API Changelog
What’s changed in Aza API
Every release, documented. Breaking changes are called out explicitly.
AddedChangedDeprecatedFixedRemovedSecurity
v1.7.0Latest
Aza Connect — split payments to sellers at checkout and direct payouts to individual seller wallets.
- AddedPOST /v1/merchant/sessions now accepts `splits` (list of { recipient, amount }) — each seller's share is credited straight to their Aza wallet when the buyer pays; the platform keeps the remainder after the Aza fee.
- AddedPOST /v1/merchant/connect/transfers — pay an individual seller from your platform balance into their Aza wallet. Idempotent per account; simulated with an aza_test_ key.
- AddedPOST /v1/merchant/connect/transfers/bulk — disburse to up to 100 sellers in one call (live keys only).
- AddedGET /v1/merchant/connect/recipients/resolve?identifier=… — confirm a seller exists and can receive before paying them.
- AddedGET /v1/merchant/connect/balance — funds available to pay out to sellers.
- Changedcheckout.session.completed webhook now includes a `splits` array (per-seller settlement); `netAmount` is what the platform kept after the fee and splits.
- ChangedPOST /v1/merchant/sessions/{id}/refund now fully refunds split payments — it claws back each credited seller's share and refunds the buyer in full, atomically (or rejects with no money moved if a seller has spent their share).
v1.6.0
Mini app submissions: screenshots and live URL validation.
- AddedPUT /v1/dev/miniapps now accepts `screenshotUrls` (up to 6 HTTPS image URLs) — shown to reviewers during admin approval.
- ChangedSubmitting a mini app for review now verifies the app URL is reachable over a valid HTTPS endpoint; unreachable or non-2xx URLs are rejected with a clear error.
v1.5.0
Checkout session references for platform/multi-tenant reconciliation.
- AddedPOST /v1/merchant/sessions now accepts an optional `reference` (≤255 chars) — your own order or tenant/seller id, returned on the session.
- AddedGET /v1/merchant/sessions?reference=… — filter checkout sessions by a reference.
- AddedGET /v1/merchant/sessions/summary?reference=… — reconcile a reference: count, gross total and net total of its COMPLETED sessions.
- Changedcheckout.session.completed webhook payload now includes `reference`, `description` and `metadata` so payments can be attributed from the webhook alone.
v1.4.0
Mini-app consent, device presence API, and E2EE history sync.
- AddedPOST /v1/miniapps/{id}/consent — record user consent for a mini-app's requested scopes.
- AddedGET /v1/devices — list all devices currently linked to the authenticated user.
- AddedPOST /v1/chats/sync/backup — upload an encrypted chat history blob tied to a recovery code.
- AddedPOST /v1/chats/sync/restore — retrieve and decrypt an encrypted backup with a valid recovery code.
- ChangedWebSocket presence events now include deviceId so clients can distinguish per-device activity.
- FixedPresence lastSeenAt was not updating when a WS connection dropped without an explicit disconnect frame.
v1.3.0
Staff RBAC, maker-checker for high-value transfers, and AZA Agent platform.
- AddedGET /v1/admin/staff — list staff members and their roles (super_admin, compliance, support, viewer).
- AddedPOST /v1/admin/staff/{id}/roles — assign or revoke staff roles.
- AddedPOST /v1/admin/step-up — initiate a 2FA step-up challenge for sensitive admin actions.
- AddedGET /v1/admin/transfers/pending-review — transfers held for maker-checker approval.
- AddedPOST /v1/agents — register an AZA Agent (autonomous financial agent with a wallet).
- ChangedTransfers ≥ ₵5,000 now require a maker-checker approval before execution. Returns 202 Accepted with a review_id while pending.
- FixedTransfer auto-rejection scheduler was not firing for transfers held exactly at the 48-hour boundary.
v1.2.0
Spending analytics, budget API, and AI financial insights.
- AddedGET /v1/analytics/spending — returns categorised spending totals for a date range.
- AddedGET /v1/budgets — list all budgets for the authenticated user.
- AddedPOST /v1/budgets — create a new monthly budget for a spending category.
- AddedPOST /v1/ai/insights — returns AI-generated spending insights (powered by Claude).
- AddedPOST /v1/ai/chat — multi-turn AI financial assistant. Returns streaming SSE.
- DeprecatedGET /v1/transfers/summary is deprecated. Use GET /v1/analytics/spending instead. Will be removed in v2.0.
v1.1.0
Merchant portal, payment links, webhooks, and OAuth Sign in with AZA.
- AddedPOST /v1/merchant/payment-links — create a shareable payment link.
- AddedGET /v1/merchant/transactions — paginated transaction history for the merchant.
- AddedPOST /v1/merchant/webhooks — register a webhook endpoint.
- AddedPOST /v1/oauth/token — exchange an authorization code for an access token (OAuth 2.0 PKCE).
- AddedGET /v1/oauth/userinfo — retrieve the authenticated user's public profile.
- SecurityAPI keys now support scoped permissions (read, write, webhooks). Keys created before this release retain full access but will be migrated in v2.0.
- FixedWebhook delivery was retrying on 2xx responses that included a non-empty error field.
v1.0.0
Initial public release of the Aza REST API.
- AddedPOST /v1/auth/login, POST /v1/auth/refresh, POST /v1/auth/logout.
- AddedGET /v1/users/me — authenticated user profile.
- AddedPOST /v1/transfers — initiate a peer-to-peer transfer.
- AddedGET /v1/transfers — list transfers for the authenticated user.
- AddedGET /v1/transfers/{id} — retrieve a single transfer.
- AddedWebSocket /ws — real-time notifications for transfers, messages, and presence.
- AddedPOST /v1/waitlist — join the public waitlist.