Changelog

​

Issuing

• Affected endpoints: Create Card, Update Card, Retrieve Card, List Cards
• Affected webhooks: card.create.succeeded, card.update.succeeded
• New risk_controls.enable_3ds field controls whether a card is registered for 3DS at all. Combine with the existing allow_3ds_transactions for full 3DS behavior — see the updated 3D Secure guide.
• Visa BINs only. Modifiable when the card is in PENDING or ACTIVE status.
• Returned in card responses only when explicitly set on the card. When absent, the card follows the account-level 3DS configuration.
• Backward-compatible — existing integrations that do not pass enable_3ds continue to work unchanged.

​

Issuing

• Effective: 2026-05-07, ~20:00 Beijing time (UTC+8)
• Changes that may visibly affect existing integrations:
  • Page max-width: 512px → 1280px. Cards in parent containers wider than 512px will render wider than before.
  • Iframe content height: previously content-driven (auto) → fixed at 300px. Content exceeding 300px may be clipped or scrolled.
  • Iframe container minimum height: previously unrestricted → min-height: 400px. Containers with shorter content will be expanded to 400px.
  • Bottom “Show / Hide data” toggle button has been removed. Sensitive data visibility (card number, expiry, CVV) is now toggled via the eye icon next to the CVV label, which is persistently visible. Clicking on the masked values (****, **/**, ***) also toggles visibility.
• To preserve the previous fixed dimensions, pass width / height through the styles parameter on .uq-card-container — see the Secure Iframe Guide for usage.

• New selectors: .uq-card-cardholder (cardholder name styling) and .uq-page-background (iframe page background; default transparent).
• .uq-card-container accepts width, height, min-height, max-width, min-width — useful for restoring the previous fixed dimensions.
• .uq-card-row accepts display, justify-content, align-items, flex-direction, gap — useful for label/value alignment.

​

Issuing

• Affected endpoint: Create Card (request and response)
• cardholder_id is now optional. When omitted, provide a complete cardholder_required_fields block and the system creates the cardholder and issues the card in the same request.
• Backward-compatible — existing integrations that pass cardholder_id continue to work unchanged.
• See One-Step Card Issuance for the full integration flow.

• Affected webhook: card.verification.otp
• The verification OTP event is now published for both Google Pay and Apple Pay wallet bindings. Previously, it was only published for Google Pay bindings.
• No action required for existing integrations — merchants already subscribed to card.verification.otp will automatically receive OTPs for Apple Pay bindings.

• Affected endpoint: Create Cardholder
• Cardholders with Kosovo (ISO 3166-1 alpha-2 XK, alpha-3 XKX) phone numbers can now be created successfully.
• Phone prefix: +383. Valid phone number length (excluding country code): 8–9 digits.
• See Phone Number Validation Rules for the full country list.

​

Issuing

• New webhook event published when an issuing transfer status changes (e.g., from pending to succeeded or failed).
• Subscribe to issuing.transfer.status_changed in your webhook configuration to receive this notification.

• Affected webhooks: card.status.update.succeeded, card.status.update.failed
• Added available_balance — the card’s current available balance at the time of the status change.
• Added currency — the card’s currency in ISO 4217 format.

​

Acquiring

• Affected endpoint: Create Payout (request)
• Changes:
  • New optional field payout_account_id added to the request body.
  • When omitted, existing behavior is preserved — funds are sent to the configured external bank account.
  • When provided, the payout is processed as a UQPAY internal transfer to the specified account.
  • Both long and short UQPAY account IDs are accepted.
• Notes:
  • The payout_account_id should match the calling account: pass the sub-account ID when calling from a sub-account, or the master account ID when calling from the master account.
  • This is a non-breaking, backward-compatible change — no action required for existing integrations.

