docs: note the breaking change in this PR

seapagan · seapagan · commit 9a3f05e1c89b · 2025-08-10T13:12:41.000+01:00
Signed-off-by: Grant Ramsay &lt;seapagan@gmail.com&gt;
diff --git a/README.md b/README.md
@@ -19,6 +19,7 @@ Documentation for this project is now availiable on it's own page at
 finished will include full usage information and how-to's.
 
 - [Important note on Versioning](#important-note-on-versioning)
+- [Breaking Changes](#breaking-changes)
 - [Changes from version 0.4.x](#changes-from-version-04x)
 - [Functionality](#functionality)
 - [Installation](#installation)
@@ -50,6 +51,13 @@ previous version. This will be in the form of a `.patch` file which can be
 applied to their project using the `git apply` command. This will be documented
 in the release notes.
 
+## Breaking Changes
+
+There will be breaking changes implemented from time to time, as the template is
+still evolving. These may be due to security issues or changes in philosophy.
+These can always be found [here](https://api-template.seapagan.net/important/)
+on the website.
+
 ## Changes from version 0.4.x
 
 Starting from version 0.5.0, the template has been refactored to use SQLAlchemy
diff --git a/SECURITY.md b/SECURITY.md
@@ -4,7 +4,7 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
-| >=0.6.0 | :white_check_mark: |
+| >=0.7.1 | :white_check_mark: |
 
 Until we reach a 1.0 milestone, we will generally only support the latest
 release of the project. If you are having issues with an older version, please
diff --git a/docs/important.md b/docs/important.md
@@ -8,6 +8,17 @@ API.
 
 None.
 
+## Breaking changes in 0.7.1
+
+### Modified the API Key Hashing method
+
+The API key is **NEVER** stored in the database, however a **hashed** version of
+this is so that we can authenticate. Previously it used a plain SHA256
+algorythm, and has now been switched to using `HMAC` in conjunction with SHA256
+instead. This allows using the `SECRET_KEY` already set to make the API keys
+more secure. As a result, **any existing API Keys are now invalid and will need to
+be deleted and regenerated**.
+
 ## Breaking Changes in 0.7.0
 
 ### Modified the Authentication backend
@@ -37,7 +48,7 @@ Several function signatures have changed, generally to fix boolean
 inconsistencies. Boolean parameters should be passed as named parameters
 instead of positional parameters. This is to make the code more readable and
 maintainable. The `UserManager.set_ban_status` function is one of these changes
-that causes a breaking change. However, this method is only called from and API
+that causes a breaking change. However, this method is only called from an API
 endpoint for the moment, so it should not affect any existing code that
 depends on it unless you are using it directly in your code.
 
