Skip to main content
Every PR that changes a user-visible contract must add an entry here. The format follows Keep a Changelog. Breaking changes are called out explicitly.
Unreleased
  • AddedPOST /v1/public/auth/sign-up, POST /v1/public/auth/sign-up/verify, and POST /v1/public/auth/resend-otp public routes for the OTP sign-up flow.
  • AddedPOST /v1/users authenticated route for creating user records after sign-up verification.
  • Added — User profile routes: /v1/users/me, /v1/users/me/assets, /v1/users/me/transactions, /v1/users/me/pin/validate.
  • Added — Typed OpenAPI schemas for all Application routes (18 endpoints) and all Business routes (24 endpoints).
  • Added — Applications navigation group in the API Reference tab.
  • Added — Expanded Business navigation group with asset, wallet, beneficiary, and connectors routes.
  • Changed — Application registration no longer requires publicKey, classificationCode, or environment in the request body. Credentials are now generated server-side.
  • Changed — Application lifecycle guide rewritten to cover the full flow: register → submit → approve/reject → suspend/resume → revoke, plus credential rotation, audit trail, and webhooks.
2026-05-10 — Standard response envelope
  • Changed — All /v1/* responses now use the standard {data, status, message} envelope. Previous response formats are retired.
  • Added — Response envelope documentation page at /platform/response-envelope.
  • Changed — Error responses now use the same {data, status, message} shape with data: null and message formatted as "code: description".
2026-04-21 — Token refresh consolidated
  • Changed — Token refresh is now available at /v1/public/auth/refresh for all authentication methods. Supersedes the previous /v1/public/auth-connect/refresh route.