Docs

1. Updated note in Update Liminal Express guide (v1 and v2).
2. The following API references are updated in Express SDK:
   1. Create a hot wallet API v2: Changed the data type of the walletVersion keyword from String to Integer.
   2. Create a watch-only wallet v2: Updated request parameter descriptions.
   3. Create transaction requests v2: Updated tokenOptions object description and the accepted coin values.
   4. Consolidate wallet assets API v2:
      1. Updated accepted coins values.
      2. Removed the allTokens and allAssets body parameter variables from the consolidateOptions object across all use cases.
      3. Removed the consolidate-all-tokens-for-non-UTXO-chains use case as it is not supported anymore.
      4. Added note regarding API rate limit.
   5. Import addresses into a Watch-Only Wallet v2: Updated the response parameter data type of addressesImported and addressesSkipped from String to Integer.
   6. Retrieve all transactions by status API v2: Updated the responses (API 200 OK Success, 400 Bad Request) and accepted coins values .
   7. Retrieve a list of wallets API v2: Updated the responses parameters and accepted coin values.
   8. Retrieve an address balance API v2: Updated the valid use cases and accepted coins values.
   9. Retrieve a wallet balance API v2: Updated accepted coins values.
   10. Retrieve a wallet API v2: Updated accepted coins values.
   11. Resend EVM-chain transactions v2: Updated accepted coins values.
   12. Submit a transaction API v2: Updated accepted coins values.
   13. Retrieve hot wallet transactions v2: Updated the responses parameters and accepted coin values.
   14. Retrieve pending transactions v2: Updated the responses parameters and accepted coin values.
   15. Added note for Rescan API v1 and v2.

Docs

• Rewards API reference (v1 and v2).
• Added Liminal Express Developer Postman collection (v1 and v2).
• Added release notes for Vaults (v1 and v2) and Express SDK (v1 and v2).
• Added Security Advisory Announcement: Address Poisoning and Dusting Attacks guide (v1 and v2).

• Updated the Send (v1 and v2) and Receive (v1 and v2) transaction webhook guides.
• Added note to explain Gas Fee estimation in the Transfer funds from a multisig wallet (v1 and v2) and Gas Station (v1 and v2) guides.
• Updated the Transaction API references for required improved parameters, including
  • Retrieve a transaction (v1 andv2),
  • Retrieve a transaction status (v1 and v2),
  • Retrieve all transactions by status (v1 and v2), and
  • Retrieve hot wallet transactions (v1 and v2).
• Updated the Retrieve all transactions by status (v1 and v2) and Retrieve hot wallet transactions (v1 and v2) API references for added syncedTimeStampOptions filter object.
• Updated the Backdated Holding Statement section with the latest timestamp filter (Wallets v1 & v2).
• Updated Deploy MPC on your AWS server guide (v1 and v2).

Docs

• Liminal Express Developer_1.3.8(v1).postman_collection.json and Liminal Express Developer_1.3.8(v2).postman_collection.json.

• Updated the Backdated Holding Statement section with the latest timestamp filter (Wallets v1 & v2).
• Updated Liminal Express SDK version number to v1.3.8 for the production environment (Wallets v1 & v2).

Docs

1. FAQs guide (v1 & v2), including information about:
   1. Transaction vs Firewall policy.
   2. Spending limit vs Transfers policy.
2. Wallet Details page, including Manual Balance Sync for accuracy (v1 & v2).

1. The wallet group information in the Transfers policy guide for accuracy (v1 and v2).
2. The whitelist smart contract addresses for the deposit wallets guide (v1 and v2).
3. The Add Custom Tokens guide for EVM and non-EVM chains (v1 and v2).

1. Moved the Local Protocol Management guide to legacy.

Docs

• The Processing Withdrawals section in the Set up v2 hot wallets with Liminal Firewall guide (Wallet v2) for clarity.
• A note to the Firewall policy and rules section (Wallets v1 and v2).

• The maximum gas fee (maxGasPrice) thresholds for supported chains in the Resend EVM-chain transactions API reference (Wallets v1 and v2).

Docs

• The Transfer funds guide (v1 & v2).
• Auto Expiration for Tron Transaction section in the Transfer funds guide (v1 & v2).
• Express Developer Postman collections (v1 & v2).
• Added error responses to the Consolidate wallet assets API reference (v1 & v2).
• Added a Failed Tron Transactions section (v1 & v2).
• Added Kaia to the wallet.coin fields across all API endpoints supporting EVM coin ( v1 & v2).

