Summary of additions and changes to the Rehive platform. Breaking changes or removals will be indicated ahead of time in the deprecation timeline.
2024-12-18
- Added new
company.update
event to the available webhook events.- The
company.update
event triggers whenever a company resource is updated.
- The
- Updated DRF Rehive Extras to resolve swagger generation issue with examples on responses.
- Added a beta implementation of Oauth 2.0 that supports google and apple sign in.
- The API for the Oauth 2.0 functionality is still unstable and will likely undergo further changes before it is finalized. It should only be used in test projects.
- Updated the legal-terms resource to support a
url
for content rather than just the text field. - Updated
display_code
to have the same character limit as thecode
on thecurrency
resource. - Fixed a bug with account and transactions balance filters that resulted in no filtering getting done if a
0
value was provided. - Fixed a bug where transactions could still be created by admins on users in disabled groups.
- Fixed incorrect text on the swagger documentation for some endpoints.
- Fixed a transaction ID filter on the transaction collection listing page.
2024-09-30
- Added a new
refresh_token
response property to the login, register and token creation endpoints:- A
refresh_token
can be used to refresh an auth token for the default session duration or for a custom session duration. - A
refresh_token
has a lifespan of 31 days and can only be used to once. - The
refresh_token
will benull
if the auth token is permanent (has no expiry date).
- A
- Added a new
/3/auth/refresh/
endpoint that can be used to refresh auth tokens.- A
refresh_token
must be included in theAuthorization
header asRefresh-Token {token}
or an http-only cookie with the keyrefresh_token
must be set on the HTTP request. - The above
refresh_token
will be consumed on a successful request and a new one will be returned. The new one should be used for any subsequent refresh attempts. - A
session_duration
may be optionally set in order to customize the amount the auth token is refreshed by (otherwise the company defaults will be used).
- A
2024-09-17
- Updated
authentication
type challenges to have a hard expiry of 10 minutes. Exceeding the challenge lifespan period will completely reset the user’s session (clear tokens) and require the user to login again. - Updated the error messages on password reset failures to be more clear regarding the cause of the errors.
2024-09-06
- Added a new
Quoted
status to Rehive transactions.- The
Quoted
status occurs betweenInitiating
andPending
- This status is used to differentiate between a fully quoted transaction collection and an
Initiating
collection that can still have transactions appended to it.
- The
- Updated the transition flow (for transaction status changes) to handle steps to multiple transitions in a single transition set.
- Update the transition flow to support managed currency interruptions on any status change.
- Updated the
Currency
resource to support amanager_conditions
object that can be used to configure when managed currency interruptions should occur during the transition flow.
2024-08-15
- Fixed a bug with timezone handling and converting between UTC and custom timezones when filtering on metric points.
2024-08-14
- Updated the user document endpoint (
/3/user/documents/{id}/
) to support deletion of documents.- Only
pending
documents can be deleted by end users. All other document statuses will raise an error response.
- Only
2024-08-13
- Removed old document type handling as per the deprecation timeline.
- Removed old tier requirement handling as per the deprecation timeline.
2024-08-01
- Migrated all companies to the new document type handling.
- All old document types and categorieswill be fully removed as per the deprecation timeline.
- Migrated all companies to the new tier requirement handling.
- All old tier requirement functionality will be fully removed as per the deprecation timeline.
2024-07-09
- Added a new
middle_name
field to the user resource. - Added a new
middle_name
field tothe bank owner sub resource (on bank accounts). - Updated the tier requirement set items to support a
middle_name
field onuser
resource conditions. - Made small performance updates to the account listing balance filters.
2024-07-05
- Added a new
.com
domains for all Rehive managed extensions:
2024-07-03
- Updated the new tier requirement items to have the following condition ooptions on the
user
resource:fathers_name__isnull
mothers_name__isnull
grandfathers_name__isnull
grandmothers_name__isnull
- Fixed a bug in user update functionality that resulted in field changes not triggering a
status
reset correctly.
2024-06-18
- Added a new
listed
field to thegroups
resource.- If this field is set to
false
on a public group it will not be available on the public groups listing endpoint.
- If this field is set to
- Increased the max page size allowed on exports to 100000.
- Fixed a bug in exports that resulted in exports with 0 results getting stuck in processing.
2024-05-30
- Fixed a bug in the admin API that prevented admins from modifying account-currencies on crypto accounts.
- Added support for admins to delete primary emails on non-admin users.
- Added support for owners to delete primary emails on admin users.
2024-05-27
- Added a new
residencies
field that accepts a list of countries that a company supports for user residence. - Added a new
residency
field to the user resource. This field accepts a country value that must be in theresidencies
list above (if it is populated). - Fixed a bug in the swagger documentation that resulted in JSON fields or similar property-like fields getting displayed as
string
values instead of objects. - Fixed a bug in the fees cache that resulted in cache not getting cleared correctly when groups fees were added or removed.
2024-05-13
- Updated the default request delete verify URL to be
/request-delete/verify
instead of just/request-delete
. - Updated all auth email webhooks to include the company identifier and email in the URL query params.
- Updated inactivity handling on test companies to allow for a longer inactivity period.
- Fixed a bug in account serialization that was resulting in a missing
definition
field in some responses. - Fixed a bug in user filters that was resulting in all users getting returned when a non-existent user was included in a
user
filter.
2024-04-29
- Updated how metrics are built and stored internally:
- Multiple metrics can now be created with the same query.
- Metrics with the same queries all use the same data points.
- Added new filter fields on metrics and metric points.
- Fixed a bug in the list metric resource that was resulting in a 500 error when filtering.
2024-03-22
- Updated email/mobile
primary
field handling to support modification as well as more strict role based controls:- Users (and admins) can now modify their primary email/mobile as long as they have not verified their existing primary/mobile.
- Admins can modify the primary email/mobile of other users who are not admin users.
- Company owners can modify the primary email/mobile of any other user.
- Updated email/mobile verification (
verified
) handling:- When verifying their own emails/mobiles users must always use the full verification process themslves.
- Admins can manually verify the emails/mobiles of any other non-admin users.
- Owners can manually verify the emails/mobiles of any other users.
- Implemented an account/user deletion and verification process:
- Added a new
/auth/request-delete/
endpoint for a user to anonymously request a delete verification email. - Added a new
/auth/request-delete/verify/
endpoint for a user to anonymously confirm a delete verification request. - Added new
retention_state
field on the user resource to store whether a user has requested (and confirmed) account deletion. - Added a new
user.request_delete.verify
webhook event.
- Added a new
2024-02-29
- Updated the property level permissions functionalityy to support
change
andadd
permission levels.
2024-02-21
- Added a new system for limiting what fields users/groups can access on specific resources.
- A new
properties
field has been added to user and group permissions to contain a list of fields to deny/allow on a specific - This system currently only support field based permissions on the
transaction
type andview
level permissions. - Additionally, for now, this system only supports limiting fields within the
metadata
object of a resource.
- A new
- Updated email/mobile verify resend to only resend for the specified email/mobile and not all unverified emails/mobiles.
- Fixed a regression where 0 value limits were not unlimited as per the original design.
- Applied optimizations to the permission and permission cache handling used in authentication/authorization.
2023-12-19
- Updated the account-currency resource to contain an
id
property. - Add new
account_currencies
list property on wallet/crypto/bank accounts:- This stores a list of specific account-currencies a wallet/crypto/bank account is related to.
- Added CRUD for adding/removing account-currencies on wallet/crypto/bank accounts.
- Added account-currency filters on the wallet/crypto/bank account list endpoints.
- Updated crypto accounts to no longer require the address to be unique, multiple crypto account can be uploaded with the same address.
- Improved serialization and serilaizer inheritance to work better for wallet/crypto/bank accounts and accounts/account-currencies.
2023-12-12
- Improved filter performance on the transaction listing endpoints.
- Changed the way Rehive evaluates companies as inactive. Extension API calls are now excluded when calculating whether a company has an requests in the last 90 days.
- Added stricter validation to prevent the modification of company owner’s emails/mobiles by other users with admin permissions.
2023-11-20
- Added a new
expires
field to the transaction resource.- This field contains the timestamp when an
initiating
transaction will be removed/invalidated (if it does not changes statues before then).
