Impacted: Liminal Express SDK v1.2.19 and above.

The previously introduced feature, for Whitelisted Express IP in API Key [Wallet v1 & v2] during the Vaults: November 04, 2025 release [Wallet v1 & v2], is now marked as a breaking change for Liminal Express SDK v1.2.19 [Wallet v1 & v2] and above.

It is now mandatory to add the EXPRESS_OUTBOUND_IP value to your local MPC Docker image when the Express server IP address is whitelisted on Vaults, and the deployment environment is behind a payload.

What Changed (Earlier Release)

The following changes were implemented in the previous November major release [Wallet v1 & v2]:

1. The following IP addresses were added to the API Key whitelist feature:
   1. Source IP, and
   2. Express server IP.
2. Additionally, the HMAC secret key feature required adding the HMAC_SECRET value in the following configurations:
   1. Vaults web > Apps > Secure API
   2. The .env file of the client’s Docker image (express.sh) of the Liminal Express SDK.
3. Required at least a Liminal Express SDK version: v1.2.19 (Prod) or higher.

Why is this a breaking change

Users may experience a breaking change if the required parameters are not configured when:

• Their deployment server environment is behind a load balancer.
• Using Liminal Express version v1.2.19 or higher.
• Have whitelisted at least one Express IP address on Vaults.

When your server-side Liminal Express deployment is configured behind a load balancer, the Express IP address acts as a dynamic address, preventing it from being whitelisted in Vaults. Then, the Liminal Express APIs may break, and the whitelisted Express IP address may not function accurately.

Added Requirement

When your Express server is behind a load balancer, the following parameters should be added to the MPC Docker image (express.sh):

Impact

After upgrading to the latest Liminal Express version 1.2.19 ( or higher):

• All API requests from Liminal Express SDK (both server and client) will fail if EXPRESS_OUTBOUND_IP is not added to your Docker image.
• The whitelisted Express IP address (EXPRESS_OUTBOUND_IP) will not function as expected and accept server requests.
• Existing integrations based on API key will break.

Required Action

Ensure that you:

1. Update the Docker image (express.sh): Add the EXPRESS_OUTBOUND_IP (required) and HMAC_SECRET (recommended) values to the .env file.
   Sample Docker image:

   Dockerfile

   docker run --restart=on-failure \
     -e AWS_DEFAULT_REGION=ap-south-1 \
     -e REGION=ap-south-1 \
     -e NODE_ENV=prod \
     -e TSM_URL=http://172.31.3.30:8000 \
     -e TSM_VERSION=62 \
     -e TSM_USER_ID=test-user-123 \
     -e HMAC_SECRET=TESTHMACSECRETKEY1234567890 \
     -e TSM_PASSWORD=StrongPass!2025 \
     -e TSM_PUBLIC_KEY=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4w7Z6q1W0z7f6qT3hRL \
     -e AUTH_URL=https://vaults-secure.us.auth0.com/oauth/token \
     -e AUTH_AUDIENCE=https://api.lmnl.app/api/wallet/all \
     -e EXPRESS_OUTBOUND_IP=3.110.45.120 \
     -p 8081:8081 \
     -d 641754881946.dkr.ecr.us-west-2.amazonaws.com/liminal-sdk-api:1-stable-prod

2. Restart and rerun the Docker image (express.sh) after successfully embedding the required environment variables.

3. Add HMAC key to Liminal Vaults: Liminal Vaults> Apps > Secure API.

   Have added the same HMAC secret key for both the MPC Docker image and Vaults to ensure the necessary whitelisted IP addresses function accurately, if using the HMAC secret authentication.

References

1. Refer to the Whitelist IP Address per Key > Caveat [wallet v1 & v2] section to update your Docker image as required.
2. Refer to the Liminal Express API changelog [wallet v1 & v2] for the latest production version.
3. Refer to the How to setup HMAC secret key and boost IP whitelisting security with SecureAPI guide [wallet v1 & v2] to configure HMAC security authentication.
4. Update Express SDK version [wallet v1 & v2].

