HomeRelease NotesRelease Version 4.51.0 (February 6, 2026)
Explore Release Notes

Release Version 4.51.0 (February 6, 2026)

06. 02. 2026

Pre-deployment steps

To be done before deployment

Check configuration changes and apply them in the application.yaml if the default configuration has been overridden there

Check if the release contains migrations. Migrations can affect deployment and downtime.

Use GET /i18n/export/{fileName} to download files with current i18n properties. Check if the downloaded file is correct.

Post-deployment steps

To be done after deployment

Verify permission changes and assign or remove required permissions if they have been overridden

Add new properties from the I18n properties changes to the downloaded i18n properties file and add translation for them if needed.

Use POST /i18n/import to upload and apply previously downloaded i18n file with added new properties.

Release migrations

Release migrations

  • Added a new column withdrawal_limit_check_enabled (boolean, NOT NULL, default false) to the currency_def table to support withdrawal limit control logic.

  • Extended the length of the name column in the account_def table to VARCHAR(64) to allow longer account names.

Changes to notice

Changes to notice

The following APIs were removed:

  • GET /profile-documents/view-document-types

  • POST /profile-documents

  • POST /profile-documents/identifier

  • GET /profile-documents

New functionality

Feature

Description

Benefits

Added ability to set support contacts on the UI in

System settings → Support contact settings

An administrator can set support contacts on the UI in

System settings → Support contact settings.

These contacts will be shown to users on the mobile application.

More flexible system management

Fireblocks integration

Fireblocks is an institutional digital asset infrastructure that provides secure custody and on-chain transaction execution, and its integration with SDK.finance enables crypto assets to be managed within a ledger-based financial system with controlled withdrawals, validated deposits, policy-driven execution, and full operational and accounting oversight.

Feature

Description

Ability to create an account in a UTXO-based asset.

The user selects a UTXO-based currency (BTC) and initiates account creation in that currency.

SDK.finance

  • Issues a deposit address via the Fireblocks integration within the shared Vault Account and links it to the user’s account in SDK.finance

  • links the SDK.finance customer ID as the customer reference ID to the issued deposit address

Ability to create an account in an Account-based asset.

The user selects an account-based currency (e.g., ETH) and initiates account creation in that currency.

SDK.finance

  • creates a per-user vault account in Fireblocks, and links it to the user.

  • links the SDK.finance customer ID as the customer reference ID to the user’s vault account

  • creates a vault wallet for the specified asset within the user’s vault account, and links it to the user’s account in SDK.finance.

Implemented webhook listener compatible with Fireblocks Webhooks v2.

The SDK.finance exposes a webhook endpoint compatible with Fireblocks Webhooks v2.

The endpoint receives webhook notifications for transaction events (such as transaction.created, transaction.status.updated, vault_account.asset.balance_updated), validates the notification payload according to the Webhooks v2 structure, and stores received events and notifications with status “received”.

Implemented a deposit to the account in Account-based and UTXO-based assets managed by Fireblocks integration.

The user sends funds to a deposit address that was generated for this user during account creation. Fireblocks detects the incoming transaction and sends a webhook notification to SDK.finance.

SDK.finance validates the transaction status and, if the transaction is completed, credits the user’s account in SDK.finance.

Ability to set safe withdrawal limit at the currency settings level.

An administrator configures the system safe withdrawal limit for a specific currency in SDK.finance and specifies whether this limit must be checked during the withdrawal flow.

Implemented a withdrawal from the account in Account-based and UTXO-based assets managed by Fireblocks integration.

The user requests a withdrawal from their SDK.finance account to an external blockchain address.

SDK.finance performs internal validations, verifies safe withdrawal limit if required, liquidity in the designated Fireblocks Withdrawal Vault, and initiates a Fireblocks withdrawal transaction.

Withdrawal flow is executed via two API calls. To run this flow, the currency provider details must be configured with a valid externalWithdrawalVaultAccountId.

