HomeRelease NotesRelease Version 4.49.0 (December 29, 2025)
Explore Release Notes

Release Version 4.49.0 (December 29, 2025)

29. 12. 2025

Pre-deployment steps

To be done before deployment

Check configuration changes and apply them in the application.yaml if the default configuration has been overridden there

Check if the release contains migrations. Migrations can affect deployment and downtime.

Use GET /i18n/export/{fileName} to download files with current i18n properties. Check if the downloaded file is correct.

Post-deployment steps

To be done after deployment

Verify permission changes and assign or remove required permissions if they have been overridden

Add new properties from the I18n properties changes to the downloaded i18n properties file and add translation for them if needed.

Use POST /i18n/import to upload and apply previously downloaded i18n file with added new properties.

Release migrations

Changes to notice

Changes to notice

API POST /profiles/my/reset-identification is deprecated, API POST /organizations/{orgId}/identification-request should be used instead

The following APs are deprecated

GET /v1/profiles/my
PATCH /v1/profiles/my/person
PUT /v1/profiles/my/person
PATCH /v1/profiles/my/business
POST /v1/profiles/my/contact
PATCH /v1/profiles/my/address
PUT /v1/profiles/my/address
PATCH /v1/profiles/my/additional
PUT /v1/profiles/my/additional
GET /v1/profiles/{userId}
PATCH /v1/profiles/{userId}/person
PUT /v1/profiles/{userId}/person
PATCH /v1/profiles/{userId}/business
PATCH /v1/profiles/{userId}/contact
PATCH /v1/profiles/{userId}/address
PUT /v1/profiles/{userId}/address
PATCH /v1/profiles/{userId}/integration
PATCH /v1/profiles/{userId}/additional
PUT /v1/profiles/{userId}/additional

APIs GET /organizations/{organizationId}/profile and PATCH /organizations/{organizationId}/profile should be used instead

New functionality

Feature

Description

Benefits

Ability to manage a list of Banks in the system on UI.

Service users can add, edit and view a list of banks.

More convenient system management

The Business Account functionality

Feature

Description

Ability for individuals to create a reset identification request for company.

Individual users can create a reset identification request for the company.

A reset identification request can be created only for an approved company. When a reset identification request is approved, company information can be changed.

Ability for compliance to view

  • companies

  • company documents

  • company representatives

  • company shareholders and shareholder documents

Compliance can view

  • companies

  • company documents

  • company representatives

  • company shareholders and shareholder documents

Ability for compliance to approve/decline the company

Compliance can approve or decline the company.

Fireblocks integration

Feature

Description

Technical implementation of the Fireblocks client and configuration parameters to enable Fireblocks integration.

Technical implementation of the Fireblocks client and configuration parameters to enable Fireblocks integration.

Ability to enable Fireblocks integration at the asset level (API flow).

An administrator configures Fireblocks integration for specific assets in the SDK.finance platform.

This configuration defines which assets will use Fireblocks as their custody provider and links each supported asset to the corresponding Fireblocks asset ID and asset type (UTXO, Tag/Memo, or Account-based), and vault account ID (if needed).

Improvements

Feature

Description

Generic APIs are introduced to work with both Individuals and Companies.

APIs from the Organization profile management block can be used for Individual and Company organisations.

UI change: added the ability for the cashier to perform a top-up without request initiated by the individual.

Cashier can top-up individual wallet without initiated request.

UI change: ability for the merchant to confirm the transfer initiated in the Merchant portal via OTP.

Merchant can confirm the transfer initiated in the Merchant portal via OTP.

Ability to change user name.

Business and service users can change user name

  • for themselves (the only option for business users)

  • for other users in case of having appropriate permissions

Business users can change user name only for themselves.

Service users can change user name for themselves or for other users in case of having appropriate permissions.

Smart cards are renamed to in-system cards.

Smart cards are renamed to in-system cards

  • in the API URLs

  • swagger documentation

  • on UI.

Ability for merchant to create a bank account by specifying BIC or SWIFT of the bank, if the bank is not present in the list of banks.

Merchant can create a bank account by specifying BIC or SWIFT of the bank, if the bank is not present in the list of banks.

Removed legacy jjwt library (0.9.1) and consolidated JWT handling to a single library.

Removed legacy JWT library (0.9.1) and consolidated JWT handling to a single library.

UI changes: Amounts in the System accounts menu are shown according to the currency scale.

UI changes: Amounts in the System accounts menu are shown according to the currency scale.

Fixes

Front-end: minor fixes required after migration to Vue.js 3.

