Skip to content

Changelog

All notable changes to Moveris API (v2) will be documented here.

In plain terms

This page lists new features, changes, deprecations, and fixes. Check it when upgrading your integration or troubleshooting unexpected behavior.

2026

[2.1.0] - 2026-03-27

Added

  • Standard response envelope on all endpoints — Every JSON response is now wrapped in { "data": ..., "success": true/false, "message": "..." }. Error responses include an errors array with error-code-keyed messages. Webhook payloads are not affected (they keep the { event, session_id, timestamp, data } format). See Errors.
  • Async tenant-scoped video detection endpoints — New endpoints for pre-recorded video processing:
  • POST /api/v1/{tenant_slug}/video/detect to submit a video file (or URL) and get a submission_id
  • GET /api/v1/{tenant_slug}/video/detect/{submission_id} to poll status and retrieve results when complete Supports tenant metadata validation, tenant/org access checks, and async queue processing.
  • React SDK camera capability inspection@moveris/react / @moveris/shared (3.4.0) now expose camera capability helpers (getCameraCapabilities, validateCameraRequirements, getOptimalConstraints) plus useCamera capability fields and LivenessView onCapabilities callback for device diagnostics.

Changed

  • Response format (breaking) — All API responses now use the standard envelope. Clients must read response.data for the payload instead of the top-level body. Errors use success: false with errors array instead of the previous flat { "error": "...", "message": "..." } format. Validation errors return 400 (previously 422).
  • React SDK capture quality signals — Recent SDK releases improve real-time capture guidance with matrix-based roll detection and dynamic-range soft warnings ("Find better lighting"), while keeping capture non-blocking for advisory-only conditions.
  • Verification UI capture flow — Verification UI now uses crop-based submission aligned with fast-check-crops and supports alias-based model resolution in requests, improving compatibility with API v2 model versioning.

Fixed

  • Verification UI crop payload shape — Crop submissions now send { index, pixels } objects to match the fast-check-crops schema.
  • Portal/API edge networking for integrators — Upstream platform now forwards Fly-Client-IP through Nginx, improving real client IP visibility for integrations relying on network telemetry.

[2.0.1] - 2026-03-23

Added

  • React SDK: Face area quality gateuseSmartFrameCapture now rejects faces that occupy less than 4% of the frame area. Helps avoid low-quality captures when the user is too far from the camera.
  • React SDK: captureIntervalMs and onEyeWarninguseSmartFrameCapture gains captureIntervalMs (default 100 ms) to tune capture rate (e.g. 50 ms for ~20 FPS). useDetectionPipeline gains onEyeWarning callback for real-time eye quality feedback ("Eyes are in shadow", "Glare detected", etc.) just before onRestartNeeded fires.
  • MCP: frame_count parameterverify-human-presence tool accepts optional frame_count (10, 30, 60, 90, 120) to override the default derived from risk_level.

Changed

  • React SDK: Default endpointLivenessView and useLiveness now default to fast-check-crops instead of fast-check-stream. Pass endpoint="fast-check-stream" to preserve previous behavior.
  • MCP: Alias-based model resolutionverify-human-presence tool uses API v2 alias resolution. Response model field now returns frame count string (e.g. "10", "30"); new model_version and frame_count fields added. Risk levels map to { modelVersion: "latest", frameCount } tuples.

[2.0.0] - 2026-03-20

Added

  • Model versioning (v2 flow) — New frame_count body parameter and X-Model-Version request header for alias-based model resolution. Send X-Model-Version: latest (or v1, v2, fast, etc.) with frame_count: 10|30|60|90|120 to resolve the concrete model. See Model Versioning & Frames.
  • Deprecation response headers — When using a deprecated model, responses include Deprecation: true, Sunset, X-Moveris-Deprecated-Model, and X-Moveris-Suggested-Model. All responses include X-Moveris-Model-Resolved with the resolved model ID.
  • Billing suspension guard — Suspended accounts receive 402 with error: "account_suspended" (distinct from insufficient_credits). Credit pre-check runs before processing; usage logs persist for audit.

Changed

  • CORSX-Model-Version header is now allowed in CORS preflight. Deprecation response headers are exposed to clients.
  • Request schema — When X-Model-Version header is present, the model body field is ignored; resolution uses (version, frame_count) instead.

[1.12.0] - 2026-03-19

Added

  • Fast Check Crops: bg_segmentation — Optional request field to indicate whether background segmentation was applied to crops before sending. Stored in session metadata for A/B analytics comparing model accuracy with vs. without segmentation.

[1.11.3] - 2026-03-17

Security

  • Dependency vulnerability fixes (pillow, orjson, PyJWT) to address a Pillow out-of-bounds write and an orjson recursion DoS.

[1.11.2] - 2026-03-13

Added

  • React SDK: useDetectionPipeline hook for gaze + eye-region gating, exposing detectionGate and getWarnings() for session warnings at submit time.

Changed

  • React SDK: useSmartFrameCapture now supports external detectionGate and adds restart() for blocking conditions (e.g. hidden/shadowed eyes). Glasses detection is non-blocking and forwarded as a warning.
  • Documentation: API key scopes and frame capture requirements documentation updated (including clarification for capture behavior by endpoint).

[1.11.1] - 2026-03-12

Added

  • AI-readable documentationllms.txt and llms-full.txt added for AI assistant integration (Claude Code, ChatGPT, Cursor). Enables AI tools to discover and use the API documentation during integration.
  • SDK documentation updatesSession ID (sessionId) prop documented for LivenessView, LivenessModal, and useLiveness (React and React Native). CapturedFrame type clarified (timestampMs in SDK, timestamp_ms in API payload).

