{ "apiVersion": "4.9.6", "specUrl": "https://kangopenbanking.com/openapi.json", "docsUrl": "https://kangopenbanking.com/developer/changelog", "lastUpdated": "2026-04-12", "entries": [ { "version": "4.9.6", "date": "2026-04-12", "type": "patch", "breaking_changes": false, "summary": "Documentation depth upgrade -- 63-error catalogue, failure/retry/reversal guides, end-to-end use-case tutorials, auth decision table, observability checklist", "highlights": [ "Error Codes Reference expanded from 18 to 63 codes across 14 domains (AUTH, AISP, PISP, PAY, MM, FLW, KYC, CERT, LOAN, SAV, ADM, WH, LED, BANK) with per-error recovery actions", "Retry/backoff code examples (Node.js + Python) added to Error Codes page for 429 and 5xx handling", "Common Mistakes section added to Error Codes Reference with 5 frequent integration pitfalls", "Failure handling, edge cases, and reversal flows added to Accept Payments, Refunds, and Payouts guides", "New guide: Build a Marketplace Checkout -- end-to-end charge, commission split, payout, and settlement reconciliation", "New guide: Build a Bank Data Aggregator -- OAuth consent, AISP account fetch, transaction sync, token refresh lifecycle", "Authentication Overview enhanced with 'Which method do I need?' decision table (API Key vs OAuth vs mTLS)", "Cross-links added from Authentication to Token Lifecycle and Roles and Permissions pages", "Go-Live Checklist enhanced with Observability Setup section -- structured logging, webhook monitoring, latency tracking, error rate alerting", "Prerendered static HTML for 9 developer portal routes to resolve SPA ghost-page routing on published site" ], "standard_citations": [ "ORDER P5", "ORDER P6", "ORDER P7", "ORDER P9", "ORDER P10", "STANDING ORDER 2", "STANDING ORDER 4" ] }, { "version": "4.9.5", "date": "2026-04-11", "type": "patch", "breaking_changes": false, "summary": "Webhook event expansion, sandbox x-test-data metadata, event filtering documentation, split payment examples", "highlights": [ "8 new webhook event types added: onboarding_application.approved/rejected, merchant_kyb.verified/failed, credit_score.updated, loan_application.approved/rejected/pending_documents", "Sandbox spec (openapi-sandbox.json) enhanced with x-sandbox: true, x-test-data test phone numbers and card numbers, x-scenario annotations", "Webhook event filtering documentation -- topic-based subscription model with events[] array on POST /v1/webhooks", "Split payment documentation expanded with marketplace worked examples, settlement timing, and percentage vs fixed_amount comparisons", "/developer/sandbox paths made fully public per ORDER P3 (Free Sandbox Rule)", "/developer/sdks redirect added for backward compatibility per ORDER P2 (Zero-404 Rule)" ], "standard_citations": [ "ORDER P2", "ORDER P3", "ORDER P6", "ORDER P7", "ORDER P10", "STANDING ORDER 2", "STANDING ORDER 4" ] }, { "version": "4.9.4", "date": "2026-04-08", "type": "patch", "breaking_changes": false, "summary": "Rate limit documentation hardening, 429 response schema, X-RateLimit headers, and changelog version sync", "highlights": [ "Added 429 Too Many Requests response with RFC 7807 ProblemDetails to all rate-limited endpoints", "Added X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, and Retry-After response headers to OpenAPI specification", "Rate limit documentation page (/developer/api/rate-limits) verified with per-endpoint and per-tier limits", "Changelog apiVersion synchronized with spec version (previously 4.9.3 while spec was 4.9.2)", "All developer portal pages verified publicly accessible without authentication per Standing Order P1", "Status page (/developer/status) verified with SLA commitments and incident priority matrix", "Terms (/terms) and Privacy (/privacy) pages verified with full legal content" ], "standard_citations": [ "RFC 6585 Section 4", "RFC 7807", "ORDER P1", "ORDER P6", "ORDER P7", "ORDER P10" ] }, { "version": "4.9.3", "date": "2026-04-05", "type": "patch", "breaking_changes": false, "summary": "Self-service Sandbox Console with API key issuance, test data seeding, webhook testing, and bank connector validation", "highlights": [ "Sandbox Console page (/developer/sandbox/console) -- unified self-service sandbox registration, API key generation, test data seeding, webhook testing, and bank connector validation", "Self-service API key issuance eliminates manual key provisioning -- developers get sbx_ keys instantly", "Bank connector validation suite tests all 4 modes (API, DB, File, MQ) plus Banking API Router with latency profiling", "Webhook testing sends real HTTP requests with HMAC-SHA256 