Versioning Update

New Features & Improvements

• Added a Transaction History feature for the Vaults mobile app.

• Improved Transaction History side-panel with Timeline view in the Vaults web app.
• Improved Address Screening validation in the transaction initiation flow for MPC Mobile and Multisig wallets.
• Improved the Resend button disable behaviour in Period webhooks for Receive transactions for clarity.
• Improved the order of whitelisted addresses for transaction initiations in the Vaults mobile app.

Webhooks

• Updated the inputs[].address, outputs[].address, and externaladdress fields in checksum format in Send and Receive transactions.
• Updated multiple parameters in the periodic webhook for Receive transactions.

Refer to the Version [v1.3.1 ] (Prod) [Wallet v1 & v2] changelog.

Docs

• Added History section in Liminal Vaults mobile App guide [Wallet v1 & v2].
• Added a Supported Use Cases guide for Address Screening validation during MPC and Multisig wallet transactions [Wallet v1 & v2].
• Added Timeline section to the History guide [Wallet v1 & v2].
• Added December 05, 2025, release notes for Liminal Vaults Web and Mobile [Wallet v1 & v2].
• Added Liminal Express API changelog for Version [v1.3.1] (Prod) [Wallet v1 & v2].

• Improved the Transactions [Wallet v1 & v2], History [Wallet v1 & v2], and Reports [Wallet v1 & v2] guides for improved information architecture.
• Improved version update support in the Update Liminal Express guide [Wallet v1 & v2].

Docs

• Added the Maximum Gas Price (Gwei) for Kaia and Optimism chains for the Resend EVM-chain transactions API reference [Wallet v1 & v2].
• Added testnet and mainnet supported tokens for the following chains:
  • ALGO (Algorand) [Wallet v1 & v2]
  • ARB (Arbitrum) [Wallet v1 & v2]
  • Base (Base ETH) [Wallet v1 & v2]
  • BSC (Binance Smart Chain) [Wallet v1 & v2]
  • ETH (Ethereum) [Wallet v1 & v2]
  • SOL (Solana) [Wallet v1 & v2]
  • POL (Polygon) [Wallet v1 & v2]

• Updated the How to setup HMAC secret key and boost IP whitelisting security with SecureAPI [Wallet v1 & v2] guide to include a new For Development Environment section [Wallet v1 & v2] for users using the development environment.
• Updated the Rescan a transaction API reference [Wallet v1 & v2] to include a 400 Bad Request - RATE_LIMIT_EXCEEDED error response.
• Updated the Resend EVM-chain transactions API reference [Wallet v1 & v2]:
  • Added Kaia to the wallet.coin enum.
  • Updated the data type of feeIncrementParams.feeMultiplier from integer to number for improved accuracy.
  • Updated the description of feeIncrementParams.feeMultiplier for accuracy.

Docs

• Restore Liminal Vaults Mobile MPC Keys on a New Mobile Device guide [Wallet v1 & v2].
• Watch-Only wallet guide [Wallet v1 & v2].
• How to setup HMAC secret key and boost IP whitelisting security with SecureAPI guide [Wallet v1 & v2].
• Transactions guide [Wallet v1 & v2].
• Create a Watch-Only wallet API reference [Wallet v1 & v2].
• Import addresses into a Watch-Only wallet API reference [Wallet v1 & v2].
• Rescan a transaction API reference [Wallet v1 & v2].
• Disable Compliance Alerts for Address Screening guide [Wallet v1 & v2].
• Local Protocol Management guide, including a section for Add Custom Tokens [Wallet v1 & v2].
• The Liminal Vaults Mobile App guide now includes an overview and a Mobile Portfolio section [Wallet v1 & v2].
• Kaia supported token reference [Wallet v1 & v2].
• Added Liminal Express API changelog for Version [v1.2.19] (Prod) [Wallet v1 & v2].
• Added November 04, 2025, release notes for Liminal Vaults Web and Mobile [Wallet v1 & v2].

