Release Version 4.30.0 (February 28, 2025)

28. 02. 2025

Pre-deployment steps

To be done before deployment
Check configuration changes and apply them in the `application.yaml` if required.
Check if the release contains migrations. Migrations can affect deployment and downtime.
Use `GET /i18n/export/{fileName}` to download files with current i18n properties. Check if the downloaded file is correct.
Check changes to notice and make necessary changes if required.

Post-deployment steps

To be done after deployment
Verify permission changes and assign or remove required permissions if they have been overridden
Add new properties from the I18n properties changes to the downloaded i18n properties file and add translation for them if needed. Use `POST /i18n/import` to upload and apply previously downloaded i18n file with added new properties.

To be done after deployment

Verify permission changes and assign or remove required permissions if they have been overridden

Add new properties from the I18n properties changes to the downloaded i18n properties file and add translation for them if needed.

Use POST /i18n/import to upload and apply previously downloaded i18n file with added new properties.

Release migrations

–

Changes to notice

Changes to notice
Breakable changes in the APIs: `POST /report` changed to `POST /reports` `GET /report/{id}` changed to `GET /reports/{id}` `POST /profile-documents/view-document-types` changed to `GET /profile-documents/view-document-types`
Breakable changes in the APIs: `PATCH /profiles/my/security-settings` `PATCH /profiles/{userId}/security-settings` Added mandatory request parameter `push (true/false)` to manage push notifications
Breakable changes in the APIs The following API paths were changed: `POST /smart-cards/my` changed to `POST /my/smart-cards` `DELETE /smart-cards/my/number/{number}` changed to `DELETE /my/smart-cards/number/{number}` `GET /smart-cards/my/coin/{serial}` changed to `GET /my/smart-cards/coin/{serial}` `GET /smart-cards/my` changed to `GET /my/smart-cards` `GET /smart-cards/my/{id}` changed to `GET /my/smart-cards/{id}` `PATCH /smart-cards/my/number/{number}` changed to `PATCH /my/smart-cards/number/{number}`

Changes to notice

Breakable changes in the APIs:

POST /report changed to POST /reports
GET /report/{id} changed to GET /reports/{id}
POST /profile-documents/view-document-types changed to GET /profile-documents/view-document-types

Breakable changes in the APIs:

PATCH /profiles/my/security-settings
PATCH /profiles/{userId}/security-settings

Added mandatory request parameter push (true/false) to manage push notifications

Breakable changes in the APIs

The following API paths were changed:

POST /smart-cards/my changed to POST /my/smart-cards
DELETE /smart-cards/my/number/{number} changed to DELETE /my/smart-cards/number/{number}
GET /smart-cards/my/coin/{serial} changed to GET /my/smart-cards/coin/{serial}
GET /smart-cards/my changed to GET /my/smart-cards
GET /smart-cards/my/{id} changed to GET /my/smart-cards/{id}
PATCH /smart-cards/my/number/{number} changed to PATCH /my/smart-cards/number/{number}

