Docs

• Added guide for Stable Swap (v1 and v2).
• Added guide for Tron fee optimiser (v1 and v2).
• Added Vaults web and mobile release notes (v1 and v2).
• Added Liminal Express API changelog for Version [v1.3.16] (Prod) (v1 & v2).
• Added Liminal Express Developer Postman Collection (v1 and v2).

• Updated the Update Liminal Express guide (v1 and v2).
• Updated the Set up Liminal Firewall guide (v1 and v2).

Removed Fantom, Flare, Near, Xinfin and Play3ull chain support from the following guides:

• Liminal supported chains (v1 and v2).
• Liminal environments (v1 and v2).
• Add Custom Tokens (v1 and v2).
• Transaction webhooks (v1 and v2), and
• From the list of supported tokens (v1 and v2).

Docs

1. Updated the coin field description across all API references having the coin field (v2).
2. Updated API reference path for Create a watch-only wallet (v2).
3. Removed the allTokens variable from the Retrieve a list of addresses API reference (v2).
4. Moved the table of supported chains for the Liminal multisig wallet to the Supported for multisig wallets page (v1 and v2).
5. Moved the table of firewall-supported chains for multisig wallet to the Supported for multisig wallets page (v2).
6. Removed Telos, Fantom, Flare, Klaytn, Near, Xinfin, ZKEVM, Bahamut and Play3ull from the list of supported chains for multisig wallets (v1 and v2).
7. Removed the Fantom, Flare,Klaytn, Xinfin, ZKEVM, Telos, Bahamut and Play3ull chains for firewall supported chains for v2 wallets (v2).
8. Added note for firewall-supported chains across all API references having the coin field (v2).
9. Removed the Push a refill transaction API reference as it is deprecated (v1 and v2).

Docs

1. Updated note in Update Liminal Express guide (v1 and v2).
2. The following API references are updated in Express SDK:
   1. Create a hot wallet API v2: Changed the data type of the walletVersion keyword from String to Integer.
   2. Create a watch-only wallet v2: Updated request parameter descriptions.
   3. Create transaction requests v2: Updated tokenOptions object description and the accepted coin values.
   4. Consolidate wallet assets API v2:
      1. Updated accepted coins values.
      2. Removed the allTokens and allAssets body parameter variables from the consolidateOptions object across all use cases.
      3. Removed the consolidate-all-tokens-for-non-UTXO-chains use case as it is not supported anymore.
      4. Added note regarding API rate limit.
   5. Import addresses into a Watch-Only Wallet v2: Updated the response parameter data type of addressesImported and addressesSkipped from String to Integer.
   6. Retrieve all transactions by status API v2: Updated the responses (API 200 OK Success, 400 Bad Request) and accepted coins values .
   7. Retrieve a list of wallets API v2: Updated the responses parameters and accepted coin values.
   8. Retrieve an address balance API v2: Updated the valid use cases and accepted coins values.
   9. Retrieve a wallet balance API v2: Updated accepted coins values.
   10. Retrieve a wallet API v2: Updated accepted coins values.
   11. Resend EVM-chain transactions v2: Updated accepted coins values.
   12. Submit a transaction API v2: Updated accepted coins values.
   13. Retrieve hot wallet transactions v2: Updated the responses parameters and accepted coin values.
   14. Retrieve pending transactions v2: Updated the responses parameters and accepted coin values.
   15. Added note for Rescan API v1 and v2.

Docs

• Rewards API reference (v1 and v2).
• Added Liminal Express Developer Postman collection (v1 and v2).
• Added release notes for Vaults (v1 and v2) and Express SDK (v1 and v2).
• Added Security Advisory Announcement: Address Poisoning and Dusting Attacks guide (v1 and v2).