[1.11.0] - 2026-03-12

Added

  • Capture warnings in fast-check responses — Optional warnings field in request and response for Fast Check, Fast Check Stream, and Fast Check Crops. Frontends can report capture conditions (e.g. "Low light detected", "Face not centered"); the API echoes aggregated warnings in the response for debugging and UX improvement.

Changed

  • Basic Auth for documentation — Optional authentication for documentation endpoints when DOCS_BASIC_AUTH is configured. Protects staging docs from public access.

[1.10.0] - 2026-03-11

Added

  • API key scopes — API keys can be restricted by scope: detection:write, detection:read, session:write, session:read, session:audit, keys:read, keys:write, usage:read, credits:read, webhooks:read, webhooks:write, hosts:read, hosts:write. Create scoped keys in the Developer Portal for least-privilege access. Keys with empty scopes retain full access (backward compatible).

Changed

  • Endpoints now enforce scope requirements. Requests with keys that lack the required scope return 403 with error: "insufficient_scope" and required_scope in the response.

[1.9.1] - 2026-03-10

Fixed

  • Mixed model credit costs — Corrected credit deduction for mixed-v2 models (e.g. mixed-10-v2, mixed-30-v2, mixed-90-v2, mixed-120-v2). Requests using these models now deduct the correct number of credits per model config.

[1.9.0] - 2026-03-10

Added

  • Models registry endpoint — GET /api/v1/models returns the list of available models with id, label, description, min_frames, and deprecated status. Authenticated via shared app-to-app Bearer token. Used by the Developer Portal and SDK useModels hook for dynamic model selection.
  • React SDK useModels hook — Fetch available models from the API and build dynamic model selectors with deprecated-flag support. Integrations can show model descriptions and warn when using deprecated models.

[1.8.0] - 2026-03-09

Added

  • Mixed V2 models — New model family trained on 6,486 videos across 9 attack types. Includes mixed-10-v2, mixed-30-v2, mixed-60-v2, mixed-90-v2, mixed-120-v2 with improved accuracy and per-model EER thresholds. See Models overview.

Deprecated

  • Legacy mixed modelsmixed-10, mixed-30, mixed-60, mixed-90, mixed-120, mixed-150, and mixed-250 are deprecated. Migrate to the corresponding mixed-N-v2 variants.

[1.7.0] - 2026-03-06

Changed

  • Dynamic CORS — CORS allowed origins are now managed via the Developer Portal (AllowedHost entries) instead of a fixed configuration. Organizations can add and manage allowed hosts (e.g. for Qualtrics, Pavlovia, custom domains) without code changes.

[1.6.0] - 2026-03-04

Fixed

[1.5.0] - 2026-03-03

Added

  • Session endpoints for verification landing page — GET /api/v1/sessions/{session_id} returns session context; PATCH /api/v1/sessions/{session_id}/audit records audit events. Enables the verification UI to display session metadata and track user interactions.
  • HMAC verification token authenticationMCP verification flows can use short-lived tokens (in URL or X-API-Key header) instead of API keys. Tokens are signed with VERIFICATION_TOKEN_SECRET.

Changed

  • CORS support for verification landing page — Added verify.moveris.com and dev.verify.moveris.com to allowed origins so the verification UI can call the API without CORS errors.

Fixed

  • React SDK: Eliminated LivenessCamera flickering caused by unstable callback dependencies.
  • React SDK: Injectable sessionId support for liveness detection components.

[1.4.0] - 2026-02-26

Added

  • MCP (Model Context Protocol)AI agents can now verify human presence before high-stakes actions. Integrate Moveris with Cursor, Claude Desktop, ChatGPT, Microsoft Copilot, Meta AI, and other MCP hosts. Documentation includes step-by-step agent configurations.
  • CORS support for Qualtrics and Pavlovia — Embed the liveness flow in Qualtrics and Pavlovia survey subdomains without CORS errors.

Changed

  • Documentation site updated with glossary improvements and MCP reference pages.

[1.3.0] - 2026-02-24

Added

  • Webhook delivery logs — View delivery history and status of webhooks in the Developer Portal. Helps debug failed deliveries and monitor verification callbacks.
  • MCP verification sessions — Create and manage verification sessions for AI agents. Sessions can be tracked and cleaned up automatically.

[1.2.0] - 2026-02-13

Added

  • Fast Check Stream endpoint — New endpoint for high-concurrency frame uploads. Ideal when many users verify in parallel or when you prefer streaming over batch uploads.
  • Organization name and code — API responses can include organization details for multi-tenant integrations.
  • Model cards — Public documentation for each liveness model (Fast, Balanced, Thorough) with use cases and performance characteristics.
  • Documentation portal — Central docs site at documentation.moveris.com with API reference, SDK guides, examples, and best practices.

Changed

  • Improved liveness detection when using mixed frame counts across models.
  • React and React Native SDK documentation expanded with component usage and examples.

[1.1.0] - 2026-02-08

Added

  • Organization invitations — Invite users to your organization via invitation codes in the Developer Portal. Supports email/password and social login flows.
  • Streaming liveness in React — React SDK components now support streaming options for smoother capture flows and lower latency.

Fixed

  • Face-crops endpoint behavior corrected for pre-cropped image submissions.
  • Organization mapping and invitation code validation in the Developer Portal.

How to Read This Changelog

  • Added - New features
  • Changed - Changes to existing functionality
  • Deprecated - Features that will be removed in future versions
  • Removed - Features that have been removed
  • Fixed - Bug fixes
  • Security - Security-related changes