API release notes 2022-04

Planned for development

Infrastructure

As an emergency change we are disabling TLS 1.0 and 1.1. support. From 2022-04-19 to access api.connectpay.com and api2.connectpay.com, you will have to use TLS 1.2

Merchant API

API	Version	Change type	Feature	Details	Release to Stage	Planned release to Prod
Initiate payment API	2	non-breaking change, improvement	CARD method added to payment initiation	One-time payment by cardholders will be possible for merchants in Accepts Payments service.	2022-03-22	2022-03-29
Initiate payment API	2	non-breaking change, improvement	`paymentConsent` parameter added to payment initiation	This parameter let’s end-user to skip “Review and confirm” page if same details are provided in e-shop. Less steps for user to make while initiating a payment.	2022-04-05	2022-04-12

Released to Stage

Authorization API

API	Version	Change type	Feature	Details	Release to Stage	Planned release to Prod
Get Access Token Refresh Access Token	1	Breaking change, Improvement	Changing name of Customer Name property	To identify Customer in tokens, we were using property `customerName`. We have aligned naming with general OAuth and Token RFCs and renamed property to `client_customer_name`. Currently both properties are presented in tokens, but from 2022-04-12 we are removing `customerName`. Note, that API version will stay the same.	2022-04-12	2022-07-12

API

Version

Change type

Feature

Details

Release to Stage

Planned release to Prod

Get Access Token
Refresh Access Token

1

Breaking change, Improvement

Changing name of Customer Name property

To identify Customer in tokens, we were using property customerName. We have aligned naming with general OAuth and Token RFCs and renamed property to client_customer_name. Currently both properties are presented in tokens, but from 2022-04-12 we are removing customerName.

Note, that API version will stay the same.

2022-04-12

2022-07-12

Merchant API

API	Version	Change type	Feature	Details	Release to Stage	Planned release to Prod
Initiate payment API Get payment details API Get providers API	2	Breaking change, new feature.	OAuth security model replaced with Basic Authorization and request signature.	QWAC certificate validation is eliminated; OAuth token generation and usage eliminated; No actions needed for MAR in Online Banking for renewing access tokens; 2-way TLS (mTLS) channel is changed to 1-way TLS channel; Digital signature added to each request. Required keys for signing provided by ConnectPay (or you can generate them by yourself if it is more convenient); Added Basic Authorization model to secure APIs For all our clients to have efficient integration, we are planning to retire our Merchant API version 1. Preliminary plan is to retire it on 2022-06-15.	2022-03-08	2022-03-15

API

Version

Change type

Feature

Details

Release to Stage

Planned release to Prod

Initiate payment API
Get payment details API
Get providers API

2

Breaking change, new feature.

OAuth security model replaced with Basic Authorization and request signature.

QWAC certificate validation is eliminated;

OAuth token generation and usage eliminated;

No actions needed for MAR in Online Banking for renewing access tokens;

2-way TLS (mTLS) channel is changed to 1-way TLS channel;

Digital signature added to each request. Required keys for signing provided by ConnectPay (or you can generate them by yourself if it is more convenient);

Added Basic Authorization model to secure APIs

For all our clients to have efficient integration, we are planning to retire our Merchant API version 1. Preliminary plan is to retire it on 2022-06-15.

2022-03-08

2022-03-15

Released to Production

Account Services API

API	Version	Change type	Feature	Details	Released to Stage	Released to Prod
Get Transactions	2	Bugfix	Fixed sorting order case validation	If `sortOrder` was not in uppercase, API responded with error. Now parameter is case insensitive	2022-02-14	2022-02-21
Get Accounts	3	Breaking change, Improvement	Changing name of Name property	To provide additional means of account identification, we were using property `name`. We have aligned to PSD2 specification and renamed property to `displayName`. Currently, request with `version=2` in a header returns property name as `name` . From 6th June 2022 we are removing `version=2` and `version=3` must be used to call Get Account API endpoint. Version=2 will be supported until 6th June 2022	2021-11-16	2021-11-23

API

Version

Change type

Feature

Details

Released to Stage

Released to Prod

Get Transactions

2

Bugfix

Fixed sorting order case validation

If sortOrder was not in uppercase, API responded with error. Now parameter is case insensitive

2022-02-14

2022-02-21

Get Accounts

3

Breaking change, Improvement

Changing name of Name property

To provide additional means of account identification, we were using property name. We have aligned to PSD2 specification and renamed property to displayName.

Currently, request with version=2 in a header returns property name as name . From 6th June 2022 we are removing version=2 and version=3 must be used to call Get Account API endpoint.
Version=2 will be supported until 6th June 2022

2021-11-16

2021-11-23

Merchant API

API	Version	Change type	Feature	Details	Release to Stage	Planned release to Prod
Initiate payment API Get payment details API Get providers API	2	Breaking change, new feature.	New basic security feature to authorization	QWAC certificate validation is eliminated; OAuth token generation and usage eliminated; No actions needed for MAR in Online Banking for renewing access tokens; 2-way TLS (mTLS) channel is changed to 1-way TLS channel; Digital signature added to each request. Required keys for signing provided by ConnectPay (or you can generate them by yourself if it is more convenient); Added Basic Authorization model to secure APIs For all our clients to have efficient integration, we are planning to retire our Merchant API version 1. Preliminary plan is to retire it on 2022-06-15.	2022-03-08	2022-03-15

API

Version

Change type

Feature

Details

Release to Stage

Planned release to Prod

Initiate payment API
Get payment details API
Get providers API

2

Breaking change, new feature.