• Improved version update support in the Update Liminal Express guide [Wallet v1 & v2].
• Updated Account Statement metadata (v1 & v2).
• Updated details panel information in History (v1 & v2).
• Added a note to the Create multisig wallet guide (v1 & v2).
• Added a note to the Consolidate wallet assets API reference (v1 & v2).
• Updated transaction primary and secondary statuses (v1 & v2).

• Removed the resData object from all webhook payload responses.

Impacted: Liminal Express SDK v1.2.19 and above.

The previously introduced feature, for Whitelisted Express IP in API Key [Wallet v1 & v2] during the Vaults: November 04, 2025 release [Wallet v1 & v2], is now marked as a breaking change for Liminal Express SDK v1.2.19 [Wallet v1 & v2] and above.

It is now mandatory to add the EXPRESS_OUTBOUND_IP value to your local MPC Docker image when the Express server IP address is whitelisted on Vaults, and the deployment environment is behind a payload.

What Changed (Earlier Release)

The following changes were implemented in the previous November major release [Wallet v1 & v2]:

1. The following IP addresses were added to the API Key whitelist feature:
   1. Source IP, and
   2. Express server IP.
2. Additionally, the HMAC secret key feature required adding the HMAC_SECRET value in the following configurations:
   1. Vaults web > Apps > Secure API
   2. The .env file of the client’s Docker image (express.sh) of the Liminal Express SDK.
3. Required at least a Liminal Express SDK version: v1.2.19 (Prod) or higher.

Why is this a breaking change

Users may experience a breaking change if the required parameters are not configured when:

• Their deployment server environment is behind a load balancer.
• Using Liminal Express version v1.2.19 or higher.
• Have whitelisted at least one Express IP address on Vaults.

When your server-side Liminal Express deployment is configured behind a load balancer, the Express IP address acts as a dynamic address, preventing it from being whitelisted in Vaults. Then, the Liminal Express APIs may break, and the whitelisted Express IP address may not function accurately.

Added Requirement

When your Express server is behind a load balancer, the following parameters should be added to the MPC Docker image (express.sh):

Impact

After upgrading to the latest Liminal Express version 1.2.19 ( or higher):

• All API requests from Liminal Express SDK (both server and client) will fail if EXPRESS_OUTBOUND_IP is not added to your Docker image.
• The whitelisted Express IP address (EXPRESS_OUTBOUND_IP) will not function as expected and accept server requests.
• Existing integrations based on API key will break.

Required Action

Ensure that you:

1. Update the Docker image (express.sh): Add the EXPRESS_OUTBOUND_IP (required) and HMAC_SECRET (recommended) values to the .env file.
   Sample Docker image:

   Dockerfile

   docker run --restart=on-failure \
     -e AWS_DEFAULT_REGION=ap-south-1 \
     -e REGION=ap-south-1 \
     -e NODE_ENV=prod \
     -e TSM_URL=http://172.31.3.30:8000 \
     -e TSM_VERSION=62 \
     -e TSM_USER_ID=test-user-123 \
     -e HMAC_SECRET=TESTHMACSECRETKEY1234567890 \
     -e TSM_PASSWORD=StrongPass!2025 \
     -e TSM_PUBLIC_KEY=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4w7Z6q1W0z7f6qT3hRL \
     -e AUTH_URL=https://vaults-secure.us.auth0.com/oauth/token \
     -e AUTH_AUDIENCE=https://api.lmnl.app/api/wallet/all \
     -e EXPRESS_OUTBOUND_IP=3.110.45.120 \
     -p 8081:8081 \
     -d 641754881946.dkr.ecr.us-west-2.amazonaws.com/liminal-sdk-api:1-stable-prod

2. Restart and rerun the Docker image (express.sh) after successfully embedding the required environment variables.

3. Add HMAC key to Liminal Vaults: Liminal Vaults> Apps > Secure API.

   Have added the same HMAC secret key for both the MPC Docker image and Vaults to ensure the necessary whitelisted IP addresses function accurately, if using the HMAC secret authentication.

References

1. Refer to the Whitelist IP Address per Key > Caveat [wallet v1 & v2] section to update your Docker image as required.
2. Refer to the Liminal Express API changelog [wallet v1 & v2] for the latest production version.
3. Refer to the How to setup HMAC secret key and boost IP whitelisting security with SecureAPI guide [wallet v1 & v2] to configure HMAC security authentication.
4. Update Express SDK version [wallet v1 & v2].

Versioning Update

New Features & Improvements

• Added a Transaction History feature for the Vaults mobile app.

• Improved Transaction History side-panel with Timeline view in the Vaults web app.
• Improved Address Screening validation in the transaction initiation flow for MPC Mobile and Multisig wallets.
• Improved the Resend button disable behaviour in Period webhooks for Receive transactions for clarity.
• Improved the order of whitelisted addresses for transaction initiations in the Vaults mobile app.

