Skip to main content

Multi API v3.50.1

· 6 min read
Kristina Gauci

New method for signing webhooks

We are making webhook signatures more robust with the new method optional to adopt at present. For now, both the previous method and the new method are supported. The new method described below will become the only supported method on a timeline confirmed in a future breaking change release. In the meantime test this out with your programme so you are ready to migrate at a later date or as soon as you wish.

Webhook signatures allow EmbedderEmbedder A company or developer that integrates Weavr's embedded finance services into their own application to provide financial services to their end customers.'s applications to verify that a message received originates from Weavr. We require that all EmbeddersEmbedder A company or developer that integrates Weavr's embedded finance services into their own application to provide financial services to their end customers. implement such security mechanisms. The previous (still live) method is described in the Webhooks documentation here.

In the new method we are using HMACSHA256 to create a signature from a hash of the entire message (call-ref + payload + published-timestamp) instead of just the timestamp. This provides proof of integrity of the message (i.e. it has not been tampered with).

This new signature value is being passed as a new parameter in the header denoted by signature-v2; the signature parameter in the header will continue to be present for now, having a value based on the hashed published-timestamp.

At present, the webhook signing key is the oldest active API key of the EmbedderEmbedder A company or developer that integrates Weavr's embedded finance services into their own application to provide financial services to their end customers.'s application.

Options to use biometrics in different SCASCA Strong Customer Authentication - a two-factor authentication solution required by PSD2 regulations for when end-users are accessing their payment account sensitive information or initiating transactions. SCA requires at least two of the following: something you know (password), something you have (device), or something you are (biometrics). scenarios

We are continuing the rollout of new biometric authentication features in the context of more SCASCA Strong Customer Authentication - a two-factor authentication solution required by PSD2 regulations for when end-users are accessing their payment account sensitive information or initiating transactions. SCA requires at least two of the following: something you know (password), something you have (device), or something you are (biometrics). scenarios as below.

In general, the following scenarios require Strong Customer Authentication to be completed by the End Customer:

  • Step-Up login to access sensitive account and payment card information
  • Non-card payment approval (i.e. to execute a SendSend A transaction type that allows sending funds to another identity's instrument or to a beneficiary. Send transactions may require Strong Customer Authentication depending on the destination and whether it's a trusted beneficiary. or OWTOWT Outgoing Wire Transfer - a transaction that moves funds from a Weavr managed account to a bank account held at a third-party financial institution. OWTs require the managed account to have an assigned IBAN and the user to complete Strong Customer Authentication.)
  • Card payment approval i.e. 3-D Secure

At the stage of prototyping and testing in the Sandbox, developers can now experiment with use of biometrics to perform some or all of these flows (instead of, say, SMS OTP).

Embedder PortalEmbedder Portal A web-based portal where embedders can access their Weavr account, manage API credentials, configure settings, view dashboards, and access documentation. The portal provides access to both sandbox and production environments, with separate credentials for each. screens make the following options editable while in Sandbox (non-production) mode.

WEB Option to use biometrics as the primary/default Step Up login with a fallback to SMS OTP.

WEB Option to use biometrics as well as - or instead of - SMS OTP when confirming outgoing (non-card) payments.

WEB Option to use biometrics as well as - or instead of - SMS OTP when confirming outgoing (non-card) payments.

These SCASCA Strong Customer Authentication - a two-factor authentication solution required by PSD2 regulations for when end-users are accessing their payment account sensitive information or initiating transactions. SCA requires at least two of the following: something you know (password), something you have (device), or something you are (biometrics). options can be configured independently from each other while testing different user journey approaches. Live programme SCASCA Strong Customer Authentication - a two-factor authentication solution required by PSD2 regulations for when end-users are accessing their payment account sensitive information or initiating transactions. SCA requires at least two of the following: something you know (password), something you have (device), or something you are (biometrics). configurations are subject to checks and approval before launch and whenever making any changes that affect End Customer experience.

Data Insights - new Currency Analysis tab

As part of our continuous improvements to Data Insights, we are introducing a new Currency Analysis tab within the Settlements dashboard.

