Skip to main content

4 posts tagged with "breaking-change"

View All Tags

· One min read

Effective:

  • 5 June 2024 on Sandbox
  • 26 June 2024 on Live

We are removing the baseCurrency field from the Buyer object.

After the change, you will not be required to send the baseCurrency field when creating or updating a buyer. When retrieving the buyer details, the baseCurrency field will not be returned anymore.

Action required

Review and update your application logic to remove dependencies on the baseCurrency field. This will help prevent and disruptions to your integration.

If no action is taken

If no action is taken, your application may fail when retrieving the details of a buyer if it is expecting to receive the baseCurrency field as part of the response.

Affected API endpoints:

· 2 min read

Effective:

  • 27 March 2024 on Sandbox
  • 2 April 2024 on Live

The Account Information Service (AIS) consents are granted for up to 90 days, after which, your users are required to extend their consent to continue using the associated Linked Account therefore we have updated the AIS component to support the extension of the consent.

The Get Linked Accounts & Get a Linked Account endpoints have been updated to contain the consent information with the below fields:

  • expiresAt
  • expiresIn
  • status

Note: If the consent has expired the:

  • expiresAt will contain a value of '0'.
  • expiresIn will contain the date in the past of the AIS consent expired.

You will also receive the AIS consent expiry and status (expiresAt, expiresIn & status) in the link account update event.

To extend the consent you need to provide the linkedAccountId parameter of the linked account in the AIS UI Component.

The consent can be initiated before 90 days elapse, this means that your user will be shown a consent renewal request screen for Weavr to continue accessing their bank account information. If the user clicks on 'I Consent' then the AIS consent will extended for another 90 days.

Initiating the AIS consent after 90 days, can still be extended, however your user will be shown an expired consent screen. To renew the consent, your user will be redirected to their Bank's portal to approve the consent request. In the Banking portal, the bank will ask them to authenticate and re-confirm the bank account to be shared.

Affected API endpoints:

More details on how to extend the AIS consent is available in our documentation

· One min read

Effective:

  • 27 February 2024 on Sandbox
  • 20 March 2024 on Live

The creation of an Authorised User for a Buyer is a key moment in the integrity of the security for that Buyer. To mitigate against security risks, we are now requiring the user who is creating a new authorised user to step-up their token. Creating Authorised Users continues to be an operation that can be performed by a user that has the Admin role.

Affected API endpoints:

More details on how to step-up a token are available in our documentation.

· One min read

Effective:

  • 27 February 2024 on Sandbox
  • 20 March 2024 on Live

To reduce the risk of fraud, we are now limiting the number of times a one-time-password can be submitted incorrectly.

Secure UI Components

When the user inputs a wrong OTP, they will be shown an error message and will be allowed to re-enter a new OTP. If they reach the last try, a message will be shown specifying that is the last try. Once a wrong OTP is inputted for the last try the Secure UI Component will return an error event with code CHALLENGE_LIMIT_EXCEEDED.

Affected Secure UI Components:

API endpoints

We have introduced 2 new error codes for the HTTP 409 response:

  • ONE_CHALLENGE_LIMIT_REMAINING - returned when the user has one try left
  • CHALLENGE_LIMIT_EXCEEDED - returned when the user has exceeded their OTP retries

Affected API endpoints: