← Back to Developer Hub
API Changelog

What’s changed in Aza API

Every release, documented. Breaking changes are called out explicitly.

AddedChangedDeprecatedFixedRemovedSecurity
v1.7.0Latest

Aza Connect — split payments to sellers at checkout and direct payouts to individual seller wallets.

  • AddedPOST /v1/merchant/sessions now accepts `splits` (list of { recipient, amount }) — each seller's share is credited straight to their Aza wallet when the buyer pays; the platform keeps the remainder after the Aza fee.
  • AddedPOST /v1/merchant/connect/transfers — pay an individual seller from your platform balance into their Aza wallet. Idempotent per account; simulated with an aza_test_ key.
  • AddedPOST /v1/merchant/connect/transfers/bulk — disburse to up to 100 sellers in one call (live keys only).
  • AddedGET /v1/merchant/connect/recipients/resolve?identifier=… — confirm a seller exists and can receive before paying them.
  • AddedGET /v1/merchant/connect/balance — funds available to pay out to sellers.
  • Changedcheckout.session.completed webhook now includes a `splits` array (per-seller settlement); `netAmount` is what the platform kept after the fee and splits.
  • ChangedPOST /v1/merchant/sessions/{id}/refund now fully refunds split payments — it claws back each credited seller's share and refunds the buyer in full, atomically (or rejects with no money moved if a seller has spent their share).
v1.6.0

Mini app submissions: screenshots and live URL validation.

  • AddedPUT /v1/dev/miniapps now accepts `screenshotUrls` (up to 6 HTTPS image URLs) — shown to reviewers during admin approval.
  • ChangedSubmitting a mini app for review now verifies the app URL is reachable over a valid HTTPS endpoint; unreachable or non-2xx URLs are rejected with a clear error.
v1.5.0

Checkout session references for platform/multi-tenant reconciliation.

  • AddedPOST /v1/merchant/sessions now accepts an optional `reference` (≤255 chars) — your own order or tenant/seller id, returned on the session.
  • AddedGET /v1/merchant/sessions?reference=… — filter checkout sessions by a reference.
  • AddedGET /v1/merchant/sessions/summary?reference=… — reconcile a reference: count, gross total and net total of its COMPLETED sessions.
  • Changedcheckout.session.completed webhook payload now includes `reference`, `description` and `metadata` so payments can be attributed from the webhook alone.
v1.4.0

Mini-app consent, device presence API, and E2EE history sync.

  • AddedPOST /v1/miniapps/{id}/consent — record user consent for a mini-app's requested scopes.
  • AddedGET /v1/devices — list all devices currently linked to the authenticated user.
  • AddedPOST /v1/chats/sync/backup — upload an encrypted chat history blob tied to a recovery code.
  • AddedPOST /v1/chats/sync/restore — retrieve and decrypt an encrypted backup with a valid recovery code.
  • ChangedWebSocket presence events now include deviceId so clients can distinguish per-device activity.
  • FixedPresence lastSeenAt was not updating when a WS connection dropped without an explicit disconnect frame.
v1.3.0

Staff RBAC, maker-checker for high-value transfers, and AZA Agent platform.

  • AddedGET /v1/admin/staff — list staff members and their roles (super_admin, compliance, support, viewer).
  • AddedPOST /v1/admin/staff/{id}/roles — assign or revoke staff roles.
  • AddedPOST /v1/admin/step-up — initiate a 2FA step-up challenge for sensitive admin actions.
  • AddedGET /v1/admin/transfers/pending-review — transfers held for maker-checker approval.
  • AddedPOST /v1/agents — register an AZA Agent (autonomous financial agent with a wallet).
  • ChangedTransfers ≥ ₵5,000 now require a maker-checker approval before execution. Returns 202 Accepted with a review_id while pending.
  • FixedTransfer auto-rejection scheduler was not firing for transfers held exactly at the 48-hour boundary.
v1.2.0

Spending analytics, budget API, and AI financial insights.

  • AddedGET /v1/analytics/spending — returns categorised spending totals for a date range.
  • AddedGET /v1/budgets — list all budgets for the authenticated user.
  • AddedPOST /v1/budgets — create a new monthly budget for a spending category.
  • AddedPOST /v1/ai/insights — returns AI-generated spending insights (powered by Claude).
  • AddedPOST /v1/ai/chat — multi-turn AI financial assistant. Returns streaming SSE.
  • DeprecatedGET /v1/transfers/summary is deprecated. Use GET /v1/analytics/spending instead. Will be removed in v2.0.
v1.1.0

Merchant portal, payment links, webhooks, and OAuth Sign in with AZA.

  • AddedPOST /v1/merchant/payment-links — create a shareable payment link.
  • AddedGET /v1/merchant/transactions — paginated transaction history for the merchant.
  • AddedPOST /v1/merchant/webhooks — register a webhook endpoint.
  • AddedPOST /v1/oauth/token — exchange an authorization code for an access token (OAuth 2.0 PKCE).
  • AddedGET /v1/oauth/userinfo — retrieve the authenticated user's public profile.
  • SecurityAPI keys now support scoped permissions (read, write, webhooks). Keys created before this release retain full access but will be migrated in v2.0.
  • FixedWebhook delivery was retrying on 2xx responses that included a non-empty error field.
v1.0.0

Initial public release of the Aza REST API.

  • AddedPOST /v1/auth/login, POST /v1/auth/refresh, POST /v1/auth/logout.
  • AddedGET /v1/users/me — authenticated user profile.
  • AddedPOST /v1/transfers — initiate a peer-to-peer transfer.
  • AddedGET /v1/transfers — list transfers for the authenticated user.
  • AddedGET /v1/transfers/{id} — retrieve a single transfer.
  • AddedWebSocket /ws — real-time notifications for transfers, messages, and presence.
  • AddedPOST /v1/waitlist — join the public waitlist.
© 2026 JumpSpaces, Inc. · Developer Hub