Enhanced Admin Controls & Security
This release brings major improvements to admin functionality, including new rate limiting for credit adjustments, enhanced security measures, and better audit trails for user management. We've also fixed several critical bugs affecting monitoring and compliance features.
The welcome email and verification screen now show the actual credit amount awarded instead of always displaying $1.00. Users receiving reduced bonuses will see the correct amount in both surfaces.
Administrators can now adjust user credits up to 10 times per minute, preventing abuse of the credit adjustment system. This rate limit is enforced per admin user and provides better control over credit management operations.
Admin authentication now includes audience validation and shorter token expiration (15 minutes instead of 1 hour). This provides stronger security for admin operations and reduces the window for potential token misuse.
New Features
2Admin rate limiting added
Administrators can now adjust user credits up to 10 times per minute, preventing abuse of the credit adjustment system. This rate limit is enforced per admin user and provides better control over credit management operations.
Audit trail for user changes
All admin user modifications including credit adjustments, admin status changes, and fraud level updates are now recorded in an audit log. This provides complete visibility into who made changes and when, improving accountability.
Improvements
4Optimize dashboard performance
Analytics widgets now load lazily using Intersection Observer, deferring data fetching until widgets scroll into view. This improves initial page load times for GeoDistribution, ErrorBreakdown, HourlyPatterns, and TopEndpoints widgets.
Enhance scraping comparison page
The best-web-scraping-api page now features smooth scroll animations and improved spacing. Section labels include primary-colored numbers and line separators for better visual hierarchy and readability.
General bug fixes and improvements
Plus 16 internal improvements for better reliability and performance.
Better monitoring data safety
Log data and LLM outputs are now properly sanitized before processing to prevent prompt injection attacks. This includes wrapping domain health data in XML tags and sanitizing raw log lines, making monitoring more secure.
Bug Fixes
14Correct signup bonus display
The welcome email and verification screen now show the actual credit amount awarded instead of always displaying $1.00. Users receiving reduced bonuses will see the correct amount in both surfaces.
Fix credit amount precision
Verify code responses now return microcents instead of millicents for credits_awarded, making it consistent with all other balance fields in the API. This ensures accurate credit tracking across the platform.
Improve welcome email accuracy
The welcome email now uses the correct API keys route and removes false fee warnings. The message focuses on getting started quickly with a clear value proposition instead of outdated pricing information.
Prevent sidebar navigation issues
The cookie consent banner no longer intercepts sidebar navigation clicks on dashboard routes. Users can now access Billing, Settings, and Herald sections without banner interference in fresh sessions.
Fix minimum deposit validation
Entering $0 in the custom deposit amount now shows the minimum deposit error message instead of silently disabling the Add button. Users receive clear feedback about the $10 minimum requirement.
Stop low-balance alerts for free users
Users with only signup bonus credits no longer receive low-balance alerts. The system now checks for paid deposits before sending balance warnings, preventing unnecessary notifications for free-credit-only accounts.
Validate API key name length
API key creation now enforces the 100-character limit at the schema level, preventing PostgreSQL string-too-long errors. Users receive immediate feedback instead of HTTP 500 errors when creating long key names.
Fixed credit balance accuracy
Credit balance calculations now happen directly in SQL to avoid precision loss with large numbers. This ensures accurate balance tracking even for high-volume users and prevents rounding errors in financial calculations.
Prevent admin self-modification
Administrators can no longer modify their own admin status through the user management interface. This prevents accidental self-lockout and potential privilege escalation scenarios.
Fixed webhook delivery reliability
Webhook delivery now uses isolated database sessions per delivery attempt, preventing connection issues during retry operations. This improves the reliability of webhook notifications for your integrations.
Fixed broadcast scheduling
Broadcasts scheduled for later delivery now properly trigger the send operation. The system correctly handles both immediate and scheduled broadcast delivery, ensuring your messages reach their intended recipients.
Improved fraud detection accuracy
The fraud suspect query now uses last seen timestamps instead of random UUID ordering, ensuring high-risk users are properly surfaced. This provides more accurate fraud detection and better prioritization of suspicious accounts.
Fixed admin user detail display
User detail pages now correctly display fraud response levels and credit adjustment reasons. The interface properly handles all user fields and provides accurate information for admin decision-making.
Fixed broadcast recipient targeting
Broadcast resend operations now correctly target the intended audience without requiring manual recipient specification. The system automatically handles audience targeting based on subscription status.
Security
1Enhanced admin authentication
Admin authentication now includes audience validation and shorter token expiration (15 minutes instead of 1 hour). This provides stronger security for admin operations and reduces the window for potential token misuse.
Plus 16 internal changes for stability and performance.