## [13.0.0] - 2023-02-01

### Breaking changes

-   The frontend SDK should be updated to a version supporting the header-based sessions!
    -   supertokens-auth-react: >= 0.31.0
    -   supertokens-web-js: >= 0.5.0
    -   supertokens-website: >= 16.0.0
    -   supertokens-react-native: >= 4.0.0
    -   supertokens-ios >= 0.2.0
    -   supertokens-android >= 0.3.0
    -   supertokens-flutter >= 0.1.0
-   `createNewSession` now requires passing the request as well as the response.
    -   This only requires a change if you manually created sessions (e.g.: during testing)
    -   There is a migration example added below. It uses express, but the same principle applies for other supported frameworks.
-   Only supporting FDI 1.16

### Added

-   Added support for authorizing requests using the `Authorization` header instead of cookies
    -   Added `getTokenTransferMethod` config option
    -   Check out https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/sessions/token-transfer-method for more information

### Migration

This example uses express, but the same principle applies for other supported frameworks.

Before:

```
const app = express();
app.post("/create", async (req, res) => {
    await Session.createNewSession(res, "testing-userId", {}, {});
    res.status(200).json({ message: true });
});
```

After the update:

```
const app = express();
app.post("/create", async (req, res) => {
    await Session.createNewSession(req, res, "testing-userId", {}, {});
    res.status(200).json({ message: true });
});
```