​

Issuing

• Affected endpoints: Create Cardholder (request and response), Update Cardholder (request and response)
• Changes:
  • Three KYC levels now supported:
    • SIMPLIFIED — basic fields only, behavior identical to previous version, cardholder_status set to SUCCESS immediately
    • STANDARD — requires nationality, identity, residential_address, triggers review process
    • ENHANCED — additionally requires kyc_verification, supporting THIRD_PARTY and SUMSUB_REDIRECT methods
  • New request fields: gender, nationality, identity (object), residential_address (object), kyc_verification (object)
  • New response fields: cardholder_status, idv_verification_url, idv_url_expires_at
• Notes:
  • When no new fields are provided, behavior remains fully backward compatible.
  • Updating KYC-related fields is not allowed while cardholder_status is PENDING.
  • residential_address replaces the previous delivery_address field.

• Affected endpoints: Retrieve Cardholder (response), List Cardholders (request and response)
• Changes:
  • New response fields: gender, nationality, residential_address, cardholder_status, review_status, idv_status, idv_verification_url, idv_url_expires_at
  • List Cardholders accepts a new query parameter cardholder_status for filtering by status.

• Affected endpoint: Create Card (request and response)
• Changes:
  • New optional request object cardholder_required_fields — allows merchants to supplement missing cardholder KYC fields at card creation time (includes gender, nationality, phone_number, date_of_birth, residential_address, identity, kyc_verification).
  • New response fields: cardholder_status, message
• Notes:
  • If the cardholder does not meet the product’s requirements and cardholder_required_fields is not provided, the error kyc_insufficient is returned with missing_fields.
  • When card creation triggers a KYC review, the card enters PENDING status and is automatically activated upon approval.

• Affected endpoint: List Products (response)
• Changes:
  • Each product object now includes a required_fields array indicating cardholder fields required by the card BIN.
  • Each entry contains: name, type (string or object), required (boolean), description, and fields (sub-fields when type is object).

• New webhook events:
  • cardholder.kyc.status_changed — cardholder KYC status changes
  • cardholder.updated — cardholder information updated

​

Acquiring

• Affected endpoints (response only): Create PaymentIntent, Retrieve PaymentIntent, Update PaymentIntent, Confirm PaymentIntent, Capture PaymentIntent, Cancel PaymentIntent, List PaymentIntents, Retrieve PaymentAttempt, List PaymentAttempts
• Changes:
  • PaymentIntent endpoints: latest_payment_attempt.payment_method type changed from string to object
  • PaymentAttempt endpoints: payment_method type changed from string to object
  • PaymentIntent — new fields added to latest_payment_attempt: auth_code, arn, rrn, advice_code
  • PaymentAttempt — new top-level fields: auth_code, arn, rrn, advice_code
  • PaymentIntent — new object added: latest_payment_attempt.authentication_data
    • Fields: cvv_result, avs_result
    • authentication_data.three_ds fields: ds_transaction_id, three_ds_version, eci, cavv, three_ds_authentication_status, three_ds_cancellation_reason
  • PaymentAttempt — new object added: authentication_data (same structure as above)
• Notes: Effective 2026-03-26

• Affected webhooks: acquiring.payment_attempt.created, acquiring.payment_attempt.capture_requested, acquiring.payment_attempt.cancelled, acquiring.payment_attempt.failed
• Scope: Card payment transactions only (payment_method.type = "card" or "card_present")
• Changes:
  • New fields added to the notification body: auth_code, arn, rrn, advice_code
  • New object added: authentication_data
    • Fields: cvv_result, avs_result
    • authentication_data.three_ds fields: ds_transaction_id, three_ds_version, eci, cavv, three_ds_authentication_status, three_ds_cancellation_reason
• Notes: Effective 2026-03-26

​

Card Issuing

• Affected endpoint: Create Card (request)
• Changes:
  • Added optional field usage_type (enum: NORMAL, ONE_TIME; default: NORMAL). When omitted, the card behaves as a standard reusable card.
  • Added optional field auto_cancel_trigger (enum: ON_AUTH, ON_CAPTURE). Required when usage_type is ONE_TIME. Defines the transaction event that triggers automatic card cancellation: ON_AUTH cancels the card immediately after the first authorization is approved; ON_CAPTURE cancels the card after the first transaction’s capture (settlement) succeeds.
  • Added optional field expiry_at (date-time string with timezone offset, e.g. 2026-03-19T18:46:43+08:00). If the card has not been cancelled by a first-transaction event before this datetime, it is automatically cancelled and any unused balance is released.