- This field contains the timestamp when an
- Added a new
expires
field to the transaction-collection creation endpoint.- This can be used to add a custom
expires
date to all transactions that don’t have their ownexpires
field defined.
- This can be used to add a custom
- Added a new
default_transaction_lifespan
to the company settings resource.- This is the lifespan of
initiating
transactions that automatically gets applied to each transaction’sexpires
field if a custom one is not specified.
- This is the lifespan of
2023-11-16
- Added a new
password
field to the register endpoints. This replaces thepassword1
andpassword2
fields. - Added a new
new_password
field to the password reset confirm and password change endpoints. This replaces thenew_password1
andnew_password2
fields. - Updated the Swagger schema to include information on deprecated fields.
2023-11-01
- Updated validation when adding permissions to groups. An error will now be triggered if an admin permission is added to a user section group.
- Updated MFA handling to throw an error when a admin user tries to enable SMS MFA.
- Updated the validation of company names, and all user name fields to be more strict on what values are accepted.
- Added a new
creator
property to the transaction resource. This property contains the user that created the transaction and it can be accessed via:- All transaction webhook events:
transaction.create
,transaction.update
,transaction.initiate
,transaction.execute
. - The admin transaction retrieve endpoint :
/3/admin/transactions/{id}/
- All transaction webhook events:
2023-10-24
- Added a new
weight
field to requirement sets and requirement set item resources. - Updated the requirement set item resource
name
,description
, andweight
fields to be editable viaPATCH
andPUT
. - Added new
created
andname
filters to the bank, crypto and wallet account resource listings. - Added a new
number
filter on the bank account resource listing.
2023-09-22
- Updated webhooks to be associated with a service if created by a service user.
- Updated webhooks so that they cannot be deleted or modified if they are related to an active service.
- Updated the request logs to return the
headers
field as properly formatted HTTP headers rather than the internal all-caps format. - Updated service activation/deactivation to return more details on the type of error when an error is thrown by the service.
- Fixed the format of errors on transaction-collection creation. It was incorrectly returning a list of errors under
data
rather than a object.
2023-09-11
- Fixed multiple minor bugs in the admin search endpoint. The admin search endpoint had issues searching by some special characters or multi-word inputs.
- Fixed a bug where idempotent requests were not getting their request body (POST data) saved correctly in the request logs.
- Fixed the error key used in 404 error outputs when an authenticator does not exist.
- Fixed a bug when handling a 404 response on authenticator delivery that resulted in a 500 error instead of a 404 error.
2023-08-16
- Final removal of the deprecated MFA functionality.
- The replacement MFA functionality is documented here.
2023-07-07
- Updated the Platform API swagger schema to use OpenAPI version 3.0.3. This change includes significnat improvements to the schema generation as well:
- Added schema components (previously definitions) for response enevelopes (ie.
{"status": "success", "data": {}}
. - Improved Swagger UI examples for requests and parameters.
- Improved schema generation for objects that can
oneOf
several differnet schemas.
- Added schema components (previously definitions) for response enevelopes (ie.
- Added a
label
field to the tier requirement sets resource.
2023-06-30
- Updated the timestamp field to be an integer type in documentation.
- Significantly improved the generation of the swagger
responses
:- Previously, documented
responses
on some endpoints were different to the actual results when the endpoint was invoked. - Additionally, the documented response statuses on some endpoints were different to the actual results when the endpoint was invoked.
- Previously, documented
2023-06-21
- Added a new
clear_session_option
field to the password reset confirm endpoint. This field supports three clearing options:all
: Clear all sessions and tokens including permanent tokens (that may be used as API tokens).temporary
: Clear only temporary sessions and tokens with an expiry (this is the default behaviour).none
: Clear no sessions and tokens.
2023-06-14
- Added a new
related_resources
list field to thedocument-type
. - Added a new
metadata
field to thedocument-type
resource. - Fixed a bug with the
date
filters on the metric points endpoint that resulted in the unresolved metric point getting included in invalid date ranges. - Fixed a bug with transaction count metrics that resulted in 0 results getting aggregated due to a queryset filter error.
2023-06-05
- Fixed a bug in exports that resulted in memory usage issues (and eventual failures) on the
account
resource. - Updated CSV exports to have simpler more CSV-appropriate columns and not create columns for nested list fields.
- Updated
metadata
fields in CSV exports to always be a single column with the JSON formatted as a string.
2023-05-30
- Added a new
use_new_documents_and_requirement_sets
field to the company. This can be used to switch to the new document and tier requirements functionality.- Turning this on will block the adding of document without using a
type
instead of adocument_type
. - Turning this on will switch requirement evaluation for tiers to use the new
requirement-sets
and requirementitems
.
- Turning this on will block the adding of document without using a
- Added thew new
document-type
resource. This will replace the static list of document types.- POST, GET :
/admin/document-types/
- GET, PATCH, PUT, DELETE:
/admin/document-types/<doc_id>/
- GET :
/document-types/
- GET :
/document-types/<doc_id>/
- POST, GET :
- Updated the
document
resource to accept a new field oftype
, which must be an ID of the a object of thedocument-type
resource. - Added a new
requirement-set
resource. This resource will be used to store thew new requirements for a tier. The advantage of requirement sets is that they can be defined with a condition ofall
orany
(with an additional number indication how many) and can be structured in a nested way using theparent
field (only one level of nested sets is supported).- POST, GET :
/admin/groups/<group_id>/tiers/<tier_id>/requirement-sets/
- GET, PATCH, PUT, DELETE:
/admin/groups/<group_id>/tiers/<tier_id>/requirement-sets/<req_id>/
- GET :
/groups/<group_id>/tiers/<tier_id>/requirement-sets/
- GET:
/groups/<group_id>/tiers/<tier_id>/requirement-sets/<req_id>/
- POST, GET :
- Added a new
item
resource under therequirement-set
resources.items
encapsulate requirement rules and can be used in combination with requirement-sets to construct complex requirement hierarchies. Currently the only supported rule type isresource
which accepts acondition
andresource
value. Conditions are formatted as JSON like{"first_name__isnull": false}
.- POST, GET :
/admin/groups/<group_id>/tiers/<tier_id>/requirement-sets/<req_id>/items.
- GET, PATCH, PUT, DELETE:
/admin/groups/<group_id>/tiers/<tier_id>/requirement-sets/<req_id>/items/<item_id>/
- GET :
/groups/<group_id>/tiers/<tier_id>/requirement-sets/<req_id>/items/
- GET:
/groups/<group_id>/tiers/<tier_id>/requirement-sets/<req_id>/items/<item_id>/
- POST, GET :
- Updated the deprecation timelines. All functionality related to the old document type handling and requirements handling is now deprecated and subject to removal as per the deprecation timeline.
2023-05-25
- Updated the platform to be seperated into two API schemas:
- The Platform API - Core user API: https://api.rehive.com/swagger
- The Platform Admin API - Management API: https://api.rehive.com/admin/swagger
2023-05-18
- Fixed a bug in the webhook initiation on user deactivation that resulted in no webhook event getting triggered.
- Fixed a bug in active user counts that resulted in incorrect system metrics.
- Updated metrics to include more types of metrics and support
accumulate
andset
metrics.
2023-05-04
- Updated service activatation and deactivation errors to include additional error details. Three possible error response can be returned now:
- Connection error:
An error occurred in the service: Unable to connect to {url}.
- Explicit service error:
An error occurred in the service: {message}
- Generic service error:
An error occurred in the service: Received a {code} response from {url}.
- Connection error:
2023-04-28
- Final removal of deprecated items listed under the date 2023-04-25.
- Fixed a 500 error on admin user listings when filtering by
account
,account__name
, oraccount__label
. - Fixed a bug in account deactivation that resulted in no webhook event firing off (and no notification with a deactivation link).
- Fixed a bug in account primary field handling that resulted in multiple primary accounts per user in some very specific scenarios.
2023-03-20
- Added a new authenticator-rule type of
setup
. This rule can be used to force users to setup MFA on their account.- A list of types can be configured to indicate which authenticators are allowed in order for a user to be considered compliant.
- Like other authenticator rules, the group can be customized so that these rules only apply to users in a specific group.
- Updated MFA authenticator list and view endpoints to mask some attribute values. The POST response will not be affected by this change.
