2026-01-05

Copy

• Copy for LLM

  Copy page as Markdown for LLMs
• View as Markdown

  Open this page as Markdown
• Open in ChatGPT

  Get insights from ChatGPT
• Open in Claude

  Get insights from Claude

Summary

This release introduces a public Changelog, adds client-scoped webhook management endpoints, and simplifies authentication so that JWT is the primary credential used for API operations.

Added

Public Changelog — Added [Docs]

Impact: You can track API and documentation changes in one place, with daily release notes.
Action required: None.
References: Changelog home

Client-scoped Webhooks Management endpoints — Added [Behavior] [Operational]

Impact: You can manage webhooks per client (list, create, retrieve, update, delete) using client-scoped endpoints.
Action required: Prefer the client-scoped endpoints for all webhook operations.
References:

• GET /v1/clients/{clientId}/webhooks — list webhooks for a client
• POST /v1/clients/{clientId}/webhooks — create a webhook for a client
• GET /v1/clients/{clientId}/webhooks/{id} — retrieve a webhook
• PATCH /v1/clients/{clientId}/webhooks/{id} — update a webhook
• DELETE /v1/clients/{clientId}/webhooks/{id} — delete (soft-delete) a webhook

WebhookUpdateRequest schema — Added [Behavior]

Impact: Webhooks can be partially updated (e.g., url, token, webhook_status, optional auth_* fields).
Action required: When updating a webhook, send only the fields you want to change.
References: PATCH /v1/clients/{clientId}/webhooks/{id}

Changed

Authentication simplification (JWT-first) — Changed [Behavior] [Operational]

Impact: x-api-key is now bootstrap-only (used to obtain a JWT). After a JWT is issued, API calls should use only Authorization: Bearer <JWT>.
Action required: Stop sending x-api-key on operational API calls; keep it only for JWT bootstrap flows.
References: POST /v1/clients/{clientId}/auth/credential-tokens

CEP webhook clarification for Penny Validation — Changed [Docs] [Operational]

Impact: The CEP webhook is triggered only for Penny Validation transactions (amount = 0.01 MXN). INITIALIZED may appear on API reads but is not emitted by the CEP webhook and should be treated as PENDING.
Action required: Ensure your CEP webhook consumer does not expect INITIALIZED events; treat API-read INITIALIZED as PENDING.
References: /products/fincore/guides/penny_validation

Deprecated

Legacy webhook creation endpoint — Deprecated [Breaking]

Impact: POST /v1/webhooks is deprecated in favor of the client-scoped endpoint.
Action required: Migrate to POST /v1/clients/{clientId}/webhooks.
References: POST /v1/clients/{clientId}/webhooks

Migration notes

1. JWT-first auth

   • Use x-api-key to obtain a JWT.
   • Use Authorization: Bearer <JWT> for all subsequent API calls.

2. Webhook creation

   • If you used POST /v1/webhooks, migrate to:
     • POST /v1/clients/{clientId}/webhooks