January 2025 Release
Enhanced API Security with Bearer Token Authentication
What’s Changing?
We are updating our API authentication model to adopt Bearer Token Authentication, replacing static API keys and Basic Auth.
Why This Change?
✅ Improved Security – Tokens are encrypted and transmitted over HTTPS, making them difficult to intercept.
✅ Temporary Nature – Bearer tokens are short-lived and refreshed periodically, reducing credential exposure.
✅ No Hard-Coded Secrets – Unlike static API keys, tokens expire and rotate regularly, minimizing security risks.
What You Need to Do:
API users can and should transition to Bearer Token Authentication to comply with these new security enhancements.
Payment Webhook Enhancements
What’s Changing?
We are improving our payment webhook to include more detailed information about changes in payments. Previously, webhook subscribers were notified when a payment changed but lacked specifics.
New Webhook Data Includes:
🔹 Invoice IDs – List of invoices associated with the payment.
🔹 Payment Status – Real-time status updates for better tracking.
🔹 Payment Events – A full history of status changes.
🔹 Refund Reason – If applicable, the reason for a refund.
🔹 Instrument Number – The reference number assigned to the payment method.
Value for Customers:
This update allows webhook subscribers to consume detailed event information without needing to pull payment records manually, improving efficiency and reducing API calls.
Incorrect File Upload Date in "Funding Received" Emails
Issue:
Customers reported that the File Upload Date in the "Funding Received" email was incorrectly displayed as later than the Funding Request Date, causing confusion.
Resolution:
The File Upload Date now accurately reflects the actual timestamp stored in our system, ensuring it is always less than or equal to the Funding Request Date as expected.
This update includes bug fixes and important security enhancements to improve the platform's stability and data protection.