You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
API Proxy Endpoint — New /api/ultra_card_pro_cloud/proxy view routes authenticated API calls from the card through the integration, keeping JWT tokens strictly server-side. The frontend never receives or transmits the token
Token Stripped from Sensor — The token field is no longer included in sensor attributes returned to the frontend. All cloud API calls now use the proxy path instead
Admin-Only Auth Guards — Login, logout, and shared sign-in endpoints now require the requesting HA user to be an admin or owner. Non-admin users receive a clear 403 response
✨ New Features
Passwordless Registration — The /api/ultra_card_pro_cloud/register endpoint no longer requires a password from the user. A secure random token is generated server-side for backward compatibility with the ultracard.io API, and users receive an email to finish setting their own password
Per-User Favorite Colors — Favorite colors are now stored per HA user (users.<user_id>.colors) in the HA .storage file, with automatic fallback to the legacy global colors key for existing installs. Different users on the same HA instance each get their own color palette
Form-Encoded Registration Fallback — If the ultracard.io API returns a 400 password required for a JSON registration request, the integration automatically retries as application/x-www-form-urlencoded for compatibility with older API builds
🐛 Bug Fixes
Registration Flow — Removed the post-registration auto-login that attempted to re-use HA config entries synchronously. Registration now returns a success message and the user signs in separately, eliminating a race condition on slow HA instances
Color Store Safety — GET /api/ultra_card_pro_cloud/colors and POST now guard against missing or malformed store data, returning an empty array instead of crashing