​

Banking

• Affected endpoints: Create Virtual Account, webhook: virtual.account.*
• Changes:
  • Added optional request header X-Request-Id (string, max 64 characters).
  • If provided, the value is returned in the associated webhook event as request_id.

​

Account Center

• Affected endpoint: Create SubAccount (request)
• Changes:
  • Added required field individual_info.employment_status — employment status of the individual.
  • Added required field individual_info.industry — industry the individual works in.
  • Added required field individual_info.job_title — job title of the individual.
  • Added required field individual_info.company_name — name of the company the individual works for.
• Effective date: 2026-03-19

​

Acquiring

• Affected endpoints: Create PaymentIntent (request), Confirm PaymentIntent (request)
• The billing.phone_number field is no longer required.

• Affected endpoints: Create PaymentIntent (request), Confirm PaymentIntent (request)
• Added googlepay and applepay as new available payment method options.

​

Banking

• Affected endpoint: Create Transfer (request)
• Added new required request header parameter: x-idempotency-key
• This is a backward-incompatible change. All API consumers must include this header in their Create Transfer requests.
• Effective date: March 19

​

Account Center

• Affected endpoint: Create SubAccount (request)
• The proof_documents.proof_of_address field is no longer required when creating a sub-account.

​

Issuing

• Affected endpoint: List Issuing Balances Transactions (request)
• Added four new optional filter parameters:
  • transaction_type — filter by transaction type (e.g., authorization, reversal, refund, fee, settlement)
  • transaction_status — filter by status: COMPLETED, PENDING, or FAILED
  • currency — filter by 3-letter ISO 4217 currency code (e.g., USD, EUR, GBP)
  • transaction_id — filter by exact transaction ID
• All parameters are optional and can be used independently or in combination.

​

Acquiring

• Create Bank Account
• Retrieve Bank Account
• Update Bank Account
• List Bank Accounts

• Each account can only have one settlement bank account per currency.
• Created bank accounts cannot be deleted.

​

Issuing

​

Account Center

• Affected endpoint: Create SubAccount (request)
• The business_details.industry field now must contain a valid code from the industry code list.
• Previously, the field only checked for non-empty values.
• Transition period: 2025-12-25 to 2026-01-01 accepts both old and new values. Enforcement begins 2026-01-01.

• Affected endpoints: Retrieve Account (response), List Connected Accounts (response)
• business_code changed from string to array[string].
• Example: "business_code": "BANKING" → "business_code": ["BANKING"]
• Possible values: BANKING, ACQUIRING, ISSUING
• Existing integrations expecting a single string value must be updated.

• Affected endpoint: Create SubAccount (request)
• The business_type field is deprecated and will be removed.

​

Acquiring

• Affected endpoints: Create PaymentIntent (request), Confirm PaymentIntent (request)
• browser_info.mobile is now only required when the client is mobile. It is no longer required for PC web clients in 3DS scenarios.

​

Acquiring

• Affected webhooks: acquiring.payment_intent.*, acquiring.payment_attempt.*
• Added static_qrcode, static_qrcode_extension, and static_qrcode_number_plate fields to webhook notification bodies.
• These fields are only returned in static QR code payment scenarios.

​

Issuing

• Affected endpoint: Update Card Status (request)
• Maximum length: 50 Chinese characters or 100 characters.

• Triggered when a card binding to Google Pay requires OTP verification.
• Subscribe to the card.verification.otp event type in your webhook configuration to receive this notification.

