Changelog

All notable changes to next-api-layer are documented here.

v0.1.6 - April 7, 2026#

Added#

Per-request sanitization control: New options in RequestOptions for fine-grained sanitization control
- skipSanitize: boolean - Skip all sanitization for a specific request
- skipSanitizeFields: string[] - Skip sanitization for specific fields only
patch() method now accepts RequestOptions parameter (was missing)

Example Usage#

TypeScript

Migration from v0.1.5#

No breaking changes. Simply update your package:

Terminal

v0.1.5 - April 4, 2026#

Added#

i18n Support: Automatic locale detection and injection for API requests
- Added i18n config option to createAuthProxy for locale detection from URL path
- Added i18n config option to createApiClient for auto-appending ?lang={locale} to requests
- New x-locale header for passing locale from middleware to route handlers
- Configurable paramName (default: lang), locales, and defaultLocale

Changed#

HEADERS constant now includes LOCALE: 'x-locale'
Proxy handlers now extract locale from URL pathname and set x-locale header
API client reads x-locale header and appends locale query parameter to backend requests

Migration from v0.1.4#

No breaking changes. To enable i18n, add the config:

TypeScript

v0.1.4 - April 1, 2026#

Fixed#

Empty cookie creation bug: Fixed an issue where cookies.delete() was called on non-existent cookies, causing empty-value cookies to be set in the browser. Now all delete operations check for cookie existence before attempting deletion.

Added#

New safeDeleteCookie helper function that only deletes cookies that actually exist in the request.
Updated deleteAllAuthCookies to accept req parameter for cookie existence checking.

Changed#

All cookie delete operations now verify cookie existence before deletion to prevent phantom cookies.

Migration from v0.1.3#

No breaking changes. Simply update your package:

Terminal

v0.1.3 - March 20, 2026#

Added#

Initial stable release with proxy and API client functionality
Guest token support with automatic creation
Token validation and refresh mechanisms
Rate limiting support
CSRF protection
Audit logging capabilities
next-intl integration support

Features#

createAuthProxy - Main proxy function for Next.js
createApiClient - Server-side API client
createProxyHandler - Flexible proxy handler for route handlers
useAuth - Client-side auth hook
AuthProvider - React context provider
getServerUser - Server-side user helper

Changelog

All notable changes to next-api-layer are documented here.

v0.1.6 - April 7, 2026#

Added#

Per-request sanitization control: New options in RequestOptions for fine-grained sanitization control
- skipSanitize: boolean - Skip all sanitization for a specific request
- skipSanitizeFields: string[] - Skip sanitization for specific fields only
patch() method now accepts RequestOptions parameter (was missing)

Example Usage#

TypeScript

Migration from v0.1.5#

No breaking changes. Simply update your package:

Terminal

v0.1.5 - April 4, 2026#

Added#

i18n Support: Automatic locale detection and injection for API requests
- Added i18n config option to createAuthProxy for locale detection from URL path
- Added i18n config option to createApiClient for auto-appending ?lang={locale} to requests
- New x-locale header for passing locale from middleware to route handlers
- Configurable paramName (default: lang), locales, and defaultLocale

Changed#

HEADERS constant now includes LOCALE: 'x-locale'
Proxy handlers now extract locale from URL pathname and set x-locale header
API client reads x-locale header and appends locale query parameter to backend requests

Migration from v0.1.4#

No breaking changes. To enable i18n, add the config:

TypeScript

v0.1.4 - April 1, 2026#

Fixed#

Empty cookie creation bug: Fixed an issue where cookies.delete() was called on non-existent cookies, causing empty-value cookies to be set in the browser. Now all delete operations check for cookie existence before attempting deletion.

Added#

New safeDeleteCookie helper function that only deletes cookies that actually exist in the request.
Updated deleteAllAuthCookies to accept req parameter for cookie existence checking.

Changed#

All cookie delete operations now verify cookie existence before deletion to prevent phantom cookies.

Migration from v0.1.3#

No breaking changes. Simply update your package:

Terminal

v0.1.3 - March 20, 2026#

Added#

Initial stable release with proxy and API client functionality
Guest token support with automatic creation
Token validation and refresh mechanisms
Rate limiting support
CSRF protection
Audit logging capabilities
next-intl integration support

Features#

createAuthProxy - Main proxy function for Next.js
createApiClient - Server-side API client
createProxyHandler - Flexible proxy handler for route handlers
useAuth - Client-side auth hook
AuthProvider - React context provider
getServerUser - Server-side user helper