Migration of Authentication Provider from In-House Solution to Proprietary Authentication Provider [01-09-2025]

We are announcing a significant upgrade to our authentication system, migrating from our current in-house solution to a Proprietary Authentication Provider, a robust and modern identity platform. This migration will bring enhanced security, improved performance, and new capabilities for both integrators and end-users.

Planned Deployment Date: 01-09-2025

Supported:

• Password Grant: The existing password grant flow will continue to be supported during the initial phase of the migration.

• Integrator Self-Service (Future): After the first phase of the migration, we will introduce Integrator Self-Service. This will allow integrators to register and manage their own OAuth2 clients, providing greater control and flexibility. The current password grant flow will be fully deprecated once all integrators have transitioned to the new OAuth2 grant supported by our Proprietary Authentication Provider.

Breaking Changes (Effective Upon Migration Completion):

The following internal Web API endpoints related to email and password changes will cease to function once the migration is complete. These endpoints are internal and were never intended for external use by integrators. Refer to API Fair Use Policy

• POST /api/account/passwordReset
• GET /api/account/passwordReset/{id:Guid}
• POST /api/account/changeUserNameRequest
• POST /api/account/changeUserNameConfirm/{id:Guid}
• POST /api/account/changePassword

Temporarily Supported:

• POST /api/signup: This internal endpoint will remain temporarily available (with the new authentication provider) to facilitate the transition. However, we strongly encourage all integrators to direct users to register through the Zaptec portal and app.

⚠️

Action Required:

For End-Users on Older App Versions:

Please ask your users to upgrade their app versions to ensure continued access and full functionality after the migration. Older app versions may experience issues with authentication.

For Integrators:

• Discontinue Use of Internal Endpoints: Integrators currently using any of the internal endpoints listed above (e.g., /api/account/passwordReset, /api/account/changePassword) must stop using them. These endpoints were never intended for external consumption and will be removed. Please refer to the API Fair Use Policy.
• New User Registration Integration: If your integration requires the creation of new users, you will be required to use the new self-service registration flows provided by our Proprietary Authentication Provider after the migration. This will involve integrating directly with the new authentication APIs. See documentations attached below for your reference on how to;
  • Create Registration Flow: REST HTTP API Documentation
  • Update Registration Flow: REST HTTP API Documentation
• Prioritize Zaptec Portal/App Registration: We strongly advise integrators to encourage users to register directly through the Zaptec portal and app, which remains the primary and recommended method for user registration.