Changelog
Sub-processorsAbout PismoContact us
Back to All

4 April 2025

about 1 month ago by [email protected]

Changes between 7 March and 4 April 2025

Core platform - Client webhooks

New

In compliance with the regulatory order of BACEN (Central Bank of Brazil), article 30 of circular 3978/2020, which enters into force on 11 April 2025, the document number and the name of the account holder must be sent in messages between the issuer and the card network, for example, messages 0110 and 0210. This regulatory order is applicable to all card networks.

Pismo will handle the fulfillment of this data for accounts and cards that have this kind of information in Pismo database and are full balance. However, you can override the information using the Full balance anti-fraud webhook. In cases where the issuer has "noname" cards, the issuer is responsible to send this information in the webhook.

For zero balance issuers, Pismo will expect this data in the webhook so the platform can build the message with the data provided by the issuer. The Zero balance validations webhook was updated to support this.

New

In compliance with the VISA release 1.3: Requirements to Support Account Name Inquiry Functionality in Account Verification Messages, changes were made to both Full balance anti-fraud webhook and the Zero balance validations webhook.

For full balance customers, Pismo will handle the matching result or the sending of the cardholder’s name. However, using the anti-fraud webhook, issuers can override the data and send the information themselves.

Core banking - Banking operations

New

The Interest-bearing accounts API now includes two new endpoints that allow you to calculate average balance for an account according to the datetime range specified.

Core banking - Rule models

Updated

The "Core platform - Processing codes management” API was renamed to Core platform - Rule models to more accurately reflect its functionality. Rule models allow you to change a processing code during authorization. The API has been rewritten, reorganized and edited with additional text. To accompany this, a Changing processing codes during authorization with rule models section was added to the Processing codes guide.

Seller management - Merchants

New

The Merchant advancement API now includes two new endpoints that allow you to create or simulate a merchant advancement request for specific transactions by specifying a merchant transaction ID.

Resources - Control Center

New

Security and organization

Pismo Control Center is being updated in all test and production environments over the next few months, starting in April 2025. The new version includes security enhancements that impact user accounts, such as two-step identity verification and stricter password requirements. During the update period, depending on the environment, you will use either the updated version or the legacy version. For details, refer to the Get started guide for Control Center.

Security improvements to Pismo Control Center have changed how new users register their accounts. Instead of a link, they receive two separate emails. User administrators are now able to resend these emails to any user who has not responded. In addition, the requirements for creating a Control Center password are more robust.

The organization name that displays on all Control Center screens now enables you to quickly access any of the other organizations you belong to, without having to sign off and then back on again with a different user ID. Select the organization name and choose one of the available organizations.

General ledger accounts

Control Center now supports viewing and adding General ledger accounts.

Accounts

Deprecated

The following accounts endpoints were deprecated and will be removed on 1 September 2025:

  • GET /v2/accounts/:accountld/statements/:statementld/transactions
  • GET /v1/accounts/:accountld/transactions
  • GET /v2/accounts/:accountld/statements
  • GET /v1/accounts/:accountld/statements
  • POST /v2/customers/document-number
  • GET /v1/customers/:customerId/authorizations
  • PUT /v1/accounts/:accountld/duedate
  • GET /v1/accounts/:accountld/authorizations

Please use the following endpoints instead:

Docs

The new account status - DEBIT_ONLY - is now documented in the Accounts guide. This is the default status for accounts created after July, 2024.

This status indicates the account is active and allows cash-out but not cash-in. Accounts created before July, 2024 have NORMAL as their default status.

Authentication

Updated

The external_acount_id parameter was removed from the Get basic authentication access token endpoint of the Platform authentication API.

Client webhooks

Docs

The atc_database request field was updated for both the Zero balance validations webhook and the Full balance anti-fraud webhook in the Client webhooks guide to correctly identify the field as a string, with an example in the definition. Both sample requests were updated accordingly.

Flexible transaction controls

Updated

In the Evaluation requested event, removed currency_code from the accounts.from object.

Docs

In the Flexible transaction controls and Control Center Flex controls guides, the introductions were updated for clarity.

Docs

In the Create flex control per transaction type example, the withdrawal processing code was corrected to be 01.

Ledger

Docs

In the Update account limits endpoint documentation, the event name and field descriptions were updated.