• Updated the Send (v1 and v2) and Receive (v1 and v2) transaction webhook guides.
• Added note to explain Gas Fee estimation in the Transfer funds from a multisig wallet (v1 and v2) and Gas Station (v1 and v2) guides.
• Updated the Transaction API references for required improved parameters, including
  • Retrieve a transaction (v1 andv2),
  • Retrieve a transaction status (v1 and v2),
  • Retrieve all transactions by status (v1 and v2), and
  • Retrieve hot wallet transactions (v1 and v2).
• Updated the Retrieve all transactions by status (v1 and v2) and Retrieve hot wallet transactions (v1 and v2) API references for added syncedTimeStampOptions filter object.
• Updated the Backdated Holding Statement section with the latest timestamp filter (Wallets v1 & v2).
• Updated Deploy MPC on your AWS server guide (v1 and v2).

Docs

• Liminal Express Developer_1.3.8(v1).postman_collection.json and Liminal Express Developer_1.3.8(v2).postman_collection.json.

• Updated the Backdated Holding Statement section with the latest timestamp filter (Wallets v1 & v2).
• Updated Liminal Express SDK version number to v1.3.8 for the production environment (Wallets v1 & v2).

Docs

1. FAQs guide (v1 & v2), including information about:
   1. Transaction vs Firewall policy.
   2. Spending limit vs Transfers policy.
2. Wallet Details page, including Manual Balance Sync for accuracy (v1 & v2).

1. The wallet group information in the Transfers policy guide for accuracy (v1 and v2).
2. The whitelist smart contract addresses for the deposit wallets guide (v1 and v2).
3. The Add Custom Tokens guide for EVM and non-EVM chains (v1 and v2).

1. Moved the Local Protocol Management guide to legacy.

Docs

• The Processing Withdrawals section in the Set up v2 hot wallets with Liminal Firewall guide (Wallet v2) for clarity.
• A note to the Firewall policy and rules section (Wallets v1 and v2).

• The maximum gas fee (maxGasPrice) thresholds for supported chains in the Resend EVM-chain transactions API reference (Wallets v1 and v2).

Docs

• The Transfer funds guide (v1 & v2).
• Auto Expiration for Tron Transaction section in the Transfer funds guide (v1 & v2).
• Express Developer Postman collections (v1 & v2).
• Added error responses to the Consolidate wallet assets API reference (v1 & v2).
• Added a Failed Tron Transactions section (v1 & v2).
• Added Kaia to the wallet.coin fields across all API endpoints supporting EVM coin ( v1 & v2).

• Improved version update support in the Update Liminal Express guide [Wallet v1 & v2].
• Updated Account Statement metadata (v1 & v2).
• Updated details panel information in History (v1 & v2).
• Added a note to the Create multisig wallet guide (v1 & v2).
• Added a note to the Consolidate wallet assets API reference (v1 & v2).
• Updated transaction primary and secondary statuses (v1 & v2).

• Removed the resData object from all webhook payload responses.

Impacted: Liminal Express SDK v1.2.19 and above.

The previously introduced feature, for Whitelisted Express IP in API Key [Wallet v1 & v2] during the Vaults: November 04, 2025 release [Wallet v1 & v2], is now marked as a breaking change for Liminal Express SDK v1.2.19 [Wallet v1 & v2] and above.

It is now mandatory to add the EXPRESS_OUTBOUND_IP value to your local MPC Docker image when the Express server IP address is whitelisted on Vaults, and the deployment environment is behind a payload.

What Changed (Earlier Release)

The following changes were implemented in the previous November major release [Wallet v1 & v2]:

1. The following IP addresses were added to the API Key whitelist feature:
   1. Source IP, and
   2. Express server IP.
2. Additionally, the HMAC secret key feature required adding the HMAC_SECRET value in the following configurations:
   1. Vaults web > Apps > Secure API
   2. The .env file of the client’s Docker image (express.sh) of the Liminal Express SDK.
3. Required at least a Liminal Express SDK version: v1.2.19 (Prod) or higher.

Why is this a breaking change

Users may experience a breaking change if the required parameters are not configured when:

• Their deployment server environment is behind a load balancer.
• Using Liminal Express version v1.2.19 or higher.
• Have whitelisted at least one Express IP address on Vaults.

When your server-side Liminal Express deployment is configured behind a load balancer, the Express IP address acts as a dynamic address, preventing it from being whitelisted in Vaults. Then, the Liminal Express APIs may break, and the whitelisted Express IP address may not function accurately.