- Fixed a bug in media type handling on request logs that previously resulted in an internal error when trying to save request body data.
- Added new
section
andarchived
filters to the groups list endpoints.
2023-03-07
- Fixed a bug in legal term handling on registration that resulted in 500 errors if an invalid legal term was used.
- Fixed a bug in webhook handling that sometimes resulted in
user.email.verify
andmfa.sms.verify
events not getting sent.
2023-02-23
- Removed the old notification handling from the platform. Going forward all notifications besides initial email/mobile verify (welcome) emails must be sent via the notification extension.
- Added new
deactivated
filter to the adminuser
(s) list endpoint.
2023-02-20
- Fixed a bug in the
currencies
property on the admin accounts list endpoint. - Fixed a bug in account synchronization that resulted in archived accounts getting set as primary.
- Fixed a bug in the population of the
resource
andresource_id
fields on the request resource when a request resulted in a 400 error. - Updated the
first_name
andlast_name
fields on the user resource so that they allownull
and default tonull
.
2023-01-31
- Major update to the way transactions and transaction collections are transitioned.
- Transactions can now be created as
initiating
. No effects or transitions will be run on these except for general validation. - Transitions (between different transaction statuses) are now recorded in a transaction transition resource.
- Added managed currency transaction transition approvals flow.
- Added account balance pooling within collections when doing balance checks.
- Updated collections to always transition as a whole (ie. individual transactions cannot have different statuses to other transactions in the same collection).
- Transactions can now be created as
- Added automated pruning of initiating transactions older than 15 minutes.
- Added new endpoints for retrieving, listing and updating transaction transition resources.
- Added new
transaction.transition.create
andtransaction.transition.update
webhook events. - Fixed a minor bug when updating a collection status that would result in the new status not showing in the response.
- Updated
action
handling on bank, crypto and wallet accounts.- User endpoints can now only create, delete and modify accounts with an action of
deposit
. - Admin endpoints can create, delete and modify all action types.
- User endpoints can now only create, delete and modify accounts with an action of
2022-12-14
- Updated all endpoints that return the token resource (including login and register) to include the
expires
andcreated
fields. - Updated the admin token create endpoint to include the
user
field on the response as well. - Improved Swagger documentation so that boolean fields use the correct default values.
- Added new
transactions__created
andexclude__transactions__created
filters on account assets.
2022-11-28
- Added new Python SDK code samples to the Swagger documentation.
- Removed the
permissions list
from the list groups and view groups serializers. - Updated Swagger documentation to exclude deprecated endpoints.
- Fixed
services
list representation in the Swagger documentation on the company object. The field now correctly shows a sub service resource instead ofstring
. - Updated service view endpoint to not return a list of permissions. The permissions should be retrieved using
/services/<id>/permissions/
instead.
2022-11-09
- Added new optional fields to the user bank accounts resource:
owner
object that contains:first_name
,last_name
,address
,phone_number
,email_address
,ein_tin
,cpf_cpnj
, andcompany_name
beneficiary_type
with optionsindividual
andbusiness
payment_method_type
2022-11-03
- Improved the Swagger documentation of enum fields to correctly only include the values allowed on PATCH, PUT and POST.
- Improved the Swagger documentation to include summaries, descriptions and x-code-samples (when available) on all admin endpoints.
2022-10-24
- Fixed a bug where the user bank account create endpoint was throwing an error when the branch address field is an empty object.
2022-10-03
- Fixed a bug where the
withdraw
action could not be set on new company bank or wallet accounts. - Updated the
action
field to allow admins to set it asnull
on wallet, crypto and bank accounts. - Updated the
username
field on the user resource to allow admins to modify its value. - Updated the
manager
field on the currency resource to contain aservice
object if the manager is a service user.- The
service
object contains the following service fields:id
,slug
,name
,url
,type
.
- The
2022-09-22
- Added new
action
field to the wallet, crypto and bank account resources. This field can contain the valueswithdraw
ordeposit
.- Only admin users can set the value on these resource as
deposit
.
- Only admin users can set the value on these resource as
- Added new
action
filter to the wallet, crypto and bank account listing pages. - Updated the transfer endpoints to support
null
values on therecipient
field.
2022-08-25
- Added validation to to prevent users from creating an unlimited number of certain resources. This applies to emails, mobiles, addresses, wallet accounts, crypto accounts, bank accounts and devices.
- Optimized the handling of timezones when calculating which metrics needs to run at a given time.
- Added the
management_url
to the editable fields on the Service resource. - Fixed a bug with webhook expression evaluation that made it impssoible to evaluate an expression that included a condition on a list.
- Added new throttling on MFA device creation. Requests to the MFA device create endpoint(s) are now restricted to no more than 10 requests an hour (per user).
- Added new throttling on MFA SMS delivery. Requests to the MFA SMS delivery endpoint(s) are now restricted to no more than 10 requests an hour (per user).
- Updated the SMS messages for SMS OTPs to include the company information and user name if available.
2022-08-03
- Fixed an issue on company link endpoints and their permission checks that resulted in 500 errors.
- Fixed a bug on subtype partner validation that resulted in the incorrect error text.
- Fixed a bug in subtype partner validation where it was trying to do validation on
null
inputs. - Fixed filters on the admin webhook list endpoint: there was a regression that caused these filters to no longer work.
- Added a new
owner
field to theuser
resource to indicate whether they are the owner of a company. - Added a new
owner
field to thecompany
resource to indicate which user is the owner of that company.
2022-07-06
- Added inclusive fees on
debit
transactions and updated the transaction builder to correctly adjust amounts and subsequent transactions wheninclusive
is specified on a transaction. - Added an
index
field to the transaction resource, this contains the transactions position in it’s transaction collection. - Added a new
webhook__url
filter on the webhook tasks endpoint. - Fixed a bug in decimal validation handling that caused a 500 error on certain integer inputs.
- Addressed an issue with related transaction discovery on transaction updates that resulted in fee transactions not transitioning at the same time as their parent.
2022-06-02
- Subtypes can now be filtered based on whether they have a
partner
via thepartner__isnull
filter field. - Adding a
partner
to a subtype with the incorrecttx_type
will now be prevented. Additionally all errors related to subtype partners have been updated to provide more clarity. - The subtype partner system has been updated to be use the subtype as the primary resource rather than a separate
subtype-partner
resource, which has been removed.- The partner can be modified/added using the field
partner
, which accepts an integer value.
- The partner can be modified/added using the field
2022-05-31
- Improved the consistency of how metadata is populated on new objects. The
metadata
field will now always default tonull
. - Adjusted the transaction-collection update endpoint to support updating the
status
if there is no clash on member transaction statuses.- ie, disallow updates to
failed
when there are alreadycomplete
transactions, but allow updates tofailed
if there are nocomplete
member transactions.
- ie, disallow updates to
- Updated the account merge functionality (when temporary user transfers are merged into new users) to only try and complete transfers if they are on non-managed assets.
2022-05-16
- Updated most choice based fields to correctly output the list of choices in the Open API schema.
- Switched all extensions to the following 3 types:
public
,private
andsystem
(removedextension
). - Updated file handling on document and export files:
- Going forward, the URLs for these files will now expire after 1 hour and a new URL will have to be retreived to continue to access the files.
- Fixed a bug in the “account currency” export where it was using
account_asset
instead ofaccount_currency
for theresource
value.
2022-05-14
- Fixed a bug in
metadata
on resource creation where proper JSON size and merge validation was not performed. - Added new security definition description to the Open API schema.
- Added new emprty
security
rules to to the Opern API schema on endpoints that do not require authentication. - Added caching to the Open API schema to speed up load times.
2022-04-26
- Added support for companies to add their own
private
type extensions via the/3/admin/services/
endpoint. These services are only accessible by the company that created them. The benefits of using theservices
resources for extension managment are:- Activation/deactivation will be handled like
public
Rehive services and each service activation will automatically create aservice
user thus reducing the manual effort required to do this yourself. - The
service
users will be automatically managed so thatpermissions
set on the service will be applied to the user. - The
service
will be accesible in theservices
list so service discovery can be automated in your applications. - Future “built-in” functionality will become available immediately to your services when added: key rotation, service managed webhooks and more.
- Activation/deactivation will be handled like
2022-04-22
- Fixed a bug with mobile validation on the admin create user endpoint. Previously this endpoint failed to validate that a mobile number was part of allowed company nationalities.
