HomeRelease NotesRelease Version 4.31.0 (March 18, 2025)
Explore Release Notes

Release Version 4.31.0 (March 18, 2025)

18. 03. 2025

Pre-deployment steps

To be done before deployment

If Kafka is used, create consumer group for listening to business process status changes.

The property that changes consumer group id for kafka consumer: business-process-messaging.kafka.consumers.status-change.id

The default value: status-change-consumers

Check configuration changes and apply them in the application.yaml if the default configuration has been overridden there

Check if the release contains migrations. Migrations can affect deployment and downtime.

Use GET /i18n/export/{fileName} to download files with current i18n properties. Check if the downloaded file is correct.

Post-deployment steps

To be done after deployment

Verify permission changes and assign or remove required permissions if they have been overridden

Add new properties from the I18n properties changes to the downloaded i18n properties file and add translation for them if needed.

Use POST /i18n/import to upload and apply previously downloaded i18n file with added new properties.

Release migrations

Release migrations

Changes to notice

Changes to notice

API PATCH /my/bank-accounts/{bankAccountId}/with-bank was removed, API PATCH /bank-accounts/{bankAccountId}/with-bank should be used instead

New functionality

Feature

Description

Benefits

OTP confirmation – OTP confirmation settings at the system level and default settings for new users

Service users can enable, disable and view OTP confirmation settings at the system level and settings that used for new users for the following operations and security-sensitive user actions:

Operations:

  • Voucher creation

  • Voucher activation

  • Merchant payment

  • Top-up via bank request

  • Withdrawal via bank request

  • Top-up via provider

  • Withdrawal via provider

  • Top-up via cash desk request

  • Withdrawal via cash desk request

  • Purchase via provider

  • Invoice payment

  • Card issuance via provider

  • Transfer

Security-sensitive actions:

  • close account

  • deactivate/activate account

  • delete in-system card

  • change card status in-system card

  • change card status for card issued via provider

All OTP confirmations are disabled by default

Enhances security for users by verifying their identity.

OTP confirmation functionality works only with enabled Kafka

OTP confirmation is under development and will be implemented for each operation in future versions.

OTP confirmation – OTP confirmation settings at the user level

Business users and service users can enable, disable and view OTP confirmation settings at the user level for the operations and user security-sencitive actions listed above

OTP confirmation – general mechanism to send, resend and confirm OTP for business process and security-sensitive actions

This mechanism implements APIs to resend OTP, get confirmations, and confirm operations. It will be used for each operation and user-sensitive action listed above.

OTP confirmation – OTP confirmation for transfer

When OTP confirmation for transfer is enabled at the system level and for the user, the system will send OTP to the user verified mobile phone number

Notification for business user is created when profile document is declined

When profile document is declined, the system will send the following notification to business user (according to the notification settings):

  • in-system notification

  • email notification to the verified email

  • SMS notification to the verified phone

SMS and email notification are disabled by default

System notification is enabled by default

Awareness for business users by notifying them via in-system message, email, and SMS when a profile document is declined

Ability for business users to mark their notifications as read/unread

Business users can mark their notifications as read/unread

This will be available on UI in the SDK.finance mobile application

Improves notifications management

Monthly fee – the ability for service users to re-link (change) the monthly fee for the existing contract

Service users can re-link (change) the monthly fee for the existing contract.

New monthly fee will be charged according to the previously calculated fee dates.

The monthly fee feature is still being developed. Once ready, it will enable charging a monthly fee for using the product and automatically switching users to a free version if they don’t have enough funds at the time of payment.

Monthly fee – the ability for service users to unlink the monthly fee from the existing contract

Service users to unlink the monthly fee from the existing contract

When the monthly fee is unlinked from the contract – the next fee date is deleted for all users within this contract

A new menu “Requests” was added to UI.

The following menus were moved to “Requests”:

  • Clients/Change phone requests

  • Withdrawal via bank

  • Top-up via bank

Menus are visible according to the assigned permissions.