Migrations

New

The Migrations API now includes the new Migrate disputes endpoint.

Updated

The Migrate on-us authorizations endpoint now includes the new InstallmentsDetails object.

Payments

Updated

In the Create processing code endpoint, the new tags field was added to the processing codes object. This is an array of enum strings with the following possible values: GLOBAL, BRAZIL, ARGENTINA, INDIA, NETWORK, VISA, MASTERCARD, ELO, RUPAY, TECBAN, UPI, PIX, BNPL, DEPRECATED.

Updated

The Request authorization endpoint now includes idempotency logic that returns status code 200 with the original authorization data for duplicate tracking_id requests.

Updated

In the Platform authorization created event, the authorization_validations field is now available.

Updated

In the Anti-fraud integration validation, the override_type field was added to additional_data.

Docs

In the Create adjustment (deprecated) endpoint documentation, the event name was updated.

Docs

The Get configuration by Org endpoint in the Payment configurations API was updated to include a note clarifying that the organization and account information is pulled from the access token.

Security

Docs

The Authentication with OpenID Connect guide was updated to give clarification regarding the Pismo-provided claims (keys) when generating your JSON Web Token (JWT). The values for the four keys, iss, sub, aud, and tenant_id, are provided by Pismo and are automatically generated by Control Center when a user creates a new credential.

Docs

The instructions for Checking message integrity in the Verifying webhook requests guide were rewritten for clarification.

Setup

Docs

The Programs API was comprehensively edited and rewritten for clarity. Additional text about export/import steps, program type IDs, and program types was added. Endpoint descriptions were significantly rewritten. The following endpoints were renamed:

Docs

A note was added to the Program types guide about program implementation and how long it takes for a program to be operational once created. Pismo has a 90 hour service level agreement to do the back-end configurations needed before a program can be used.

Transactions

Docs

The x-account-id header parameter was removed on the following transactions endpoints.

Docs

In the Create transaction type endpoint documentation, the event name was updated.

Events

Docs

In the Account balance history generated event documentation, all of the trigger_reason types now include detailed descriptions.

Instant payments

Updated

The new flex_controls parameter was added to the Pix Schedule transfer(s) V2 endpoint . This parameter applies a flex control to a Pix scheduled transfer.

Docs

More information was added to the RuPay and UPI instant payments guide about initial connection with the Pismo platform. Text was added to the Transfer funds endpoint about account_reference_number and the need to call List cards and Validate card data before calling Transfer funds.

Interest management

Docs

The Interest management API was updated to conform with Pismo standards: some endpoints were renamed, descriptions updated, and so on.

Transaction banking

Updated

Previously, in the following endpoints, the error message was value must be 999,999,999,999.99 or less. It is now updated to value must be 100,000,000,000,000,000 or less.

Updated

In the Create earmark endpoint, the following errors were added to inform a duplicate earmark or tracking ID has already been used:

409:

  • WEAM0001: earmark_id [{earmark_id}] is already in use.
  • WEAM0025: Tracking ID is already in use.

423:

  • WEAM0033: transaction using this tracking_id is in progress, please try again later.

Updated

In the Cancel earmark endpoint, the 403 error was added to indicate a duplicate tracking ID is already in use: WEAM0025: Tracking ID is already in use.

Updated

The new 400 error WCMN0004 : Invalid cursor was added to the following endpoints to allow the return of a more specific invalid cursor error instead of a generic 500 Internal server error:

Updated

The new 400 error WDIV0018: Invalid hierarchy was added to the following endpoints. This error occurs while creating a division with an organization ID whose hierarchy belongs to a different organization.

Updated

The new 400 error message WHIE0007: levels should have at least 1 item is issued when a request to Create hierarchy is made with the levels field left empty. Although this field is a required field, it does not force customers to add values to the child fields, thereby causing an error such as: levels: []. The addition of this new error is part of a validation mechanism to examine whether the required field and subfield index have values in them.

Updated

The new 400 error Amount has invalid decimal places for currency was added to the following endpoints. This error is generated when the amount submitted has incorrect decimal places; for example, for USD, the maximum allowed decimal place is two, while JPY (Japanese Yen) does not allow any decimal places. The decimal places for currency follow the ISO 4217 standard.