2022-04-20
- Added new system metrics. All new companies will now have three default metrics that cannot be removed or modified:
user_count
,user_active_count
, andtransaction_count
. - Added new admin endpoints for password reset and user deactivate.
2022-04-13
- Improved the error messages for throttling to include a custom reason based on the specific throttle that failed.
- Throttling error with an explicit reason be formatted as
Request was throttled: {reason}. Expected available in {time}.
. - For generic throttling error will still be outputted as
Request was throttled. Expected available in {time}.
.
- Throttling error with an explicit reason be formatted as
2022-04-07
- Added a new
pending
option to the companystatus
field. Thestatus
field will nopw automatically be set topending
on production mode companies. A Rehive admin will change it toactive
once a company has been reviewed and approved for production. - Fixed a bug that resulted in company links not getting carried over to the billing service when included on a company create request.
2022-03-22
- Fixed a bug in admin account updates that resulted in the user performing the update getting incorrectly attached to the account.
- Updated all platform webhook events to originate from a single IP: 34.91.230.165.
- Updated the admin auth register endpoint to support the same additional fields as the anonymous auth register endpoint:
language
,timezone
,gender
,title
,marital_status
, andid_number
.
2022-03-11
- Fixed a bug in account definition synchronization: When creating a new account definition the system would previously attempt to assign all accounts with the same name to that account definition but it should have instead been ignoring all accounts that are not attached to a user (ie. standalone account should not be linked to accountd definitions).
2022-03-01
- Fixed a bug where image sizes were handled incorrectly when stripping EXIF data, which resulted in 500 errors on some file uploads.
2022-02-18
- Fixed a bug in request body parsing in request logging that resulted in a 500 errors if the body contained invalid JSON on requests where the body is normally not parsed (GET methods, not found errors, authentication errors etc.).
2022-02-17
- Updated all upload fields to strip out all EXIF data from image uploads. This will helpe ensure users do not mistakenly expose sensitive information about themselves via image uploads eg. profile pictures, company logos and icons, and documents.
2022-02-09
- Updated the registration endpoints (company and user registration) to support the following fields:
language
,timezone
,gender
,title
,marital_status
, andid_number
. - Fixed a bug in file uploads where incorrecatly formatted form data resulted in 500 errors. These errors will now correctly throw a 400 error.
2022-02-03
- Added new webhook events for
company.link.create
andcompany.link.update
.
2022-02-02
- Added new swagger help text in the swagger UI description.
- Added a new
subtypes
field to the currencies resource on endpoints that retrieve a single account. This field returns a list of subtypes that the currency may use (subtypes are excluded from this list bu company, group, tier, account asset and user subtype settings).
2022-01-28
- Added new
enabled
boolean to allow webhooks to be turned on and off. - Added new company linking functionality that will be used for linking test companies to production companies.
2022-01-14
- Added a new
metadata
field on accounts. - Changed account handling to prevent the editing of the
user
field on existing accounts. Thisuser
field can only be set on create.
2022-01-11
- Fixed a bug on metrics listings where on new metrics that were still getting processed a 500 error could occur.
- Fixed a bug with the
slug__in
filter not working and triggering a 500 error on metric listings. - Added new
account.create
andaccount.update
webhook events to facilitate with managed currency flows.
2021-11-30
- Added admin authenticated login and register endpoints. These endpoints should be used by machine users and services that require access to login and register but should not be impacted by user throttles, rate limiting, bot protection, and other rules that apply to unauthenticated (anonymous) users.
/3/admin/auth/login/
- An admin token must be included in theAuthorization
header./3/admin/auth/register/
- An admin token must be included in theAuthorization
header.
2021-11-26
- Fixed a bug in idempotency handling where requests were not getting treated as unique through a combination of the
key
,method
and URL and instead were unique based on only thekey
.
2021-11-16
- Fixed a bug where archived accounts could result in an odd “duplicate” validation error when creating transactions.
- Improved resource listing and filtering performance on some resources: challenges, authentication rules.
2021-11-05
- Final removal of the
kyc
field on the user resource (as per the deprecation timeline). - Final removal of the
email
andmobile
fields on the partner resource within a transaction (as per the deprecation timeline). - Added a new
archived
filter on the admin account list endpoint.
2021-10-27
- Increased the size of the webhook condition.
- Fixed a bug in TOTP MFA when generating OTP URLs using a user that has no email address.
- Added a
metadata
field to all bank account resources.
2021-10-13
- Added a new wallet-accounts resource and added endpoints for accessing and managing them.
- Fixed a bug in schema generation that resulted in duplicate operation IDs in the swagger schema.
2021-09-27
- Added new endpoints and fee functionality for attaching fees to groups (in addition to the existing account currency and group tier fees)
- Added fee caching and building that uses a “named” fee hierarchy that applies to group fees as well as the original 2 types of fees.
2021-09-22
- Migrated all platform file storage to a Google Storage bucket (files will no longer be sources from an Amazon S3 bucket).
2021-09-14
- Added new user metrics:
user_count
anduser_active_count
. - Added new metric filters:
slug
andslug__in
. - Added new handling of
section
logic for metrics that should only work on certain sections. - Added new managed currencies:
- Currencies can now include an optional
manager
field that can be populated with a user. - Currencies that have an attached manager can only be executed (to
complete
offailed
) by the manager. - These currencies can be used when a 3rd party integration/service should be repsosible for a currencies execution.
- Currencies can now include an optional
2021-08-03
- Added new document categories:
proof_of_identity
,proof_of_income
. - Added new document types:
payslip
,employment letter
andfinancial_statement
. - Added new gender, title,
marital status
,central_bank_number
,fathers_name
,mothers_name
to the user resources. - Updated tier requirement to handle new document types, categories and user resource fields.
2021-06-30
- Fixed a bug that resulted in some limits sometimes not getting correctly included in transaction checks (when multiple limits were configured for the same type, account and currency).
- Fixed a bug that resulted in a 500 error instead of a 403 error when a user was logged out mid-session (and the user has multi-factor authentication enabled).
2021-06-22
- Performance improvements on the transaction listing endpoints and cursor pagination.
- Performance improvements on the request listing endpoints and cursor pagination.
- Fixes for the request logging to prevent 500 error on some types of malformed JSON.
2021-06-10
- Added a new API interface for handling multi-factor authentication via a new
authenticators
resource.- Authenticators are now added/listed on the
/3/auth/mfa/authenticators/
endpoint. - Authenticators are verified using the same
/3/auth/mfa/verify/
endpoint but an additionalauthenticator
field must be specified to verify a specific authenticator. - Authenticator
token
s can be delivered (if supported by the authenticator) via the/3/auth/mfa/deliver/
endpoint. Anauthenticator
must be specified. - There are three types of authenticators:
static
,totp
, andsms
. - The new
static
type can be used as MFA recovery codes. It generates a list of “single user” tokens that can be used instead of another authenticator.
- Authenticators are now added/listed on the
- Updated existing MFA devices to function within the new
authenticator
resource.- This change is backwards compatible although the old endpoints and MFA functionality will be deprecated and removed according to the deprecation timeline.
- Added a new
authenticator-rule
resource that can be used to define how MFA works on a company.- Rules can be defined to trigger on
authentication
orauthorization
. - Rules can be configured to trigger
permanent
,durable
orephemeral
challenges. - Rules can be configured on specific
group
s. - Rules can be configured to only trigger on a specific
session_age
.
- Rules can be defined to trigger on
- Added a new
authenticator-challenge
resource that represents individual MFA challenges to a user session.- Challenges are thrown as errors on requests and included in the
data
of the response under achallenge
property. - Challenges are returned on login (authentication) endpoints under a
challenge
property. - Challenges can be durable or ephemeral. Ephemeral challenges are single use challenges that can only be used once for access to a specific permission level resource.
- Challenges are verfiied via
/3/auth/mfa/verify/
but an additionalchallenge
field must be specified to verify a specific challenge. - Challenge
token
s can be delivered (if supported by the challenge) via the/3/auth/mfa/deliver/
endpoint. Anchallenge
must be specified." - Ephemeral challenges, once verified, must be included in the
Verified-Challenge
header of the follow up request to access the endpoint that originally triggered the challenge.