​

Banking

• Affected endpoint: List Balances Transactions (request)
• Added support for INVOICE type in the transaction_type filter parameter.

​

Issuing

• Affected endpoints: Retrieve Cardholder (response), List Cardholders (response)
• Added delivery_address field to cardholder response objects. Field structure:

"delivery_address": {
  "city": "Singapore",
  "country": "SG",
  "line1": "9 N Buona Vista Dr",
  "line2": "THE METROPOLIS",
  "state": "Singapore",
  "postal_code": "138666"
}

​

Acquiring

• Affected endpoints: Create PaymentIntent (request), Confirm PaymentIntent (request)
• browser_info.ip_address moved to top level (same level as payment_method).
• ip_address is mandatory when payment_method.card.three_ds_action = enforce_3ds.

​

Acquiring

• Affected endpoints: Create PaymentIntent (request), Confirm PaymentIntent (request)
• payment_method.card.billing.address.state is now conditionally required when billing.address.country_code is "US" or "CA".

• Affected endpoints: Create PaymentIntent, Confirm PaymentIntent
• Added support for seven new payment methods, expanding coverage in Southeast Asian markets.

• New endpoint: POST /v2/payment_intents/{id}/capture
• Supports auto_capture = false payment flows with a configurable 1–24 hour capture window.
• UQPAY auto-captures funds after the window period if not manually captured.
• Merchants can cancel orders within the capture window period.

​

Banking

• Affected webhooks: beneficiary.*
• Added beneficiary_entity_type field to webhook payloads. Values: "INDIVIDUAL" or "COMPANY".

​

Issuing

• Affected endpoint: Create Cardholder (request)
• Updated length validation for the following countries (excluding country/region/area codes):
  • Nigeria (NG): 8 or 10 digits
  • Bangladesh (BD): 8 or 10 digits
  • Libya (LY): 8 or 9 digits
  • Senegal (SN): 7 or 9 digits
  • Mayotte (YT): 8 or 9 digits
  • Ecuador (EC): 7 or 9 digits
• Republic of Congo area code changed from 2420 to 242.

​

Account Center

• Affected endpoint: Create SubAccount (request)
• Added ownership_details.representatives.face_docs for company entity types.
• Added identity_verification.face_docs for individual entity types.
• Added tos_acceptance.tos_agreement for both entity types (optional; set to 1 to auto-sign TPSP Terms of Service).
• face_docs are mandatory when creating sub-accounts under TPSP master accounts.
• For company entities: at least one representative with specific job titles must provide face verification documents.

​

Acquiring

• Retrieve Balance
• List Balances
• Create Payout
• Retrieve Payout
• List Payouts — real-time payout status updates available via webhooks.

​

Banking

• Affected endpoints: Create Payout (request), Create Beneficiary (request)
• Added support for Chinese parentheses （） in company_name and account_holder fields.
• Applies only when bank_country_code = CN, account_currency_code = CNH, payment_method = LOCAL, entity_type = COMPANY.

• Affected endpoints: Create Payout (request), Create Beneficiary (request)
• Removed input validation for bank_details.account_holder, first_name, last_name, company_name, address.street_address, address.city, and address.state when payment_method = LOCAL and account_currency_code is not CNH or SGD.

• Affected endpoint: Create Payout (request)
• SWIFT payments: new pattern /^[a-zA-Z0-9/-?:().'+, ]+$/ (supports space and additional special characters).
• LOCAL payments with non-CNH/non-SGD currency: no validation applied.

• Affected endpoint: Create Payout (request)
• Invoice document upload is now mandatory when beneficiary.bank_details.account_currency_code = "INR" and clearing_system = "IFSC".
• Document must be uploaded in the documentation field.

• Affected endpoint: Create Payout (request)
• Removed OTHER_SERVICES from the purpose_code field. Existing integrations using this value must update.

