.0. In this release, receiver registration does not need to be done
exclusively through SMS as it now supports new types. The options are PHONE_NUMBER, EMAIL,
EMAIL_AND_WALLET_ADDRESS, and PHONE_NUMBER_AND_WALLET_ADDRESS. If a receiver is registered with a wallet address,
they can receive the payment right away without having to go through the SEP-24 registration flow.
Warning
This version is only compatible with the stellar/stellar-disbursement-platform-frontend version 3.0.0.
- Renamed properties and environment variables related to Email Registration Support #412
- Renamed
MAX_INVITATION_SMS_RESEND_ATTEMPTenvironment variable toMAX_INVITATION_RESEND_ATTEMPTS - Renamed
organization.sms_resend_intervaltoorganization.receiver_invitation_resend_interval_days - Renamed
organization.sms_registration_message_templatetoorganization.receiver_registration_message_template - Renamed
disbursement.sms_registration_message_templatetodisbursement.receiver_registration_message_template
- Renamed
- Ability to register receivers using email addresses
- Update the
receiver_registered_successfully.tmplHTML template to display the contact info #418 - Update
/wallet-registration/verificationto accommodate different verification methods #416 - Update send and auto-retry invitation scheduler job to work with email #415
- Update
POST /wallet-registration/otpto send OTPs through email #413 - Rename SMS-related fields in
organizationanddisbursementto be more generic #412 - Update process disbursement instructions to accept email addresses #404
- Add an initial screen so receivers can choose between phone number and email registration during registration #406
- Add message channel priority to the
organizationstable #400 - Add
MessageDispatcherto SDP to send messages to different channels #391 - Update the development endpoint
DELETE .../phone-number/...toDELETE .../contact-info/..., allowing it to delete based on the email as well #438 - Remove the word "phone" from the default organization's
otp_message_template#439 - Rename SMS-related field and update Helm docs #468
- Update the
- Ability to register receivers with a Stellar wallet address directly by providing contact info and a wallet address. The options currently are
PHONE_NUMBER_AND_WALLET_ADDRESSandEMAIL_AND_WALLET_ADDRESS- Create
GET /registration-contact-typesendpoint #451 - Update
POST /disbursementsandGET /disbursementsAPIs to persist and return the Registration Contact Type #452, #454 - Allow
disbursement.verification_fieldto be empty #456 - Integrate wallet address in processing disbursement instructions #453
- Add user-managed wallets #458
- Create
- Add Twilio SendGrid as a supported email client #444
- Replaced deprecated Circle Accounts API by adopting the Circle API endpoints
GET /v1/businessAccount/balancesandGET /configuration#433 PATCH /receivernow allows patching the phone number and email address of a receiver #436- Increased window for clients to perform token refresh #437
- Other technical changes (#383, #450)
- Unable to get a token from the Forgot Password flow after messaging service failure #466
- ReCaptcha blocks retrying verification during wallet registration #473
- Fix HTML injection vulnerability #419
- Fix HTML escaping #420
- Removed support for the HTTP headers
X-XSS-Protection,X-Forwarded-Host,X-Real-IP, andTrue-Client-IP#448 - Improved validation to ensure the instruction file being uploaded is a
*.csvfile #443 - Ensure validation of URLs with the HTTPS schema on Pubnet #445
- Add path validation to the
readDisbursementCSVmethod used in integration tests #437 - Bump
golangci/golangci-lint-action#380 - Bump
golangin the all-docker group #387, #394, #414 - Bump minor and patch dependencies across directories #381, #395, #403, #411, #429, #430, #431, #441.
- Removed calls related to the deprecated Circle Accounts API and replaced them with calls to
GET /v1/businessAccount/balancesandGET /configuration. #433.
Release of the Stellar Disbursement Platform v2.1.0. This release introduces the option to set different distribution account signers per tenant, as well as Circle support, so the tenant can choose to run their payments through the Circle API rather than directly on the Stellar network.
Warning
This version is only compatible with the stellar/stellar-disbursement-platform-frontend version 2.1.0.
- Update the name of the account types used for Distribution Accounts to be more descriptive. #285, #311
- When provisioning a tenant, indicate the Distribution account signer type #319
- The DistributionAccountResolver now surfaces the tenant's CircleWalletID for Circle-using tenants #328
- Disable asset management calls when the tenant is using Circle #322
- Bump version of github.com/stellar/go to become compatible with Protocol 21.