Managed CardsManaged Card A payment card (virtual or physical) that can be created and managed through the Weavr platform. Cards can operate in prepaid mode (with their own balance) or debit mode (linked to a managed account). All cards must be assigned to a card assignee who is an Authorised User. have an Instrument Currency and the API and Embedder PortalEmbedder Portal A web-based portal where embedders can access their Weavr account, manage API credentials, configure settings, view dashboards, and access documentation. The portal provides access to both sandbox and production environments, with separate credentials for each. show reports in the currency of the instrument.

However, for Data Insights, each programme has a configurable Base Currency to allow for aggregation of financial data.

This means that in Data Insights dashboards it was previously not possible to view card transactions using the original (instrument) currency, or aggregate statistics in those alternative currencies. The new Currency Analysis tab enables EmbedderEmbedder A company or developer that integrates Weavr's embedded finance services into their own application to provide financial services to their end customers. operational and support staff to review card purchase settlement data using the Instrument Currency instead of the Base Currency.

Managed CardsManaged Card A payment card (virtual or physical) that can be created and managed through the Weavr platform. Cards can operate in prepaid mode (with their own balance) or debit mode (linked to a managed account). All cards must be assigned to a card assignee who is an Authorised User. can be created with an Instrument Currency of GBP, EUR, or USD.

WEB The new Data Insights tab in the card Settlements dashboard allows Embedder PortalEmbedder Portal A web-based portal where embedders can access their Weavr account, manage API credentials, configure settings, view dashboards, and access documentation. The portal provides access to both sandbox and production environments, with separate credentials for each. staff users to review End Customer financial activity in the currency of the card or account instrument.

Internal e-money TransfersTransfer A transaction that moves funds between instruments managed by Weavr. The source and destination instruments of a transfer transaction must be owned by the same identity. Transfers can be scheduled for future execution and can be performed in bulk operations. show source and destination accounts

We are improving the transaction details displayed for TransferTransfer A transaction that moves funds between instruments managed by Weavr. The source and destination instruments of a transfer transaction must be owned by the same identity. Transfers can be scheduled for future execution and can be performed in bulk operations. transactions. A TransferTransfer A transaction that moves funds between instruments managed by Weavr. The source and destination instruments of a transfer transaction must be owned by the same identity. Transfers can be scheduled for future execution and can be performed in bulk operations. is a transaction moving money between two Managed AccountsManaged Account An account held at a financial institution that can be created and managed through the Weavr platform. Each account has a balance where customers can hold funds. Optionally, an IBAN can be assigned to enable wire transfers to bank accounts outside of Weavr. of the same Identity (in the same currency) - i.e. an internal e-money movement not an external wire transferWire Transfer A transaction that moves funds between accounts. An incoming wire transfer moves funds from a third-party bank account to a Weavr managed account, while an outgoing wire transfer moves funds from a Weavr managed account to a third-party bank account. Wire transfers require the managed account to have an assigned IBAN (for EUR) or sort code and account number (for GBP). or third-party payment. TransfersTransfer A transaction that moves funds between instruments managed by Weavr. The source and destination instruments of a transfer transaction must be owned by the same identity. Transfers can be scheduled for future execution and can be performed in bulk operations. are also used when a Managed AccountManaged Account An account held at a financial institution that can be created and managed through the Weavr platform. Each account has a balance where customers can hold funds. Optionally, an IBAN can be assigned to enable wire transfers to bank accounts outside of Weavr. holder tops up one of their prepaid Managed CardsManaged Card A payment card (virtual or physical) that can be created and managed through the Weavr platform. Cards can operate in prepaid mode (with their own balance) or debit mode (linked to a managed account). All cards must be assigned to a card assignee who is an Authorised User..

Previously, for TransferTransfer A transaction that moves funds between instruments managed by Weavr. The source and destination instruments of a transfer transaction must be owned by the same identity. Transfers can be scheduled for future execution and can be performed in bulk operations. transactions, the transaction activity pages in the Embedder PortalEmbedder Portal A web-based portal where embedders can access their Weavr account, manage API credentials, configure settings, view dashboards, and access documentation. The portal provides access to both sandbox and production environments, with separate credentials for each. for both the Managed AccountManaged Account An account held at a financial institution that can be created and managed through the Weavr platform. Each account has a balance where customers can hold funds. Optionally, an IBAN can be assigned to enable wire transfers to bank accounts outside of Weavr. and Managed CardManaged Card A payment card (virtual or physical) that can be created and managed through the Weavr platform. Cards can operate in prepaid mode (with their own balance) or debit mode (linked to a managed account). All cards must be assigned to a card assignee who is an Authorised User. did not display information about the source and destination of the transaction being viewed. Additionally, the description field optionally used in a TransferTransfer A transaction that moves funds between instruments managed by Weavr. The source and destination instruments of a transfer transaction must be owned by the same identity. Transfers can be scheduled for future execution and can be performed in bulk operations. was not possible to review.