​

Acquiring

• Triggered when payment intent status is REQUIRES_CUSTOMER_ACTION during the customer authentication phase.

​

Account Center

• Affected endpoint: Create SubAccount (request)
• The following fields now accept an array instead of a single object:
  • identity_verification.identity_docs
  • ownership_details.shareholder_docs
  • ownership_details.representatives.identity_docs
  • company_info.certification_of_incorporation
  • proof_documents.proof_of_address
  • proof_documents.source_of_funds
  • proof_documents.proof_of_position_and_income

​

Banking

• Create Quote: added transaction_type field — conversion (default) for currency conversion; payout for cross-currency payouts.
• Create Payout: added payout_currency, payout_amount, and quote_id fields.
• Retrieve Payout / List Payouts: added quote_id and conversion fields (currency_pair, client_rate).
• Webhooks payout.*: added conversion, quote_id, payout_amount, and payout_currency fields.

• Affected endpoints: Create Beneficiary (request), Create Payout (request)
• Affected fields: bank_details.account_holder, first_name, last_name, company_name, address.street_address, address.city, address.state
• New validation applies to all conditions except when bank_details.account_currency_code = CNH, payment_method = LOCAL, and bank_country_code = CN.
• Only English characters, numbers, special characters, and spaces are allowed.
• For Singapore SGD individual accounts (entity_type = INDIVIDUAL, bank_country_code = SG, account_currency_code = SGD), stricter account_holder validation applies.

• Affected endpoint: Create Payout (request)
• Only alphabetic characters, numbers, spaces, commas (,), and periods (.) are allowed.

​

Issuing

• New endpoint added: Bulk Create Virtual Cards
• New webhook: issuing.report.succeeded — delivers the decryption key for the card numbers file.
• Assign Card API expanded to support binding of bulk-created virtual cards.
• A report_id is returned after submission; retrieve the card number file using the Download Report API before expiry.
• You must subscribe to issuing.report.succeeded before calling Bulk Create Virtual Cards.

• Affected reports: Card Transaction Report, Card Settlement Report
• Added new field Ori Transaction Id.

​

Banking

• Affected endpoints: Create Beneficiary (request), Create Payout (request)
• email: required → optional
• nickname: required → optional

• Affected endpoints: Create Beneficiary (request), Create Payout (request)
• Removed: company_name, first_name, last_name, address.country, address.street_address, address.city, address.state, address.postal_code
• Changed to optional: email, nickname

• Affected endpoints: Create Beneficiary (request), Create Payout (request)
• Applies when entity_type = INDIVIDUAL, bank_country_code = SG, and account_currency_code = SGD.
• New validation: only English letters (A–Z, a–z) and spaces; 2–140 characters; must include a space separating first and last name.

​

Issuing

• Affected endpoints: List Cards (response), Retrieve Card (response)
• Added consumed_amount field, representing the cumulative card limit that has already been used.

​

Account Center

• Affected endpoints: Retrieve Account (request and response), List Connected Accounts (response)
• Added optional business_code filter parameter to Retrieve Account — values: BANKING, ISSUING, ACQUIRING (default: BANKING).
• Added business_code field to Retrieve Account and List Connected Accounts responses.

• Affected endpoint: Create SubAccount (request)
• Added optional field email_address to ownership_details.representatives[].

• Affected endpoint: Create SubAccount (request)
• business_details.website_url: required → optional
• business_details.company_description: required → optional

​

Issuing

• Affected endpoint: Simulate Authorization
• Added sandbox authorization simulation support for BIN 40963608. No schema changes.

​

Acquiring

• acquiring.payment_attempt.created — triggered when PA status is INITIATED
• acquiring.payment_attempt.capture_requested — triggered when PA status is CAPTURE_REQUESTED (consumer completed payment; the corresponding PI transitions to SUCCESS)
• acquiring.payment_attempt.cancelled — triggered when PA status is CANCELLED
• acquiring.payment_attempt.failed — triggered when PA status is FAILED

• New endpoint: GET /api/v2/payment/settlements
• Supports optional settlement_batch_id or payment_intent_id parameters, pagination, and time range filters.
• Returns records with settlement_status = success.

