v1.5.2

🔧 Improvement

This release improves the rate limiting implementation by using the certificate's decimal serial number instead of the SHA1 fingerprint.

🔄 What Changed

• Renamed method: →
• New identifier: Now uses the certificate's decimal serial number for rate limit tracking
• Updated template: Changes preserved in OpenAPI generator template for future regenerations

📊 Impact

The certificate serial number is a more standard and appropriate identifier for X.509 certificates compared to the SHA1 fingerprint. This change provides:

• More reliable certificate identification
• Standard X.509 certificate attribute usage
• Consistent with certificate management best practices

⚠️ Migration Notes

If you have stored rate limit state from v1.5.1:

• The stored data will be reset because the client identifier has changed
• This is expected behavior and does not cause any issues
• Rate limits will be tracked correctly going forward with the new serial number identifier

🔗 Related

• Previous fix in v1.5.1 switched from X-IBM-Client-Id to certificate-based identification
• This release further refines that implementation to use serial numbers

v1.5.1 - Critical Fix: Rate Limiting Per Certificate

🔴 Critical Bug Fix

This release fixes a critical bug in the rate limiting implementation that was introduced in v1.5.0.

🐛 The Problem

The previous implementation incorrectly used X-IBM-Client-Id as the client identifier for rate limiting. However, according to the Raiffeisenbank Premium API documentation, rate limits are enforced per mTLS certificate, not per Client ID.

From the API documentation:

"The number of requests in each API operation is limited to 10 per client per sliding second..."

In the context of mTLS APIs, "client" means the certificate, not the X-IBM-Client-Id.

✅ The Fix

Rate limit tracking now correctly uses the SHA1 fingerprint of the mTLS client certificate as the client identifier.

What Changed

• Added getCertificateFingerprint() method to calculate the SHA1 fingerprint of the certificate
• Updated send() method to use certificate fingerprint instead of X-IBM-Client-Id
• Updated the OpenAPI generator template (ApiClient.mustache) to preserve this fix in future regenerations
• Updated documentation (WARP.md)
• Removed version property from debian/composer.json (managed by debian/rules)

📊 Impact

Who is affected?

Users with multiple certificates registered under the same X-IBM-Client-Id will see different behavior.

Before (incorrect):

All requests using the same X-IBM-Client-Id shared one rate limit counter, regardless of which certificate was used.

After (correct):

Each certificate has its own independent rate limit counter, matching the actual API behavior.

🔄 Migration Notes

If you have stored rate limit state from v1.5.0:

• The stored data will be reset because the client identifier has changed
• This is expected behavior and does not cause any issues
• Rate limits will be tracked correctly going forward

📝 Full Changelog

• Fix rate limiting to use certificate fingerprint instead of X-IBM-Client-Id (#5)
• Add getCertificateFingerprint() method for SHA1 certificate fingerprint calculation
• Update ApiClient template to preserve fix in future code generations
• Remove version property from debian/composer.json
• Update documentation

⚠️ Breaking Change

If you were relying on rate limits being shared across multiple certificates with the same Client ID, this behavior will change. However, this change aligns with the actual API behavior and documentation.

---

Full diff: v1.5.0...v1.5.1

Release 1.5.0

What’s New in 1.5.0

• Added Rate Limiting mechanism (VitexSoftware\Raiffeisenbank\RateLimit) with configurable backend support (JSON, PDO, custom store)
• All rate limit classes/interfaces are now included in Debian packaging
• Mustache templates and OpenAPI config updated for RateLimit code and tests
• Improved exception handling for rate limits in ApiClient
• New PHPUnit tests for RateLimit classes
• Various code style and documentation improvements
• Updated README with Rate Limiting documentation
• Debian .deb packages attached for doc and dev

1.4.1

Full Changelog: v1.4.0...1.4.1

Release 1.4.0

Object deserialization back in game.

Full Changelog: 1.3.1...v1.4.0

🔼 2025 Update 🔼

minimal php8.1+ supported
Generated from 1.1.20240910 openApi spec

Full Changelog: 1.2.3...1.3.1

⬆️ 1.3.0 ⬆️

What's Changed

• Minimal supported php version is 8.1
• Php81 spec1.1.20240910 by @Vitexus in #4

New Contributors

• @Vitexus made their first contribution in #4

Full Changelog: 1.2.3...1.3.0

New Features and Fixes

Release Notes

What's New

• Added Statementor Class
• Added last_week scope to Statementor
• Added Transactor class
• Created php.yml
• Added build for Debian Noble

Fixes

• Jenkinsfile fixes
• Fixed empty report warning
• DateTime formatting on string openApiType fix
• setScope scope fix & update
• Throw exception if statement file cannot be written
• Ensure php-mbstring is present
• Skip Test if XIBMCLIENTID is not set
• Do not test dev package
• Do not run in package test by default

Improvements

• Examples update
• checkCertificatePresence() now can return bool or throw exception
• Updated test directories
• Improved artifact handling
• Attempted to make phpunit happy

Full Changelog: 1.1.1...1.2.3

Not even certificate update

• PSR12 comply reformat
• certificate update
• composer update

Full Changelog: 1.1.0...1.1.1

Mocking ability added

Switch for mock api endpoints added