New basic security feature to authorization

QWAC certificate validation is eliminated;

OAuth token generation and usage eliminated;

No actions needed for MAR in Online Banking for renewing access tokens;

2-way TLS (mTLS) channel is changed to 1-way TLS channel;

Digital signature added to each request. Required keys for signing provided by ConnectPay (or you can generate them by yourself if it is more convenient);

Added Basic Authorization model to secure APIs

For all our clients to have efficient integration, we are planning to retire our Merchant API version 1. Preliminary plan is to retire it on 2022-06-15.

2022-03-08

2022-03-15

Authorization API

API	Version	Change type	Feature	Details	Release to Stage	Planned release to Prod

API	Version	Change type	Feature	Details	Release to Stage	Planned release to Prod
Get authCode Get Secured Authorization (authorize PSD2 AIS Consent)	1,2	non-breaking change, improvement	User is locked after 5 wrong password login attempts	We implemented limitation on wrong password attempts due to security reasons. User account will be locked if 5 wrong attempts are used for password when calling Authorization APIs.	2022-03-08	2022-03-15
Get authCode Get Secured Authorization	1,2	non-breaking change, improvement	User is locked after 5 wrong SMS OTP attempts	We are implementing limitation on wrong SMS OTP attempts due to security reasons. User account will be locked if 5 wrong attempts are used for SMS OTP when calling Authorization APIs.	2022-03-22	2022-03-29

API

Version

Change type

Feature

Details

Release to Stage

Planned release to Prod

Get authCode

Get Secured Authorization (authorize PSD2 AIS Consent)

1,2

non-breaking change, improvement

User is locked after 5 wrong password login attempts

We implemented limitation on wrong password attempts due to security reasons. User account will be locked if 5 wrong attempts are used for password when calling Authorization APIs.

2022-03-08

2022-03-15

Get authCode

Get Secured Authorization

1,2

non-breaking change, improvement

User is locked after 5 wrong SMS OTP attempts

We are implementing limitation on wrong SMS OTP attempts due to security reasons. User account will be locked if 5 wrong attempts are used for SMS OTP when calling Authorization APIs.

2022-03-22

2022-03-29

Payment Services API

API	Version	Change type	Feature	Details	Release to Stage	Planned release to Prod
Authorize Payment API	3	Breaking change, Improvement	Payment authorization successful request response code changed from 200 to 202	Using response code `200` (successfully authorized) is not technically correct, as payment is not authorized immediately, but is put into authorization queue. Therefore, we are changing successful request response code to `202` - successfully accepted for execution. Currently, request with `version=2` in a header returns `200` for successful request. From 7th June 2022 we are removing `version=2` and `version=3` will be released to production with a response code `202` for successful request. Version=2 will be supported until 7th June 2022	2022-03-22	2022-03-29

PSD2 PIS API

API	Version	Change type	Feature	Details	Release to Stage	Planned release to Prod
Initiate Payment	1	non-breaking change, improvement	User is locked after 5 wrong password login attempts	We implemented limitation on wrong password attempts due to security reasons. User account will be locked if 5 wrong attempts are used for password when calling PSD2 Initiate Payment API	2022-03-08	2022-03-15
Initiate Payment	1	non-breaking change, improvement	User is locked after 5 wrong SMS OTP attempts	We are implementing limitation on wrong SMS OTP attempts due to security reasons. User account will be locked if 5 wrong attempts are used for SMS OTP when calling PSD2 Initiate Payment API	2022-03-22	2022-03-29

API

Version

Change type

Feature

Details

Release to Stage

Planned release to Prod

Initiate Payment

1

non-breaking change, improvement

User is locked after 5 wrong password login attempts

We implemented limitation on wrong password attempts due to security reasons. User account will be locked if 5 wrong attempts are used for password when calling PSD2 Initiate Payment API

2022-03-08

2022-03-15

Initiate Payment

1

non-breaking change, improvement

User is locked after 5 wrong SMS OTP attempts

We are implementing limitation on wrong SMS OTP attempts due to security reasons. User account will be locked if 5 wrong attempts are used for SMS OTP when calling PSD2 Initiate Payment API

2022-03-22

2022-03-29

Language

Undefined

Search form

Planned for development

Infrastructure

Merchant API

Released to Stage

Authorization API

Merchant API

Released to Production

Account Services API

Merchant API

Authorization API

Payment Services API

PSD2 PIS API

About Sensedia

Main menu

Like Us On Facebook