- Challenges are thrown as errors on requests and included in the
2021-05-24
- Added new
recon
boolean field on account and account definitions.- This field can be used to identify accounts that have record external account information and should not be used for internal totals.
- Added new filters on transactions and accounts for the
recon
field. - Updated currency overviews to only give an overview on accounts with a
recon
value offalse
.
2021-05-18
- Removed the
immutable_transactions
field in company settings as per the deprecation timeline. - Removed support for mutable failed/complete transactions as per the deprecation timeline.
2021-04-14
- Added two new webhook events for currency resources:
currency.create
currency.update
2021-04-13
- Removed the POST
/auth/tokens/verify/
endpoint as per the deprecation timeline. - Removed the source/destination property on transactions as per the deprecation timeline.
- Improved the performance of export generation.
- Fixed a bug in metrics where results were not generated correctly for pending transaction resources.
2021-03-30
- Added new “legal terms” to the platform. Legal terms are used to store platform dictated and company terms and conditions and other legal documents users should accept. These ar available on the following endpoints:
/public/legal-terms/
- Public endpointfor getting terms that apply globally (platform dictated)./public/companies/<id>/legal-terms/
- Public endpoint for getting the terms that apply to a specific public company./admin/legal-terms/
- Admin endpoint for adding and viewing all terms on the company (including platform dicated ones)./admin/users/<id>/legal-terms/
- Admin view of what terms a user has accepted (and not accepted).
- Added new
legal_term_versions
field on register. This can be used to specify a specific legal terms version as “accepted” on register.
2021-03-15
- Fixed a bug when changing a users group that resulted in non default accounts getting added to the user.
2021-03-11
- Added new generic document types for each document category.
- Added new
identifier
field on partner objects.- This field will contain the “identifier” used by a user when creating a transaction.
- For instance, if a user transfers to
[email protected]
, then theidentifier
field will contain[email protected]
. - This field will replace the existing
email
andmobile
fields as these fields currently expose excess user data. Check the deprecation timeline for details.
2021-03-03
- Updated the account synchronization functionality on account definition changes to eliminate some edge cases in processing.
- Removed DELETE on many resources. These resources are no considered “audited” resources and therefor do not support deletion.
- These resources include: Users, Groups, Accounts, Account, Currencies, Transactions, Account Definitions (and Account Definition Groups and Currencies).
- Archiving of these resources is now the only option.
- This change was made in order to comply with new audit requirements and also deal with the current technical space and scale we operate within.
- Updated to a new metrics format where a
type
is specified rather than a resource, expression and function.
2021-02-25
- Added new immutable transaction functionality that can be turned on with the
immutable_transactions
field on the company object. This boolean is temporary and will be phased out in favor of force immutability on all companies. - Improved transfer claims on newly registered users to better handle events and retransition the transactions correctly.
- Added a new
executed
date on transaction resources. This contains the date a transaction transitioned frompending
tocomplete
orfailed
.
2021-02-11
- Updated the metric points on metric resources to contain an additional “unresolved point” that contains rolling data for the current day (interval).
- The unresolved point is prepended to the results and contains the current
date
and avalue
. Theid
will benull
as this point is dynamically calculated and is not stored in the database. - The unresolved point will replace the latest point if the
interval
is set toweek
,month
,year
and it is not the first day of the interval. - The unresolved point will not be included if the
date
filters applied to the endpoint eliminates the current day. Or if the page number/position is not the first page.
- The unresolved point is prepended to the results and contains the current
2021-02-10
- Added a new
require_registration
boolean option to the company settings. Defaults tofalse
.- When set to
true
transactions to/on a user will fail if the user is not registered in the system. This will prevent temporary users from getting created automatically on transfers to unregistered users. - This can be used in combination with
require_verficiation
in order to gain more control over how transactions are processed. - We recommend always keeping
require_verficiation
turned on, even whenrequire_registration
is turned on. This is because therequire_verification
handling prevents users from sending to unverified emails/mobiles belonging to another user.
- When set to
2021-01-29
- Added a new
deactivated
boolean to user resources. Users that are deactivated cannot login, authenticate or access any authenticated endpoints.- A user can request deactivation via a
POST
to/auth/deactivate/
. - A user will receive an email with an included “deactivation link”. The deactivation key can be submitted via a
POST
to/auth/deactivate/verify/
. - Once deactivation is verified, the user will be locked out of their account and their auth tokens will be deleted. The user can still request a password reset.
- An admin can deactivate (or reactivate) a user by changing the
deactivated
boolean totrue
orfalse
.
- A user can request deactivation via a
2021-01-19
- Fix for a bug where currency was throwing required errors on company level subtype controls.
2021-01-18
- Added new
/admin/transaction-collections/<id>/transactions/
endpoint withGET
andPOST
methods.- This endpoint supports getting a list of transactions belonging to a transaction-collection
- It also support appending (creating) new transactions to a transaction collection.
- Removed the old export endpoints. The following endpoints should now be used for all exports:
/exports/
/exports/<id>/
/admin/exports/
/admin/exports/<id>/
2021-01-11
- Added new
/admin/subtype-partners/
endpoint- This endpoint can be used to define subtypes that can be used together as partners.
- These rules are enforced when creating transactions and an error will be thrown if they are violated.
2020-12-11
- Added a new
Idempotent-Replayed: true
header on replayed idempotent responses. - Updated transaction collections to support a custom id on creation.
- The custom
id
must be a valid v4 UUID.
- The custom
- Fixed a bug on archiving account definitions that resulted in a failure on syncing children accounts to the new parent state.
2020-12-10
- Replaced account-configurations with account-definitions. The new account definitions are sharable between groups and will also apply effects retroactively.
- Account definitions will be linked to multiple groups instead of belonging to a single group.
- When applying changes to account definitions, these changes will be automatically applied to all related accounts/users and groups as well.
- Added new account definition selection on all disallowed transaction subtype rules, fees and limits. Setting this field will allow subtypes, limits and fees to be controlled/set on an account definition basis: eg. disallow a subtype for all accounts named
default
.- All subtype rules have been modified to support a different CRUD interface (Via the API). Old format subtype rules will be automatically migrated to the new format.
- All fee and limit changes will remain unchanged except that they now support an additional option.
- Fixed some issues with the generation of swagger documention. The resulting swagger schema will now pass validation and have no duplicate operation IDs.
- Updated the cache handling of multiple resources to be performed more efficiently in the background.
- The
/subtypes/
list will now automatically be filtered by the subtypes available to the user and their group. - Added
default_session_duration
as a configurable company setting. Supports values in seconds between 1 and 2678400 (up to 31 days). - Added a new service key rotation mechanism that will be rolled out to our services in the coming year.
2020-10-26
- Added a new optional
checks
property to transaction create and update on the admin API.- This field can be used by admins to customize what checks are done when validating a transaction.
- The following options are available:
balance
,verification
,limits
andtype
.
- The
checks
property has also been added to the multi transaction and transaction collection endpoints.
2020-10-13
- Fixed a bug on account and transaction filters that resulted in
0
valuebalance
filters getting ignored instead of properly filtered against in the results.
2020-09-25
- Added filters on auth tokens so that keys can be excluded/included on DELETE as well as GET.
2020-09-08
- Fixed a performance issue that occurred when creating transactions without specifiying a
user
in the request. Requests that include only anaccount
should now perform equally to those that include auser
in the request data.
2020-08-26
- Added metric tracking for
transaction
anduser
resources. Metrics can be configured to count/sum a specific data set at midnight every day. The data set can be customized using filters and the time at which the metric updates can be configured by setting an appropriate timezone./admin/metrics/
/admin/metrics/<id>/
/admin/metrics/<id>/points/
/metrics/
/metrics/<id>/
/metrics/<id>/points/
2020-08-17
- Added a new
routing_number
to all address objects. - Added a new
branch_address
to all bank account objects.
2020-07-17
- Updated the
POST
on the/auth/tokens/
endpoint to require an extra MFA step if the user has MFA enabled.- Previously we accepted the current user’s MFA status as adequate authentication to perform this action.
2020-07-17
- Added a new set of endpoints for end users to get permissions associated to a group.