signatures and reports status code and response time", "Test data generator creates realistic XAF accounts, transactions, and balances in configurable quantities", "6 sandbox edge functions deployed and verified: sandbox-create-account, sandbox-create-api-key, sandbox-generate-data, sandbox-test-webhook, sandbox-trigger-webhook, sandbox-register-webhook" ], "standard_citations": [ "RFC 7591 Section 2.3", "ORDER P3", "ORDER P5", "ORDER P9" ] }, { "version": "4.9.2", "date": "2026-04-05", "type": "patch", "breaking_changes": false, "summary": "DCR schema completion -- full request/response schemas for POST /v1/dcr/register", "highlights": [ "DcrRegistrationRequest component schema added with 12 properties including software_statement (SSA JWT), jwks_uri, jwks, and FAPI signing algorithm fields", "DcrRegistrationResponse component schema added with 13 properties covering all fields returned by the DCR edge function", "POST /v1/dcr/register endpoint now uses $ref component schemas instead of inline definitions", "Request and response examples added to the DCR endpoint for developer onboarding", "Integration contracts documentation updated with full DCR field reference table" ], "standard_citations": [ "RFC 7591 Section 2", "RFC 7591 Section 2.3", "FAPI-1.0-ADV Section 5.2.2", "OIDC Core Section 2" ] }, { "version": "4.9.1", "date": "2026-04-05", "type": "patch", "breaking_changes": false, "summary": "POS modules GA, live endpoint testing, SLA transparency, FAPI certification tracker", "highlights": [ "POS Commerce modules (catalog, inventory, orders, refunds, WooCommerce sync) promoted to active status", "Live endpoint testing with real-time latency profiling (p50/p95/p99) on Test Report page", "SLA commitment table with 99.95% uptime target, RTO/RPO guarantees, and P1-P4 incident response times", "FAPI 1.0 Advanced certification tracker with 12-point checklist and OpenID Foundation verification link", "COBAC/BEAC regulatory compliance tracker with 8-point checklist and standard citations", "Developer Forum confirmed publicly accessible per ORDER P1" ], "standard_citations": [ "FAPI-1.0-ADV Section 5.2.2", "RFC 9126", "RFC 9101", "COBAC Regulation 01/CEMAC", "ORDER P1" ] }, { "version": "4.7.0", "date": "2026-04-03", "type": "minor", "breaking_changes": false, "summary": "HTTP Caching, Token Lifecycle, Webhook Retry Policy, and Spec Hardening", "highlights": [ "Cache-Control, ETag, and Last-Modified headers added to all 122 GET endpoints (RFC 7234)", "304 Not Modified response component added for conditional request support", "Token lifetime documented: 15m access, 30d rotating refresh, 60s auth code", "Webhook delivery policy documented: 7 attempts, exponential backoff, 30-day dead-letter", "IdempotencyKey header now documents 24-hour key retention TTL", "balance_after on Transaction schema corrected from number to string (precision fix)", "OAuth authorizationUrl/tokenUrl corrected from /functions/v1/ to /v1/ path", "Rate limit headers added to 7 previously missing endpoint responses", "Dual naming convention (snake_case/PascalCase) documented on Transaction schema", "New documentation pages: Token Lifecycle, Webhook Retry Policy, HTTP Caching" ] }, { "version": "4.6.0", "date": "2026-03-29", "type": "minor", "breaking_changes": false, "summary": "FAPI 1.0 Advanced Certification + Schema Hardening", "highlights": [ "FAPI 1.0 Advanced certification ready \u2014 code_challenge and code_challenge_method now required on /v1/oauth/authorize", "Schema validation hardened \u2014 required[] arrays added to all 49 API schemas", "Idempotency-Key header added to 15 payment-related POST endpoints", "StandardResponse envelope applied to all 19 single-resource GET endpoints", "PaginatedResponse envelope applied to all 67 list GET endpoints", "RFC 7807 application/problem+json support expanded to all 330+ error responses", "WebhookEventPayload base schema added \u2014 52 event types with deduplication ID" ] }, { "version": "4.5.0", "date": "2026-03-29", "type": "minor", "breaking_changes": false, "summary": "ISO 20022 Tag Alignment + OIDC Discovery", "highlights": [ "ISO 20022 tag alignment across all 339 operations", "nonce parameter set to required on /v1/oauth/authorize per FAPI 1.0 Advanced Section 5.2.2-14", "OIDC discovery document extended with pushed_authorization_request_endpoint" ] }, { "version": "4.4.0", "date": "2026-03-28", "type": "minor", "breaking_changes": false, "summary": "Multi-Language Code Examples + Response Validation", "highlights": [ "Auto-generated code examples in 9 languages on all 60+ API reference pages", "Official SDK examples