Changelog

​

Acquiring

• Affected endpoint: Create Payout (request)
• Changes:
  • New optional field payout_account_id added to the request body.
  • When omitted, existing behavior is preserved — funds are sent to the configured external bank account.
  • When provided, the payout is processed as a UQPAY internal transfer to the specified account.
  • Both long and short UQPAY account IDs are accepted.
• Notes:
  • The payout_account_id should match the calling account: pass the sub-account ID when calling from a sub-account, or the master account ID when calling from the master account.
  • This is a non-breaking, backward-compatible change — no action required for existing integrations.

​

Issuing

• Affected endpoints: Create Cardholder (request and response), Update Cardholder (request and response)
• Changes:
  • Three KYC levels now supported:
    • SIMPLIFIED — basic fields only, behavior identical to previous version, cardholder_status set to SUCCESS immediately
    • STANDARD — requires nationality, identity, residential_address, triggers review process
    • ENHANCED — additionally requires kyc_verification, supporting THIRD_PARTY and SUMSUB_REDIRECT methods
  • New request fields: gender, nationality, identity (object), residential_address (object), kyc_verification (object)
  • New response fields: cardholder_status, idv_verification_url, idv_url_expires_at
• Notes:
  • When no new fields are provided, behavior remains fully backward compatible.
  • Updating KYC-related fields is not allowed while cardholder_status is PENDING.
  • residential_address replaces the previous delivery_address field.

• Affected endpoints: Retrieve Cardholder (response), List Cardholders (request and response)
• Changes:
  • New response fields: gender, nationality, residential_address, cardholder_status, review_status, idv_status, idv_verification_url, idv_url_expires_at
  • List Cardholders accepts a new query parameter cardholder_status for filtering by status.

• Affected endpoint: Create Card (request and response)
• Changes:
  • New optional request object cardholder_required_fields — allows merchants to supplement missing cardholder KYC fields at card creation time (includes gender, nationality, phone_number, date_of_birth, residential_address, identity, kyc_verification).
  • New response fields: cardholder_status, message
• Notes:
  • If the cardholder does not meet the product’s requirements and cardholder_required_fields is not provided, the error kyc_insufficient is returned with missing_fields.
  • When card creation triggers a KYC review, the card enters PENDING status and is automatically activated upon approval.

• Affected endpoint: List Products (response)
• Changes:
  • Each product object now includes a required_fields array indicating cardholder fields required by the card BIN.
  • Each entry contains: name, type (string or object), required (boolean), description, and fields (sub-fields when type is object).

• New webhook events:
  • cardholder.kyc.status_changed — cardholder KYC status changes
  • cardholder.updated — cardholder information updated

​

Acquiring

• Affected endpoints (response only): Create PaymentIntent, Retrieve PaymentIntent, Update PaymentIntent, Confirm PaymentIntent, Capture PaymentIntent, Cancel PaymentIntent, List PaymentIntents, Retrieve PaymentAttempt, List PaymentAttempts
• Changes:
  • PaymentIntent endpoints: latest_payment_attempt.payment_method type changed from string to object
  • PaymentAttempt endpoints: payment_method type changed from string to object
  • PaymentIntent — new fields added to latest_payment_attempt: auth_code, arn, rrn, advice_code
  • PaymentAttempt — new top-level fields: auth_code, arn, rrn, advice_code
  • PaymentIntent — new object added: latest_payment_attempt.authentication_data
    • Fields: cvv_result, avs_result
    • authentication_data.three_ds fields: ds_transaction_id, three_ds_version, eci, cavv, three_ds_authentication_status, three_ds_cancellation_reason
  • PaymentAttempt — new object added: authentication_data (same structure as above)
• Notes: Effective 2026-03-26