- Add a new verification type called
YEAR_MONTH#369 - Add the ability to use different signature types per tenant, allowing for more flexibility in the signature service. #289
- Add support to provision tenants with
accountType=DISTRIBUTION_ACCOUNT.CIRCLE.DB_VAULT#330 - Circle SDK integration for the backend. #321
- Implement CircleService on top of the CircleClient, in order to automatically route the calls through the correct tenant based on the tenant value saved in the context #331
- Add support for Circle-using tenants when validating the tenant available balance upon disbursement start #309, #336
- Implement joho/godotenv loader #324
- Add support for Circle-using tenants to the
db setup-for-networkCLI command #327 - Implement the
GET /balancesendpoint that returns the Circle balance when the tenant is using Circle #325, #329 - Implement the
PATCH /organization/circle-configendpoint that allows Circle configuration to be updated for Circle-using tenants #326, #332, #334 - Send Stellar payments through Circle when the tenant uses a CIRCLE distribution account #333
- Implement Circle reconciliation through polling #339, #347
- Add Circle transfer ID to GET /payments endpoints #346
- Add function to migrate data from a single-tenant to a multi-tenant instance #351
- Invalidate Circle Distribution Account Status upon receiving auth error #350, 359
- Add retry for circle 429 requests #362
- Separate Stellar and Circle payment jobs #366, #374
- Misc
- Fix SDP helm charts #323, #375
- Fix CF 429 response and anchor patch transaction job for circle accounts #361
- Select the correct error object used in a crash-reporter alert #365
- Fixes post python migration #367
- Make
PATCH /receivers/:idvalidation consistent #371
- Security patch for gorilla/schema and rs/cors #345
- Bump versions of getsentry/sentry-go and gofiber/fiber #352
- Deprecated the use of
DISTRIBUTION_SIGNER_TYPE, since this information is now provided when provisioning a tenant #319. - Remove Freedom Wallet from the list of pubnet wallets #372
Release of the Stellar Disbursement Platform v2.0.0. This release introduces multi-tenancy support, allowing multiple tenants (organizations) to use the platform simultaneously.
Each organization has its own set of users, receivers, disbursements, etc.
Warning
This version is only compatible with the stellar/stellar-disbursement-platform-frontend version 2.0.0.
- Support multi-tenant CLI
- Use DB connection pool as dependency injection #207
- Make receiver registration handler tenant-aware #117
- Tag log entries with tenant metadata #192
- Use
DistributionAccountResolverinstead of passing around distribution public key #212 - Make provision new tenant an atomic operation #233
- Make
ready_payments_cancellationjob multi-tenant #223
- Tenant Provisioning & Onboarding #84
- Tenant Authentication Middleware #92
- Multi-tenancy connection pool & data source manager #86
- Generate multitenant SEP-1 TOML file #111
- Prepare Signature Service & TSS to support Multi-tenancy
- Add signature service with configurable distribution accounts #174
- Aggregate all tx submission dependencies under
SubmitterEngine#165 - Add configurable signature service type #160
- Allow signature service to be dependency-injected #158
- Use dependency-injected signature service in
channel-accountCLI commands #156
- '/tenant' endpoint
- Patch incoming TSS events to Anchor platform #134
- Update DB structure so that TSS resources can be shared by multiple SDP tenants
- Add host distribution account awareness #172
- Wire distribution account to tenant admin table during user provisioning #198
- Prepare transaction submission table to reference tenant #142
- Kafka message broker support
- Implement
DistributionAccountDBSignatureClient#197 - Create tenant distribution account during provisioning #224
- Enable payments scheduler job as an alternative to using Kafka #230
- Add default tenant capability to start the SDP in a single tenant mode #249
- Add script to migrate SDP v1.1.6 to V2.x.x #267
- Admin API authentication/authorization #201
- Enable security protocols for Kafka
- Bump google.golang.org/protobuf from 1.31.0 to 1.33.0. #270
- Bump golang.org/x/crypto from v0.17.0 to v0.21.0. #269
Attention, this version is compatible with the frontend version 1.1.2.
