API Reference
Portal

Changelog

Overview

All notable changes to the zerohash Web SDK will be documented in this file.

This project adheres to Semantic Versioning.


[3.1.2] - 2026-06-19

Fixed

  • Crypto Buy now honours filters set via sdk.setFilters or sdk.openModal when rendering through the next-generation path. Filters were previously applied on the existing iframe path but silently ignored on the next-generation path. No API changes, existing filters configurations resume working as documented.

[3.1.0] - 2026-06-17

Added

  • Trusted additional CDN origins used by next-generation widgets. The previously trusted origins remain valid during the migration, no integrator action required.

Changed

  • Updated bundled @zerohash-sdk/*-react and @connect-xyz/auth-react packages to their latest versions.

[3.0.1] - 2026-06-12

Changed

  • Updated bundled @zerohash-sdk/*-react and @connect-xyz/auth-react packages. Includes improved error handling and clearer messaging when an embedded widget fails to load its scripts.

[3.0.0] - 2026-05-21

Major version bump signalling the rollout of a next-generation rendering path for zerohash widgets. The public SDK API is unchanged for cert and prod consumers, the only public-type change is a narrowing of env (see Changed).

Added

  • Next-generation rendering for Crypto Buy/Sell, Onboarding, Fiat Deposits/Withdrawals, Crypto Withdrawals, Fund, Pay, Payouts, Profile, and Account Link flows. Improved performance and UX. Rollout is gradual and controlled server-side, no integration changes required, and flows not yet migrated continue to render via the existing iframe.
  • theme option on the SDK constructor ('light' | 'dark' | 'auto', defaults to 'light') and a matching sdk.setTheme({ theme }) method. Applies to the next-generation flows; the existing iframe and Fund Connect Auth surfaces are unchanged.
  • env option on the SDK constructor ('cert' | 'prod') for explicit environment selection. When set, it takes precedence over the SDK's hostname-based inference. This is now the recommended way to target a specific deployment.
  • The SDK version is now attached to embedded widget logs to make support investigations faster.

Changed

  • Breaking (TypeScript surface only): narrowed the public Environment type from 'dev' | 'cert' | 'prod' to 'cert' | 'prod'. The 'dev' value was never intended for integrator use. Consumers on cert or prod do not need to make any changes.

Fixed

  • Environment auto-detection now recognises the full set of zerohash hostnames used by integrators. Previously, some cert setups silently fell back to loading production assets. If you've ever been unsure which environment the SDK was targeting, we recommend passing the new env option explicitly.
  • Removed a brief wrong-theme flash when opening a next-generation flow in dark or auto mode. The modal also now becomes visible as soon as the inner widget reports it has loaded, instead of waiting on a multi-second fallback. Light mode and the existing iframe flow are unchanged.
  • Fixed Fund's Connect Auth flow targeting the production Connect API when the host page was running against a non-production deployment. The Connect environment is now resolved from the same source as the next-generation widgets, explicit env first, otherwise hostname-based inference.

Security

  • Tightened the Fund Connect Auth issuer check to use a strict hostname allowlist instead of a permissive substring match.

[2.16.1] - 2026-02-23

Added

  • Bump connect-xyz version to 0.46.0 to fix a problem for Auth into Fund users where the UI was taking too long to be displayed

[2.16.0] - 2026-02-22

Added

  • Add dynamic styles for "Auth into Fund" integration
  • This allows customizing Modal appearance without requiring customers to bump their SDK version

[2.15.0] - 2026-02-18

Added

  • Add dynamic styles for "iframe" SDKs via postMessage
  • This allows customizing Modal appearance without requiring customers to bump their SDK version

[2.14.0] - 2026-01-16

Added

  • Allow existing Fund customers to integrate with Auth seamlessly
    • Existing Fund customers shall now be able to use Auth integrations aside from Manual deposit.
      Auth does not rely on an iframe, has dark and light mode, improved UI, and improved performance.

[2.13.0] - 2026-01-02

Changed

  • Changes SDK wrapper positioning to fixed to prevent it being scrolled out of view by the parent application

[2.12.6] - 2025-10-27

Security

  • Addressed security vulnerabilities identified by automated dependency scanning
  • Updated multiple dependencies to their latest secure versions

[2.12.5] - 2025-10-22

Changed

  • Restored original fiat-account-link terminology for existing integrations

[2.12.4] - 2025-10-21

Fixed

  • Improved border styling consistency between mobile and desktop views

[2.12.3] - 2025-10-01

Changed

  • Updated Fiat Account Link terminology to better reflect the feature's purpose

[2.12.2] - 2025-09-30

Added

  • New fiat account linking feature for connecting bank accounts

[2.12.1] - 2025-09-11

Fixed

  • Refined corner styling and border radius for improved visual consistency

[2.12.0] - 2025-07-07

Added

  • Introduced support for new "PAY" application name

[2.11.2] - 2025-07-02

Changed

  • Improved integration with World App's MiniKit for better mobile experience

[2.11.1] - 2025-07-02

Changed

  • Enhanced World App message handling with improved error recovery

Updated 3 days ago

Updated 3 days ago