Skip to main content

Release v1.36.0

Released April, 2026

Executive Summary

Features

Notifications & Email

Authentication & Single Sign-On

  • Added passwordless email OTP sign-in, enabling users to authenticate without a password using email one-time passcodes (151552) ([PR 24149, PR 23939]])

Billing & Finance

  • Implemented ad hoc account billing with account search, Cerbos authorization, and invoice creation workflows (135179) (PR 24205)
  • Added per-line-item API billing support, allowing API consumers to pass item count via X-Item-Count header for accurate multi-item billing (152388) (PR 24273)
  • Added account-scoped bill run filtering based on account manager role for role-aware billing views (138650) (PR 24368)

User Experience & Onboarding

  • Added subscription-invite-card web component with API support for user onboarding invite flows (136875) ([PR 24372, PR 24423]])

Observability

  • Introduced APIM observability via Grafana Alloy, streaming Azure API Management logs and metrics to Grafana dashboards (152876) (PR 24382)
  • Added telemetry instrumentation to the product flow actor for improved traceability (PR 24303)

Authorization & Permissions

  • Added RolePermissionsViewsUpdateService for dynamically updating permission views when roles or permissions change (PR 24398)

Testing & Quality

Bug Fixes

  • Resolved access token expiry causing API Offline messages by implementing proactive session refresh and proper refresh token exchange (153279) ([PR 24373, PR 24407, PR 24360]])
  • Fixed server-side sort and filter not being applied on StandardBank collection details in bill run view (152671) (PR 24240)
  • Resolved invoice wizard crash caused by broken rendering logic (PR 24354)
  • Prevented spurious bank-account-removed events when contract actor state is empty (PR 24330)
  • Fixed permission ID not being updated during permission update operations (PR 24405)
  • Fixed role properties not being updated during role update operations (PR 24392)
  • Clarified bill run alert messages for no assigned accounts and no billing scenarios (PR 24421)
  • Updated email invite URL to include tenant ID and token for correct routing (PR 24415)
  • Fixed B2C migration policy name configuration (PR 24469)

Overview

v1.36.0 delivers significant new capabilities across notifications, authentication, billing, and observability, alongside a major expansion of integration test coverage.

The headline feature is the Notifications Worker, a new dedicated container app that processes email notifications with full attachment support, operating alongside the existing Notifications API. Passwordless email OTP sign-in provides a frictionless authentication alternative, while ad hoc account billing and per-line-item API billing expand the billing platform's flexibility. APIM observability via Grafana Alloy brings real-time API management monitoring into the existing Grafana dashboards.

A major quality initiative expanded integration testing across five new domains, bringing WireMock-based test infrastructure to Notifications, Onboarding, Tenant Management, Contract Management, and API Management services.

Features

Notifications Worker Service

Delivered the Notifications Phase 1 implementation, introducing a dedicated worker container app for processing email notifications:

  • Worker container app — Added the notifications worker as a new container app with full Bicep infrastructure, Dapr integration, and pipeline support (130528) (PR 24151)
  • Notification frequency filtering — Moved frequency filtering logic from controller into a dedicated service, improving separation of concerns and testability (130528) (PR 24151)
  • Attachment handling fixes — Resolved binary attachment integrity issues from blob storage to SendGrid, including column type migration (varbinary to nvarchar(max)) and SQL Server 2017 compatibility (130528) ([PR 24504, PR 24486, PR 24488]])
  • Worker stabilisation — Fixed worker re-registration noise, SQL exceptions, missing configuration settings, and deployment failures ([PR 24478, PR 24402, PR 24414, PR 24352, PR 24369]])

Passwordless Email OTP Sign-In

Introduced passwordless authentication via email one-time passcodes, allowing users to sign in without a password:

  • Azure AD B2C custom policy — Added Passwordless Email OTP V2 custom policies for email-based OTP sign-in with conditional account verification (151552) (PR 24149)
  • V2 policy updates — Additional SSO policy refinements for V2 policy compatibility and migration (151552) (PR 23939)

Ad Hoc Account Billing

Enabled billing administrators to create invoices for accounts outside the regular billing cycle:

  • Account search API — Implemented an account search endpoint for looking up accounts by name or identifier during ad hoc invoice creation (135179) (PR 24205)
  • CreateAdhocInvoice workflow — Added the end-to-end workflow for selecting an account and generating an ad hoc invoice, with Cerbos authorization for the adhoc action on the key_account_manager role (135179) (PR 24205)
  • UI components — Introduced AccountSelectorComponent and AdhocInvoiceModal with comprehensive unit tests (135179) (PR 24205)

Per-Line-Item API Billing

Added support for backend API services to declare per-request item counts for accurate billing:

  • X-Item-Count header processing — Updated the APIM process-api-billing policy fragment to read the X-Item-Count response header and build a corresponding lineItems array for billing (152388) (PR 24273)
  • FlowStartInput.LineItems property — Added LineItems to FlowStartInput with a Priority 2 fallback when Input.Metadata.LineItems is absent, ensuring backward compatibility (152388) (PR 24273)

