ChangeLogs
All recent API updates and changes are listed here. Updated as of: 09 Nov 2025
Authentication API
Updated: Added mandatory email field and simplified headers for login API.
What Changed:
emailis now required in the request body- Only
x-api-keyheader is needed (removedx-client-id) - Updated request format for better consistency
New Request:
curl --location --request POST \
--url '{{baseUrl}}/api/v1/authentication/login' \
--header 'x-api-key: {{Shared X-API key By Zoqq}}' \
--header 'Content-Type: application/json' \
--data-raw '{
"client_key": "{{ClientID}}",
"client_secret": "{{ClientSecret}}",
"email": "test@email.com"
}'
Old Request (deprecated):
curl --location --request POST '{{baseUrl}}/api/v1/authentication/login' \
--header 'x-client-id: Shared By Zoqq' \
--header 'x-api-key: Shared By Zoqq' \
--data-raw '{
"client_key":"key",
"client_secret":"key"
}'
Create Account
Updated:
The type field now supports only one valid value.
What Changed:
- Allowed value:
virtual_account - Old values like
wallet_accountorglobal_accountare no longer supported - Requests using unsupported values will return an error: “Invalid account type… Must be: virtual_account”
Impact:
Clients must update their requests to use only virtual_account.
Any integration using old types will fail with a 400 error.
Update Account
Updated:
x-account-id header is now mandatory for updating an account.
What Changed:
- New required header:
x-account-id - Request will fail with: “x-account-id is a required header and is missing”
Impact:
Clients must include x-account-id in all PATCH requests.
Missing this header results in an error.
Close Account
Updated:
x-account-id header is now required for closing an account.
What Changed:
- Added required header:
x-account-id - DELETE requests without this header will return: “x-account-id is a required header and is missing”
Impact:
Clients must provide the correct x-account-id.
Without it, the close account API will reject the request with an error
Create Cardholder
Updated: Fixed incorrect endpoint path in documentation that caused 404 Resource Not Found.
What Changed:
- Correct path is now:
POST {{baseUrl}}/zoqq/api/v1/card/cardholder - Old path:
{{baseUrl}}/zoqq/api/v1/cardHolderswas removed - Request body and headers remain available in the API Reference section
Impact:
Clients should update their integrations to use the corrected path.
Get All Cardholders
Updated: Fixed incorrect path that caused 404 Resource Not Found.
What Changed:
- Correct path:
GET {{baseUrl}}/zoqq/api/v1/card/cardholder - Old/wrong path:
{{baseUrl}}/zoqq/api/v1/cardHolders(removed) - This is a GET endpoint — no request body. Full examples remain in the API Reference.
Impact
Clients using the old path will receive 404 — update integrations to use the corrected GET path. If 404 persists, verify baseUrl, token validity, and case-sensitive routing.
Activate Card
Updated: Activation now requires passing id as a query parameter.
What Changed:
- Correct format:
POST {{baseUrl}}/zoqq/api/v3/card/activate?id={{CardID}} - Old documentation incorrectly placed
idin the request body - Body is not required for this endpoint
Impact
Clients must include the id in the URL.
If omitted, server returns: “id is a required parameter and is missing.”
Update Card
Updated:
- Endpoint now uses v3 and requires card_id as a query parameter.
- updated_by field is now part of the request body.
What Changed:
- Correct path:
PATCH {{baseUrl}}/zoqq/api/v3/card?id={{CardID}} - Old path:
{{baseUrl}}/zoqq/api/v1/carddid not include the id in the URL. updated_byfield was not present in previous documentation. Body structure remains the same except for the addition ofupdated_by.
Impact:
Clients must pass id in the URL; otherwise response: "id is a required parameter and is missing." Requests using the old v1 endpoint or missing id will fail. Clients need to add updated_by in the request body for v3.
Update Cardholder
Updated:
The endpoint now uses v3 and requires the cardholder id in the URL.