• Affected webhooks: acquiring.payment_attempt.created, acquiring.payment_attempt.capture_requested, acquiring.payment_attempt.cancelled, acquiring.payment_attempt.failed
• Scope: Card payment transactions only (payment_method.type = "card" or "card_present")
• Changes:
  • New fields added to the notification body: auth_code, arn, rrn, advice_code
  • New object added: authentication_data
    • Fields: cvv_result, avs_result
    • authentication_data.three_ds fields: ds_transaction_id, three_ds_version, eci, cavv, three_ds_authentication_status, three_ds_cancellation_reason
• Notes: Effective 2026-03-26

​

Card Issuing

• Affected endpoint: Create Card (request)
• Changes:
  • Added optional field usage_type (enum: NORMAL, ONE_TIME; default: NORMAL). When omitted, the card behaves as a standard reusable card.
  • Added optional field auto_cancel_trigger (enum: ON_AUTH, ON_CAPTURE). Required when usage_type is ONE_TIME. Defines the transaction event that triggers automatic card cancellation: ON_AUTH cancels the card immediately after the first authorization is approved; ON_CAPTURE cancels the card after the first transaction’s capture (settlement) succeeds.
  • Added optional field expiry_at (date-time string with timezone offset, e.g. 2026-03-19T18:46:43+08:00). If the card has not been cancelled by a first-transaction event before this datetime, it is automatically cancelled and any unused balance is released.

​

Banking

• Affected endpoints: Create Virtual Account, webhook: virtual.account.*
• Changes:
  • Added optional request header X-Request-Id (string, max 64 characters).
  • If provided, the value is returned in the associated webhook event as request_id.

​

Account Center

• Affected endpoint: Create SubAccount (request)
• Changes:
  • Added required field individual_info.employment_status — employment status of the individual.
  • Added required field individual_info.industry — industry the individual works in.
  • Added required field individual_info.job_title — job title of the individual.
  • Added required field individual_info.company_name — name of the company the individual works for.
• Effective date: 2026-03-19

​

Acquiring

• Affected endpoints: Create PaymentIntent (request), Confirm PaymentIntent (request)
• The billing.phone_number field is no longer required.

• Affected endpoints: Create PaymentIntent (request), Confirm PaymentIntent (request)
• Added googlepay and applepay as new available payment method options.

​

Banking

• Affected endpoint: Create Transfer (request)
• Added new required request header parameter: x-idempotency-key
• This is a backward-incompatible change. All API consumers must include this header in their Create Transfer requests.
• Effective date: March 19

​

Account Center

• Affected endpoint: Create SubAccount (request)
• The proof_documents.proof_of_address field is no longer required when creating a sub-account.

​

Issuing

• Affected endpoint: List Issuing Balances Transactions (request)
• Added four new optional filter parameters:
  • transaction_type — filter by transaction type (e.g., authorization, reversal, refund, fee, settlement)
  • transaction_status — filter by status: COMPLETED, PENDING, or FAILED
  • currency — filter by 3-letter ISO 4217 currency code (e.g., USD, EUR, GBP)
  • transaction_id — filter by exact transaction ID
• All parameters are optional and can be used independently or in combination.

​

Acquiring

• Create Bank Account
• Retrieve Bank Account
• Update Bank Account
• List Bank Accounts

• Each account can only have one settlement bank account per currency.
• Created bank accounts cannot be deleted.

​

Issuing

​

Account Center

• Affected endpoint: Create SubAccount (request)
• The business_details.industry field now must contain a valid code from the industry code list.
• Previously, the field only checked for non-empty values.
• Transition period: 2025-12-25 to 2026-01-01 accepts both old and new values. Enforcement begins 2026-01-01.

• Affected endpoints: Retrieve Account (response), List Connected Accounts (response)
• business_code changed from string to array[string].
• Example: "business_code": "BANKING" → "business_code": ["BANKING"]
• Possible values: BANKING, ACQUIRING, ISSUING
• Existing integrations expecting a single string value must be updated.

• Affected endpoint: Create SubAccount (request)
• The business_type field is deprecated and will be removed.

​

Acquiring

• Affected endpoints: Create PaymentIntent (request), Confirm PaymentIntent (request)
• browser_info.mobile is now only required when the client is mobile. It is no longer required for PC web clients in 3DS scenarios.