Account-Scoped Bill Run Filtering

  • Role-aware billing views — Implemented account manager-based invoice filtering on the Bill Runs screen, restricting visibility to accounts assigned to the authenticated manager (138650) (PR 24368)
  • Bill run scoping documentation — Added comprehensive documentation for the role-aware data filtering patterns in billing (138650) (PR 24422)

Subscription Invite Card

  • Web component and API — Added the subscription-invite-card web component with supporting API endpoints for the user onboarding invite flow (136875) (PR 24372)
  • Component documentation — Added developer documentation for the profile-subscriptions-card and subscription-invite-card web components (136875) (PR 24423)

Email Sign-Up Flow Enhancement

  • Verification and conditional checks — Enhanced the email sign-up flow with additional email verification steps and conditional logic for improved security and user experience (150830) (PR 24230)

APIM Observability via Grafana Alloy

  • Log and metric streaming — Introduced Grafana Alloy integration to stream Azure API Management logs and metrics into Grafana dashboards for real-time monitoring and alerting (152876) (PR 24382)

Authorization & Permissions

  • RolePermissionsViewsUpdateService — Added a new service to dynamically update materialized permission views when roles or permissions are modified, with associated event handling (PR 24398)
  • PermissionActor fix — Ensured permission IDs are correctly updated during permission update operations (PR 24405)
  • RoleActor fix — Fixed role property updates not being persisted during role update operations (PR 24392)

Product Flow Telemetry

  • Actor instrumentation — Added OpenTelemetry tracing to the product flow actor for improved diagnostics and performance monitoring (PR 24303)

Testing & Quality Assurance

Integration Testing Expansion

Expanded integration testing coverage across five new domains under the Test Coverage & Quality epic:

  • Notifications Integration Testing Framework — Introduced full channel coverage integration tests with WireMock infrastructure for the notification service (152551) (PR 24470)
  • Notifications email attachment tests — Added integration tests for email with attachment and product share email scenarios (PR 24483)
  • Notifications binary attachment regression tests — Added test cases for binary attachment integrity and data-URL attachment processing (PR 24509)
  • Onboarding Integration Testing Framework — Introduced integration testing framework for the onboarding service (152568) (PR 24502)
  • Tenant Management Integration Testing Framework — Added integration tests for tenant management with improved assertion reasons for easier debugging (152466) ([PR 24413, PR 24444]])
  • Contract Management Integration Testing Framework — Introduced integration tests for contract management services (PR 24417)
  • API Management Integration Testing Framework — Added modular mocking and WireMock-based integration testing for API management (PR 24455)

Infrastructure & DevOps

  • Dapr managed identity metadata — Added azureAuthMethods managed identity metadata to all Dapr components for consistent authentication (PR 24456)
  • SSO container port update — Switched the SingleSignOn container from port 80 to 8080 for non-root user compatibility (PR 24412)
  • Dockerfile improvements — Updated COPY commands and improved .dockerignore for generated files (PR 24329)
  • BMAD v6.3.0 upgrade — Upgraded the BMAD framework to version 6.3.0 (PR 24519)

Documentation

  • SSO federation integration — Added comprehensive documentation for Single Sign-On federation integration with Azure AD B2C (PR 24274) (PR 24266)
  • Product flow documentation — Added missing documentation for Terms, payment retry, error handling, and execution flows (PR 24262)
  • Notification service documentation — Updated the notification service documentation (PR 24406)
  • Private docs republication — Republished private documentation with corrected file visibility and fixed broken public links (PR 24390)

Bug Fixes

  • Auth token expiry causing API Offline messages — Resolved an issue where access token expiry caused API Offline messages by implementing proactive session refresh in AuthenticationMiddleware and fixing refresh token exchange logic. Added a guard for NavigationManager.Uri against uninitialized state in AuthenticationExpiryService (153279) ([PR 24373, PR 24407, PR 24360]])

  • StandardBank collection sort and filter — Fixed server-side sort and filter not being applied on the StandardBank collection details within the bill run view (152671) (PR 24240)

  • Invoice wizard crash — Resolved a crash in the invoice wizard caused by broken rendering logic in the wizard component (PR 24354)

  • Spurious bank-account-removed event — Prevented the contract actor from raising a spurious bank-account-removed event when the actor state is empty, eliminating false event notifications (PR 24330)

  • PermissionActor ID update — Fixed the PermissionActor so that permission IDs are correctly updated during permission update operations, preventing stale permission references (PR 24405)

  • RoleActor property update — Fixed the RoleActor to correctly persist role property updates during update operations (PR 24392)

  • Bill run alert messages — Clarified alert messages on the bill run screen for scenarios with no assigned accounts and no billing records (PR 24421)

  • Email invite URL — Updated the email invite URL to include the tenant ID and token, ensuring correct routing to the intended tenant during the onboarding flow (PR 24415)

  • Migration policy name — Fixed the B2C migration policy name configuration to use the correct policy name (PR 24469)

  • Notification service infrastructure — Resolved multiple notification service deployment and runtime issues including SQL exceptions, missing App Configuration settings, incorrect configuration names, and deployment failures ([PR 24402, PR 24414, PR 24352, PR 24369]])

Contributors

Thanks to all contributors who made this release possible!