• The Liminal wallets guide now includes a Watch-Only section [Wallet v1 & v2].
• The Manage my API Key guide now includes a Whitelist Address per Key section [Wallet v1 & v2].
• The Reports section now includes information about the backdated holding statements in the Transactions guide [Wallet v1 & v2].
• Restructured the API Key guide for accuracy [Wallet v1 & v2].
• The Liminal overview guide now includes a section about Manual Balance Sync [Wallet v1 & v2].
• The Add new tokens [Wallet v1 & v2], Testnet faucets [Wallet v1 & v2], and Transaction webhook [Wallet v1 & v2] references now include respective information about the Kaia chain.
• Added a note in the Address Screening with Cube3 and Cyvers guide [Wallet v1 & v2].
• Updated the testnet link for the Tron chain [Wallet v1 & v2] reference.
• Updated the default minimum balance threshold of native coins to 0.0015 for Arbitrum and Optimism chains [Wallet v1 & v2].
• Updated the template order of Example 2 in the Transfer policy guide [Wallet v1 & v2].

New Features & Improvements

• [Wallet v1 & v2] Added mobile support for complete transaction initiation with warm MPC wallets.
• [Wallet v2] Added mobile support for Travel Rule compliance.
• [Wallet v2] Improved address screening in Travel Rule compliance for safer transfers.
• [Wallet v2] Improved transparency with complete destination address visibility during approvals in Travel Rule compliance.

API Reference

• [Wallet v2] Improved maxNumInputsToUse variable limit (max batch size) from 50 to 200 for consolidated wallet transaction requests for UTXO chains.

Docs

• Added release note for Liminal Vaults web and mobile [Sep 16, 2025].
• [Wallet v2] Added send a transaction with Travel Rule on the mobile guide.
• [Wallet v1 & v2] Added initiating a transaction on the mobile section ( v1, v2 ) to the Transfer funds from a warm MPC wallet ( v1, v2 ) guides.
• [Wallet v1 & v2] Updated decimal precision description for fields (effectiveChange, effectiveChangeUsd, fee, inputs[].amount, and outputs[].amount) in Receive ( v1, v2 ) and Send ( v1, v2 ) transaction webhook guides.
• [Wallet v1 & v2] Updated webhook payload parameters table parameters for Receive transactions ( v1, v2 ) and added a note for clarity.
• [Wallet v1 & v2] Updated webhook payload parameters table variables for Send transactions ( v1, v2 ) and added a note for clarity.
• [Wallet v2] Fixed incorrect API base URL and endpoint path for wallet consolidation transaction requests.

A new guide on Archiving and Unarchiving Wallets is added under the Vaults UI guides tab.

You may want to archive certain wallets in your organisation for the following reasons

1. To migrate funds from a V1 wallet to V2 wallet. Post migration of funds these V1 wallets would be of no use.
2. The wallet is no longer being used.
3. The wallet was created by mistake.

Archiving a wallet removes it from the Wallets section of the Liminal Vaults dashboard and disables all future send transactions. Archived wallets are moved to a separate section and can be unarchived at any time.

Changed environment variable values from those ofPre-dev to Dev environment

• V1 Wallet Postman Collection
• V2 Wallet Postman Collection

The following note is added in Receive transaction webhooks and Send transaction webhooks.

Currently, webhooks contain both x-platform-signature and x-liminal-signature headers. However, Liminal will deprecate x-liminal-signature in future. As an organisation, you are advised to configure only x-platform-signature going forward.

A new Submit a transactionAPI reference document is added under API References. This API is used to submit transactions for broadcasting to the blockchain network from a specific v2 hot wallet.

The Create transaction requests v2 API reference is updated by improving the API description and response body.