​

Acquiring

• Affected webhooks: acquiring.payment_intent.*, acquiring.payment_attempt.*
• Added static_qrcode, static_qrcode_extension, and static_qrcode_number_plate fields to webhook notification bodies.
• These fields are only returned in static QR code payment scenarios.

​

Issuing

• Affected endpoint: Update Card Status (request)
• Maximum length: 50 Chinese characters or 100 characters.

• Triggered when a card binding to Google Pay requires OTP verification.
• Subscribe to the card.verification.otp event type in your webhook configuration to receive this notification.

​

Banking

• Affected endpoint: List Balances Transactions (request)
• Added support for INVOICE type in the transaction_type filter parameter.

​

Issuing

• Affected endpoints: Retrieve Cardholder (response), List Cardholders (response)
• Added delivery_address field to cardholder response objects. Field structure:

"delivery_address": {
  "city": "Singapore",
  "country": "SG",
  "line1": "9 N Buona Vista Dr",
  "line2": "THE METROPOLIS",
  "state": "Singapore",
  "postal_code": "138666"
}

​

Acquiring

• Affected endpoints: Create PaymentIntent (request), Confirm PaymentIntent (request)
• browser_info.ip_address moved to top level (same level as payment_method).
• ip_address is mandatory when payment_method.card.three_ds_action = enforce_3ds.

​

Acquiring

• Affected endpoints: Create PaymentIntent (request), Confirm PaymentIntent (request)
• payment_method.card.billing.address.state is now conditionally required when billing.address.country_code is "US" or "CA".

• Affected endpoints: Create PaymentIntent, Confirm PaymentIntent
• Added support for seven new payment methods, expanding coverage in Southeast Asian markets.

• New endpoint: POST /v2/payment_intents/{id}/capture
• Supports auto_capture = false payment flows with a configurable 1–24 hour capture window.
• UQPAY auto-captures funds after the window period if not manually captured.
• Merchants can cancel orders within the capture window period.

​

Banking

• Affected webhooks: beneficiary.*
• Added beneficiary_entity_type field to webhook payloads. Values: "INDIVIDUAL" or "COMPANY".

​

Issuing

• Affected endpoint: Create Cardholder (request)
• Updated length validation for the following countries (excluding country/region/area codes):
  • Nigeria (NG): 8 or 10 digits
  • Bangladesh (BD): 8 or 10 digits
  • Libya (LY): 8 or 9 digits
  • Senegal (SN): 7 or 9 digits
  • Mayotte (YT): 8 or 9 digits
  • Ecuador (EC): 7 or 9 digits
• Republic of Congo area code changed from 2420 to 242.

​

Account Center

• Affected endpoint: Create SubAccount (request)
• Added ownership_details.representatives.face_docs for company entity types.
• Added identity_verification.face_docs for individual entity types.
• Added tos_acceptance.tos_agreement for both entity types (optional; set to 1 to auto-sign TPSP Terms of Service).
• face_docs are mandatory when creating sub-accounts under TPSP master accounts.
• For company entities: at least one representative with specific job titles must provide face verification documents.

​

Acquiring

• Retrieve Balance
• List Balances
• Create Payout
• Retrieve Payout
• List Payouts — real-time payout status updates available via webhooks.

​

Banking

• Affected endpoints: Create Payout (request), Create Beneficiary (request)
• Added support for Chinese parentheses （） in company_name and account_holder fields.
• Applies only when bank_country_code = CN, account_currency_code = CNH, payment_method = LOCAL, entity_type = COMPANY.

• Affected endpoints: Create Payout (request), Create Beneficiary (request)
• Removed input validation for bank_details.account_holder, first_name, last_name, company_name, address.street_address, address.city, and address.state when payment_method = LOCAL and account_currency_code is not CNH or SGD.

• Affected endpoint: Create Payout (request)
• SWIFT payments: new pattern /^[a-zA-Z0-9/-?:().'+, ]+$/ (supports space and additional special characters).
• LOCAL payments with non-CNH/non-SGD currency: no validation applied.