- Update the
PATCH /receivers/{id}request, so a receiver's verification info is not just inserted but upserted. The update part of the upsert only takes place if the verification info has not been confirmed yet. #205 - Update the order of the verification field that is shown to the receiver during the SEP-24 flow. The order was
(updated_at DESC)and was updated to the composed sorting(updated_at DESC, rv.verification_field ASC)to ensure consistency when multiple verification fields share the sameupdated_atvalue. - Improve information in the error message returned when the disbursement instruction contains a verification info that is different from an already existing verification info that was already confirmed by the receiver. #178
- When adding an asset, make sure to trim the spaces fom the issuer field. #185
- Bump Go version from 1.19 to 1.22, and upgraded the version of some CI tools. #196
- Add rate-limiter in both in the application and the kubernetes deployment. #195
- Trim whitespaces for all disbursement instruction fields during CSV upload to avoid duplication of data #211
- Upgrade golang version to 1.22.1 for security reasons #216
- Fix the insufficient balance validation by only considering payments with same asset of the disbursement being started #202
- Update
golang.org/x/cryptoversion to v0.17.0 for security reasons #202
- SEP-24 registration flow not working properly when the phone number was not found in the DB #187
- Fix distribution account balance validation that fails when the intended asset is XLM #186
- Re-add missing recaptcha script #179
- TSS amount precision #176
- Change
POST /disbursementsto accept different verification types #103 - Change SEP-24 Flow to display different verifications based on disbursement verification type #116
- Add sorting to
GET /usersendpoint #104 - Change read permission for receiver details to include business roles #144
- Add support for unique payment ID to disbursement instructions file as an optional field in
GET /payments/{id}#131 - Add support for SMS preview & editing before sending a new disbursement #146
- Add metadata for users that created and started a disbursement in disbursement details
GET /disbursements,GET /disbursements/{id}#151 - Update CI check to run the exhaustive validator #163
- Preload reCAPTCHA script in attempt to mitigate component loading issues upon login #152
- Validate distribution account balance before starting disbursement #161
- Support automatic cancellation of payments in
READYstatus after a certain time period #121 - API endpoint for cancelling payments in
READYstatus:PATCH /payments/{id}/status#130 - Use CI to make sure the helm README is up to date #164
- Verification DOB validation missing when date is in the future #101
- Support disbursements from two or more wallet providers to the same address #87
- [TSS] Stale channel account not cleared after switching distribution keys #91
- Make setup-wallets-for-network tests more flexible #95
- Make
POST /assetsidempotent #122 - Add missing space when building query #121
- Stellar Protocol 20 Horizon SDK upgrade #107
- Coinspect Issues:
- Update log message for better debugging. #125
- Fix client_domain from the Viobrant Assist wallet. #126
- API endpoints for managing Wallet Providers:
- Introduced metrics and Grafana dashboard for monitoring payment transactions in TSS. #21
- TSS documentation. #25
- Phone number validation before sending OTP. #38
- Add Vibrant Assist RC to the list of supported wallets in pubnet #43
- Store Anchor Platform transaction ID in the database when registering a new receiver. #44
- Documentation for
CRASH_TRACKER_TYPEenv variable. #49 - Add a job to periodically sync the transaction status back to the Anchor Platform #55
- Introduce a retry mechanism for SMS invitations. #60
- Add proper error messages when receiver exceeds the maximum number of attempts to validate their PII. #62
- Add validation and flags to countries dropdown during receiver registration. #33
- Update transaction worker to use Crash Tracker on failed transactions #39
- Increase the default maximum number of attempts for a receiver to validate their PII. #56
- Prevent users from deactivating their own accounts. #58
- Stop enforcing ECDSA only and allow any EC public/private keys at least as strong as EC256 #61
- Refactor SMS invitation service #66
- Removed the environment variables
MAX_RETRIESandMIN_DAYS_BETWEEN_RETRIES. - Added the environment variable
MAX_INVITATION_SMS_RESEND_ATTEMPTSto control the maximum number of attempts to send an SMS invitation. The default value is 3.
- Removed the environment variables
- API Tweaks:
- Stellar.Expert URL in env-config.js for dev environment setup. #34
- Patch the correct transaction data fields in AnchorPlatform. #40
- SEP-10 domain configuration for Vibrant wallet on Testnet. #42
- The SMS invitation link for XLM asset. #46
- Added application activity logs for account lifecycle, password management and user access patterns. #29
- Support to XLM disbursements. #1
- Helm chart documentation. #9
PATCH /profile/reset-passwordendpoint to reset the password. #18
- Helmchart changes:
- Default
MAX_BASE_FEEis now higher, to prevent low-fee error responses. #8 - Changed job frequency for more real-time updates. #12
- Change OTP message for better UX. #23
- API tweaks:
- TSS Channel Account management commands now can handle parallel calls. #6
- Horizon error parsing to use the default
HorizonErrorWrapperclass. #13 - API response that should be 401 instead of 500. #14
- Removed CLI flag that could disable private key encryption in the database. $24
- Add job to periodically check if the AP is auth protected. #10
- Add stronger password validation throughout the project. #22
First Release Candidate of the Stellar Disbursement Platform, a tool used to make bulk payments to a list of recipients based on their phone number and a confirmation date. This repository is backend-only, and the frontend version can be found at stellar/stellar-disbursement-platform-frontend. Their version numbers are meant to be kept in sync.
The basic process of this product starts with an organization supplying a CSV file which includes the recipients' phone number, transfer amount, and essential customer validation data such as the date of birth.
The platform subsequently sends an SMS to the recipient, which includes a deep link to the wallet. This link permits recipients with compatible wallets to register their wallet on the SDP. During this step, they are required to verify their phone number and additional customer data through the SEP-24 interactive deposit flow, where this data is shared directly with the backend through a webpage inside the wallet, but the wallet itself does not have access to this data.
Upon successful verification, the SDP will transfer the funds directly to the recipient's wallet. When the recipient's wallet has been successfully associated with their phone number in the SDP, all subsequent payments will occur automatically.