Corporate root user company position allowed values​

Corporate root users who are opening an account on behalf of a company must either be a director or an authorised representative of the company. This is already being checked as part of the corporate KYB process, however the rootUser.companyPosition will now start accepting only DIRECTOR or AUTHORISED_REPRESENTATIVE as valid values.

Affected APIs:

• POST multi/corporates
• GET multi/corporates

Corporate company type cannot be updated​

Different company types require different KYB processes and therefore the companyType field cannot be updated once a corporate identity is created. The companyType field will be removed from the update corporate API endpoint.

Affected APIs:

• PATCH multi/corporates

Removed redundant error code for already activated or deactivated users​

When activating an already activated user, the API will start returning an http 204 - No Content response instead of returning an http 409 - Conflict with error code USER_ALREADY_ACTIVATED.

Similarly, when deactivating an already deactivated user, the API will start returning an http 204 - No Content response instead of returning an http 409 - Conflict with error code USER_ALREADY_DEACTIVATED.

Affected APIs:

• POST multi/users/\{user_id\}/activate
• POST multi/users/\{user_id\}/deactivate

Added support for more Consumer occupations​

Additional occupation options have been added to consumer identities. Now you can enable your customers to choose STUDENT, UNEMPLOYED, RETIRED or OTHER as their occupation.

Affected APIs:

• GET multi/consumers
• POST multi/consumers
• PATCH multi/consumers

Introducing SEPA transfers​

We are excited to announce the launch of SEPA transfers - for both Consumers and Corporates. You can now extend your product capabilities to enable your customers to both receive funds from 3rd parties, as well as send funds to 3rd party bank accounts in the SEPA region.

The “Outgoing Wire Transfers” API endpoints have been updated to include Strong Customer Authentication (SCA) regulatory requirements. If an outgoing wire transfer needs to be verified via SCA, the transaction’s state will be updated to PENDING_CHALLENGE.

When this occurs, you will need to initiate an SCA challenge with the logged in user using the multi/outgoing_wire_transfers/\{id\}/challenges/otp/\{channel\} API endpoint.

Please note that before users can verify outgoing wire transfers, they must have enrolled their mobile device for strong customer authentication.

Affected APIs:

• POST /multi/outgoing_wire_transfers
• POST /multi/outgoing_wire_transfers/\{id\}/challenges/otp/\{channel\}
• POST /multi/outgoing_wire_transfers/\{id\}/challenges/otp/\{channel\}/verify
• POST /multi/authentication_factors
• POST /multi/authentication_factors/otp/\{channel\}
• POST /multi/authentication_factors/otp/\{channel\}/verify

Deprecated APIs:

• POST /multi/corporates/verification/mobile/send
• POST /multi/corporates/verification/mobile/verify
• POST /multi/consumers/verification/mobile/send
• POST /multi/consumers/verification/mobile/verify

New optional mobile number field for authorised users​

You can now store the mobile number associated with a user. The mobile number is required if you are onboarding your users for strong customer authentication using one time passwords sent over SMS text messages.

Affected APIs:

• GET /multi/users
• POST /multi/users
• GET /multi/users/\{user_id\}
• PATCH /multi/users/\{user_id\}

Added support for more Corporate company types​

Different company types require different KYB processes to get approved. KYB flows have been added for PUBLIC_LIMITED_COMPANY, LIMITED_LIABILITY_PARTNERSHIP and NON_PROFIT_ORGANISATION. Now you can onboard these types of companies via the API.

Affected APIs:

• POST /multi/corporates
• GET /multi/corporates
• PATCH /multi/corporates

Improved handling for locked user credentials​

User credentials can be temporarily locked due to consecutive failed login attempts. If a user credentials becomes locked, the login API endpoint will now start returning HTTP error code 403 - Locked.

Affected endpoint:

• POST /multi/login_with_password

New feature to reset the contactless limit of wearable physical cards​

From time to time, customers using wearable physical cards, are required to input their PIN to confirm point of sale transactions. To eliminate the need to have to input their PIN, they can reset the contactless limit associated with their wearable device.

You can enable your customers to reset their contactless limit for their wearable physical cards via a new API.

Affected APIs:

• POST /multi/managed_cards/\{id\}/physical/contactless_limit/reset