4 posts tagged with "authorised-users"

As mentioned in our previous update, to mitigate against security risks, we are now requiring the user who is updating an authorised user to step-up their token.

Effective:

• 28 October 2024 on Sandbox
• 29 October 2024 on Live

Creating and updating user continues to be an operation that can be performed by a user that has either an Admin role or a User Manager role, or both. More about roles can be found in our documentation.

Action required​

Review and update your application logic to accommodate the update a user endpoint that requires a stepped up token. If your user is trying to update a user and the token is not stepped up, you need to handle the new HTTP 403 STEP_UP_REQUIRED error code. This will help prevent any disruptions to your integration.

If no action is taken​

If no action is taken, your application will encounter issues when updating an authorised user.

Affected API endpoint:

• PATCH/users/{users_id}

To mitigate against security risks, we are now requiring the user who is updating an authorised user to step-up their token.

Effective:

• 28 October 2024 on Sandbox
• 29 October 2024 on Live

Creating and updating user continues to be an operation that can be performed by a user that has either an Admin role or a User Manager role, or both. More about roles can be found in our documentation.

Action required​

Review and update your application logic to accommodate the update a user endpoint that requires a stepped up token. If your user is trying to update a user and the token is not stepped up, you need to handle the new HTTP 403 STEP_UP_REQUIRED error code. This will help prevent any disruptions to your integration.

If no action is taken​

If no action is taken, your application will encounter issues when updating an authorised user.

Affected API endpoint:

• PATCH/users/{users_id}

We have improved the functionality of the user manager role, allowing users with the admin role to assign the user manager role to users who already have a role assigned.

Effective:

• 03 September 2024 on Sandbox
• 24 September 2024 on Live

Previously, we restricted the User Manager role to be assigned to only one user. However, with this release, we're allowing the user with the Admin role to assign the user manager role to multiple users.

Affected API endpoints:

• PATCH/users/{users_id}

We have introduced a new User Manager role. This role is designed to enable delegation of the user management tasks from users with the Admin role. The permissions associated with the role include authorised user creation, role assignments and user deactivation. This change aims to streamline administrative processes and improve system security by delegating specific responsibilities.

Effective:

• 10 July 2024 on Sandbox
• 11 July 2024 on Live

Users with the Admin role, now have the ability to create an authorized user with User Manager permissions. The User Manager will not have the ability to create, fund or confirm a payment run, nor will they be able to link or unlink a linked account.

Affected Endpoints:

• POST/users
• GET/users
• GET/users/{user_id}
• PATCH/users/{users_id}
• POST/users/{users_id}/activate
• POST/users/{users_id}/deactivate
• POST/users/{users_id}/invite

More details on roles & permissions is available in our documentation