Changelog

Latest updates

  1. Added a User Roles guide in Express API reference (v1 and v2).
  2. Added note in Retrieve a list of addresses for consolidation reference guide (v1 and v2).
  3. Removed ADA from the list of acceptable coins in Create a hot wallet API reference (v2).
  4. Updated table in the Firewall Supported Chains for v2 Wallets guide (v2).
  5. Updated the Wallet Details guide (v1 and v2).

Vaults Production Release | April 2026


🚀 Check out the latest Vaults & Express API: v1.3.16 release updates!

Docs

🌱 ADDED
  • Added guide for Stable Swap (v1 and v2).
  • Added guide for Tron fee optimiser (v1 and v2).
  • Added Vaults web and mobile release notes (v1 and v2).
  • Added Liminal Express API changelog for Version [v1.3.16] (Prod) (v1 & v2).
  • Added Liminal Express Developer Postman Collection (v1 and v2).
💜 IMPROVED
  • Updated the Update Liminal Express guide (v1 and v2).
  • Updated the Set up Liminal Firewall guide (v1 and v2).
🚫 DEPRECATED

Removed Fantom, Flare, Near, Xinfin and Play3ull chain support from the following guides:

  • Liminal supported chains (v1 and v2).
  • Liminal environments (v1 and v2).
  • Add Custom Tokens (v1 and v2).
  • Transaction webhooks (v1 and v2), and
  • From the list of supported tokens (v1 and v2).

Express SDK API Updates

Docs

  1. Updated the coin field description across all API references having the coin field (v2).
  2. Updated API reference path for Create a watch-only wallet (v2).
  3. Removed the allTokens variable from the Retrieve a list of addresses API reference (v2).
  4. Moved the table of supported chains for the Liminal multisig wallet to the Supported for multisig wallets page (v1 and v2).
  5. Moved the table of firewall-supported chains for multisig wallet to the Supported for multisig wallets page (v2).
  6. Removed Telos, Fantom, Flare, Klaytn, Near, Xinfin, ZKEVM, Bahamut and Play3ull from the list of supported chains for multisig wallets (v1 and v2).
  7. Removed the Fantom, Flare,Klaytn, Xinfin, ZKEVM, Telos, Bahamut and Play3ull chains for firewall supported chains for v2 wallets (v2).
  8. Added note for firewall-supported chains across all API references having the coin field (v2).
  9. Removed the Push a refill transaction API reference as it is deprecated (v1 and v2).

Express API Reference Updates for Accuracy

Docs

  1. Updated note in Update Liminal Express guide (v1 and v2).
  2. The following API references are updated in Express SDK:
    1. Create a hot wallet API v2: Changed the data type of the walletVersion keyword from String to Integer.
    2. Create a watch-only wallet v2: Updated request parameter descriptions.
    3. Create transaction requests v2: Updated tokenOptions object description and the accepted coin values.
    4. Consolidate wallet assets API v2:
      1. Updated accepted coins values.
      2. Removed the allTokens and allAssets body parameter variables from the consolidateOptions object across all use cases.
      3. Removed the consolidate-all-tokens-for-non-UTXO-chains use case as it is not supported anymore.
      4. Added note regarding API rate limit.
    5. Import addresses into a Watch-Only Wallet v2: Updated the response parameter data type of addressesImported and addressesSkipped from String to Integer.
    6. Retrieve all transactions by status API v2: Updated the responses (API 200 OK Success, 400 Bad Request) and accepted coins values .
    7. Retrieve a list of wallets API v2: Updated the responses parameters and accepted coin values.
    8. Retrieve an address balance API v2: Updated the valid use cases and accepted coins values.
    9. Retrieve a wallet balance API v2: Updated accepted coins values.
    10. Retrieve a wallet API v2: Updated accepted coins values.
    11. Resend EVM-chain transactions v2: Updated accepted coins values.
    12. Submit a transaction API v2: Updated accepted coins values.
    13. Retrieve hot wallet transactions v2: Updated the responses parameters and accepted coin values.
    14. Retrieve pending transactions v2: Updated the responses parameters and accepted coin values.
    15. Added note for Rescan API v1 and v2.