Docs

The new section Custom processing codes was added to advise customers that an error would occur if they use their own custom processing codes in a transaction without first informing Pismo, as using client’s own custom processing codes requires special configuration from Pismo. This section was added to the following guides:

Docs

The following error was removed from the Common error messages section in Bulk file-based payment processing:

WBLK1008:  Invalid signature: Org ID or bulk ID is not the same for signature and original files.

Authorizations

Docs

The List account authorizations endpoint in the Authorizations API was updated to include a note clarifying that the organization and account information is pulled from the access token.

Card network integration

Updated

The Rule list guide was updated to include previously undocumented rules and a number of rules were updated or corrected.

The following rules were added to the guide:

The following rules were updated to include additional_data field information:

The following rules were updated with corrections or clarifications:

Updated

A new Visa response code was added for custom code IMF (invalid message format) due to a mandate from the latest Visa release. This new code, 5C, is for card not present transactions, such as e-commerce transactions. This new response code is shown in the Authorization validations table in the Validation codes for authorization events guide.

The Visa response codes for MPC (program configuration not found) and PGE (program configuration generic error) were changed from 14 to N0.

Docs

The Clearing event examples section of the Authorization events guide was updated to include an ELO settlement file example.

Disputes

Updated

The following fields were removed from the Consumer disputes and the Processing errors tables:

  • AccountStatus in dispute_due_to = Late Presentment (processing errors table)
  • MerchandiseIdentifiedAsCounterfeit in dispute_due_to = Counterfeit Merchandise (consumer disputes table)
  • InfoMerchandiseToBeCounterfeit in dispute_due_to = Counterfeit Merchandise (consumer disputes table)

Noname

New

The new Cancel noname bulk operation endpoint is now available. Noname cards are batch-generated and not initially associated with customers, which occurs later.

Statements

New

The Get interest accrual summary endpoint now allows requests with periods of up to 60 days. However, for periods between 31 and 60 days, the interest_accrual_ids field is omitted in the response. The endpoint description was updated to explain this.

New

The new program parameter Enable accrual reversal for new accrual types was added to the table in the Program parameters guide.

Docs

The endpoint name was changed from “Update account overdue status” to Update account collection status, and the endpoint description was updated to use the term “collection status” instead of “overdue status”.

Docs

Updated the last paragraph of the Credit card cycles (billing periods) section to correct a couple of mistakes. The original version said that a new account is created with a moving window of 30 cycles. It’s actually created with a moving window of 42 cycles. It also said that the account would always have 30 future cycles. It actually always has one current cycle and 41 future cycles.

Docs

The credit_transaction field was removed from the sample 201 response of the List payment agreements endpoint.

Docs

In the Create payment agreement endpoint, the compulsory and split_iof fields were added to the sample 201 response. The installments field was removed from the 201 response body and the sample 201 response.

Docs

The description of the Stop accrual # of days program parameter was updated in the Program parameters table to reference the specific endpoint that can be used to post the accruals.

Docs

Clarified the description of the cycle field, which is returned by the following endpoints.

Docs

Descriptions were updated for the following endpoints:

Docs

Descriptions were corrected for the following parameters:

Docs

Docs

Documentation was updated in the following sections:

Docs

In the Full balance credit program guide, replaced the term “written off” with the terms “paid in full” or “paid off”, which are more accurate.

Docs

In Core objects, the collections_status in the Account object was incorrectly documented. It needed to be renamed collection_status, and the possible values were changed to NORMAL and OVERDUE.

Docs

The documentation was corrected to make the beginDate and endDate query parameters required in the following endpoints:

Docs

In the Close delinquent account endpoint and the Recurring charges API, the links to the events were updated to use the event names in the link text.

Docs

In the Save account interest rate endpoint, the description for the overdue_rate_after_due_date_multiplier_percent field was updated to clarify that the value entered should be a decimal value, not a percentage.

Docs

The description of the Create program transaction type endpoint was updated to clarify what kinds of transactions can be used to create program transaction types.

Tokenization

Updated

The migrated_tokens field was removed from the PAN updated event.

Control Center

New

Pismo Control Center now has a Report log feature. When a Control Center request fails, Control Center displays a popup message. The message includes a session log with details about your current login session. There is also a Copy report log button that copies the error report details for use in creating a Service Desk request.