  • Create a withdrawal request POST /gate/transactions

    • type = REDEEM

    • gateProviderId = Fireblocks

    • way = EMONEY

Returns: gateTransactionId

  • Submit withdrawal POST /gate/transactions/{gateTransactionId}/submit

    • withdrawalDestinationAddress mandatory parameter containing the withdrawal destination address (non-whitelisted / one-time address)

Webhook dispatcher

The webhook dispatcher allows integrations to be built at the middleware level based on events emitted by SDK.finance, without requiring any changes to the SDK.finance codebase, enabling external systems to react to platform events and implement new integrations in a flexible, event-driven way.

Feature

Description

Implemented webhook dispatcher

Webhook dispatcher can be configured to send defined events to the defined URL. All webhook requests are signed using HMAC-SHA256 to ensure authenticity and integrity.

Retry and Backoff Strategy is supported and can be configured.

Ability to configure sending webhook event when a KYC check is required.

When an organisation’s KYC status changes to pending (organisation is marked as ready for review) and the configured in the system KYC provider is a custom provider with external integration enabled, the system will generate and send a kyc_check_required webhook notification to the configured webhook endpoint.

Webhook will be sent if KYC provider is marked as active in the configuration (active-provider-name) and externalIntegration: true is set for this provider.

Example of webhook notification body:

{
 "id": "019c0a44-3775-7b72-8d2a-b49daefd82d1",
 "eventType": "KYC_CHECK_REQUIRED",
 "resourceId": "019c0a40-f6b9-739a-862e-eee0a4a85367",
 "createdAt": "2026-01-29T14:59:28.757Z",
 "data": {}

Ability to configure sending webhook event when a transaction with 3rd party integration is created.

When API POST /gate​/transactions to create gate transaction (top-up or withdrawal) is called, the gate provider is a custom provider with external integration enabled, and the gate transaction is created, the system will generate and send a gate_topup_initiated or gate_withdrawal_initiated webhook notification to the configured webhook endpoint.

Webhook will be sent if the provider is linked to custom gate (gate with "custom": true) and externalIntegration: true for this provider.

Example of webhook notification body:

{
 "id": "019c0a3d-91f0-7246-8a69-cc09293ae9d6",
 "eventType": "GATE_TOPUP_INITIATED", //GATE_WITHDRAWAL_INITIATED
 "resourceId": "019c0a3d-91ef-70b2-b101-957feb1eab49",
 "createdAt": "2026-01-29T14:52:13.168Z",
 "data": {
 "providerId": "019bff88-19ee-7466-88b3-29cd68ba08b3"
 }
}

Improvements

Feature

Description

Terms and Conditions and Privacy Policy documents are stored on back-end side instead of Mobile application and are received by Mobile application using APIs.

An administrator can upload Terms and Conditions and Privacy Policy documents on the BackOffile UI.

Mobile application gets documents by callling APIs.

Changed UI for managing Contracts.

The Contracts Management UI has been improved to be more user-friendly, clearer, and easier for managing contracts efficiently.

Added ability to enable OTP for login for users who do not have a verified phone but have verified email.

If users do not have a verified mobile phone, they can enable OTP for login using a verified email.

API changes

Updated

GET /i18n/export/{fileName}

The optional query parameter “resourcePrefixes” was added to the request URL.

Request examples:

GET /i18n/export/en.json (filter by core prefix by default)

GET /i18n/export/en.json?resourcePrefixes=core (filter by core prefix)

GET /i18n/export/en.json?resourcePrefixes=core,frontend (filter by core and frontend prefixes)

POST /property

The request parameters email and phone were marked as optional.

POST /currencies

PATCH /currencies/{currencyId}

added optional withdrawalLimit to the request

POST /authorization

If a phone is passed in the request and OTP is enabled, then the response will be:

{
 "action": "OTP_SMS_SENT",
 "maskedPhoneNumber": "01******89"
}

If an email is passed in the request and OTP is enabled, then the response will be:

{
 "action": "OTP_EMAIL_SENT"
}

GET /reporting/coins

The new optional query parameter organizationId was added.

Added

Upload an agreement documents. The maximum file size is 3MB by default. It can be changed in the system configuration by modifying the media.validation.max-size parameter. Uploaded document must be in a PDF format, otherwise error will be returned.