Vaults Production Release | March 2026


🚀 Check out the latest Vaults & Express API: v1.3.10 release updates!

Docs

🌱 ADDED
  • Rewards API reference (v1 and v2).
  • Added Liminal Express Developer Postman collection (v1 and v2).
  • Added release notes for Vaults (v1 and v2) and Express SDK (v1 and v2).
  • Added Security Advisory Announcement: Address Poisoning and Dusting Attacks guide (v1 and v2).
💜 IMPROVED
  • Updated the Send (v1 and v2) and Receive (v1 and v2) transaction webhook guides.
  • Added note to explain Gas Fee estimation in the Transfer funds from a multisig wallet (v1 and v2) and Gas Station (v1 and v2) guides.
  • Updated the Transaction API references for required improved parameters, including
    • Retrieve a transaction (v1 andv2),
    • Retrieve a transaction status (v1 and v2),
    • Retrieve all transactions by status (v1 and v2), and
    • Retrieve hot wallet transactions (v1 and v2).
  • Updated the Retrieve all transactions by status (v1 and v2) and Retrieve hot wallet transactions (v1 and v2) API references for added syncedTimeStampOptions filter object.
  • Updated the Backdated Holding Statement section with the latest timestamp filter (Wallets v1 & v2).
  • Updated Deploy MPC on your AWS server guide (v1 and v2).

Doc Updates for Accuracy

Docs

🌱 ADDED
  1. FAQs guide (v1 & v2), including information about:
    1. Transaction vs Firewall policy.
    2. Spending limit vs Transfers policy.
  2. Wallet Details page, including Manual Balance Sync for accuracy (v1 & v2).
💜 IMPROVED
  1. The wallet group information in the Transfers policy guide for accuracy (v1 and v2).
  2. The whitelist smart contract addresses for the deposit wallets guide (v1 and v2).
  3. The Add Custom Tokens guide for EVM and non-EVM chains (v1 and v2).
🚫 DEPRECATED
  1. Moved the Local Protocol Management guide to legacy.



Minor updates

Docs

🌱 ADDED
  • The Processing Withdrawals section in the Set up v2 hot wallets with Liminal Firewall guide (Wallet v2) for clarity.
  • A note to the Firewall policy and rules section (Wallets v1 and v2).
💜 IMPROVED
  • The maximum gas fee (maxGasPrice) thresholds for supported chains in the Resend EVM-chain transactions API reference (Wallets v1 and v2).

Vaults Production Release

🚀 Check out the latest Vaults & Express API: v1.3.7 release updates!

Docs

🌱 ADDED
  • The Transfer funds guide (v1 & v2).
  • Auto Expiration for Tron Transaction section in the Transfer funds guide (v1 & v2).
  • Express Developer Postman collections (v1 & v2).
  • Added error responses to the Consolidate wallet assets API reference (v1 & v2).
  • Added a Failed Tron Transactions section (v1 & v2).
  • Added Kaia to the wallet.coin fields across all API endpoints supporting EVM coin ( v1 & v2).
💜 IMPROVED
  • Improved version update support in the Update Liminal Express guide [Wallet v1 & v2].
  • Updated Account Statement metadata (v1 & v2).
  • Updated details panel information in History (v1 & v2).
  • Added a note to the Create multisig wallet guide (v1 & v2).
  • Added a note to the Consolidate wallet assets API reference (v1 & v2).
  • Updated transaction primary and secondary statuses (v1 & v2).
🚫 Deprecated
  • Removed the resData object from all webhook payload responses.

⚠️ Whitelisted Express IP Server Behavior

⚠️ Breaking Change

Impacted: Liminal Express SDK v1.2.19 and above.

The previously introduced feature, for Whitelisted Express IP in API Key [Wallet v1 & v2] during the Vaults: November 04, 2025 release [Wallet v1 & v2], is now marked as a breaking change for Liminal Express SDK v1.2.19 [Wallet v1 & v2] and above.

