API Changelog
Breaking changes, new endpoints, and deprecations.
v1.0.0 — 2026-04-27
Initial release.
New
- Auth endpoints:
POST /auth/register,POST /auth/login,POST /auth/refresh,POST /auth/logout,POST /auth/reset-password,POST /auth/reset-password/confirm - Vault CRUD for all categories: identity, birth, addresses, emails, phones, profiles, external identities, work history, preferences, profile-css
- The Perch:
GET /perch/summary,GET /perch/activity - Public profile:
GET /u/{handle}(HTML + JSON) - did:web discovery:
GET /.well-known/did.json,GET /did/{handle} - Agent tokens:
POST /agents/tokens, scoped access - Batch operations:
POST /agents/batch(max 50 ops) - Natural language query:
POST /agents/query - Schema introspection:
GET /agents/schema/{category} - Admin endpoints: user list, audit log, dashboard
- Account export:
GET /account/export - Account erasure:
DELETE /account/erase - Event ingestion:
POST /events - Connections:
GET|POST|PUT|DELETE /connections,GET /connections/{id}/vault - Person search:
GET /search
Breaking Changes
None. This is the first stable release.
Versioning Policy
- BoxOwl uses URL path versioning (
/v1/). - Breaking changes require a new major version.
- Deprecated endpoints are announced here at least 30 days before removal.
- Non-breaking additions (new fields, new endpoints) are added to the current version without notice.