Flutter — changelog

This page mirrors pdirect_pay/CHANGELOG.md. Format follows Keep a Changelog.

Source of truth

The package’s CHANGELOG.md on pub.dev is canonical. This page is refreshed when a new version ships. If the two ever drift, trust the package.

[3.0.0] — 2026-05-01

Auth-v3. Replaces the long-lived app-key credential model with per-checkout session tokens minted server-to-server, plus transport-layer hardening: idempotency keys for retry safety, device-fingerprint binding for replay defence, and gateway-side body rebinding.

Breaking

• PdirectPayConfigs.token renamed to sessionToken. The legacy field is retained as a @Deprecated getter that forwards to sessionToken. Existing 2.x integrations compile against 3.x with a deprecation warning. The legacy field is removed in 4.0.
• HTTP client switches from app-key header to Authorization: Bearer <session_token>. The session token is no longer interchangeable with the legacy app-key — your merchant backend must mint one per checkout via POST /api/v1/internal/sessions/create.
• setAppKey / setAuthToken / clearAppKey / clearAuthToken on PdirectHttpClient are deprecated in favour of setSessionToken / clearSessionToken. Same on PdirectCommonService.setAppKey and PdirectPaymentService.setAppKey. Aliases removed in 4.0.

Added

• PdirectDeviceFingerprint — SHA-256 hex of stable device attributes (Android: ANDROID_ID + Build.FINGERPRINT; iOS: identifierForVendor + systemVersion). Cached after first computation. Auto-attached as X-Device-Fingerprint to every authenticated request.
• Auto-injected Idempotency-Key (UUID v4) on every POST request unless the caller pre-set one. The gateway caches (key, body_hash) → response for 24 h. See Idempotency.

Changed

• The HTTP client now always sends the new auth headers; the legacy app-key header is dropped from every request.
• setSessionToken proactively removes any lingering app-key header set via the deprecated setAppKey.
• customerReference, amount, and currency on PdirectPaymentBody are now optional and omitted on the wire when unset — the gateway reads those values directly from the session row. Setting them is still supported (they are soft-checked against the session binding and 400 on drift), but the SDK no longer requires them.

Migration

PdirectPayCheckout(
  configs: PdirectPayConfigs(
    token: appKey,                  // v2.x: app-key from your backend
    sessionToken: sessionToken,     // v3.x: per-checkout session_token
    acceptLanguage: 'fr',
  ),
  paymentBody: PdirectPaymentBody(...),
)

httpClient.setAppKey(appKey);
httpClient.setSessionToken(sessionToken);

The legacy token: parameter and setAppKey / setAuthToken methods still work in 3.x with deprecation warnings, so a delta-by-delta migration is fine. They go away in 4.0.

See Authentication for the full session-mint flow on your merchant backend.

[1.1.0] — 2026-04-17

Changed

• Default theme is now a clean white payment surface instead of the dark green glassmorphism look. Brand colours fall back to the host app’s Theme.of(context).colorScheme when no themeConfig is provided.
• Checkout is wrapped in Theme(...) so every child screen reads brand and surface colours through Theme.of(context).colorScheme.
• Modernised success / error / warning / info result screens.
• Status colours (success / error / warning) are intentionally not themeable — they always render in semantic green / red / amber.
• PdirectPayThemeConfig.system() factory now resolves to light by default.

Added

• PdirectPayThemeConfig.secondaryColor and tertiaryColor fields for full brand triplet support.
• PdirectPayThemeConfig.buildThemeData(context) helper.
• PdirectPayThemeConfig.lightPdirectBrand() factory for callers who want the legacy olive-green look.

Migration

No code changes required — all new theme fields are optional. To keep the legacy dark look, pass themeConfig: PdirectPayThemeConfig.lightPdirectBrand() (or .dark()).

[1.0.5] — 2026-01-07

Minor improvements and bug fixes.

[1.0.4] — 2025-12-20

Fixed

• Syntax error in pdirect_pay_checkout.dart (missing print statement).
• Documentation URL updated to https://docs.pdirect.com.

[1.0.3] — 2025-12-19

Minor improvements and bug fixes.

[1.0.2] — 2025-12-18

Minor improvements and bug fixes.

[1.0.1] — 2025-12-17

Changed

• README updated with correct API documentation.
• PdirectPaymentBody documentation: use customerReference instead of systemRef.
• Android package identifier updated to com.mms.pdirect_pay.
• All Dart analyzer warnings fixed (unused imports, deprecated methods, etc.).

Fixed

• Removed unused imports across multiple files.
• Replaced deprecated withOpacity.
• Removed unnecessary null checks and assertions.

[1.0.0] — 2025-12-17

Initial release of pdirect_pay.

Added

• Multiple payment methods: Cards (Visa, Mastercard, Amex), mobile money, e-wallet, bank transfer, e-flash, virtual card.
• Reactive state management with RxDart.
• Multi-environment support (sandbox / staging / production).
• Customisable themes and colours.
• Form validation, input formatters, progress indicators, result screens.
• HTTP client with interceptors and retry logic.
• Comprehensive Android (API 21+) and iOS (12.0+) support.

See also

• API changelog — gateway-side changes
• Angular SDK changelog