The detailed view for a TransferTransfer A transaction that moves funds between instruments managed by Weavr. The source and destination instruments of a transfer transaction must be owned by the same identity. Transfers can be scheduled for future execution and can be performed in bulk operations. transaction will now provide all of this additional information. When the transaction is being viewed from the source instrument transaction activity page, the transaction details will include information about the destination instrument. Whilst, when the transaction details are viewed from the destination instrument, the details of the source instrument are provided.

This enhancement to the Embedder PortalEmbedder Portal A web-based portal where embedders can access their Weavr account, manage API credentials, configure settings, view dashboards, and access documentation. The portal provides access to both sandbox and production environments, with separate credentials for each. does not impact the statement generation endpoints provided in the MultiMulti Weavr Multi is an embedded finance solution that allows you to integrate financial services into your own application, providing a seamless experience for your customers. It enables you to offer managed accounts, managed cards, and transactions without requiring financial expertise. API or in the BackOffice API since they already include this information in the additionalFields field.

This enhancement will be made available automatically in the Sandbox. The information displayed will mimic the same structure provided in the screenshot below when viewed from the destination instrument.

WEB Embedder PortalEmbedder Portal A web-based portal where embedders can access their Weavr account, manage API credentials, configure settings, view dashboards, and access documentation. The portal provides access to both sandbox and production environments, with separate credentials for each. staff users can review individual SendSend A transaction type that allows sending funds to another identity's instrument or to a beneficiary. Send transactions may require Strong Customer Authentication depending on the destination and whether it's a trusted beneficiary. transactions with additional details displayed about the source and destination accounts.

Additional endpoints now supporting idempotency

As mentioned in previous Release Notes, we are extending the list of endpoints in the MultiMulti Weavr Multi is an embedded finance solution that allows you to integrate financial services into your own application, providing a seamless experience for your customers. It enables you to offer managed accounts, managed cards, and transactions without requiring financial expertise. API which can be called idempotently. This can be achieved by including the idempotency-ref header in the requests.

WEB

In this release, the following MultiMulti Weavr Multi is an embedded finance solution that allows you to integrate financial services into your own application, providing a seamless experience for your customers. It enables you to offer managed accounts, managed cards, and transactions without requiring financial expertise. API endpoints can (optionally) be called idempotently:

  • POST /managed_cards/{id}/physical/report_stolen to report a physical CardPhysical Card A payment card that is printed or embedded in wearables and sent to customers directly. Physical cards are created by first creating a virtual card and then upgrading it to a physical card. They are sent in an inactive state and must be activated by the card assignee before first use. as stolen

  • POST /managed_cards/{id}/physical/report_lost to report a physical CardPhysical Card A payment card that is printed or embedded in wearables and sent to customers directly. Physical cards are created by first creating a virtual card and then upgrading it to a physical card. They are sent in an inactive state and must be activated by the card assignee before first use. as lost

  • PATCH /corporates to update the details of the logged-in corporate identity

Further information on idempotency is provided in our API Docs here.

Rollback: Step-Up expiry extended for Managed CardsManaged Card A payment card (virtual or physical) that can be created and managed through the Weavr platform. Cards can operate in prepaid mode (with their own balance) or debit mode (linked to a managed account). All cards must be assigned to a card assignee who is an Authorised User.

The extended Stepped-Up session validity (180 days) on the GET Managed CardManaged Card A payment card (virtual or physical) that can be created and managed through the Weavr platform. Cards can operate in prepaid mode (with their own balance) or debit mode (linked to a managed account). All cards must be assigned to a card assignee who is an Authorised User. endpoints that was announced as a Sandbox feature in the last release notes email, has now been postponed to a future release. For now, the endpoint will continue to require a Stepped-Up token as previously documented.