New functionality

Feature	Description	Benefits
Information provided in the Escaped JSON format in APIs `PATCH /profiles/my/additional` and `PATCH /v1/profiles/{userId}/additional` is parsed and shown on UI for service users in the user profile with ability to edit.	Service user can view custom information in the user profile edit custom information add custom information Validation for the string in escaped JSON format added to the API. API request example: `{ "additional": { "type": "RawProfileExtDto", "rawData": "[{\"key\":\"fathersName\",\"value\":\"fater name\"},{\"key\":\"dateOfBirthCountry\",\"value\":\"AF\"},{\"key\":\"dateOfBirthProvince\",\"value\":\"2\"},{\"key\":\"dateOfBirthDistrict\",\"value\":\"2\"},{\"key\":\"occupation\",\"value\":\"occupation\"},{\"key\":\"monthlyIncome\",\"value\":\"3\"},{\"key\":\"optionalEmail\",\"value\":\"/\"},{\"key\":\"emergencyContactNumber\",\"value\":\"+9312345678\"}]" } }`	Greater flexibility and adaptability to specific needs
Reporting – ability for service users to see list of reports, download export files, and delete report	Service users can: see the list of exports that can be downloaded download the export file delete report	Improves system efficiency by allowing reports to be generated in the background and downloaded once ready, reducing wait times and optimizing resource usage.
Reporting – ability for service users to enable notifications when the report is ready	Service users can enable notifications in their profile to send email or SMS to the verified contact when the report is ready.
Cash desks – ability for the cashier to approve request to top-up via their cash desk	Cashiers can approve request to top-up via their cash desk. Approve should be done after money has been physically deposited into the cash desk. Wallet balance will be credited after request is approved. This functionality is currently available in the APIs and will be incorporated into the UI in future versions. The ability for business users to create request for top-up via cash-desk will be implemented in the SDK.finance mobile application	The cash desk functionality is still under development. Once completed, it will provide a full cycle of operations through cash desks and cash management.
Push notifications management for business users	Business users can enable/disable push notifications This will be available on UI in the SDK.finance mobile application	Extends mobile application functionality
Sending in-system notifications for business users and the ability for business users to view them in the mobile application	In-system notifications are enabled for the following events: `TRANSACTION` `AUTHENTICATION` `KYC_IDENTIFICATION_STATUS_CHANGE` `PROFILE_UPDATE_REQUIRED` `RESET_IDENTIFICATION_REQUEST_APPROVEDACCOUNT_BLOCKED` `PASSWORD_RECOVERED` This will be available on UI in the SDK.finance mobile application	Enables user communication without relying on paid channels like email and SMS
Implemented integration with Google ReCaptca service. Сompatible with v2 and v3.	This will be available on UI in the SDK.finance mobile application	Enhances security, protecting the system from automated abuse and unauthorized access.
Added possibility for captcha validation for self-registration resend OTP for self-registration initiate phone number change request when not logged-in	If captcha is enabled, it is required for the following actions: self-registration resend OTP for self-registration initiate phone number change request when not logged-in
Monthly fee – the ability for service users to link the monthly fee to the existing contract	Service users can link a monthly fee to existing contracts. When the monthly fee is linked it is charged to all users under the contract. If there is not enough money at the user’s wallet to change the monthly fee, the user will be moved to the basic contract. To all new users under the contract, the monthly fee is charged when the contract is assigned to users.	The monthly fee feature is still being developed. Once ready, it will enable charging a monthly fee for using the product and automatically switching users to a free version if they don’t have enough funds at the time of payment.
Monthly fee – a mechanism to charge monthly fee by the timer according to calculated fee date	When today is the calculated date to charge a monthly fee, the timer will charge active monthly fees for active contracts calculates the next fee date change the contract to base for those users who do not have enough money
Ability for business users to export transactions	To export transactions by business users, the following API should be used `POST /report` `{ "type": "BusinessUserTransactionReportFilter", "walletSerial": "wallet number" }` This will be available on UI in the SDK.finance mobile application	Extends mobile application functionality
Ability for business users to re-upload declined documents if the profile has not been declined	When the declined document is re-uploaded, the new document status is `PENDING` and the old document status is changed from `DECLINED` to `OUTDATED`. The flow of document re-upload: upload media file `POST /media-files` mark it as a profile document `POST /profile-documents` send uploaded document for verification `PATCH /profile-documents/{profileDocumentId}`	A more flexible KYC process allows business users to re-upload declined documents without the need for full profile rejection.
Ability for service users to specify a comment when declining a document from the business user	Service users can specify a comment when declining a document from the business user
Chats and Investigations – Ability for service users to initiate chat with business users linked to the investigation	Service users can initiate chat with business users linked to the investigation	Investigations functionality is still being developed. Once completed, it allows to address AML or fraud concerns efficiently and ensure compliance with regulatory requirements