Improvements

Feature

Description

Ability for business users to see if their user profile was frozen

The following parameters are returned in the API GET /profiles​/my

  • frozen (true/false)

  • frozenReason

  • frozenDescription

Example:

"frozen": true,
 "frozenReason": "AML",
 "frozenDescription": "string",

New filters for Transactions view API POST /transactions/view

  • posIds

  • paymentIdentifiers

  • gateProviderId

  • amountFrom

  • amountTo

  • categoryIds

  • recipientAccountNumber

  • recipientName (works for operations cash_desk_charge, gate_charge, exchange_transaction, merchant_invoice, merchant_payment, client_transaction_transfer, bank_topup, and with name, phone, and email that were specified in the profile.person section)

filterType parameter is introduced in the API with the following values:

  • TransactionFilterDto for most of the transaction types and filters, used by default

  • PaymentTransactionFilterfor merchant payment transactions, if filtering by posIds or paymentIdentifiers is required

  • GateMerchantPaymentTransactionFilterDto for gate transactions (where an external 3rd party takes part), if filtering by gateProviderId is required

Platform version is visible on UI for service roles and in the actuator {host}/api/v1/actuator/info

The following information is visible in the actuator

{
 "app" : {
 "name" : "SDK.finance Application",
 "description" : "This is SDK.finance Spring Boot application",
 "version" : "4.30.0-2025-02-27T16:27:23Z",
 "openAPIversion" : "2.0.331"
 }
}

The following PATCH APIs are changed to the logic for partial resource modification to only update the data explicitly sent in the request, while unmentioned fields stay unchanged:

  • PATCH /profiles/{userId}/additional

  • PATCH /profiles/{userId}/address

  • PATCH /profiles/{userId}/person

  • PATCH /profiles/{userId}/security-settings

  • PATCH /profiles/{userId}/integration

  • PATCH /profiles/my/additional

  • PATCH /profiles/my/address

  • PATCH /profiles/my/person

  • PATCH /profiles/my/security-settings

Fixes

The status of a voucher is not changed to processed after it was successfully activated

API changes

Updated

POST /transactions/view
Added new filters to filter node

amountFrom
amountTo
categoryIds
recipientAccountNumber
recipientName

Added filterType in the filter node:

  • TransactionFilterDto for most of the transaction types and filters, used by default

  • PaymentTransactionFilterfor merchant payment transactions, if filtering by posIds or paymentIdentifiers is required

  • GateMerchantPaymentTransactionFilterDto for gate transactions (where external 3rd party takes part), if filtering by gateProviderId is required

If not existing filter is passed in the filter node, it will be ignored without an error.

PATCH ​/contracts​/{contractId}

added monthlyFeeId

The following PATCH APIs are changed to the logic for partial resource modification to only update the data explicitly sent in the request, while unmentioned fields stay unchanged:

  • PATCH /profiles/{userId}/additional

  • PATCH /profiles/{userId}/address

  • PATCH /profiles/{userId}/person

  • PATCH /profiles/{userId}/security-settings

  • PATCH /profiles/{userId}/integration

  • PATCH /profiles/my/additional

  • PATCH /profiles/my/address

  • PATCH /profiles/my/person

  • PATCH /profiles/my/security-settings

API POST /cash-desks/view returns address with type BUSINESS and accepts BUSINESS address in the location filter

The new notification event type PROFILE_DOCUMENT_DECLINED was added to the enum NotificationEventType for the following APIs:

  • PATCH /profiles/my/security-settings

  • PATCH /profiles/{userId}/security-settings

GET /profiles​/my

added the following parameters to the response:

  • frozen (true/false)

  • frozenReason

  • frozenDescription

Added

PATCH /v1/notifications

DELETE /contracts/{{contractId}}/monthly-fees

OTP confirmation settings at the system level and default setting for new users:

GET /v1/global-confirmation-settings

PATCH /v1/global-confirmation-settings

OTP confirmation settings at the user level:
GET /v1/user-confirmation-settings?userId={userId}

