{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-products/fincore/sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":[]},"type":"markdown"},"seo":{"title":"2026-01-05","siteUrl":"https://docs.monato.com","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"2026-01-05","__idx":0},"children":["2026-01-05"]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"summary","__idx":1},"children":["Summary"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This release introduces a public Changelog, adds client-scoped webhook management endpoints, and simplifies authentication so that JWT is the primary credential used for API operations."]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"added","__idx":2},"children":["Added"]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"public-changelog--docs","__idx":3},"children":["Public Changelog — ",{"$$mdtype":"Tag","name":"em","attributes":{},"children":["Added"]}," [Docs]"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Impact:"]}," You can track API and documentation changes in one place, with daily release notes.",{"$$mdtype":"Tag","name":"br","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Action required:"]}," None.",{"$$mdtype":"Tag","name":"br","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["References:"]}," ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/fincore/changelog"},"children":["Changelog home"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"client-scoped-webhooks-management-endpoints--behavior-operational","__idx":4},"children":["Client-scoped Webhooks Management endpoints — ",{"$$mdtype":"Tag","name":"em","attributes":{},"children":["Added"]}," [Behavior] [Operational]"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Impact:"]}," You can manage webhooks per client (list, create, retrieve, update, delete) using client-scoped endpoints.",{"$$mdtype":"Tag","name":"br","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Action required:"]}," Prefer the client-scoped endpoints for all webhook operations.",{"$$mdtype":"Tag","name":"br","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["References:"]}]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["GET /v1/clients/{clientId}/webhooks"]}," — list webhooks for a client"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v1/clients/{clientId}/webhooks"]}," — create a webhook for a client"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["GET /v1/clients/{clientId}/webhooks/{id}"]}," — retrieve a webhook"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["PATCH /v1/clients/{clientId}/webhooks/{id}"]}," — update a webhook"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["DELETE /v1/clients/{clientId}/webhooks/{id}"]}," — delete (soft-delete) a webhook"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"webhookupdaterequest-schema--behavior","__idx":5},"children":["WebhookUpdateRequest schema — ",{"$$mdtype":"Tag","name":"em","attributes":{},"children":["Added"]}," [Behavior]"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Impact:"]}," Webhooks can be partially updated (e.g., ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["url"]},", ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["token"]},", ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["webhook_status"]},", optional ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["auth_*"]}," fields).",{"$$mdtype":"Tag","name":"br","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Action required:"]}," When updating a webhook, send only the fields you want to change.",{"$$mdtype":"Tag","name":"br","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["References:"]}," ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["PATCH /v1/clients/{clientId}/webhooks/{id}"]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"changed","__idx":6},"children":["Changed"]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"authentication-simplification-jwt-first--behavior-operational","__idx":7},"children":["Authentication simplification (JWT-first) — ",{"$$mdtype":"Tag","name":"em","attributes":{},"children":["Changed"]}," [Behavior] [Operational]"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Impact:"]}," ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["x-api-key"]}," is now ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["bootstrap-only"]}," (used to obtain a JWT). After a JWT is issued, API calls should use ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["only"]}," ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Authorization: Bearer <JWT>"]},".",{"$$mdtype":"Tag","name":"br","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Action required:"]}," Stop sending ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["x-api-key"]}," on operational API calls; keep it only for JWT bootstrap flows.",{"$$mdtype":"Tag","name":"br","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["References:"]}," ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v1/clients/{clientId}/auth/credential-tokens"]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"cep-webhook-clarification-for-penny-validation--docs-operational","__idx":8},"children":["CEP webhook clarification for Penny Validation — ",{"$$mdtype":"Tag","name":"em","attributes":{},"children":["Changed"]}," [Docs] [Operational]"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Impact:"]}," The CEP webhook is triggered only for ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Penny Validation"]}," transactions (",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["amount = 0.01 MXN"]},"). ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["INITIALIZED"]}," may appear on API reads but is ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["not emitted"]}," by the CEP webhook and should be treated as ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["PENDING"]},".",{"$$mdtype":"Tag","name":"br","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Action required:"]}," Ensure your CEP webhook consumer does not expect ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["INITIALIZED"]}," events; treat API-read ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["INITIALIZED"]}," as ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["PENDING"]},".",{"$$mdtype":"Tag","name":"br","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["References:"]}," ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["/products/fincore/guides/penny_validation"]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"deprecated","__idx":9},"children":["Deprecated"]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"legacy-webhook-creation-endpoint--breaking","__idx":10},"children":["Legacy webhook creation endpoint — ",{"$$mdtype":"Tag","name":"em","attributes":{},"children":["Deprecated"]}," [Breaking]"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Impact:"]}," ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v1/webhooks"]}," is deprecated in favor of the client-scoped endpoint.",{"$$mdtype":"Tag","name":"br","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Action required:"]}," Migrate to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v1/clients/{clientId}/webhooks"]},".",{"$$mdtype":"Tag","name":"br","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["References:"]}," ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v1/clients/{clientId}/webhooks"]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"migration-notes","__idx":11},"children":["Migration notes"]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["JWT-first auth"]}]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Use ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["x-api-key"]}," to obtain a JWT."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Use ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Authorization: Bearer <JWT>"]}," for all subsequent API calls."]}]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Webhook creation"]}]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["If you used ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v1/webhooks"]},", migrate to:",{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["POST /v1/clients/{clientId}/webhooks"]}]}]}]}]}]}]}]},"headings":[{"value":"2026-01-05","id":"2026-01-05","depth":1},{"value":"Summary","id":"summary","depth":2},{"value":"Added","id":"added","depth":2},{"value":"Public Changelog — [Docs]","id":"public-changelog--docs","depth":3},{"value":"Client-scoped Webhooks Management endpoints — [Behavior] [Operational]","id":"client-scoped-webhooks-management-endpoints--behavior-operational","depth":3},{"value":"WebhookUpdateRequest schema — [Behavior]","id":"webhookupdaterequest-schema--behavior","depth":3},{"value":"Changed","id":"changed","depth":2},{"value":"Authentication simplification (JWT-first) — [Behavior] [Operational]","id":"authentication-simplification-jwt-first--behavior-operational","depth":3},{"value":"CEP webhook clarification for Penny Validation — [Docs] [Operational]","id":"cep-webhook-clarification-for-penny-validation--docs-operational","depth":3},{"value":"Deprecated","id":"deprecated","depth":2},{"value":"Legacy webhook creation endpoint — [Breaking]","id":"legacy-webhook-creation-endpoint--breaking","depth":3},{"value":"Migration notes","id":"migration-notes","depth":2}],"frontmatter":{"title":"2026-01-05","description":"JWT-first authentication, client-scoped webhooks management, CEP clarification, and Changelog launch.","sidebar":"../sidebars.yaml","seo":{"title":"2026-01-05"}},"lastModified":"2026-01-05T20:30:57.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/products/fincore/changelog/2026-01-05","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}