v1.0.1 — post-launch corrections
Patches and refinements shipped on top of v1.0.0 before broader partner rollout. No breaking changes — all additions are backwards-compatible.Webhook delivery
subscription.completedis now eventually-consistent. A reconciler actor sweeps every 60 seconds and fires the webhook for any partner-sourced Bid where the synchronous emit was skipped. See Subscriptions › subscription.completed delivery.subscription.completedadmin trigger wired through. Marking a partner-sourced BidCompletedin the Zest admin UI now reliably fans the webhook out via the helper path (with the reconciler as a backstop).- Optional
partnerInvestorIdadded to thesigned_subscription_form.uploadedandfunding_receipt.uploadedpayloads. Always present when the originating subscription carried a partner investor id; omitted otherwise.
Onboarding / operations
- Partner registration CLI accepts
--public-key-b64for direct key registration and reports duplicate-key collisions with a friendly exit-1 message instead of a stack trace. - Spaas contract sync + materialiser expanded to cover the remaining
Opportunityrequired fields (is_fixed_price,company_id) so approving an SPV request never fails the downstream insert.
v1.0.0 — Initial release
First public release of the Zest Public API. Scope:- Authentication: OAuth 2.0 JWT-Bearer assertion grant via
POST /v1/oauth2/tokens. - SPV Requests:
POST,GET,LIST,DELETEfor/v1/spv-requests. Admin approve/reject/cancel flow. - Investors: bulk-create
POST /v1/investorswith partial-success semantics. - Subscriptions: bulk-create
POST /v1/spvs/{slug}/subscriptions. - Uploads: signed-form and funding-receipt multipart uploads with strict ordering.
- Webhooks: nine event types, HMAC-SHA256 signed envelopes, 30s/5m/30m/2h/12h retry schedule + dead-letter.
- Errors: uniform envelope with stable
codevocabulary and per-fieldvalidationErrors[]. - Idempotency: required on
POST /v1/spv-requests; optional on other writes; 24h TTL.