ATCH /v1/user-confirmation-settings

OTP confirmation – general mechanism

GET /confirmations

PATCH /confirmations/{confirmationId}

POST /confirmations

Deprecated/Deleted

I18n properties changes

Added

exception.global_confirmation_settings.not_found=Global level confirmation settings not found
notification.profile_document.declined.sms=Profile document with ID '${documentId}' and type '${documentType}' has been declined
notification.profile_document.declined.email_text=Profile document with ID '${documentId}' and type '${documentType}' has been declined
notification.profile_document.declined.email_subject=Profile document has been declined
notification.profile_document.declined.push_text=Profile document with ID '${documentId}' and type '${documentType}' has been declined
notification.profile_document.declined.push_subject=Profile document has been declined
validator.exception.invalid_parameter.applyAt.past=The provided apply date-time must not be in the past. Please provide today's date or a future date.
exception.bank_account_number.iban_or_number_required=Bank account number or IBAN must be provided

Configuration changes

The new section notifications.settings was added to the file application-notification.yaml for ability to define default notification settings:

notifications:
 settings:
 - notification-event-type: PROFILE_DOCUMENT_DECLINED
 sms-enabled: false
 email-enabled: false
 push-enabled: true

These settings will be used for the migration of existing users during application startup and during new user creation.

Default settings can be specified for multiple notification event types.

If default notification settings aren’t defined for specific notification event type then the default value will be true.

  • Removed the reports.kafka.topic property; introduced new property business-process-messaging.kafka.topic.

  • The messaging behaviour for business process updates in Kafka is no longer controlled by reports.enabled. It now depends on the newly introduced property business-process-messaging.enabled.

  • Added a new property business-process-messaging.kafka.consumers.status-change.id for identifying the consumer group responsible for listening to business process update events.

Changes in the application.yaml

business-process-messaging:
 enabled: true
 kafka:
 topic: transaction-topic-sdk5-sandbox
 consumers:
 status-change:
 id: business-process-sdk5-sandbox-kafka-consumer-group
 reports:
 enabled: true
 kafka:
 topic: transaction-topic-sdk5-sandbox
 group-id: reports-sdk5-sandbox-kafka-consumer-group

Previous configuration:

users:
 registration:
 static-otp:
 enabled: ${USER_REGISTRATION_STATIC_OTP_ENABLED:false}
 code: ${USER_REGISTRATION_STATIC_OTP_CODE:1111}
 confirmation-code:
 length: 6
 ttl: 86400
 resend-delay: 60
 maxAttempts: 3

New configuration:

users:
 registration:
 confirmation-code:
 static-otp:
 enabled: ${USER_REGISTRATION_STATIC_OTP_ENABLED:false}
 code: ${USER_REGISTRATION_STATIC_OTP_CODE:1111}
 length: 6
 ttl: 86400
 resend-delay: 60
 maxAttempts: 3
 authentication:
 confirmation-code:
 static-otp:
 enabled: ${USER_REGISTRATION_STATIC_OTP_ENABLED:false}
 code: ${USER_REGISTRATION_STATIC_OTP_CODE:1111}
 length: 6
 ttl: 86400
 resend-delay: 60
 maxAttempts: 3
confirmation:
 code:
 static-otp:
 enabled: ${CONFIRMATION_STATIC_OTP_ENABLED:false}
 code: ${CONFIRMATION_STATIC_OTP_CODE:1111}
 length: 6
 ttl: 86400
 resend-delay: 60
 maxAttempts: 3

Changes in Core

For AWS clients:

server:
 http2:
 enabled: true
 port: 8443
 ssl:
 enabled: true
 key-store: file:keystore.p12
 key-store-type: PKCS12
 key-store-password: password
 key-alias: tomcat
 enabled-protocols: TLSv1.3,TLSv1.2
 protocol: TLS
Spring:
 kafka:
 enabled: true

! This assumes the keystore file is in the same directory as the application JAR.

By default, SSL is OFF.
By default, Kafka is OFF.

Changes in OpenAPI schema

In servers section

  • url changed from httpshttp

  • host: 844380

servers:
 - url: http://{host}:{port}/{basePath}
 description: Generated API server
 variables:
 port:
 default: '80'
 description: Server port
 host:
 default: localhost
 description: Server host
 basePath:
 default: api
 description: Base path

! For AWS clients:

The server host should be overridden to https and port 8443.

Permission changes

SYSTEM_ROLE_INITIATOR granted to the role_administrator role

MONTHLY_FEE_MANAGER granted to the CEO and CRO roles