HomeRelease NotesRelease Version 4.36.0 (May 21, 2025)
Explore Release Notes

Release Version 4.36.0 (May 21, 2025)

21. 05. 2025

Pre-deployment steps

To be done before deployment

Check configuration changes and apply them in the application.yaml if the default configuration has been overridden there

Check if the release contains migrations. Migrations can affect deployment and downtime.

Use GET /i18n/export/{fileName} to download files with the current i18n properties. Check if the downloaded file is correct.

Post-deployment steps

To be done after deployment

Verify permission changes and assign or remove required permissions if they have been overridden

Add new properties from the I18n properties changes to the downloaded i18n properties file and add translation for them if needed.

Use POST /i18n/import to upload and apply a previously downloaded i18n file with added new properties.

Release migrations

Changes to notice

Canges to notice

Added contact field to the request in APIs:

  • POST ​/profiles​/my​/contact​/confirm

  • POST ​​/profiles​/my​/contact​/resend-otp

!! The field contact should be used instead of the legacy field login. The login field is planned for removal from the APIs no earlier than version 4.42.0.

New functionality

Check our new demo videos about OTP confirmation functionality here: Demo Videos | SDK.finance.

Feature

Description

Benefits

Cybersource integration – card data encryption

The implementation includes components for initialising and managing a local JCEKS keystore, performing operations such as key creation, retrieval, and storage, and providing secure in-memory storage of sensitive data.

Configuration properties used and their impact:

  • KEYSTORE_PATH_PREFIX_FOLDER_PROPERTY: Defines the directory path for storing the keystore file. The default is ./, enhancing portability across environments.

Certificates and keys storage:

  • The keystore is implemented using JCEKS (Java Cryptography Extension KeyStore), specifically designed for securely storing secret keys.

  • The certificate location defaults to the current directory, but it can be customised using environment variables or system properties.

Integration with CyberSource is currently in progress.

Once completed, it will enable users of the SDK.finance mobile application to top up their wallets using a bank payment card.

Cybersource integration – ability to pass card data in the API POST /gate/transactions/{tx}/submit and return received from Cybersource accessToken and deviceDataCollectionUrl in case Cybersource provider is chosen for top-up.

When API POST /gate/transactions/{tx}/submit is called for top-up using Cybersource providers, the system

1

accepts the following card data in the /submit API request

  • card number

  • card expiry month

  • card expiry year

  • cvv

and stores encrypted (e.g., using AES-256) card data temporarily

2

back-end calls subsequently, the following Cybersource APIs

POST /bin/v1/binlookup

POST /risk/v1/authentication-setups/

3

  • returns in the /submit API response the following data from the POST /risk/v1/authentication-setups/

  • response

  • accessToken

  • deviceDataCollectionUrl

Cybersource integration – implemented API to initiate authentication to be called by front-end when device data is collected

When device data is collected using iframe, front-end calls API to initiate authentication: POST /gate/transactions/{tx}/authenticate

Cybersource integration – processing payment when step-up result is received

When the step-up result is received, the system

  • calls the Cybersource API to finalise payment and combine steps to validate the authentication result and process payment

  • tops-up wallet if the payment is successful

Push notifications – Expo Push Notification is integrated.

This functionality is used in the SDK.finance mobile application

By default, push notification sending is disabled, and the system only logs the message to a log file.

To start working with Expo Push Notification, configure the integration with this service on a specific server:

  • Change the value of the environment variable notifications.push.provider to expoPushSender.

  • Set the value of the variable expo.notification.integration.authHeader. This value can be obtained from the user dashboard in the Expo Push Notification service.

  • Enable the timer by setting the environment variable notifications.push-notification-timer.enabled to true.

Once the integration with Expo Push Notification is configured and launched, each instance of the mobile application must register with Expo Push Notification, obtain a token, and register it on our server using the API POST /push/token/

Enhance user engagement by delivering real-time updates in the SDK Finance Mobile Application, improving responsiveness and communication

Improvements

Feature

Description

Date of the reset identification request is visible for service users in the User profile → KYC tab.

When users call the API POST ​​/profiles​/my​/reset-identification, the system stores the reset identification request date and shows it on the UI.

Filters and columns in the Clients and Team members are renamed to be consistent

The same naming is used for filters and columns.

Fixes

Fixed filtering users by role name on the Team members/Clients page.

API changes

Updated

Added contact field to the request of the APIs:

  • POST ​/profiles​/my​/contact​/confirm

  • POST ​​/profiles​/my​/contact​/resend-otp

Added createdAt field to the response of the APIs:

  • POST ​/profiles​/my​/reset-identification

  • POST /profiles​/view-reset-identification-requests

Ability to pass card data in the API POST /gate/transactions/{tx}/submit (will be accepted only when tx is created using Cybersource provider)

{
 "optionName": "default",
 "fields": {
 "cardNumber": "4111111111111111",
 "cardExpirationMonth": "12",
 "cardExpirationYear": "2025",
 "cardCvv": "111"
 }
}

Fields from the Cybersource response in the API response:

"form": {
 "url": "https://centinelapistag.cardinalcommerce.com/V1/Cruise/Collect",
 "method": "POST",
 "parameters": {
 "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJkOWE5OWRiOS1iNDE4LTQ1N2EtOTQ0MC1iNDZkOGY1M2Y4ODQiLCJpYXQiOjE3NDY1MzU2MDYsImlzcyI6IjVkZDgzYmYwMGU0MjNkMTQ5OGRjYmFjYSIsImV4cCI6MTc0NjUzOTIwNiwiT3JnVW5pdElkIjoiNjYzODdiZjlmOTRmNzI3ZjU0Y2RlNGE3IiwiUmVmZXJlbmNlSWQiOiI4ZWUyODZmOS00NTY0LTRkNTYtYmFlMi1hYmVkNGNjNmIwYTgifQ.jlpansJe0BBZxr5gE4xh8xK_-p61HMv1t-FrmPErHzQ"
 }
 }

Response fields mapping:

  • accessToken = form.parameters.accessToken

  • deviceDataCollectionUrl = form.url

Added

POST /gate/transactions/{tx}/authenticate

POST /push/token/

Deprecated/Deleted

I18n properties changes

Configuration changes

Added environment variables:

  • notifications.push.provider

  • expo.notification.integration.authHeader

  • notifications.push-notification-timer.enabled

  • notifications.push-notification-timer.pause-after-send – defines the duration to wait after sending a push notification before processing it. Recommended value is 15 minutes.

  • notifications.push-notification-timer.ttl – specifies the time-to-live for the processing notifications.

New properties:

secure-in-memory-store:
 default-expiration-time: 3600000
 key-alias:
 cleanup-interval: 60000
 enable-audit-logging: true
 key-rotation-schedule: 0 0 2 1 * ?

Database changes

Permission changes