Skip to main content

Changelog

A chronological list of changes to the ValidKit API contract.

April 5, 2026

  • Security
    Patches a security vulnerability (GHSA-vghf-hv5q-vc2g) in email syntax validation that could produce incorrect results.

April 4, 2026

  • Fix
    OpenAPI spec endpoint (/api/v1/openapi.json) now serves reliably across all deployment environments.
  • Fix
    MX record data now correctly propagates from domain cache hits, improving validation response completeness.

April 2, 2026

  • API
    Moved canonical OpenAPI spec endpoint to /api/v1/openapi.json. The legacy /docs/openapi.json path now returns a 301 redirect.

March 31, 2026

  • API
    Updated OpenAPI spec metadata to reflect current API capabilities.
  • Fix
    Fixed /docs/openapi.json endpoint.

March 27, 2026

  • Fix
    Fixed webhook management endpoints (configure, get, delete, and delivery history) returning 500 errors instead of valid responses.
  • Fix
    Fixed the POST /v1/webhooks error message to reference the correct field name url instead of webhook_url.
  • Fix
    Fixed 404 responses on /v1/* paths. All endpoints now respond at both /v1/* and /api/v1/* as described in the API reference.

March 17, 2026

  • Fix
    Null MX records (RFC 7505) now correctly rejected as invalid. Domains that explicitly declare they do not accept mail now return valid: false and risk: high instead of being incorrectly treated as valid.

March 12, 2026

  • Fix
    Fixed webhook signature verification failing when payload key ordering changed between queue time and delivery time.
  • Fix
    Fixed certain error conditions returning connection resets instead of proper HTTP 503 responses.

March 7, 2026

  • Fix
    Enables caching for all subscription tiers, improving response times for repeat verifications.

March 6, 2026

  • Fix
    Fixes verification cache reliability in production.
  • API
    The GDPR data export endpoint now includes the email addresses you've validated, along with metadata indicating the total count and whether results were truncated.

March 1, 2026

  • API
    Adds verification caching for faster repeat lookups.

February 28, 2026

  • API
    Adds known-valid domain safeguard: returns valid with is_known_valid_fallback flag when DNS transiently fails for major email providers (gmail.com, outlook.com, etc.) instead of a false negative.
  • Fix
    Adds 10-second timeout cap for verification requests to guarantee faster failure responses on unreachable mail servers.

February 8, 2026

  • API
    Changes request ID format to consistently return 9 characters across all API responses.

November 20, 2025

  • API
    Adds privacy endpoints for GDPR data deletion and export requests (/api/v1/privacy/delete, /api/v1/privacy/export).

October 16, 2025

  • Fix
    Fixes disposable domain detection with updated dataset of 4,725+ providers.

July 28, 2025

  • API
    Changes error responses for rate limit and quota limit errors to include upgrade guidance.

July 15, 2025

  • API
    Adds dedicated cache option for enterprise customers.

July 1, 2025

  • API
    Adds agent-optimized endpoint /api/v1/verify/bulk/agent with 80% smaller response payload.

June 10, 2025

  • API
    Adds batch processing support for up to 10,000 emails with webhook callbacks for completion notifications.
  • API
    Adds compact response format that reduces payload size by 80%.