Front-end: export button is removed from all tables except Transactions

API changes

Updated

The following API operations were extended to support Individual users (previously these APIs worked only for Companies}:

GET /organizations/{organizationId}/profile

PATCH /organizations/{organizationId}/profile

Added currencyProviderDetails to the following APIs:

  • POST /currencies

  • PATCH /currencies/{currencyId}

  • GET /currencies

To the request of API PATCH /users/{userId} added userName parameter

Endpoint Renames

  • POST /smart-cardsPOST /in-system-cards

  • POST /smart-cards/validatePOST /in-system-cards/validate

  • POST /smart-cards/viewPOST /in-system-cards/view

  • DELETE /smart-cards/{number}DELETE /in-system-cards/{number}

  • PATCH /smart-cards/{number}PATCH /in-system-cards/{number}

  • GET /my/smart-cardsGET /my/in-system-cards

  • POST /my/smart-cardsPOST /my/in-system-cards

  • GET /my/smart-cards/{id}GET /my/in-system-cards/{id}

  • GET /my/smart-cards/coin/{serial}GET /my/in-system-cards/coin/{serial}

  • DELETE /my/smart-cards/number/{number}DELETE /my/in-system-cards/number/{number}

  • PATCH /my/smart-cards/number/{number}PATCH /my/in-system-cards/number/{number}

Operation ID Changes

  • createSmartCardcreateInSystemCard

  • validateSmartCardvalidateInSystemCard

  • getFilteredSmartCardsgetFilteredInSystemCards

  • deleteExistingSmartCarddeleteExistingInSystemCard

  • updateExistingSmartCardupdateExistingInSystemCard

  • getCurrentUserSmartCardsgetCurrentUserInSystemCards

  • createUserSmartCardcreateUserInSystemCard

  • getUserSmartCardByIdgetUserInSystemCardById

  • getAllUserSmartCardsByAssociatedCoinSerialgetAllUserInSystemCardsByAssociatedCoinSerial

  • deleteUserExistingSmartCarddeleteUserExistingInSystemCard

  • updateExistingUserSmartCardupdateExistingUserSmartCard

Property Renames

  • smartCardNumberinSystemCardNumber

  • smartCardsinSystemCards

GET /organizations/{organizationId}/profile

The following fields were deleted from the response:

  • contactData.phoneVerified

  • contactData.additionalPhoneVerified

  • contactData.emailVerified

The following fields were added to the response:

  • contactData.unverifiedPhone

  • contactData.unverifiedAdditionalPhone

  • contactData.unverifiedEmail

GET /profiles/my

The following fields were deleted from the response:

  • profile.contact.phoneVerified

  • profile.contact.additionalPhoneVerified

  • profile.contact.emailVerified

The following fields were added to the response:

  • profile.contact.unverifiedPhone

  • profile.contact.unverifiedAdditionalPhone

  • profile.contact.unverifiedEmail

GET /profiles/{userId}

The following fields were deleted from the response:

  • profile.contact.phoneVerified

  • profile.contact.additionalPhoneVerified

  • profile.contact.emailVerified

The following fields were added to the response:

  • profile.contact.unverifiedPhone

  • profile.contact.unverifiedAdditionalPhone

  • profile.contact.unverifiedEmail

Added

POST /organizations/{orgId}/identification-request

GET /currencies/providers

Deprecated/Deleted

POST /profiles/my/reset-identification

GET /v1/profiles/my
PATCH /v1/profiles/my/person
PUT /v1/profiles/my/person
PATCH /v1/profiles/my/business
POST /v1/profiles/my/contact
PATCH /v1/profiles/my/address
PUT /v1/profiles/my/address
PATCH /v1/profiles/my/additional
PUT /v1/profiles/my/additional

GET /v1/profiles/{userId}
PATCH /v1/profiles/{userId}/person
PUT /v1/profiles/{userId}/person
PATCH /v1/profiles/{userId}/business
PATCH /v1/profiles/{userId}/contact
PATCH /v1/profiles/{userId}/address
PUT /v1/profiles/{userId}/address
PATCH /v1/profiles/{userId}/integration
PATCH /v1/profiles/{userId}/additional
PUT /v1/profiles/{userId}/additional

I18n properties changes

Added

Value of i18n bundles were changed from

notification.signup.confirm.email_text=To register in the system ${applicationName} please go to: <a href="${redirectUrl}" style="color:#2a8c32;text-decoration:underline;">${redirectUrlMessageText}</a>. \
</br>If you have ability to use short code, this is it: \
</br><b>${confirmCode}</b>
notification.pin_ban_removal.confirm.email_text=Your account was banned, because you or someone else entered incorrect master PIN several times in a row.\
</br>To remove ban please follow this link:: <a href="${redirectUrl}" style="color:#2a8c32;text-decoration:underline;">${redirectUrlMessageText}</a>.\
</br>If you have ability to use short code, this is it:\
</br><b>${confirmCode}</b>
notification.password.confirm.email_text=To confirm the password recovery ${applicationName} please go to: <a href="${redirectUrl}" style="color:#2a8c32;text-decoration:underline;">${redirectUrlMessageText}</a>.\
</br>If you have ability to use short code, this is it:\
</br><b>${confirmCode}</b>
notification.profile.confirm.email_text=To confirm your email address please go to: <a href="${redirectUrl}" style="color:#2a8c32;text-decoration:underline;">${redirectUrlMessageText}</a>.\
</br>Your confirmation code for ${companyName} is: ${confirmCode}

