All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Critical Webhook Signature Verification Bug: Fixed signature verification failing when NOWPayments sends numbers in scientific notation (e.g.,
1e-7)- The previous implementation parsed the JSON body, sorted keys, and re-serialized it before computing the HMAC
- Ruby's
JSON.generatewould change number formatting (e.g.,1e-7→0.0000001), breaking the signature - Now computes HMAC directly on the raw body string, which is correct since NOWPayments already sends keys in sorted order
- Removed unused
sort_keys_recursiveandgenerate_signatureprivate methods
- Simplified
Webhook.verify!implementation - now a single HMAC computation on raw body - Added comprehensive regression tests including scientific notation edge case
- JWT Authentication Module (5 methods): Complete token lifecycle management
authenticate(email:, password:)- Get JWT token with 5-minute expirationjwt_token(email:, password:)- Get token with optional auto-refreshjwt_expired?- Check token validityclear_jwt_token- Manual token clearingjwt_time_remaining- Seconds until token expires- Automatic Bearer token injection in Authorization header
- Connection reset mechanism on token change
- Fiat Payouts Module (8 methods): Beta - Crypto to fiat withdrawals
fiat_payout_payment_methods- Get available payment methodscreate_fiat_payout_account- Create payout accountfiat_payout_accounts- List payout accountsupdate_fiat_payout_account- Update account detailscreate_fiat_payout- Create fiat payoutfiat_payout_status- Get payout statusfiat_payouts- List all payouts with 13 filter optionsfiat_payout_rates- Get conversion rates
- Invoice Status Method:
invoice(invoice_id)- Get invoice details and status - Mass Payouts (8 methods): Batch withdrawals with 2FA verification
balance- Get account balancecreate_payout- Create batch payout (JWT required)verify_payout- 2FA verification (JWT required)payout_status- Get payout statuslist_payouts- List all payouts (JWT required)validate_payout_address- Validate withdrawal addressmin_payout_amount- Get minimum payout amountpayout_fee- Calculate payout fee
- Conversions Module (3 methods): Currency conversions (JWT required)
create_conversion- Convert between cryptocurrenciesconversion_status- Check conversion statuslist_conversions- List all conversions
- Custody/Sub-accounts Module (11 methods): User wallet management for marketplaces
create_sub_account- Create user accountsub_account_balance- Get user balancesub_account_balances- Get all balanceslist_sub_accounts- List all sub-accountstransfer_between_sub_accounts- Transfer between users (JWT required)create_sub_account_deposit- Generate deposit addresscreate_sub_account_payment_deposit- Payment to sub-accounttransfer_to_sub_account- Deposit to userwithdraw_from_sub_account- Withdraw from user (JWT required)sub_account_transfer- Get transfer detailssub_account_transfers- List all transfers
- Subscriptions/Recurring Payments Module (9 methods): Complete subscription management
subscription_plans- List all planscreate_subscription_plan- Create new planupdate_subscription_plan- Update plansubscription_plan- Get plan detailscreate_subscription- Create subscriptionlist_recurring_payments- List with filtersrecurring_payment- Get subscription detailsdelete_recurring_payment- Cancel subscription (JWT required)subscription_payments- List subscription payments
- Complete API Coverage: Now 57 methods across 11 modules (was 44 methods across 9 modules)
- Modular Architecture: Split monolithic client (674 lines) into focused API modules (76-line client + 11 modules)
- Documentation: Updated README to 578 lines with complete method list, usage examples, and guides
- Version bump from 0.1.0 to 0.2.0 (minor version for new features)
- Added comprehensive API reference (docs/API.md - 950+ lines)
- Added JWT authentication examples (examples/jwt_authentication_example.rb - 10 usage patterns)
- Updated README with collapsible method lists and detailed usage guides
- Added currency conversions examples
- Added fiat payouts usage guide
- Added internal documentation for gap analysis and sprint reports
- JWT Bearer token support for protected endpoints
- Automatic token expiration management (5-minute lifetime)
- Secure token storage and injection
- All existing webhook security features maintained
- None - All changes are additive and backward compatible
0.1.0 - 2025-01-XX
- Complete API client implementation with all NOWPayments v1 endpoints
- Payment API: create, retrieve, list with filters, update estimate
- Invoice API: create hosted payment pages with success/cancel URLs
- Subscription API: plans, create plan, get plan, create subscription, list payments
- Payout API: mass withdrawals support
- Estimation API: minimum amounts and price estimates
- Status & utility endpoints: API status, currencies, full currency info, merchant coins
- Comprehensive error handling with custom exception hierarchy (8 error types)
- Secure IPN webhook verification with HMAC-SHA512 and recursive key sorting
- Rack middleware for Rails/Sinatra webhook integration
- Faraday ErrorHandler middleware for automatic HTTP error mapping
- Sandbox environment support for testing
- VCR cassette support for reliable integration testing
- Complete RSpec test suite with WebMock integration
- Example scripts: simple demo and webhook server (Sinatra)
- Comprehensive API documentation (docs/API.md)
- Professional README with usage examples
- Upgraded to Faraday 2.x with built-in JSON support (no faraday-json dependency)
- All API methods return raw Hash responses (no data models per design decision)
- Implemented constant-time signature comparison to prevent timing attacks
- Recursive key sorting for consistent HMAC signature generation
- Webhook signature verification with SecurityError on failure