Added Requirement

When your Express server is behind a load balancer, the following parameters should be added to the MPC Docker image (express.sh):

Impact

After upgrading to the latest Liminal Express version 1.2.19 ( or higher):

• All API requests from Liminal Express SDK (both server and client) will fail if EXPRESS_OUTBOUND_IP is not added to your Docker image.
• The whitelisted Express IP address (EXPRESS_OUTBOUND_IP) will not function as expected and accept server requests.
• Existing integrations based on API key will break.

Required Action

Ensure that you:

1. Update the Docker image (express.sh): Add the EXPRESS_OUTBOUND_IP (required) and HMAC_SECRET (recommended) values to the .env file.
   Sample Docker image:

   Dockerfile

   docker run --restart=on-failure \
     -e AWS_DEFAULT_REGION=ap-south-1 \
     -e REGION=ap-south-1 \
     -e NODE_ENV=prod \
     -e TSM_URL=http://172.31.3.30:8000 \
     -e TSM_VERSION=62 \
     -e TSM_USER_ID=test-user-123 \
     -e HMAC_SECRET=TESTHMACSECRETKEY1234567890 \
     -e TSM_PASSWORD=StrongPass!2025 \
     -e TSM_PUBLIC_KEY=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4w7Z6q1W0z7f6qT3hRL \
     -e AUTH_URL=https://vaults-secure.us.auth0.com/oauth/token \
     -e AUTH_AUDIENCE=https://api.lmnl.app/api/wallet/all \
     -e EXPRESS_OUTBOUND_IP=3.110.45.120 \
     -p 8081:8081 \
     -d 641754881946.dkr.ecr.us-west-2.amazonaws.com/liminal-sdk-api:1-stable-prod

2. Restart and rerun the Docker image (express.sh) after successfully embedding the required environment variables.

3. Add HMAC key to Liminal Vaults: Liminal Vaults> Apps > Secure API.

   Have added the same HMAC secret key for both the MPC Docker image and Vaults to ensure the necessary whitelisted IP addresses function accurately, if using the HMAC secret authentication.

References

1. Refer to the Whitelist IP Address per Key > Caveat [wallet v1 & v2] section to update your Docker image as required.
2. Refer to the Liminal Express API changelog [wallet v1 & v2] for the latest production version.
3. Refer to the How to setup HMAC secret key and boost IP whitelisting security with SecureAPI guide [wallet v1 & v2] to configure HMAC security authentication.
4. Update Express SDK version [wallet v1 & v2].

Versioning Update

New Features & Improvements

• Added a Transaction History feature for the Vaults mobile app.

• Improved Transaction History side-panel with Timeline view in the Vaults web app.
• Improved Address Screening validation in the transaction initiation flow for MPC Mobile and Multisig wallets.
• Improved the Resend button disable behaviour in Period webhooks for Receive transactions for clarity.
• Improved the order of whitelisted addresses for transaction initiations in the Vaults mobile app.

Webhooks

• Updated the inputs[].address, outputs[].address, and externaladdress fields in checksum format in Send and Receive transactions.
• Updated multiple parameters in the periodic webhook for Receive transactions.

Refer to the Version [v1.3.1 ] (Prod) [Wallet v1 & v2] changelog.

Docs

• Added History section in Liminal Vaults mobile App guide [Wallet v1 & v2].
• Added a Supported Use Cases guide for Address Screening validation during MPC and Multisig wallet transactions [Wallet v1 & v2].
• Added Timeline section to the History guide [Wallet v1 & v2].
• Added December 05, 2025, release notes for Liminal Vaults Web and Mobile [Wallet v1 & v2].
• Added Liminal Express API changelog for Version [v1.3.1] (Prod) [Wallet v1 & v2].

• Improved the Transactions [Wallet v1 & v2], History [Wallet v1 & v2], and Reports [Wallet v1 & v2] guides for improved information architecture.
• Improved version update support in the Update Liminal Express guide [Wallet v1 & v2].