Improvements

Feature	Description
When user is banned, in the `POST /authorization`, 403 response with `"code" : "validator.user.banned"` is returned
Disabled date is shown for disabled commission profiles for vendor and system commissions	For vendor’s commission profiles: CRO → Vendors → View operations, column “Disabled date” For system commission profiles: CRO → Contracts → View details → View details, column “Disabled date”
Ability to view balances on vendor’s wallets	CRO → Vendors → View balances
Ability to activate/deactivate Vendor and system commission rules for the specific operation	CRO → Vendors → View operations → View details → View commission and limit details → Deactivate/activate commission CRO → Contracts → View details → View details → View details → View commission and limit details → Deactivate/activate commission

Fixes

The “banned” user status does not change after the ban is lifted

Notification notification.change_org_status.approved triggered in the case when profile is not approved

Unable to delete a user if they have two wallets in the same currency with zero balance

API changes

Updated

POST /report was renamed to POST /reports
GET /report/{id} was renamed to GET /reports/{id}

The new field disabledAt was added to the response of the following APIs:

POST /commission-profile
GET /commission-profile/{profileId}
PATCH /commission-profile/{profileId}
POST /commission-profile/view

PATCH /profiles/my/security-settings
PATCH /profiles/{userId}/security-settings

Added mandatory request parameter push (true/false) to manage push notifications

Parameter push (true/false) added to the response of the following APIs:

GET /profiles/my
PATCH /profiles/my/additional
PATCH /profiles/my/address
PATCH /profiles/my/business
POST /profiles/my/contact/confirm
PATCH /profiles/my/person
PATCH /profiles/my/security-settings
POST /profiles/{userId}/approve
POST /profiles/{userId}/decline
POST /profiles/{userId}/reset
PATCH /profiles/{userId}
GET /profiles/{userId}
PATCH /profiles/{userId}/additional
PATCH /profiles/{userId}/address
PATCH /profiles/{userId}/integration
PATCH /profiles/{userId}/business
PATCH /profiles/{userId}/contact
PATCH /profiles/{userId}/person
PATCH /profiles/{userId}/security-settings

For API POST /registration/resend-otp request header Captcha-Token added.

Header required if captcha.validation.enabled=true in the application.yaml, otherwise ignored.

For API POST /login-change/authorization request header Captcha-Token added.

Header required if captcha.validation.enabled=truein the application.yaml, otherwise ignored.

For API POST /registrationadded request header Captcha-Token

Header required if captcha.validation.enabled=true, otherwise ignored.

Optional parameter monthlyFeeId added to the API PATCH /contracts/{contractId}

The following API paths were changed:

POST /smart-cards/my changed to POST /my/smart-cards
DELETE /smart-cards/my/number/{number} changed to DELETE /my/smart-cards/number/{number}
GET /smart-cards/my/coin/{serial} changed to GET /my/smart-cards/coin/{serial}
GET /smart-cards/my changed to GET /my/smart-cards
GET /smart-cards/my/{id} changed to GET /my/smart-cards/{id}
PATCH /smart-cards/my/number/{number} changed to PATCH /my/smart-cards/number/{number}

PATCH /my/smart-cards/number/{number}

PATCH /smart-cards/number/{number}

Request parameters “name” and “active” were marked as optional.

POST /business-requests/view

added filters: createdAtFrom and createdAtTo

POST /report

Added report type BusinessUserTransactionReportFilter to export transactions by business user

POST /profile-documents/{profileDocumentId}/decline

The new optional parameter comment was added to the request

POST /profile-documents/view-document-types changed to GET /profile-documents/view-document-types

POST /bank-withdrawals/commission

The request parameter bankAccountId was removed.

The request parameter bankAccountNumber was marked as required.

PATCH /profiles/my/additional

PATCH /profiles/{userId}/additional

for type RawProfileExtDto added validation

Added validation for the string in the escaped JSON format

GET /investigation/{investigationId}
Added clientUserId, clientLastName, clientFirstName in response to node transactions

POST /tickets/view
Added field type (ALL, TRANSACTION, BUSINESS, INVESTIGATION) in response

POST /conversations/view

Added the following filters:

ticketType, possible values: ALL, TRANSACTION, BUSINESS, INVESTIGATION
investigationIdto filter

Removed filter:

includeRelatedToTransactions (use new ticketType field instead)

