Resource & Integration Update Log

API version 4.2 has been promoted from release candidate to stable. This release introduces the /events/subscribe endpoint for real-time event streaming, adds HTTP/3 (QUIC) support across all regions, and resolves three minor inconsistencies in the JSON schema for /resources/list responses. Partners on v4.1 are encouraged to migrate within 90 days. Full migration guide available from tech@lizaro-support.online.

The Lizaro icon library has been expanded with 24 new SVG icons covering infrastructure, data pipeline, and notification contexts. All new icons conform to the existing 24×24px grid with 2px stroke weight. The updated icon package (v2.4) is available through the media asset portal. Existing icon IDs are unchanged; no breaking changes to existing integrations.

• 8 infrastructure icons (server, database, network, CDN variants)
• 8 data pipeline icons (stream, transform, aggregate, export)
• 8 notification and status icons (alert, check, info, warning variants)

The São Paulo region (sa-east-1) will undergo a scheduled infrastructure upgrade on 2026-05-03 between 02:00–06:00 UTC. During this window, the region will be in a degraded state. Partners with traffic routed to api-sa.lizaro.com should configure their integration to fall back to the global endpoint api.lizaro.com during this period. Automated failover is active but partners should validate their fallback configuration prior to the maintenance window.

Routine annual TLS certificate rotation has been completed across all five infrastructure regions. New certificates are issued by DigiCert Global Root G2 with a 365-day validity period. Partners implementing certificate pinning should ensure they are pinning to the intermediate CA (DigiCert Global G2 TLS RSA SHA256 2020 CA1) rather than the leaf certificate. No action is required for partners using standard TLS validation.

The Terms of Authorized Usage for Digital Partners has been updated to version 3.1. Key changes include clarified provisions regarding third-party sub-distribution of media assets, updated data residency requirements aligned with current infrastructure regions, and revised token rotation obligations for client credentials. All active partners are required to acknowledge the updated terms within 30 days. The full document is available at resource-terms.html.

Rate limit allocations have been revised across all partner tiers to reflect updated infrastructure capacity. Standard tier limits increase from 300 to 500 requests per minute. Professional tier limits increase from 1,500 to 2,000 requests per minute. Enterprise tier limits increase from 8,000 to 10,000 requests per minute. Burst allowances have been standardized at +20–30% above the base limit depending on tier. The X-RateLimit-* response headers now include a X-RateLimit-Window field indicating the rolling window duration in seconds.

The Tokyo region (ap-northeast-1) has been expanded with an additional availability zone, bringing the total to three AZs consistent with all other primary regions. This expansion improves fault tolerance and increases total throughput capacity by approximately 40%. P99 latency targets for the region have been revised downward from 200ms to 150ms for Enterprise tier partners.

The primary typeface Inter has been updated to version 4.0. This release introduces optical size adjustments, improved rendering at small sizes, and additional variable font axes. WOFF2 packages have been re-optimized for reduced file size (average 18% reduction). Partners using self-hosted font files should update their packages. Google Fonts CDN users will receive the update automatically.

Webhook event delivery now includes an X-Lizaro-Signature-256 header containing an HMAC-SHA256 signature of the request body, computed using the partner's LIZARO_WEBHOOK_SECRET. Partners are strongly encouraged to validate this signature on all incoming webhook requests. Validation libraries are included in all official SDK packages as of v4.1.8. Detailed implementation guidance is available from the technical team.

The Lizaro Partner Integration & Media Hub has been relaunched as version 4.0, consolidating previously separate documentation portals into a single unified resource. The hub now serves as the authoritative source for all integration documentation, media assets, technical specifications, and partner guidelines. All legacy documentation URLs have been redirected to the new hub structure.

PKCE (Proof Key for Code Exchange) is now mandatory for all public client authorization code flows. Partners using the authorization code grant without PKCE will receive a 400 Bad Request response with error code pkce_required. Confidential clients (server-side flows using client credentials) are not affected. All official SDK packages already implement PKCE by default.

The partner onboarding documentation has been comprehensively revised to reflect current integration standards and infrastructure parameters. The updated documentation includes step-by-step environment configuration guides for all supported SDK languages, updated IP allowlist ranges, and revised SLA tier descriptions. New partners should reference the updated documentation exclusively.

HTTP/1.1 support has been deprecated across all Lizaro API infrastructure. All partner integrations must use HTTP/2 or higher. Connections attempting HTTP/1.1 will be upgraded automatically where possible, but partners should update their HTTP client configurations to explicitly request HTTP/2. This change improves throughput efficiency and reduces connection overhead for high-volume integrations.