User GuideDeveloper Guide
Changelog
Maxemail statusxtremepush.com
Back to All

September 2025

September 24th, 2025

🔐 API authentication change

  • API authentication is now via dedicated, generated credentials using a client ID and client secret. The now-legacy method of authentication using username and password will remain supported for at least 6 months until March 2026. A deprecation warning is emitted in the HTTP response headers when using the legacy credentials.
  • Existing users with API access are migrated to API accounts. API accounts are displayed with a different icon to standard users, and their name has a suffix of "API". New credentials can be generated in the Admin interface for API accounts.

🚧

API authentication migration

Client implementations must be migrated to use the new credentials by March 2026. Simply send the client ID and client secret in the same manner as the previous username and password.

Further direct notifications will be sent to account owners if legacy credentials are still used. Any inactive API accounts will be deleted to mitigate the chances of compromised accounts.

🚀 Added

  • Customer spaces which are inactive for 18 months will be permanently deleted, to protect against unnecessary data retention in the platform. A warning notification is sent to administrators at least 28 days before deletion.

🔆 Improved

  • Google reCAPTCHA used in forms is upgraded to a new API. Standard Form Handler usage is unaffected as the upgrade is automatic, but any self-hosted forms which have unbundled the standard Maxemail Form Handler script may not behave as intended.
  • Recipients with at least 10 consecutive temporary delivery failures will be automatically added to the Global Bounce List, in a similar way to those with permanent failures. This will aid those with bad domains that repeatedly fail to deliver.
  • The Sends stat on the Dashboard Overview widget shows separate totals for email and SMS, for customers who have the SMS feature enabled.
  • An additional Feedback-ID email header is added to help aggregate stats in third-party postmaster tools.

Fixed

  • Inactive users are no longer eligible to receive system notifications where they were previously added as a recipient, e.g. scheduled reports.