• Affected endpoint: Create Payout (request)
• Invoice document upload is now mandatory when beneficiary.bank_details.account_currency_code = "INR" and clearing_system = "IFSC".
• Document must be uploaded in the documentation field.

• Affected endpoint: Create Payout (request)
• Removed OTHER_SERVICES from the purpose_code field. Existing integrations using this value must update.

​

Acquiring

• Triggered when payment intent status is REQUIRES_CUSTOMER_ACTION during the customer authentication phase.

​

Account Center

• Affected endpoint: Create SubAccount (request)
• The following fields now accept an array instead of a single object:
  • identity_verification.identity_docs
  • ownership_details.shareholder_docs
  • ownership_details.representatives.identity_docs
  • company_info.certification_of_incorporation
  • proof_documents.proof_of_address
  • proof_documents.source_of_funds
  • proof_documents.proof_of_position_and_income

​

Banking

• Create Quote: added transaction_type field — conversion (default) for currency conversion; payout for cross-currency payouts.
• Create Payout: added payout_currency, payout_amount, and quote_id fields.
• Retrieve Payout / List Payouts: added quote_id and conversion fields (currency_pair, client_rate).
• Webhooks payout.*: added conversion, quote_id, payout_amount, and payout_currency fields.

• Affected endpoints: Create Beneficiary (request), Create Payout (request)
• Affected fields: bank_details.account_holder, first_name, last_name, company_name, address.street_address, address.city, address.state
• New validation applies to all conditions except when bank_details.account_currency_code = CNH, payment_method = LOCAL, and bank_country_code = CN.
• Only English characters, numbers, special characters, and spaces are allowed.
• For Singapore SGD individual accounts (entity_type = INDIVIDUAL, bank_country_code = SG, account_currency_code = SGD), stricter account_holder validation applies.

• Affected endpoint: Create Payout (request)
• Only alphabetic characters, numbers, spaces, commas (,), and periods (.) are allowed.

​

Issuing

• New endpoint added: Bulk Create Virtual Cards
• New webhook: issuing.report.succeeded — delivers the decryption key for the card numbers file.
• Assign Card API expanded to support binding of bulk-created virtual cards.
• A report_id is returned after submission; retrieve the card number file using the Download Report API before expiry.
• You must subscribe to issuing.report.succeeded before calling Bulk Create Virtual Cards.

• Affected reports: Card Transaction Report, Card Settlement Report
• Added new field Ori Transaction Id.

​

Banking

• Affected endpoints: Create Beneficiary (request), Create Payout (request)
• email: required → optional
• nickname: required → optional

• Affected endpoints: Create Beneficiary (request), Create Payout (request)
• Removed: company_name, first_name, last_name, address.country, address.street_address, address.city, address.state, address.postal_code
• Changed to optional: email, nickname

• Affected endpoints: Create Beneficiary (request), Create Payout (request)
• Applies when entity_type = INDIVIDUAL, bank_country_code = SG, and account_currency_code = SGD.
• New validation: only English letters (A–Z, a–z) and spaces; 2–140 characters; must include a space separating first and last name.

​

Issuing

• Affected endpoints: List Cards (response), Retrieve Card (response)
• Added consumed_amount field, representing the cumulative card limit that has already been used.

​

Account Center

• Affected endpoints: Retrieve Account (request and response), List Connected Accounts (response)
• Added optional business_code filter parameter to Retrieve Account — values: BANKING, ISSUING, ACQUIRING (default: BANKING).
• Added business_code field to Retrieve Account and List Connected Accounts responses.

• Affected endpoint: Create SubAccount (request)
• Added optional field email_address to ownership_details.representatives[].

• Affected endpoint: Create SubAccount (request)
• business_details.website_url: required → optional
• business_details.company_description: required → optional

​

Issuing

• Affected endpoint: Simulate Authorization
• Added sandbox authorization simulation support for BIN 40963608. No schema changes.

