CAS Restful API Base - Changelog

1.1.0

2024-04-08

Non-breaking changes

POST /transactions/purchase & POST /transactions/preauthorisation & POST /transactions/completion

• Added payment surcharge plugin

1.0.0

2024-04-22

Breaking changes

GET /transactions & GET /transactions/{audit}

• Added voided and reversed to the possible values of status/transaction_status_code in response bodies. Transactions will be marked as voided when the void operation is successfully performed on them. The reversed status is introduced for backwards compatability; this should be treated as voided.

GET /transactions & GET /transactions/{audit} & POST /transactions/preauthorisation & POST /transactions/completion

• Updated the maximum length of status.acquirer.preauthorisation_code from 10 to 12 in request and response bodies.

Non-breaking changes

GET /customers & GET /customers/{customer_id}/tokens

• Corrected a mistake in the structure of the links_ object of the example response.

POST /transactions/preauthorisation

• Added a link in the response to the appropriate completion request.

GET /transactions & GET /transactions/{audit}

• Added reverse to the possible values of transaction.transaction_type in response bodies. This is introduced for backwards compatibility.

• Added response field transaction.payment_method.creditcard.type for creditcard transactions.

• Added response field transaction/target_audit for 'refund by audit' and 'void' transaction types. This is the audit of the original transaction that this one acted upon.

• Added response field _links.target for 'refund by audit' and 'void' transaction types. This is the link to the relevant transaction.

0.7.0

2024-04-11

Breaking changes

POST /transactions/{audit_id}/preauthorisation

• status.acquirer.authorisation_code and status.acquirer.preauthorisation_code are no longer guaranteed in the response. These fields will not be returned on a declined or error response, although they can still be expected for a successful preauthorisation.

POST /transactions/{audit_id}/preauthorisation

• Removed the erroneous HTTP response code 200

All transaction endpoints

• Changed the behaviour of the api when a duplicate correlation ID is suplied.
  • Instead of re-attempting the transaction, no action will be performed and a 409 Conflict response will be returned.
  • To find the status of the transaction, search by correlation ID using GET at /transactions.
  • To retry the transaction, first check its status using the search, then simply perform the same transaction request with a new correlation ID.

All endpoints

• Greatly relaxed the allowed character set in most text fields for both requests and responses. Allowed characters now include most ASCII punctuation, as well as letters and digits.
• The following punctuation is still not permitted:
  • Single quote ( ' )
  • Double quote ( " )
  • Backslash ( \ )
• The following fields have unchanged character set restrictions:
  • X-Correlation-Id header in all endpoints
  • kvps key names (values have the new character set) in all transaction endpoints

0.6.0

2024-03-26

Non-breaking changes

All tokenisation endpoints

• Optional query parameter merchant_id can be used to choose which merchant to access for CIV data.

0.5.2

2024-03-26

Breaking changes

All transactions endpoints

• status.acquirer.settlement_date is no longer guaranteed to be returned when the transaction is declined by the acquirer.

Non-breaking changes

All endpoints

• Cleaned up and rewrote many descriptions.

Other

• Restructured and restyled the underlying specification

0.5.1

2024-03-19

Breaking changes

POST /customers/{customer_id}/tokens

• Set the minimum length for preferred_name to 1.

PATCH /customers/{customer_id}/tokens/{token_id}

• Set the minimum length for preferred_name to 1.

0.5.0

2024-03-18

Breaking Changes

All endpoints

• Changed error response structure - replaced related_field with more detailed location.

• Restricted the character set on all string fields. Accepted characters include all lower and upper case letters, all numeric digits, and the following punctuation: plus (+), hyphen (-), underscore (_), colon (:), period (.) and comma (,). All fields except the X-Correlation-Id header can additionally accept the space character.

All tokenisation endpoints

• Added upper and lower bounds to all integer fields and parameters.

• Marked preferred_name in tokens as a unique field. This field must be unique under each customer. One customer cannot have multiple tokens with the same preferred_name.

Non-breaking Changes

POST /transactions/{audit_id}/completion

• transaction.preauthorisation_code is no longer required and will not be interpreted by the API.

All endpoints

• Added HTTP response code 422: unprocessable content.

This usually is caused by an invalid request.

• Loosened the pattern requirement on X-Correlation-Id. Allowed more special characters, but still not [ ' ] or [ \ ]

Other

• Minor changes to the structure of the openapi specification. These changes do not affect the functionality of the API.
• Corrected typos in some descriptions.

0.4.0

2024-03-05

Breaking Changes

GET /transactions

• Bugfix: removed incorrect top level array in response. Response is now structured with results array at top level.

POST /customers

• reference field is now required and must be unique.
• Changed overall behaviour from "create" to "lookup or create".

When creating a customer, the server will first check to see if a customer with the same reference already exists. If so, that customer's details will be returned instead of creating a new customer. Otherwise, a customer will be created and returned as before.

Non-breaking Changes

Other

• Minor changes to the structure of the openapi specification. These changes do not affect the functionality of the API.
• Corrected typos in some descriptions.