POST /agreement-document

Request body example:

form-data:
 file: <File> test.pdf
 documentType: <Text> PRIVACY_POLICY
 platformType: <Text> WEB
 organizationTypeCode: <Text> INDIVIDUAL
 locale: <Text> fr

Response body example:

{
 "agreementDocument": {
 "id": "019bdc48-17f8-79c0-a2d5-1c2743cacdb0",
 "fileId": "019bdc48-17f7-7f65-87ea-d7cf48cf7cd0",
 "documentType": "PRIVACY_POLICY",
 "platformType": "WEB",
 "organizationTypeCode": "individual",
 "locale": "fr"
 }
}

View agreement documents.

GET /agreement-document/view

Download an agreement document.

POST /agreement-document/resource

Request body example

{
 "documentType": "PRIVACY_POLICY",
 "platformType": "WEB",
 "organizationTypeCode": "individual",
 "locale": "fr"
}

Deprecated/Deleted

  • GET /profile-documents/view-document-types

  • POST /profile-documents

  • POST /profile-documents/identifier

  • GET /profile-documents

I18n properties changes

Added

The following properties were added:

core.notification.authenticate.confirm.sms=Your one-time password for authentication is ${confirmCode}
core.notification.authenticate.confirm.email_text=Your one-time password for authentication is ${confirmCode}
core.notification.authenticate.confirm.email_subject=One-time password for authentication

Configuration changes

New configuration property introduced: agreement.document.organization-types

Array of organization types that will be supported for Agreement documents upload. Defines which types of organizations can have Terms and Conditions and Privacy Policy documents
Default: INDIVIDUAL, MERCHANT

If Fireblocks integration is enabled, FIREBLOCKS_JWKS_URL env variable or fireblocks.integration.webhook.signature.jwks.url property must be defined.

JWKS endpoints:

Fireblocks publishes public keys in JWKS format for validating webhook signatures. Use the endpoint that matches your workspace’s environment.

Environment

URL

US Production

https://keys.fireblocks.io/.well-known/jwks.json

EU

https://eu-keys.fireblocks.io/.well-known/jwks.json

EU2

https://eu2-keys.fireblocks.io/.well-known/jwks.json

Sandbox

https://sandbox-keys.fireblocks.io/.well-known/jwks.json

New environment variables were introduced for Webhook Configuration with the following default values:

  • Enable or disable the webhook dispatcher timer

WEBHOOK_TIMER_ENABLED=false

  • Execution interval for the webhook dispatcher timer as cron expression

WEBHOOK_TIMER_SCHEDULE_EXPRESSION=0 0/1 * ? * *

  • Maximum time that webhook events are retained in the system (24 hours)

WEBHOOK_TIMER_EVENT_DELIVERY_TTL=PT24H

  • Time to wait before attempting to resend a failed webhook event

WEBHOOK_TIMER_EVENT_DELIVERY_RESEND_DELAY=PT30S

  • Maximum number of times the system will attempt to deliver a webhook event

WEBHOOK_TIMER_EVENT_DELIVERY_MAX_ATTEMPTS=5

  • Enable exponential backoff for webhook retry attempts

WEBHOOK_TIMER_EVENT_DELIVERY_EXPONENTIAL_BACKOFF=true

  • The base URL where webhook callbacks will be sent

WEBHOOK_URL=https://your-domain.com/api/v1/webhook/callback/url

  • The shared secret used to sign webhook requests

WEBHOOK_SHARED_SECRET=unique-shared-secret-key

  • Time to wait for establishing a connection to the webhook endpoint in milliseconds

WEBHOOK_TIMEOUT_CONNECT=5000

  • Maximum time to wait for the webhook endpoint to respond in milliseconds

WEBHOOK_TIMEOUT_REQUEST=5000

  • Array of event types that will trigger webhook notifications

WEBHOOK_EVENT_TYPES=KYC_CHECK_REQUIRED,GATE_TOPUP_INITIATED,GATE_WITHDRAWAL_INITIATED

Database changes

  • Added a new column withdrawal_limit_check_enabled (boolean, NOT NULL, default false) to the currency_def table to support withdrawal limit control logic.

  • Extended the length of the name column in the account_def table to VARCHAR(64) to allow longer account names.

Permission changes

New permission created: AGREEMENT_DOCUMENT_MANAGER, AGREEMENT_DOCUMENT_VIEWER

And granted to:

  • administrator

  • ceo