​

Acquiring

• acquiring.payment_attempt.created — triggered when PA status is INITIATED
• acquiring.payment_attempt.capture_requested — triggered when PA status is CAPTURE_REQUESTED (consumer completed payment; the corresponding PI transitions to SUCCESS)
• acquiring.payment_attempt.cancelled — triggered when PA status is CANCELLED
• acquiring.payment_attempt.failed — triggered when PA status is FAILED

• New endpoint: GET /api/v2/payment/settlements
• Supports optional settlement_batch_id or payment_intent_id parameters, pagination, and time range filters.
• Returns records with settlement_status = success.

​

Banking

• Affected endpoints: Create Payout (request), Create Beneficiary (request)
• Accepts only letters A–Z/a–z and digits 0–9. Spaces, hyphens, and other special symbols are rejected.

​

Issuing

• Affected endpoints: List Cards (response), Retrieve Card (response), Update Card Status (response)
• Affected webhooks: card.status.update.*
• Added update_reason field indicating the reason for a card status change.

• Affected endpoints: Card Recharge (request), Card Withdraw (request)
• SHARE cards can now adjust card_available_balance via Recharge (increase) and Withdraw (decrease).
• SINGLE card behavior remains unchanged.

​

Issuing

• Affected endpoint: Create Card (request)
• BINs 527735, 555071, 555243: card_limit is mandatory and must be ≥ 0.01.
• Other BINs: card_limit is optional; defaults to 0 if omitted; must be ≥ 0 and up to two decimal places if provided.

• Affected endpoints/reports: List Issuing Balances Transactions (response), Account Transaction Report
• Added: FUNDS_TRANSFER_IN, FUNDS_TRANSFER_OUT, FEE_REFUND, FEE_DEDUCTION, MARGIN_PAYMENT, MARGIN_REFUND, OTHER

• Affected endpoints: Retrieve Cards Transaction (response), List Cards Transactions (response)
• Added: CHARGEBACK_DEBIT, CHARGEBACK_CREDIT

• issuing.transaction.chargeback.credit — triggered when a chargeback credit is posted to a card transaction
• issuing.transaction.chargeback.debit — triggered when a chargeback debit is posted to a card transaction

​

Banking

• Affected endpoints: Retrieve Deposit (response), List Deposits (response)
• Affected webhooks: deposit.pending, deposit.compliance.rejected, deposit.completed
• Added deposit_reference field to carry a custom reference.

​

Issuing

• card.update.succeeded — triggered when a card order from Update Card reaches SUCCESS
• card.update.failed — triggered when a card order from Update Card reaches FAILED

• Affected endpoint: List Issuing Balances Transactions (response)
• ending_balance — balance after the transaction is completed
• description — short description of the transaction

• Affected report: Card Settlement Report
• The Transaction Type enum value ATM Withdraw has been renamed to Authorization.

​

Banking

• Affected endpoints: Retrieve Payout (response), List Payouts (response)
• Added purpose_code field.

• Affected endpoint: Check Beneficiary (request)
• Added additional_info.proxy_id parameter accepting a PayNow proxy identifier.

​

Issuing

• Affected report: Card Settlement Report
• The Transaction Type value Purchase has been renamed to Authorization.

​

Account Center

• Affected endpoints: Create SubAccount — POST /v1/accounts/create_accounts (request); Retrieve Account — GET /v1/accounts/{id} (response)
• A new optional field other_documents allows uploading proof of address or supplemental documents for representatives.
• Note: field name differs between request (doc_str) and response (front).

"other_documents": [
  {
    "type": "PROOF_OF_ADDRESS",
    "doc_str": "base64 string or file ID"
  }
]

"other_documents": [
  {
    "type": "PROOF_OF_ADDRESS",
    "front": "base64 string or file ID"
  }
]

​

Account Center

• New endpoint: POST /api/v1/accounts/create_accounts
• Supports sub-account creation under ACQUIRING, BANKING, and ISSUING business lines.
• Supports both COMPANY and INDIVIDUAL entity types.
• Sub-accounts created here can still be queried via List Connected Accounts and Retrieve Account.