Webhooks

• Updated the inputs[].address, outputs[].address, and externaladdress fields in checksum format in Send and Receive transactions.
• Updated multiple parameters in the periodic webhook for Receive transactions.

Refer to the Version [v1.3.1 ] (Prod) [Wallet v1 & v2] changelog.

Docs

• Added History section in Liminal Vaults mobile App guide [Wallet v1 & v2].
• Added a Supported Use Cases guide for Address Screening validation during MPC and Multisig wallet transactions [Wallet v1 & v2].
• Added Timeline section to the History guide [Wallet v1 & v2].
• Added December 05, 2025, release notes for Liminal Vaults Web and Mobile [Wallet v1 & v2].
• Added Liminal Express API changelog for Version [v1.3.1] (Prod) [Wallet v1 & v2].

• Improved the Transactions [Wallet v1 & v2], History [Wallet v1 & v2], and Reports [Wallet v1 & v2] guides for improved information architecture.
• Improved version update support in the Update Liminal Express guide [Wallet v1 & v2].

Docs

• Added the Maximum Gas Price (Gwei) for Kaia and Optimism chains for the Resend EVM-chain transactions API reference [Wallet v1 & v2].
• Added testnet and mainnet supported tokens for the following chains:
  • ALGO (Algorand) [Wallet v1 & v2]
  • ARB (Arbitrum) [Wallet v1 & v2]
  • Base (Base ETH) [Wallet v1 & v2]
  • BSC (Binance Smart Chain) [Wallet v1 & v2]
  • ETH (Ethereum) [Wallet v1 & v2]
  • SOL (Solana) [Wallet v1 & v2]
  • POL (Polygon) [Wallet v1 & v2]

• Updated the How to setup HMAC secret key and boost IP whitelisting security with SecureAPI [Wallet v1 & v2] guide to include a new For Development Environment section [Wallet v1 & v2] for users using the development environment.
• Updated the Rescan a transaction API reference [Wallet v1 & v2] to include a 400 Bad Request - RATE_LIMIT_EXCEEDED error response.
• Updated the Resend EVM-chain transactions API reference [Wallet v1 & v2]:
  • Added Kaia to the wallet.coin enum.
  • Updated the data type of feeIncrementParams.feeMultiplier from integer to number for improved accuracy.
  • Updated the description of feeIncrementParams.feeMultiplier for accuracy.

Docs

• Restore Liminal Vaults Mobile MPC Keys on a New Mobile Device guide [Wallet v1 & v2].
• Watch-Only wallet guide [Wallet v1 & v2].
• How to setup HMAC secret key and boost IP whitelisting security with SecureAPI guide [Wallet v1 & v2].
• Transactions guide [Wallet v1 & v2].
• Create a Watch-Only wallet API reference [Wallet v1 & v2].
• Import addresses into a Watch-Only wallet API reference [Wallet v1 & v2].
• Rescan a transaction API reference [Wallet v1 & v2].
• Disable Compliance Alerts for Address Screening guide [Wallet v1 & v2].
• Local Protocol Management guide, including a section for Add Custom Tokens [Wallet v1 & v2].
• The Liminal Vaults Mobile App guide now includes an overview and a Mobile Portfolio section [Wallet v1 & v2].
• Kaia supported token reference [Wallet v1 & v2].
• Added Liminal Express API changelog for Version [v1.2.19] (Prod) [Wallet v1 & v2].
• Added November 04, 2025, release notes for Liminal Vaults Web and Mobile [Wallet v1 & v2].

• The Liminal wallets guide now includes a Watch-Only section [Wallet v1 & v2].
• The Manage my API Key guide now includes a Whitelist Address per Key section [Wallet v1 & v2].
• The Reports section now includes information about the backdated holding statements in the Transactions guide [Wallet v1 & v2].
• Restructured the API Key guide for accuracy [Wallet v1 & v2].
• The Liminal overview guide now includes a section about Manual Balance Sync [Wallet v1 & v2].
• The Add new tokens [Wallet v1 & v2], Testnet faucets [Wallet v1 & v2], and Transaction webhook [Wallet v1 & v2] references now include respective information about the Kaia chain.
• Added a note in the Address Screening with Cube3 and Cyvers guide [Wallet v1 & v2].
• Updated the testnet link for the Tron chain [Wallet v1 & v2] reference.
• Updated the default minimum balance threshold of native coins to 0.0015 for Arbitrum and Optimism chains [Wallet v1 & v2].
• Updated the template order of Example 2 in the Transfer policy guide [Wallet v1 & v2].