- Groups list:
/3/groups/{group_name}/permissions/
- Group view:
/3/groups/{group_name}/permissions/{permission_id}/
- Groups list:
- Added missing
name
anddescription
field to the fees on deep nested endpoints. - Fixed 404 errors on listing pages. They now correctly throw a 404 instead of returning an empty list.
- Added orderby to the admin documents list:
- Supported fields are:
created
,-created
,updated
,-updated
,expires
,-expires
)
- Supported fields are:
- Updated
metadata
fields to use JSON-Merge-Patch on updates:- This means that the full
metadata
does not have to be sent on PATCH/PUT as the new data will be merged into the existing data. - The full spec can be seen here: https://tools.ietf.org/html/rfc7386
- This means that the full
2020-07-14
- Updated the
account
field on transaction create (debit, credit, multi and transaction collections) to support either aname
or areference
as a value. If a name is used, then ensure auser
is included along with it.
2020-07-09
- Fixed an issue where trying to delete an email belonging to an archived user resulted in a “Cannot modify archived object” error.
2020-06-01
- Added a new
name
field to fees. this name may only be lowercase, underscores and numbers and only one fee can exist on a given level per name (ie. there can be one group_tier fee with the name main_fee and one account asset fee with the name main_fee). - Updated fee calculation (on transactions) to only retrieve one fee per
name
. This means that if a Group Tier fee is defined AND a Account Asset fee with the same name, then only the Account Asset fee will be applied).
2020-05-11
- Updated all
disallowed_transaction_subtypes
fields in relevant settings to support an additional list of currencies on which that specific subtype is disabled.
2020-04-20
- Added new utility methods for deleting authentication tokens
DELETE
on/auth/tokens/
will now delete all tokens belonging to the authenticated user.DELETE
on/admin/users/tokens/
will now delete all tokens in a company. This endpoint works with the filters available onGET
ie./admin/users/tokens/[email protected]
.
- Added new functionality to ensure old idempotent keys are cycled out of the system after 1 week.
- Added new
/auth/
endpoint for checking whether a user is authenticated via a GET request.- The
/auth/tokens/verify/
endpoint will be phased out in favor of the new/auth/
endpoint.
- The
2020-04-14
- Added new data based throttling for anonymous auth endpoints.
- Authentication attempts with identical data will now be throttled regardless of user/IP.
- This also applies to register, password reset and email/mobile resend.
- Added new group icon/image.
- Added new
archived
filter on the admin currency list.
2020-04-02
- Added new list public groups endpoint for public companies:
/public/companies/<id>/groups/
- Added new retrieve public group for public companies:
/public/companies/<id>/groups/<group_name>/
- Fixed a bug where existing unconfirmed token devices in MFA would cause errors when trying to verify SMS devices.
- Fixed a bug where the
token
field was not getting included in the MFA verify swagger schema. - Added new global export endpoint that correctly handles retrieval of multiple resource type exports.
/exports/
/exports/<id>/
/admin/exports/
/admin/exports/<id>/
2020-03-26
- Updated message handling on transactions. Added new endpoints:
/admin/transactions/<id>/messages/
/admin/transactions/<id>/messages/<id>/
/transactions/<id>/messages/
/transactions/<id>/messages/<id>/
- Added messages to users.
/admin/users/<id>/messages/
/admin/users/<id>/messages/<id>/
/user/messages/
/user/messages/<id>/
2020-03-12
- Added a new device endpoints for users and admins
- These can be accessed via
/user/devices/
and/admin/users/devices/
- Devices can be edited via
/user/devices/<id>/
and/admin/users/devices/<id>/
- These can be accessed via
- Added a sub endpoint for apps on specific devices.
- These can be accessed via
/user/devices/<id>/apps/
and/admin/users/devices/<id>/apps/
- Apps can be edited via
/user/devices/<id>/apps/<id>/
and/admin/users/devices/<id>/apps/<id>/
- These can be accessed via
- Added new resource tracking on request logs. A
resource
andresource_id
will now contain specifc information regarding what resource was modified by an action. - Added new
tier
property to the user group view/list. This property contains the active tier under which a user falls within that group. - Fixed custom session durations to support setting by admin users (formerly it only allowed owner users to set this value).
2020-02-12
- Added a new type of tier requirement named
user_metadata
.- Can be used to define custom “key -> value” requirements based on user metadata.
- Updated user object metadata to only be writable via the admin API endpoints.
- Previously this field could be modified by the user as well.
- Added a
mode
field to companies.- This field is a immutable field.
- It has two values:
production
andtest
. It defaults totest
.
- Updated choice field to use values instead of labels/
- This was updated on the following resources: documents, requirements and limits.
- Changed
email_confirmation_url
toemail_verification_url
. - Changed
email
on the company object tosystem_email
. Also added new email fields:support_email
contact_email
- Added filter fields for the temporary boolean on the
transaction
anduser
objects:user__temporary
on thetransaction
resource.temporary
on theuser
resource.
- Added an
expires
field to thedocument
resource.
2020-01-29
- Added a new
require_transaction_subtype
field to the company object. If this is set to true then subtypes are required in order to create transactions. - Added a new
usage_type
field on the subtype resource. This can be used to define three general forms of subtype usage:single
,partner
,null
.
2019-10-31
- Added a transaction-collection resource and corresponding API endpoints for listing/adding/viewing/updating/deleting transaction-collections.
- Added new transaction properties: parent, inferred, partner, collection.
- Added new inferred transaction fees that are extrapolated into transactions.
- Updated the transaction/transfer creation validation and processing logic.
- Improved the performance of multi transaction creation validation and processing.
- Added new “burst” and “sustained” throttling with differing rules which allow for increased temporary bursts of requests but still enforce the same average max requests per second.
- Added new temporary user handling. When transfers are sent to non existent users they will be credited to temporary users.
- Added new transfer handling to allow for transfers to be claimed from temporary users transactions when the real user registers (or is created).
- Added new
slug
information to the user available service information.
2019-10-16
- Added new webhook events:
email.create
triggers after an email address is created.email.update
triggers after an email address is updated. Includes original email details.mobile.create
triggers after a mobile number is created.mobile.update
triggers after a mobile number is updated. Includes original mobile details.
2019-09-13
- Added new account-currencies endpoint (beta).
/3/account-currencies/
/3/admin/account-currencies/
- Added new account-currencies export endpoint (beta).
/3/account-currencies/exports/
/3/admin/account-currencies/exports/
- Added new historic balance filter for account-currencies (beta).
- On the account-currencies endpoint use
?historic={timestamp}
- This will yield results where the
balance
contains an historic value.
- On the account-currencies endpoint use
2019-08-13
- Fixed a bug where some “nested” resources were throwing 500 errors instead of 404 errors when the root resources did not exist.
- Fixed a bug with datetime filters not filtering on the correct precision (milliseconds)
- This resulted in odd behaviour when a object was inserted within microseconds of a filter’s cut off value.
- Improved the performance of account listings and exports.
2019-08-05
- Added new account listing exports (admin and user).
- Supports CSV and JSON formats
- Added new account listing
reference__contains
filter field.
2019-07-03
- Added new
disallow_transaction_subtypes
field to all endpoints that supportedsettings
. This field should be used to stop a company/group/user/tier/account from creating transactions with selected subtypes. The endpoints this is available on are:/3/admin/company/settings/
/3/admin/groups/<id>/settings/
/3/admin/groups/<id>/tiers/<id>/settings/
/3/admin/accounts/<reference>/currencies/<code>/settings/
/3/admin/users/<id>/settings/
- Fixed a bug where an incorrectly formatted
query
object would throw 500 errors on the transaction export endpoints.
2019-06-28
- Updated the URL routes to allow optional closing slashes.
- Added a new subtypes endpoint for end users (users can see a list of subtypes)
/3/subtypes/
and/3/subtypes/<id>/
- Improved the ranking and partial matching on searches.
- Fixed bug in the search where search terms including a
+
symbol would yield no results.
2019-05-24
- Added new
email
parameter to the password set/reset and email verify URL. - Added a new
slug
field to the services object.
2019-05-17
- Added new
network
andname
fields to crypto accounts. - Added
available_balance
to the user info object.
2019-05-07
- Fixed issues with variable length OTPs on SMS MFA.
2019-05-02
- Added new
mfa.sms.verify
event that can be used to hook into the multi factor SMS verification message.- This can be configured via webhooks.
