Changelog

API and integration changes over time. Breaking changes will be announced here at least 30 days in advance.

April 14, 2026 · later

New Service tokens, HMAC signing, audit log

Integration endpoints now require both a service token (distinct from user tokens) and an HMAC-SHA256 signature on the request body with replay protection.

POST /api/integrations/tokens — mint a long-lived service token (admin only)
GET /api/integrations/tokens — list active tokens
DELETE /api/integrations/tokens/{id} — revoke immediately
POST /api/integrations/secrets — generate an HMAC signing secret (admin only)
GET /api/integrations/secrets — list active secrets
DELETE /api/integrations/secrets/{id} — revoke
GET /api/integrations/audit — read recent API audit log entries

Every call to /api/integrations/* is logged with tenant ID, IP, user agent, token identifier, body hash, response code, and latency. See Authentication for the full flow.

April 14, 2026

New TMS Shipment Update endpoint

Added POST /api/integrations/tms/shipment-update — allows in-house and commercial TMS systems to push booked truck cost and carrier info to WardenIQ keyed by lane_ref. Writes flow through the canonical _apply_truck_cost helper with source='tms' for audit and rollback.

See endpoint docs for the full schema and examples.