# v1.5.0 **Release Name**: API Test Commons v1.5.0 **Release Version**: 1.5.0 **Release Date**: 25th March, 2026 ### Overview We are pleased to announce **API Test Commons v1.5.0**, a feature enhancement release that strengthens test data generation, authentication utilities, security handling, and API test infrastructure within the MOSIP Functional Test Framework. This release introduces centralized ID validation and generation utilities, improved CSRF token management, enhanced authentication utilities, notification and OTP listener enhancements, JWK key management refactoring, and improved REST client capabilities. Version **1.5.0 builds upon v1.4.1** and continues to improve test automation reliability, security handling, deterministic test data generation, and API execution diagnostics across MOSIP module test suites**.** ### Repositories Released | Repository | Version | | --------------- | ---------------------------------------------------------------------------- | | apitest-commons | [v1.5.0](https://github.com/mosip/mosip-functional-tests/tree/release-1.5.x) | ### Bug Fixes

JIRA	Description
MOSIP-44280	Fixed form-data handling so non-string values such as arrays and objects are automatically converted to JSON strings for correct API transmission.
MOSIP-44222	Fixed security issue where internal TestNG method names were exposed in reports. Improved scenario grouping and prevented NullPointerExceptions across modules.
MOSIP-28574	Improved OTP listener logging, error reporting, and exception handling to prevent unexpected failures and improve execution stability.

### Major Highlights (New Developments & Enhancements)

Area	Key JIRA	Summary
ID Validation & Test Data Generation	MOSIP-33663	Added utilities for generating and validating UIN, VID, and PRID identifiers using configurable rules and Verhoeff checksum validation.
JSON Payload Keyword Support for IDs	MOSIP-33663	Added support for dynamic JSON keyword substitutions for valid, invalid, and non-existent identifiers in test payloads.
CSRF Token Management	ES-2739	Added centralized utilities to fetch, extract, store, and reuse CSRF tokens and cookies across API requests.
REST Client Enhancements	MOSIP-31026	Improved REST client capabilities including response header extraction, base64 resource loading, and enhanced response handling for API interactions.
JWK Key Generation Refactor	ES-2836	Refactored JWK generation logic into a centralized reusable method to reduce code duplication and improve maintainability while maintaining backward compatibility.
JWT Utilities	MOSIP-44098	Added utilities for decoding JWT tokens, Base64 URL-safe decoding, and combined header-payload inspection to simplify debugging of authentication flows.
Authentication Improvements	MOSIP-44098	Added role-based Keycloak token retrieval and caching for improved authenticated API execution.
Bearer Token Support for PATCH Requests	MOSIP-44098	Added capability to perform PATCH requests with bearer-token authentication and path parameters.
Notification & OTP Listener Enhancements	MOSIP-44359	Enhanced notification and OTP listener infrastructure with improved OTP parsing, logging, error handling, and request lifecycle tracking for reliable OTP retrieval in parallel test executions.
Workflow Message Handling	MOSIP-28574	Added workflow message storage and retrieval utilities including capture of additional request identifiers.
Credential Validation Enhancements	MOSIP-41883	Added support to extract credential details for UIN when a specific IDA error scenario occurs, enabling improved validation and reporting.
Dependency Path Handling	MOSIP-44099	Refactored dependency configuration path resolution to support dynamic configuration and improved path robustness.
Security Improvements	MOSIP-28574	Migrated SSL handling from all-trusting configuration to TLS with delegated trust management for improved security.
PMS DB Placeholder Support	MOSIP-44124	Enhanced database test infrastructure to support placeholder substitution in PMS DB scripts.
Code Quality Improvements	MOSIP-28574	Addressed multiple SonarQube findings including improved null handling, logging, exception safety, and removal of redundant code to improve maintainability and reliability.

### Important Usage Update #### OTP Listener Request Lifecycle To ensure **accurate OTP/Notification retrieval in parallel executions**, the OTP listener now supports **request lifecycle tracking**. Consumers of the library should explicitly mark the lifecycle of OTP/Notification requests using the following methods: * markRequestStart() **before triggering the OTP request** * markRequestRemove() **after retrieving the OTP** This allows the OTP listener to correctly associate OTP notifications with: * execution **thread** * request **timestamp** * specific **test context** This enhancement ensures OTP/Notification values are **accurately captured during parallel test executions**, preventing conflicts between multiple concurrent requests. #### Example Usage ``` OTPListener.markRequestStart(email); triggerOtpRequest(); String otp = OTPListener.getOtp(email); OTPListener.markRequestRemove(email); ``` Using this approach ensures that OTP retrieval is **scoped to the current test execution context**, avoiding incorrect OTP reads when multiple tests run simultaneously. ### **Documentation** [Setup Guide](https://github.com/mosip/mosip-functional-tests/blob/v1.5.0/README.md)