​

Banking

• Affected endpoints: Create Payout (request), Create Beneficiary (request)
• Accepts only letters A–Z/a–z and digits 0–9. Spaces, hyphens, and other special symbols are rejected.

​

Issuing

• Affected endpoints: List Cards (response), Retrieve Card (response), Update Card Status (response)
• Affected webhooks: card.status.update.*
• Added update_reason field indicating the reason for a card status change.

• Affected endpoints: Card Recharge (request), Card Withdraw (request)
• SHARE cards can now adjust card_available_balance via Recharge (increase) and Withdraw (decrease).
• SINGLE card behavior remains unchanged.

​

Issuing

• Affected endpoint: Create Card (request)
• BINs 527735, 555071, 555243: card_limit is mandatory and must be ≥ 0.01.
• Other BINs: card_limit is optional; defaults to 0 if omitted; must be ≥ 0 and up to two decimal places if provided.

• Affected endpoints/reports: List Issuing Balances Transactions (response), Account Transaction Report
• Added: FUNDS_TRANSFER_IN, FUNDS_TRANSFER_OUT, FEE_REFUND, FEE_DEDUCTION, MARGIN_PAYMENT, MARGIN_REFUND, OTHER

• Affected endpoints: Retrieve Cards Transaction (response), List Cards Transactions (response)
• Added: CHARGEBACK_DEBIT, CHARGEBACK_CREDIT

• issuing.transaction.chargeback.credit — triggered when a chargeback credit is posted to a card transaction
• issuing.transaction.chargeback.debit — triggered when a chargeback debit is posted to a card transaction

​

Banking

• Affected endpoints: Retrieve Deposit (response), List Deposits (response)
• Affected webhooks: deposit.pending, deposit.compliance.rejected, deposit.completed
• Added deposit_reference field to carry a custom reference.

​

Issuing

• card.update.succeeded — triggered when a card order from Update Card reaches SUCCESS
• card.update.failed — triggered when a card order from Update Card reaches FAILED

• Affected endpoint: List Issuing Balances Transactions (response)
• ending_balance — balance after the transaction is completed
• description — short description of the transaction

• Affected report: Card Settlement Report
• The Transaction Type enum value ATM Withdraw has been renamed to Authorization.

​

Banking

• Affected endpoints: Retrieve Payout (response), List Payouts (response)
• Added purpose_code field.

• Affected endpoint: Check Beneficiary (request)
• Added additional_info.proxy_id parameter accepting a PayNow proxy identifier.

​

Issuing

• Affected report: Card Settlement Report
• The Transaction Type value Purchase has been renamed to Authorization.

​

Account Center

• Affected endpoints: Create SubAccount — POST /v1/accounts/create_accounts (request); Retrieve Account — GET /v1/accounts/{id} (response)
• A new optional field other_documents allows uploading proof of address or supplemental documents for representatives.
• Note: field name differs between request (doc_str) and response (front).

"other_documents": [
  {
    "type": "PROOF_OF_ADDRESS",
    "doc_str": "base64 string or file ID"
  }
]

"other_documents": [
  {
    "type": "PROOF_OF_ADDRESS",
    "front": "base64 string or file ID"
  }
]

​

Account Center

• New endpoint: POST /api/v1/accounts/create_accounts
• Supports sub-account creation under ACQUIRING, BANKING, and ISSUING business lines.
• Supports both COMPANY and INDIVIDUAL entity types.
• Sub-accounts created here can still be queried via List Connected Accounts and Retrieve Account.

• New endpoint: GET /api/v1/accounts/get_additional
• Returns required and optional document types for COMPANY sub-account creation, based on country and business code.
• Retrieve this list before initiating sub-account creation.

