{"$schema":"https://api.payf.ai/schemas/ChangelogOutputBody.json","entries":[{"date":"2026-05-20","version":"0.21.0","breaking":false,"changes":[{"kind":"added","summary":"GET /v1/changelog endpoint for programmatic access to API release notes","endpoint":"GET /v1/changelog"},{"kind":"added","summary":"Per-merchant rate limit middleware — each merchant API key now has its own bucket instead of sharing a global one"},{"kind":"added","summary":"Webhook verify helpers (VerifyWithTolerance, ParseSignatureHeader) that enforce a freshness window to prevent replay attacks"},{"kind":"changed","summary":"GET /v1/admin/audit accepts a since= RFC3339 query param (defaults to 90 days ago) so scans stay bounded as the audit table grows","endpoint":"GET /v1/admin/audit"},{"kind":"changed","summary":"OpenAPI servers list now reflects the actual binary's runtime — production exposes only https://api.payf.ai (docs renderers were picking localhost otherwise)"}]},{"date":"2026-05-19","version":"0.20.0","breaking":false,"changes":[{"kind":"added","summary":"system_settings table + GET /v1/admin/settings + PUT /v1/admin/settings/{key} for hot-configurable network defaults","endpoint":"PUT /v1/admin/settings/{key}"},{"kind":"added","summary":"default_fee_bps is now hot-reconfigurable from admin without a deploy; FeeResolver picks up changes immediately via atomic cache"}]},{"date":"2026-05-18","version":"0.19.0","breaking":false,"changes":[{"kind":"added","summary":"Public hosted-checkout API + pay.payf.ai branded status page per payment","endpoint":"GET /v1/public/payments/{capability_url_id}"},{"kind":"added","summary":"Multi-leg payment lifecycle: payment.legs[] with per-leg status, current_leg cursor, payment.leg_status_changed webhook"},{"kind":"added","summary":"Leg-level reroute endpoint for operators to reroute a stuck leg without aborting the whole payment","endpoint":"POST /v1/admin/payments/{payment_id}/legs/{leg_index}/reroute"}]},{"date":"2026-05-17","version":"0.18.0","breaking":false,"changes":[{"kind":"added","summary":"Append-only DB trigger on audit_log — even an operator with DB access can't tamper with history"},{"kind":"added","summary":"Login failure rate limit: 5 failed attempts in 5 minutes returns 429 instead of leaking timing info"},{"kind":"added","summary":"Idempotency-Key now applies to refund, force-status, reroute, and leg-reroute (was payment creation only)"}]},{"date":"2026-05-15","version":"0.15.0","breaking":false,"changes":[{"kind":"added","summary":"Operator RBAC: kyb / risk / support / finance / super scopes. Each admin endpoint requires the appropriate scope."},{"kind":"added","summary":"Per-merchant fee overrides (merchant_fees table) + GET /v1/fees endpoint for merchants to see their fee schedule"}]},{"date":"2026-05-12","version":"0.10.0","breaking":false,"changes":[{"kind":"added","summary":"Intelligent routing: ranked fallback + health-based candidate scoring; reroute on partner downtime"},{"kind":"added","summary":"Partner API surface (Partner-Bearer auth) for stablecoin issuers / off-ramps / wallets / card programs"}]}]}