What Changed:
- Corrected path:
PATCH /zoqq/api/v3/card/cardholder?id={{CardholderID}} - Old path:
/zoqq/api/v1/cardHolders(id was sent in the body) updated_byandupdated_atcan now be included in the body.
Impact:
If id is not passed in the URL, the server returns: 404 Resource Not Found.
Clients must update their integrations to use the new v3 path and URL-based id.
Get Card Transactions
Updated: The endpoint now requires the card id in the URL.
What Changed:
- Updated path:
GET {{baseUrl}}/zoqq/api/v1/card/transaction?id={CardID} - Previously, card id was expected in the request body
- Now, the request body must be empty
Impact:
If card id is not passed in the URL, the request will fail. Clients must remove body params and include the id only in the query parameter.
Get All Webhooks
Updated: Endpoint structure and response format have been updated.
What Changed:
- New endpoint:
GET {{baseUrl}}/getallwebhooks?program_code={{Shared ProductID By Zoqq}} - Old endpoint
{{baseUrl}}/zoqq/api/v1/webhook/getallwebhookis deprecated - Response now returns data inside a
dataarray - Includes
event_descriptionfield in results
Impact:
Clients must update their integrations to use the new endpoint and response format. Older endpoint may return incomplete or unsupported responses.
Subscribe Webhook
Updated: Endpoint, request body fields, and authentication requirements have been updated.
What Changed:
- New endpoint:
POST {{baseUrl}}/api/subscribe - Old endpoint
{{baseUrl}}/zoqq/api/v1/webhook/subscribeis deprecated - Added new field
sender_email(required) - Added new field
updated_by(optional — used only during webhook update) subscription_typenow supports two values:w(webhook) andn(notification)- Now requires
x-api-keyto be passed in the request body
Impact:
Clients must migrate to the new endpoint and update their request body to include
sender_email, optional updated_by, and x-api-key.
Old payload structure will fail and may result in request rejection.
Update Webhook
Updated: Endpoint, method type, and required request fields have been updated.
What Changed:
-
New endpoint:
PATCH {{baseUrl}}/api/subscribe} -
Old endpoint
PUT {{baseUrl}}/zoqq/api/v1/webhook/updateis deprecated -
HTTP method changed from PUT → PATCH
-
Expanded request body with additional required fields:
subscription_typeagent_codesubagent_codeprogram_codecompany_codecreated_byupdated_byx-api-key
-
Old payload structure with only
event_name,webhook_url, andmodified_byis no longer valid
Impact:
Clients must update their integration to use the new PATCH endpoint and send the full request body. Old requests will fail and return validation errors.
Delete Webhook
Updated: Endpoint and request structure have been modified.
What Changed:
-
New endpoint:
DELETE {{baseUrl}}/api/subscribe} -
Old endpoint
DELETE {{baseUrl}}/zoqq/api/v1/webhook/deleteis deprecated -
Request body format updated with additional mandatory fields
-
New required fields added:
subscription_typeagent_codesubagent_codeprogram_codecompany_codecreated_bywebhook_urlupdated_by
-
Old payload with just
event_name&deleted_byis no longer supported
Impact:
Clients must switch to the new endpoint and include all required fields in the request body. Old delete request formats will return validation errors.
✅ New API Additions
CARDS
1. GET Cardholder Details: Fetches complete information for a specific cardholder using their ID.
2. DELETE Cardholder: Deletes an existing cardholder from the system.
3. GET All Cards by Cardholder ID: Returns all cards associated with a given cardholder.
FOREIGN EXCHANGE
1. GET Current Rate: Provides the latest FX rate for the requested currency pair.
PAYOUT
1. GET Beneficiary by ID: Retrieves beneficiary details using a unique ID.
2. Delete Beneficiary: Deletes an existing beneficiary using the BeneficiaryID.
3. GET Payout Status: Checks the current status of a payout.
4. PATCH Cancel Payout: Cancels an initiated payout (if eligible).
5. GET Scheduled Payout List: Fetches all scheduled payouts for the account.
WEBHOOK
1. Retrieve Subscribed Webhook: Gets the list of subscribed webhooks.