for Node.js, Python, and PHP added to API reference", "Postman Collection v2.1 auto-export from OpenAPI spec", "Response validation test suite \u2014 8 automated tests for OpenAPI contract integrity" ] }, { "version": "4.3.0", "date": "2026-03-27", "type": "minor", "breaking_changes": false, "summary": "Standards Remediation Release", "highlights": [ "Fixed PISP required fields", "Added fapi-interaction-id headers", "Corrected server URL versioning", "Added 4 missing tag declarations", "Removed 6 unused schemas (Dead Code Rule)" ] }, { "version": "4.2.0", "date": "2026-03-21", "type": "minor", "breaking_changes": false, "summary": "Pay by Bank \u2014 Redirect-Based SCA", "highlights": [ "Pay by Bank with Strong Customer Authentication", "New pay_by_bank_intents table", "Hosted authorization page with consumer approval screen", "4 webhook event types: authorized, submitted, completed, failed", "PHP/Node/Python SDK support for Pay by Bank" ] }, { "version": "4.1.0", "date": "2026-03-08", "type": "minor", "breaking_changes": false, "summary": "POS Commerce Suite", "highlights": [ "POS Commerce data model with 19 tables", "Catalog, Inventory, Orders, and Payments APIs", "WooCommerce connector with import and webhooks", "Inventory sync jobs with conflict handling", "Refunds/Returns with automatic restock" ] }, { "version": "4.0.0", "date": "2026-03-14", "type": "major", "breaking_changes": false, "summary": "Identity Modernization \u2014 unified registration, login, MFA, onboarding lifecycle", "highlights": [ "Unified /v1/identity/register endpoint supporting personal, merchant, institution, and developer account types", "MFA system \u2014 TOTP, SMS OTP, email OTP with step-up challenges", "Session management \u2014 device tracking, rotating tokens, session revocation", "Onboarding lifecycle \u2014 unified onboarding_applications table", "Developer organizations with sandbox_active\u2192prod_approved lifecycle" ] }, { "version": "3.9.0", "date": "2026-03-14", "type": "minor", "breaking_changes": false, "summary": "Admin Rewards & Referral Management, 5 new banking fee types", "highlights": [ "Admin Rewards Management \u2014 full referral tracking, reward history, manual credit", "Dynamic reward settings \u2014 referral bonus, cashback rate configurable via system_config", "5 new fee types: overdraft_fee, loan_processing_fee, atm_withdrawal, standing_order, dormancy_fee" ] }, { "version": "3.8.0", "date": "2026-03-13", "type": "minor", "breaking_changes": false, "summary": "Overdraft Eligibility Engine + Credit Report Purchase", "highlights": [ "Overdraft Eligibility Engine \u2014 7-factor scoring with risk bands (A-F)", "Full overdraft lifecycle: recalculate, request, approve, suspend, revoke", "Credit Report Purchase \u2014 wallet-based payment with 30-day access" ] }, { "version": "3.7.0", "date": "2026-03-08", "type": "minor", "breaking_changes": false, "summary": "POS Consumer Marketplace + QR Payments", "highlights": [ "POS Consumer Marketplace \u2014 merchants publish storefronts", "QR Code Payments \u2014 static/dynamic merchant QR generation", "Wallet payment method added to pos-pay-order" ] }, { "version": "3.5.0", "date": "2026-03-01", "type": "minor", "breaking_changes": false, "summary": "Cameroon Banking Identifiers \u2014 RIB, IBAN, BIC/SWIFT", "highlights": [ "Full RIB (23-digit) and IBAN (27-char) validation with MOD-97 checksum", "DOMESTIC_RIB added to account_scheme enum", "Transfer rail auto-selection" ] }, { "version": "3.0.0", "date": "2026-02-26", "type": "major", "breaking_changes": false, "summary": "30+ institutional pages, regulatory compliance, fraud engine", "highlights": [ "BEAC/COBAC regulatory framework", "Fraud Engine \u2014 5-layer defence model", "Double-Entry Ledger and Reconciliation Framework" ] }, { "version": "2.0.0", "date": "2026-02-16", "type": "major", "breaking_changes": true, "summary": "v1 API path standardization, RFC 7807, OAuth 2.0/DCR/mTLS, Payment Facilitation, Virtual Cards", "highlights": [ "v1 API path standardization across all endpoints", "RFC 7807 error model with domain-prefixed codes", "OAuth 2.0 + Dynamic Client Registration + mTLS", "Payment Facilitation API", "Virtual Cards API", "ISO 20022 and SWIFT messaging" ] }, { "version": "1.0.0", "date": "2024-11-01", "type": "major", "breaking_changes": false, "summary": "Initial public release \u2014 AISP, PISP, Mobile Money, Credit Scoring, OAuth 2.0", "highlights": [ "Account Information Service (AISP)", "Payment Initiation Service (PISP)", "Mobile Money integration (MTN, Orange)", "Credit scoring engine", "OAuth 2.0 authentication" ] } ] }