---
title: Changelog
path: changelog
status: published
---

# Changelog

User-visible changes to ScaiKey. Latest first.

## 2026-05-17 — Public documentation launch

First public version of these docs covering the platform's identity model, OAuth/OIDC surface, admin API, and webhook contracts. The product itself has been in production for some time — this is the documentation catching up.

If you find a gap or an inaccuracy, ping the ScaiKey team.

## Earlier

Pre-launch changes are tracked in the internal changelog. Notable platform-visible items that pre-date this doc site:

- **Platform-level OIDC end_session endpoint** for `GLOBAL` apps without a tenant slug — see [Reference → OAuth endpoints](/docs/scaikey/reference/oauth-endpoints#platform-end-session).
- **RFC 8693 Token Exchange** active on the platform, per-target opt-in via the application's `token_exchange_allowed` flag.
- **`sub` claim on `client_credentials` JWTs** now set to the `client_id` (also exposed as `token_type: "client_credentials"` for consumers that key off it).
- **Webhook signature format**: HMAC-SHA256 over `"{timestamp}.{compact-sorted-json-body}"`, delivered in `X-ScaiKey-Signature: t=...,v1=...` — see [Reference → Webhooks](/docs/scaikey/reference/webhooks).