​

Acquiring

• Triggered when a Payment Intent is automatically closed upon expiry.
• Not triggered for manually cancelled orders.
• Subscribe to this event in your Dashboard to receive it.

​

Issuing

• Affected endpoints: List Cards Transactions (response), Retrieve Cards Transaction (response)
• Added PENDING as a new valid value for transaction_status.

​

Banking

• Affected endpoints: Create Payout, Retrieve Payout, Create Beneficiary, List Beneficiaries, Retrieve Beneficiary, Update Beneficiary, Check Beneficiary
• Added PayNow as a new enum value for bank_details.clearing_system.
• Added additional_info.proxy_id field supporting UEN, phone number, or VPA.

​

Acquiring / Account

• Affected endpoints: All POST endpoints (request headers)
• x-idempotency-key must now be a valid UUID format.

​

Acquiring

• Added failure_code to the PaymentAttempt response, indicating the reason for payment attempt failure.

​

Banking

• Affected endpoint: POST /api/v1/payouts (request)
• Added optional documentation field to allow uploading supporting documents with a payout request.

​

Issuing

• Added risk_controls module to the card.create.succeeded webhook payload. Returned values (e.g., 3ds, mcc) vary by card product.

​

Issuing

• Affected endpoints: List Cards Transactions (response), Retrieve Cards Transaction (response)
• Affected webhooks: issuing.transaction.*
• Affected reports: Card Transactions Report, Card Settlement Report
• Added wallet_type field identifying the digital wallet used (e.g., ApplePay, GooglePay).

​

Acquiring

​

Banking

• Affected endpoint: POST /api/v1/accounts (request)
• Added optional other_documentation field under representatives[] to support proof of address and other supplemental documents during account creation.

​

Issuing

• Affected webhooks: card.create.*, card.recharge.*, card.withdraw.*
• Added card_available_balance indicating the card’s available balance at the time of the event.

​

Banking

• Affected endpoint: POST /api/v1/beneficiaries (request)
• Added optional additional_info.organization_code field (Unified Social Credit Identifier) for company-type beneficiaries.

• Affected endpoints: GET /api/v1/payouts/{id} (response), GET /api/v1/payouts (response)
• Added failure_reason field to payout response objects.

​

Issuing

• Affected endpoint: GET /api/v1/issuing/products (response)
• Added card_currency field — an array of strings specifying currencies available for each card product. Example: ["SGD", "USD"].

• Affected endpoint: GET /api/v1/issuing/products (response)
• card_form — supported card form(s): ["VIR", "PHY"] or ["VIR"].
• max_card_quota — maximum number of cards that can be issued under the current account for the product.

• Affected endpoints: GET /api/v1/issuing/transactions (response), GET /api/v1/issuing/transactions/{id} (response)
• Affected webhooks: issuing.transaction.*
• If transaction_status = DECLINED: field contains the failure reason.
• If transaction_status = APPROVED: field contains supplementary remarks (e.g., 3DS Fee for 3DS transactions).
• All transaction report files previously using failure_reason column header are now updated to description.

• Removed REFUNDED from valid values for transaction_status.
• Previous REFUNDED transactions now map to transaction_type: REFUND + transaction_status: APPROVED.

• Affected endpoints: GET /api/v1/issuing/cards/{id} (response), GET /api/v1/issuing/cards (response), POST /api/v1/issuing/cards/{id}/status (request), card.status.update.* webhooks
• INACTIVE renamed to FROZEN — card is temporarily disabled but can be reactivated.
• New BLOCKED status added — card is administratively blocked by UQPAY; unblocking requires a formal email request.

​

Banking

• Affected endpoints: POST /api/v1/payouts (response), GET /api/v1/payouts (request and response), GET /api/v1/payouts/{id} (response)
• Removed SUBMISSION_FAILED from the payout_status field.