It is now mandatory to add the EXPRESS_OUTBOUND_IP value to your local MPC Docker image when the Express server IP address is whitelisted on Vaults, and the deployment environment is behind a payload.

What Changed (Earlier Release)

The following changes were implemented in the previous November major release [Wallet v1 & v2]:

  1. The following IP addresses were added to the API Key whitelist feature:
    1. Source IP, and
    2. Express server IP.
  2. Additionally, the HMAC secret key feature required adding the HMAC_SECRET value in the following configurations:
    1. Vaults web > Apps > Secure API
    2. The .env file of the client’s Docker image (express.sh) of the Liminal Express SDK.
  3. Required at least a Liminal Express SDK version: v1.2.19 (Prod) or higher.

Why is this a breaking change

Users may experience a breaking change if the required parameters are not configured when:

  • Their deployment server environment is behind a load balancer.
  • Using Liminal Express version v1.2.19 or higher.
  • Have whitelisted at least one Express IP address on Vaults.

When your server-side Liminal Express deployment is configured behind a load balancer, the Express IP address acts as a dynamic address, preventing it from being whitelisted in Vaults. Then, the Liminal Express APIs may break, and the whitelisted Express IP address may not function accurately.

Added Requirement

When your Express server is behind a load balancer, the following parameters should be added to the MPC Docker image (express.sh):

ParameterRequired / RecommendedData TypeDescriptionWhen is it required
EXPRESS_OUTBOUND_IPRequiredStringThe IP address of the Liminal Express server (x-express-ip).When the Liminal Express SDK deployment is behind a load balancer in the Production environment.
HMAC_SECRETRecommendedStringShared secret key for HMAC authentication between Liminal Express API and the client application.
The key must be 20–64 alphanumeric characters.		All instances of the Production environment.

Impact

After upgrading to the latest Liminal Express version 1.2.19 ( or higher):

  • All API requests from Liminal Express SDK (both server and client) will fail if EXPRESS_OUTBOUND_IP is not added to your Docker image.
  • The whitelisted Express IP address (EXPRESS_OUTBOUND_IP) will not function as expected and accept server requests.
  • Existing integrations based on API key will break.

Required Action

Ensure that you:

  1. Update the Docker image (express.sh): Add the EXPRESS_OUTBOUND_IP (required) and HMAC_SECRET (recommended) values to the .env file.
    Sample Docker image:

    docker run --restart=on-failure \
  -e AWS_DEFAULT_REGION=ap-south-1 \
  -e REGION=ap-south-1 \
  -e NODE_ENV=prod \
  -e TSM_URL=http://172.31.3.30:8000 \
  -e TSM_VERSION=62 \
  -e TSM_USER_ID=test-user-123 \
  -e HMAC_SECRET=TESTHMACSECRETKEY1234567890 \
  -e TSM_PASSWORD=StrongPass!2025 \
  -e TSM_PUBLIC_KEY=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4w7Z6q1W0z7f6qT3hRL \
  -e AUTH_URL=https://vaults-secure.us.auth0.com/oauth/token \
  -e AUTH_AUDIENCE=https://api.lmnl.app/api/wallet/all \
  -e EXPRESS_OUTBOUND_IP=3.110.45.120 \
  -p 8081:8081 \
  -d 641754881946.dkr.ecr.us-west-2.amazonaws.com/liminal-sdk-api:1-stable-prod

  2. Restart and rerun the Docker image (express.sh) after successfully embedding the required environment variables.

  3. Add HMAC key to Liminal Vaults: Liminal Vaults> Apps > Secure API.

    Have added the same HMAC secret key for both the MPC Docker image and Vaults to ensure the necessary whitelisted IP addresses function accurately, if using the HMAC secret authentication.

References

  1. Refer to the Whitelist IP Address per Key > Caveat [wallet v1 & v2] section to update your Docker image as required.
  2. Refer to the Liminal Express API changelog [wallet v1 & v2] for the latest production version.
  3. Refer to the How to setup HMAC secret key and boost IP whitelisting security with SecureAPI guide [wallet v1 & v2] to configure HMAC security authentication.
  4. Update Express SDK version [wallet v1 & v2].