Skip to main content
Skip table of contents

Crassula Release Week 7

core v.25.02.5-25.02.6
client v.25.02.2-25.02.3

Improvements

Administrative panel

Added an Admin IP field to the Administration → Activity Log section for improved traceability of administrative actions.

API

Introduced a new API method GET /api/clients/{ID}/issued-cards/{ID}/external-transactions, enabling users to retrieve card transaction details (raw data) directly from the card provider. This functionality is currently supported for Decta provider users.

See Banking API for more detail.

Card products

Implemented the top-up functionality for the Unlimit provider cards.

Transfers

  • Improved internal payment processing logic to prevent transaction duplication across providers.

  • Added a Tag field for outgoing XRP, XLM, and TON transfers to ensure accurate transaction processing.

Fixes

Accounts

Addressed an issue with ClearBank real MCCY accounts that prevented users from suspending or unsuspending accounts. The functionality now works as expected.

Card issuing

Fixed an issue where the same cardholder data was used for multiple companies when ordering cards via the Decta provider. Now, each company is assigned a unique cardholder, and their details are sent to the provider accordingly.

Transfers

Fixed an issue with the EqualsMoney provider, which caused duplicate user creation requests during account activation. Now, a single request is sent per user.

Web and Mobile Interface

  • Resolved a filtering issue in Dynamic Payments where available currencies were not displayed correctly despite sufficient account balances.

  • Corrected a frontend validation issue that incorrectly flagged insufficient balances for currencies with many decimal places.

Upcoming Updates

Improvements

API

  • We will introduce an optional query parameter, mgf1, for encrypting sensitive card data in API responses (/cardholder-data, /pin-code). This parameter defines the padding algorithm for encryption. By default, the parameter will be set to sha-256, with sha-1 as an alternative option. If the query parameter is not passed in the request, the default padding will be used. Currently, the default encryption type is sha-1, but it will transition to sha-256 in the future. If you regularly handle card data retrieval, please refer to the upgrade note for more details on this change.

  • The following API methods will no longer allow users to retrieve sensitive card data (such as PINs, card numbers, and CVC codes) in unencrypted form. Previously, users could optionally receive unencrypted responses. This option will be removed, and the methods will only return encrypted data going forward.

    • GET /api/clients/{clientId}/issued-cards/{id}/pin-code

    • GET /api/clients/{clientId}/issued-cards/{id}/cardholder-data

See Banking API for more detail.

Transfers

The Local Worldwide section in Transfers menu will be permanently removed. This will not affect transaction functionality, as the Dynamic Payments feature now fully replaces it.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close