- This allows for MFA SMS messages to be customized.
2019-04-18
- Added new transaction export endpoint for non admin users.
- Users can now export groups of their own transactions.
- To view a list of exorts or create one:
/transactions/exports/
- To view a single export:
/transactions/exports/<id>/
- Removed the old
/admin/transactions/sets/
endpoints.- Use the
/admin/transactions/exports/
endpoints instead.
- Use the
2019-04-11
- Added new created and updated datetime fields to MFA devices (SMS and TOTP).
- This can be used in order to see when a user enabled MFA.
2019-04-09
- Updated accounts to not require a user to be attached to them.
- The account
user
can benull
when created. - The account
user
can be updated tonull
. - The account
user
attribute can be changed to another user.
- The account
2019-03-28
- Renamed “result sets” to “exports”.
- Added replacement URL :
/admin/transactions/exports/
- The old URL will be deprecated as per the deprecation timeline.
- Added replacement URL :
- Fixed a minor bug in account creation where deleting and recreating an account configuration (with the same name) could result in 500 errors when trying to create accounts for users automatically.
2019-03-26
- Added new
total_amount
field to transaction total endpoints.- This contains the sum of all
total_amount
s on transactions
- This contains the sum of all
2019-03-12
- Updated the
note
field on transactions to be editable by admin users. - Updated the admin transaction endpoints to support creating transactions without specifying a user if an account is specified instead.
- An error will be returned if neither a user or account is returned.
- An error will be returned if the account does not belong to the user specified.
- Altered the webhooks so that only a single event can exist for a given URL.
- An error will be thrown if multiple webhooks are created with the same URL and event.
2019-03-06
- Added default descriptions for the
admin
andservice
group. - Added
description
field to group add endpoint. - Added a
stellar
crypto type to the crypto accounts. - Added protections to stop non-admin users from adding
admin
users.
2019-02-27
- Added a proper JSON error message for when amounts, fees or limits exceed the max size allowed in the platform. Previously these errors threw 500 errors.
2019-02-20
- Added new
code__in
filters on/admin/currencies/
and/company/currencies/
endpoints.- Can be used like:
?code__in=USD,EUR
- Can be used like:
2019-02-08
- Updated the max number of digits to 30 (from 28) for all currency amounts (eg. balances, transaction amounts).
2019-02-07
- Added new address type field to address endpoints:
- values include:
permanent
,contact
,shipping
,billing
,business
.
- values include:
- Changed subtypes to be unique together on subtype and tx_type. So that the same name can be used across different tx_types.
- Removed the file size limitation of 1MB. Updated to a 5MB.
2019-01-25
- Fixed a bug in the MFA flow that resulted in a user having to “re-login” after creating and confirming an MFA device.
- Updated the email and mobile handling:
- Users can now delete emails/mobiles as long as they are not their last email/mobile.
- Admins can now delete all emails/mobiles (including primary ones) belonging to a user.
- When primary emails/mobiles are deleted the next non primary email/mobile is set to primary.
2019-01-16
- Fixed admin user filters so that they work on all user emails and mobiles, not just the primary ones.
- Added an icon field to the company so that a wallet icon or favicon can be stored in the platform.
2018-12-14
- Added access control for IPs. IP whitelists and blacklists can now be defined for the company, groups or users.
- Fixed email and mobile create bug where a verified key had to be set in order to set the primary key.
- Fixed errors with user update caused by a non read-only group key.
2018-12-06
- Added the fields to update a user’s mobile and email from the user endpoint (previously added to the admin user endpoints).
- Added a key to the company object that contains what services a company has activated.
- Added group information to the user “short” object
- This can be found on admin endpoints when showing related user information.
2018-12-06
- Added a new, more flexible and simplified permission system.
- Permissions can now be configured on both admin and user sections.
- Permissions can now be added to a group/user in a batch of more than one.
2018-11-20
- Added new privacy_policy_url and terms_and_conditions_url to the company settings.
- Added new “require_privacy_policy” field to company settings.
- Added new “privacy_policy” field to user register.
2018-11-08
- Updated multi-factor authentication
- Added a field to specify the
algorithm
used when creating multi factor tokens (SHA1, SHA256, SHA512). - Allow users to disable multi-factor authentication when logged in
- Added a field to specify the
- Added admin user multi-factor authentication management via the following endpoints:
- GET - /admin/users/{identifier}/mfa/
- DELETE - /admin/users/{identifier}/mfa/sms/
- DELETE - /admin/users/{identifier}/mfa/token/
2018-10-30
- Updated the request logging to include the body data of every request.
- Sensitive values such as authorization keys, OTPs, and passwords are masked and stored as the masked value.
2018-10-25
- Added new
status
field to the admin transfer create endpoint.- This field will impact transfers between existing users in the system.
2018-10-18
- Force non permanent token invalidation on password reset.
- Added new public company endpoint:
https://api.rehive.com/3/public/companies/
- Added new
config
andpublic
fields on companies.
2018-10-16
- Added new optional pagination type “cursor”.
- To use this pagination type specify
?pagination=cursor
on a listing endpoint. For optimal performance only sort bycreated
orid
.
- To use this pagination type specify
2018-10-09
- Modified the admin user view endpoint to allow changes to be made on the
email
andmobile
fields:- Setting a non existent email/mobile will result in that email/mobile getting created, a confirmation sms/email getting sent and the email/mobile getting marked as
"primary": true
- Using an email/mobile that already exists will simply set that email/mobile as primary.
- Setting a non existent email/mobile will result in that email/mobile getting created, a confirmation sms/email getting sent and the email/mobile getting marked as
- Improved the way available balances are stored and calculated. This will result in performance improvements on transactions, accounts and aggregation endpoints like the totals/overview.
2018-09-13
- Added views for users to see requirements, fees, and limits related to group tiers.
- Added a filter on the user group tier view to the user’s active tier:
active
: True (shows the user’s active tier)
- Removed the
identifier
,enabled
andactive
fields from the user object and user lists. - Removed the old “single address” endpoint found at /3/user/address/.
2018-09-11
- Fixed admin user endpoint not allowing group updates.
- Added new account filters to the user list endpoint.
account
: reference of an account.account__name
: name of an account.account__label
: label of an account.
2018-08-28
- Added character limit error messages in several places where they were missing.
- Made improvements to how primary accounts are selected and filtered.
- Improved currency codes to be case insensitive across the API.
- Added an account name filter to the transaction list.
2018-08-21
- Fixed case sensitive bug with the
group__isnull
filter. - Removed the url encoding from the
otpauth_url
on the 2FA endpoint.
2018-08-17
- Added new CSV export file format for large result sets.
- Updated the file format of JSON exports to be a simple list of objects.
- Updated the export file name to include the page and total count values.
2018-07-31
- Fixed a bug where a group tier fee could not be updated without a currency.
2018-07-26
- Fixed a bug where the
username
could not be added when null.- The username is now read-only, but only after it has been set with a non-null value.
- Updated services error response format when activating services.
- Fixed bug where a very large currency divisibility could be set in the API.
- The divisibility has been restricted to 18 decimal places now.
2018-07-19
- Added a new
name
filter field to the admin group listing endpoint.
2018-07-17
- Added a custom transaction id field on transaction create endpoints.
- The id field has also been updated to a uuid format (the same as user IDs).
- Updated Rehive 500 errors to return a JSON formatted error response rather than an HTML page.
- Added new
mobile
fields to some endpoints to eventually replace the existingmobile_number
field. - Added
id
as a field to the company endpoints.
2018-07-10
- Added new
verification
object to user info endpoints.- This includes two fields that indicate whether the user’s email or mobile number have been verified by the user.
- Added a missing
archived
field to the transaction large result set. - Fixed date format on the admin address endpoint.
- Added a new “multi address” endpoint for users. This will allow more than one address per user.
- The new endpoint is
/3/user/addresses/
. - Viewing or deleting a specific address can be done via:
/3/user/addresses/{id}/
- The old
/3/user/address/
endpoint will be deprecated in favor of the above endpoint. See the deprecation timeline for details.
- The new endpoint is
- Fixed some bugs on email verification.
- Previously there were problems with “verification resend” if a user had more than one email that was unverified and tried to resend a verification email for the non primary email address.