• New endpoint: GET /api/v1/accounts/get_additional
• Returns required and optional document types for COMPANY sub-account creation, based on country and business code.
• Retrieve this list before initiating sub-account creation.

​

Acquiring

• Triggered when a Payment Intent is automatically closed upon expiry.
• Not triggered for manually cancelled orders.
• Subscribe to this event in your Dashboard to receive it.

​

Issuing

• Affected endpoints: List Cards Transactions (response), Retrieve Cards Transaction (response)
• Added PENDING as a new valid value for transaction_status.

​

Banking

• Affected endpoints: Create Payout, Retrieve Payout, Create Beneficiary, List Beneficiaries, Retrieve Beneficiary, Update Beneficiary, Check Beneficiary
• Added PayNow as a new enum value for bank_details.clearing_system.
• Added additional_info.proxy_id field supporting UEN, phone number, or VPA.

​

Acquiring / Account

• Affected endpoints: All POST endpoints (request headers)
• x-idempotency-key must now be a valid UUID format.

​

Acquiring

• Added failure_code to the PaymentAttempt response, indicating the reason for payment attempt failure.

​

Banking

• Affected endpoint: POST /api/v1/payouts (request)
• Added optional documentation field to allow uploading supporting documents with a payout request.

​

Issuing

• Added risk_controls module to the card.create.succeeded webhook payload. Returned values (e.g., 3ds, mcc) vary by card product.

​

Issuing

• Affected endpoints: List Cards Transactions (response), Retrieve Cards Transaction (response)
• Affected webhooks: issuing.transaction.*
• Affected reports: Card Transactions Report, Card Settlement Report
• Added wallet_type field identifying the digital wallet used (e.g., ApplePay, GooglePay).

​

Acquiring

​

Banking

• Affected endpoint: POST /api/v1/accounts (request)
• Added optional other_documentation field under representatives[] to support proof of address and other supplemental documents during account creation.

​

Issuing

• Affected webhooks: card.create.*, card.recharge.*, card.withdraw.*
• Added card_available_balance indicating the card’s available balance at the time of the event.

​

Banking

• Affected endpoint: POST /api/v1/beneficiaries (request)
• Added optional additional_info.organization_code field (Unified Social Credit Identifier) for company-type beneficiaries.

• Affected endpoints: GET /api/v1/payouts/{id} (response), GET /api/v1/payouts (response)
• Added failure_reason field to payout response objects.

​

Issuing

• Affected endpoint: GET /api/v1/issuing/products (response)
• Added card_currency field — an array of strings specifying currencies available for each card product. Example: ["SGD", "USD"].

• Affected endpoint: GET /api/v1/issuing/products (response)
• card_form — supported card form(s): ["VIR", "PHY"] or ["VIR"].
• max_card_quota — maximum number of cards that can be issued under the current account for the product.

• Affected endpoints: GET /api/v1/issuing/transactions (response), GET /api/v1/issuing/transactions/{id} (response)
• Affected webhooks: issuing.transaction.*
• If transaction_status = DECLINED: field contains the failure reason.
• If transaction_status = APPROVED: field contains supplementary remarks (e.g., 3DS Fee for 3DS transactions).
• All transaction report files previously using failure_reason column header are now updated to description.

• Removed REFUNDED from valid values for transaction_status.
• Previous REFUNDED transactions now map to transaction_type: REFUND + transaction_status: APPROVED.

• Affected endpoints: GET /api/v1/issuing/cards/{id} (response), GET /api/v1/issuing/cards (response), POST /api/v1/issuing/cards/{id}/status (request), card.status.update.* webhooks
• INACTIVE renamed to FROZEN — card is temporarily disabled but can be reactivated.
• New BLOCKED status added — card is administratively blocked by UQPAY; unblocking requires a formal email request.

​

Banking

• Affected endpoints: POST /api/v1/payouts (response), GET /api/v1/payouts (request and response), GET /api/v1/payouts/{id} (response)
• Removed SUBMISSION_FAILED from the payout_status field.