to

notification.signup.confirm.email_text=To register in the system ${applicationName} please use this short code: \
</br><b>${confirmCode}</b>
notification.pin_ban_removal.confirm.email_text=Your account was banned, because you or someone else entered incorrect master PIN several times in a row.\
</br>To remove ban please use this short code:\
</br><b>${confirmCode}</b>
notification.password.confirm.email_text=To confirm the password recovery ${applicationName} please go to: <a href="${redirectUrl}" style="color:#2a8c32;text-decoration:underline;">${redirectUrlMessageText}</a>.\
</br>If you have ability to use short code, this is it:\
</br><b>${confirmCode}</b>
notification.profile.confirm.email_text=To confirm your email address please use this confirmation code ${confirmCode} for ${companyName}.

Configuration changes

Added SMTP timeout params

spring:
 mail:
 properties:
 mail.smtp.connectiontimeout: ${SMTP_CONNECTION_TIMEOUT:5000} # in milliseconds
 mail.smtp.timeout: ${SMTP_TIMEOUT:5000} # in milliseconds
 mail.smtp.writetimeout: ${SMTP_WRITE_TIMEOUT:5000} # in milliseconds
 mail.smpt.auth: ${SMTP_AUTH:true}
 mail.smtp.starttls.enable: ${SMTP_STARTTLS:true} # for port 465 use false, for port 587 use true
 mail.smtp.ssl.enable: ${SMTP_SSL:false} # for port 465 use true, for port 587 use false

# Maximum time (in milliseconds) the client waits to establish a TCP connection to the SMTP server.
# Required: false
# Default: 5000
SMTP_CONNECTION_TIMEOUT=5000
# Maximum time (ms) the client waits for a response from the SMTP server after sending a command.
# Required: false
# Default: 5000
SMTP_TIMEOUT=5000
# Maximum time (ms) allowed to send data to the SMTP server.
# Required: false
# Default: 5000
SMTP_WRITE_TIMEOUT=5000
# Enable SMTP authentication
# Required: false
# Default: true
SMTP_AUTH=true
# Enable STARTTLS for SMTP connection. For port 465 use false, for port 587 use true
# Required: false
# Default: true
SMTP_STARTTLS=true
# Enable SSL for SMTP connection. For port 465 use true, for port 587 use false
# Required: false
# Default: false
SMTP_SSL=false

added configurations to specify UI URLs which will be returned in the notifications for users where it is required

notifications:
 email:
 frontend-instance-url:
 backoffice: ${FRONTEND_URL_BACKOFFICE:http://localhost:8085}
 merchant-portal: ${FRONTEND_URL_MERCHANT_PORTAL:http://localhost:8086}
 mobile-app: ${FRONTEND_URL_MOBILE_APP:http://localhost:8087}

added environment variables

FRONTEND_URL_BACKOFFICE:http://localhost:8085
FRONTEND_URL_MERCHANT_PORTAL:http://localhost:8086
FRONTEND_URL_MOBILE_APP:http://localhost:8087

Added environment variables

# Enable/disable Fireblocks integration
# Required: false
# Default: false
FIREBLOCKS_INTEGRATION_ENABLED=true
# Fireblocks API base URL
# Required: true
# Default: https://sandbox-api.fireblocks.io/v1 (sandbox environment)
FIREBLOCKS_BASE_URL=https://sandbox-api.fireblocks.io/v1
# Fireblocks API Key
# Required: true
# Description: The API key provided by Fireblocks for authentication
# NOTE: This must be replaced with actual API key from Fireblocks console
FIREBLOCKS_API_KEY=api-key-here
# Fireblocks Secret Key
# Required: true
# Description: The private key (pkcs8 to base64) used for JWT signing. This should be the RSA private key
# provided by Fireblocks or loaded from a secure keystore
FIREBLOCKS_SECRET_KEY=your-secret-key-here

Enum Value Changes

SMART_CARDIN_SYSTEM_CARD

Configuration Variable Renames

smart_cards_expiration_period_in_monthsin_system_cards_expiration_period_in_months

Permission changes

New permission is created: RESET_IDENTIFICATION_REQUEST_CREATOR

And granted to:

  • individual

  • administrator

  • ceo

The new permission USER_OWNER is created and granted to all roles

Permission RECIPIENT_FINANCIAL_DETAILS_VIEWER is granted to:

  • cashier

  • ceo