​

Issuing

• Affected endpoint: GET /api/v1/issuing/cards (request)
• Added optional cardholder_id query parameter to filter cards by cardholder.

• Affected endpoint: GET /api/v1/issuing/cards/{id} (response)
• Added no_pin_payment_amount field indicating the allowed amount for transactions without PIN verification. Format: <amount><currency> (e.g., 2000USD).

• Affected endpoint: GET /api/v1/issuing/products (response)
• Added no_pin_payment_amount array specifying configured NO-PIN payment amount limits per product.

​

Acquiring

• Affected endpoints: Payment Intents, Payment Attempts, and Payment Refunds endpoints
• Revised enumerated values and definitions for intent_status, attempt_status, and refund_status. Refer to the API reference pages for the latest enumerations.

• Affected endpoints: Payment Intents endpoints
• Supported values: card, card_present, alipaycn, alipayhk, unionpay, wechat. All other types are not yet supported.

​

Issuing

• Added optional cardholder_id query parameter to GET /api/v1/issuing/cards.

• Added no_pin_payment_amount field to GET /api/v1/issuing/cards/{id} response. Format: <amount><currency> (e.g., 2000USD).

• Added no_pin_payment_amount array to GET /api/v1/issuing/products response, indicating maximum allowable NO-PIN payment amounts per currency.

​

Acquiring

​

Banking

• Affected endpoints: Create Beneficiary, Update Beneficiary, Retrieve Beneficiary, List Beneficiaries
• Added nationality — two-letter country code for the beneficiary’s nationality.
• Added id_number — conditionally required for INDIVIDUAL type beneficiaries who are Mainland China residents using CNH currency and LOCAL payment method.

​

Issuing

• Affected endpoints: POST /api/v1/issuing/cards (Create Card), POST /api/v1/issuing/cards/{id} (Update Card)
• Added optional allowed_mcc and blocked_mcc fields to the risk_controls object.
• Only one of the two can be set per card. MCCs must be provided as an array of strings (e.g., ["5999", "6011"]).

​

Issuing

• Affected endpoints: List Cardholders (response), Retrieve Cardholder (response)
• Added number_of_cards field.

​

Issuing

• Affected endpoints: all endpoints supporting the x-on-behalf-of header
• If provided, the value must be a valid UUID format corresponding to an existing sub-account. Invalid values are rejected.

​

Issuing

• Affected endpoint: POST /api/v1/issuing/cards/activate (request)
• Added required field pin.
• Added optional field no_pin_payment_amout.
• This is a breaking change — existing integrations must be updated to include pin.

​

Issuing

• Affected endpoints: POST /api/v1/issuing/cards, POST /api/v1/issuing/cards/{id}
• Added optional risk_controls field. Backward-compatible — existing cards are unaffected unless explicitly configured.

​

Banking

• New endpoint: GET /api/v1/exchange/rates
• Returns current exchange rates. Reference only — use the Create Quote API for rate-locking.

​

Banking

• Added new webhook event type: rfi.transaction.action_required for deposit and payout RFI scenarios.
• Affected endpoints: GET /api/v1/rfis/{id} (Retrieve RFI), POST /api/v1/rfis/answer (Answer RFI)
• Added rfi_type and transaction_type fields to both endpoints.
• The original onboarding RFI flow (event_type = rfi.action_required) remains unchanged.

​

Issuing

• Affected endpoint: POST /api/v1/issuing/cardholders/{id} (request)
• Added optional email field. Backward-compatible.

​

Banking

• Added changelog.
• New deposit webhooks: deposit.pending, deposit.compliance.rejected, deposit.completed
• New deposit endpoints:
  • GET /api/v1/deposit — list deposits
  • GET /api/v1/deposit/{id} — retrieve a deposit by ID
  • POST /api/v1/simulation/desposit — simulate deposits into global account (sandbox only)
• Documentation corrections to descriptions and parameter restrictions.