​

Issuing

• Affected endpoint: GET /api/v1/issuing/cards (request)
• Added optional cardholder_id query parameter to filter cards by cardholder.

• Affected endpoint: GET /api/v1/issuing/cards/{id} (response)
• Added no_pin_payment_amount field indicating the allowed amount for transactions without PIN verification. Format: <amount><currency> (e.g., 2000USD).

• Affected endpoint: GET /api/v1/issuing/products (response)
• Added no_pin_payment_amount array specifying configured NO-PIN payment amount limits per product.

​

Acquiring

• Affected endpoints: Payment Intents, Payment Attempts, and Payment Refunds endpoints
• Revised enumerated values and definitions for intent_status, attempt_status, and refund_status. Refer to the API reference pages for the latest enumerations.

• Affected endpoints: Payment Intents endpoints
• Supported values: card, card_present, alipaycn, alipayhk, unionpay, wechat. All other types are not yet supported.

​

Issuing

• Added optional cardholder_id query parameter to GET /api/v1/issuing/cards.

• Added no_pin_payment_amount field to GET /api/v1/issuing/cards/{id} response. Format: <amount><currency> (e.g., 2000USD).

• Added no_pin_payment_amount array to GET /api/v1/issuing/products response, indicating maximum allowable NO-PIN payment amounts per currency.

​

Acquiring

​

Banking

• Affected endpoints: Create Beneficiary, Update Beneficiary, Retrieve Beneficiary, List Beneficiaries
• Added nationality — two-letter country code for the beneficiary’s nationality.
• Added id_number — conditionally required for INDIVIDUAL type beneficiaries who are Mainland China residents using CNH currency and LOCAL payment method.

​

Issuing

• Affected endpoints: POST /api/v1/issuing/cards (Create Card), POST /api/v1/issuing/cards/{id} (Update Card)
• Added optional allowed_mcc and blocked_mcc fields to the risk_controls object.
• Only one of the two can be set per card. MCCs must be provided as an array of strings (e.g., ["5999", "6011"]).

​

Issuing

• Affected endpoints: List Cardholders (response), Retrieve Cardholder (response)
• Added number_of_cards field.

​

Issuing

• Affected endpoints: all endpoints supporting the x-on-behalf-of header
• If provided, the value must be a valid UUID format corresponding to an existing sub-account. Invalid values are rejected.

​

Issuing

• Affected endpoint: POST /api/v1/issuing/cards/activate (request)
• Added required field pin.
• Added optional field no_pin_payment_amout.
• This is a breaking change — existing integrations must be updated to include pin.

​

Issuing

• Affected endpoints: POST /api/v1/issuing/cards, POST /api/v1/issuing/cards/{id}
• Added optional risk_controls field. Backward-compatible — existing cards are unaffected unless explicitly configured.

​

Banking

• New endpoint: GET /api/v1/exchange/rates
• Returns current exchange rates. Reference only — use the Create Quote API for rate-locking.

​

Banking

• Added new webhook event type: rfi.transaction.action_required for deposit and payout RFI scenarios.
• Affected endpoints: GET /api/v1/rfis/{id} (Retrieve RFI), POST /api/v1/rfis/answer (Answer RFI)
• Added rfi_type and transaction_type fields to both endpoints.
• The original onboarding RFI flow (event_type = rfi.action_required) remains unchanged.

​

Issuing

• Affected endpoint: POST /api/v1/issuing/cardholders/{id} (request)
• Added optional email field. Backward-compatible.

​

Banking

• Added changelog.
• New deposit webhooks: deposit.pending, deposit.compliance.rejected, deposit.completed
• New deposit endpoints:
  • GET /api/v1/deposit — list deposits
  • GET /api/v1/deposit/{id} — retrieve a deposit by ID
  • POST /api/v1/simulation/desposit — simulate deposits into global account (sandbox only)
• Documentation corrections to descriptions and parameter restrictions.