2018-06-28
- Fixed 500 error on group tier objects in certain circumstances.
- Fixed bug where admin update on a user address did not save the updated status value.
- Removed email/mobile verification requirement for admin endpoint access.
- Fixed a subtype check and allow blank subtypes to be passed in tier fee request data.
2018-06-08
- Added the
archive
framework.- Resources will now have an additional
archived
field that can be used to make a field read_only as well invisible to end users. -The archive status can be used as a soft delete. If a full purge is required a HTTP DELETE should be performed. Some resources are required to be archived before they can be purged. - When archiving a parent resource with children/dependent resources the child resources will also be archived. Eg. archiving a currency will result in all related transactions getting archived as well. Unarchiving the parent element will also cascade down to its children.
- Resources will now have an additional
- Added dates to resources where they were missing.
- All relevant resources will now include a created and updated field in the API.
- The format of the field will be consistent with the rest of the API (eg. microsecond timestamp)
- Improved performance of large queries and updated the rendering of listing pages. Also, improved the performance of some complex fields used in the API.
- Added new range filters for the
reference
field on transactions. (__lt, __lte, __gt, __gte) - Added beta version of large result set functionality for the transaction lists.
- Will use the same filters as the normal transaction listing.
- Will generate up to 10000 records in a single downloadable file.
- Will be processed asynchronously and provide a means to check the tasks progress.
- If the number of records exceeds the page_size specified, additional page “chunks” will be created with the rest of the results.
2018-05-24
- Updated fee calculations to stack if multiple fees for the same transaction type, subtype, and currency are created.
- Added description field to fees.
- Removed 1 fee per currency/tx_type limit
2018-05-15
- Changed the default password reset, password set and email verification URLs to direct to the main Rehive website instead of the dashboard.
- This change will not impact any custom URLs.
- Fixed a bug where checking tier requirements for user address and bank account results in a server error.
2018-05-03
- Added new
user
filter on the admin user list.- This field can be used to filter by any of the identifier fields (id, email, mobile_number, username).
- Fixed a bug when deleting tiers. In the past, trying to delete a higher tier occasionally caused an error saying the requirement is required in lower tiers. This interaction with lower tiers was undesired.
- Update the user
id
/identifier
field to allow it to be set in the admin user create endpoint. -This means that users can be created with a custom id if the request is made via the admin user create endpoint. Custom userid
s cannot be changed later and are a static identifier for the user. - Fixed a bug in “admin user create” where the mobile number was not getting validated or cleaned properly, resulting in incorrectly formatted data.
2018-04-26
- Added new
username
field to the user resource. This field is a unique identifier that can be set on user registration or create. It can be used as a recipient identifier for transfers as well (but it must already exist in the database). It has the following limitations:- It may only contain lowercase letters, digits and @/./+/-/_. characters.
- It must be unique across the whole company.
- Added
updated
filters to the transaction listings and totals endpoints.- Filtering on
updated
can be done with__gt
,__gte
,__lt
,__lte
. This functions the same as thecreated
filtering.
- Filtering on
- Fixed a bug in the idempotency feature where a race condition could occur and result in non idempotent requests.
2018-04-13
- Added new
enabled
field on the user object.- This field will replace the
active
field in future. See the deprecation timeline for more on this.
- This field will replace the
2018-04-12
- Added new
updated
andcreated
fields to the user profile and list endpoints (admin and user sections).- The
created
field will replace thedate_joined
field. See the deprecation timeline for more on this.
- The
- Added new filters for
updated
andcreated
on the user listing pages.
2018-03-27
- Expose permission requirements for admin endpoints in the OPTIONS request for that endpoint.
- When adding permissions to a group or user, the OPTIONS request on the endpoint will now expose the possible permissions that can be assigned.
2018-03-15
- Removed the old https://rehive.com/api/3/. -Can now only access the API via https://api.rehive.com/3/. (as per the Rehive deprecation timeline).
- Removed the active currency support when creating transactions.
- When creating transactions a currency should always be included.
- Fixed issue where trying to create a user in the admin group via the admin API would throw an error.
- Fixed a minor issue where webhooks would try 13 times but not get marked as failed.
- Webhooks will only retry 11 times now (12 tries in total) and will be marked as failed (with a timestamp) after the 12th attempt.
2018-03-01
- Fixed an error that occurred when adding a limit with no value.
- Fixed and error that occurred when trying to add a currency that already exists to an account.
- Update the KYC field on user objects.
- The field can now be updated by admin users.
- The field now only contains a status and updated date.
- The field now has no automated status transitioning.
2018-02-27
- An email address or mobile number is no longer required when creating a user via the admin api endpoint.
- Fixed a bug where updating a transaction subtype with the same name fails.
- Updated admin user list api to exclude the user permission and settings data.
- These are now only shown when explicitly viewing a user’s information.
- Added a group__isnull filter to the admin transaction list api endpoint. -This will filter based on users that are assigned to groups, or not.
2018-02-20
- Added an event for setting user password on email sign up.
- Added user group filtering where filtering by user data is available.
2018-02-08
- Removed
confirm_on_create
from all transaction create endpoints. - Added new API base URL.
- Old URL: https://rehive.com/api/3/
- New URL: https://api.rehive.com/3/
- Fixed a bug that was causing an internal error when a fee was created with a percentage value.
2018-02-06
- The metadata field has been updated to be more consistent across Rehive. The following rules now apply to the metadata field when it is included in an API request:
- Must be valid JSON.
- Must be a valid JSON object or null value. An empty object is permitted. String or list values are not permitted.
- Fixed a bug where trying to match a user’s tier requirements for address and bank account results in an internal server error if the user has no address or bank account.
2018-01-30
- Added batch create functionality for transactions.
- Multiple transactions can be created in a single POST to the
/api/3/transactions/
endpoint. All transactions are processed as one atomic batch. If one transaction fails, all the transactions will fail.
- Multiple transactions can be created in a single POST to the
- Added a
fee
field to all admin transaction create endpoints (this includes the batch endpoint above). -Thefee
field can be populated with a list of custom fees that will be attached to a given transaction. - Added
fee
field to all view transaction endpoints (not listing endpoints).- This field contains a list of all fees that were attached to a transaction (both internal fees and external ones added by the functionality described above).
- Updated all transaction create/update endpoints to no longer function asynchronously.
- Transactions are now processed within the request/response cycle and will return the latest state to the client when processing is complete. This allows for simpler API client implementations.
2018-01-18
- Replaced permission groups with general “groups”. -All permissions, tiers, limits and requirements now fall under groups.
- Added the ability to select default groups.
- Default groups will be attached to all new users on registration.
- Added the ability to select public groups. -These groups can be selected on registration by all users.
- Added automated migrations so that all existing companies have a “user” group to which their non admin/service users will be attached.
- Added new account configurations. Account configurations can be used to define account presets for specific user groups. Account configurations allows for very specific control of:
- What accounts a user within a group can have.
- What accounts a user within a group gets automatically on registration.
- What currencies an account can activate.
- Added automated migrations so that all existing companies have a “default” account configuration attached to their “user” group.
- Removed switches and replaced with the concept of “settings”.
- Settings are additional configurations that can be attached to companies, groups, users, accounts and tiers.
2018-01-05
- Fixed bug where
terms_and_conditions
were required on service deactivation - Added an
account
filter to the admin user list.
2017-12-28
- Updated all password fields to have a max length of 128.
- In preparation for the public service registry/marketplace added new fields to the service object:
public
verified
management_url
terms_and_conditions_url
website_url
tags
- Updated the admin user listing to include a new “service” filter that can be used to filters out users that are linked to a specific service.
2017-12-12
- Added an ID to each webhook task.
- This ID is attached to the webhook data on each webhook request.
- Added new request logging and API endpoints to access request logs.
- Updated authentication token creation to have an optional duration field on the standard user auth endpoint as well as the admin endpoint.
- Added create
__gte
(>=) and__lte
(<=) filters to the transaction listing endpoints. - Added currency filters on the accounts listing endpoint.
- Added permissions to services.
- Also updated the service activation to create a service user, with the minimum permissions required, and source tokens from that user.
- Fixed a bug where trying to remove a company owner from a permission group would fail due to the removal not checking the group name properly.
- Added
account_tokens__token__currency__code
filter to account API endpoints