Renamed businessProcessId to entityIdin response

POST /registration/confirm

added refreshToken to response

Added

DELETE /reports/{id}
GET /reports

GET /notifications

POST /tickets/investigation

Deprecated/Deleted

–

I18n properties changes

Added

notification.operation.transfer.src.push_subject notification.operation.transfer.src.push_text notification.operation.transfer.dest.push_subject notification.operation.transfer.dest.push_text notification.operation.charge.push_subject notification.operation.charge.push_text notification.operation.refund.push_subject notification.operation.refund.push_text notification.operation.redeem.push_subject notification.operation.redeem.push_text notification.locked.push_subject notification.locked.push_text notification.authenticate.push_subject notification.authenticate.push_text notification.operation.cash_register_withdraw.push_subject notification.operation.cash_register_withdraw.push_text notification.password.change.push_text notification.password.change.push_subject notification.operation.invoice.paid.push_text notification.operation.invoice.paid.push_subject notification.reset_identification.push_text notification.reset_identification.push_subject notification.reset_identification.rejected.push_text notification.reset_identification.rejected.push_subject notification.reset_identification.approved.push_text notification.reset_identification.approved.push_subject notification.operation.issue_card_completed.push_text notification.operation.issue_card_completed.push_subject notification.operation.issue_card_declined.push_text notification.operation.issue_card_declined.push_subject notification.aml_blocked.push_subject notification.aml_blocked.push_text notification.user_identification.review_required.push_text notification.user_identification.review_required.push_subject entity.doc.type.drivers_license=Driver's license entity.doc.type.utility_bill=Utility bill notification.prepaid.pin_updated.sms=For the voucher with serial number '${prepaidSerial}' was created the new PIN: ' ${prepaidPin}' notification.prepaid.pin_updated.email_subject=Creating new PIN notification notification.prepaid.pin_updated.email_text=For the voucher with serial number '${prepaidSerial}' was created the new PIN: ' ${prepaidPin}' exception.user.profile.additional.invalid_raw_data=User profile additional raw data is invalid. Only escaped json is allowed.

Configuration changes

Added configuration to enable captcha validation:

application.yaml

captcha: validation: enabled: ${CAPTCHA_VALIDATION_ENABLED:false} threshold: ${CAPTCHA_VALIDATION_THRESHOLD:0.5} api: url: ${CAPTCHA_API_URL:https://www.google.com/recaptcha/api/siteverify} secret: ${CAPTCHA_API_SECRET:6Lcm3XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX5mfX}

Added default configuration

compliance: approval: - organizationType: 'corporate' - newPersonType: 'standard'

Added monthly fee settings

monthly-fee: timer: enabled: ${MONTHLY_FEE_CHARGING_TIMER_ENABLED:true} schedule-expression: ${MONTHLY_FEE_CHARGING_TIMER_SCHEDULE_EXPRESSION:0 0/5 * ? * * *} # cron expression

monthly-fee.timer.enabled:

Determines if the monthly fee charging timer is active.
Controlled by the environment variable MONTHLY_FEE_CHARGING_TIMER_ENABLED.
Defaults to true if the environment variable is not set, meaning the timer is enabled by default.

monthly-fee.timer.schedule-expression:

Specifies the schedule for the timer using a cron expression.
Configured via the MONTHLY_FEE_CHARGING_TIMER_SCHEDULE_EXPRESSION environment variable.
Defaults to 0 0/5 * ? * * *, which runs the timer every 5 minutes at the start of each interval (e.g., 12:00, 12:05, 12:10, etc.).

Permission changes

BUSINESS_REQUEST_CASH_DESK_CHARGE granted to the cashier role

IN_APP_NOTIFICATION_OWNER granted to

individual
administrator
merchant
corporate

REPORT_OWNER granted to

individual

IP_MANAGER granted to

CEO

changes for role_administrator role

"supervisingRoles": [ { "roleCode": "administrator", "managementOperation": [ "CREATE" ]

changed to

"supervisingRoles": [ { "roleCode": "administrator", "managementOperation": [ "UPDATE", "CREATE" ]