none
6 December 2023 - Release Notes
about 1 year ago by Mike Ireson
* Input validation and sanitization for `customer onboarding` endpoint
* Enhancement for fraud check payloads to map to compliance monitoring system
## Avenu API Release Notes 1.8.5
## Overview
### Input validation and sanitization for `customer onboarding` endpoint
This enhancement entails guard railing the input provided to the customer onboarding endpoint by enforcing size, format and mandatory restrictions to those parameters. As a corollary to this implementation, error response codes were also implemented that are now provided and present concise and specific feedback to the calling application/consumer about the restriction violated.
### Enhancement for fraud check payloads to map to compliance monitoring system
This enhancement surfaces the "comments" field that is returned and maps it to the correlating field in the compliance monitoring system, in order to provide more useful information for those working the compliance alerts.
## What's New?
### The following release notes detail the updates we have included in this release.
### Input validation and sanitization for `customer onboarding` endpoint
`POST {avenu_base_url}/onboard/v1/customer`
The following input parameters table includes the new size, format, and requirements for each field.
#### Input Parameters
| Parameter | Format | Length Restriction | Required | Explanation |
| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :----------------- | -------- | :----------------------------------------------------------------------------------------------------------------------------------- |
| "firstName" | String - may not contain special characters. | 50 | Y | The Avenu customer's first name. |
| "middleInitial" | String - may not contain special characters. | 1 | N | The Avenu customer's middle initial. **Avenu will not accept a full middle name, only an initial** |
| "lastName" | String - may not contain special characters. | 50 | Y | The Avenu customer's last name. |
| "dateOfBirth" | String; [ISO 8601 YYYY-MM-DD](https://www.iso.org/iso-8601-date-and-time-format.html) | 10 | Y | The Avenu customer's date of birth. |
| "address" | String | 200 | Y | The customer's physical street address. |
| "city" | String | 100 | Y | The customer's city. |
| "state" | String - US standard 2 letter state codes. | 2 | Y | The customer's state. |
| "zipCode" | Number - may not contain dashes or hyphens and should be numbers only. | 5 or 9 digits | N | The customer's zip code. |
| "country" | String; [ISO 3166 Alpha-3 country code](https://www.iso.org/iso-3166-country-codes.html) | 3 | Y | The address' country. |
| "citizenship" | String; [ISO 3166 Alpha-3 country code](https://www.iso.org/iso-3166-country-codes.html) | 3 | Y | The customer's citizenship. |
| "email" | String - No special characters except the "at" sign (@) directly preceding the domain name. Alphanumeric prefix with the @ symbol followed by most common top level domains. Should be of the format xyz@`<companyname>`. .com/.co/.net/.org/.edu/.gov/.us | 320 | Y | The customer's email. |
| "mobilePhone" | Number - should be numbers only and may not contain dashes or hyphens. | 10 | Y | The customer's mobile phone. |
| "idType" | String - see ID Type table below for acceptable values | 20 | Y | Government ID type. See types table below. |
| "idNumber" | String - may not contain special characters | 20 | Y | Number on government id. |
| "idIssuedBy" | String - ISO 3166-2 "US" prefix with the 2 letter state code or just the 2 letter state code. ("US-XX" or just "XX".) Use "USA" for SSN idType. | 5 | Y | Government entity issuing id. Use USA for SSN. Use "US-AL" as an example for United States Alabama. US plus two letter state code. |
| "idIssueDate" | String; [ISO 8601 YYYY-MM-DD](https://www.iso.org/iso-8601-date-and-time-format.html) | 10 | N | Government entity issue date. |
| "idExpirationDate" | String; [ISO 8601 YYYY-MM-DD](https://www.iso.org/iso-8601-date-and-time-format.html) | 10 | N | Government entity expiration date. |
| "deviceId" | String - may not contain special characters except dashes/hyphens. | 100 | N | The user's unique device identifier. |
| "deviceType" | String - may not contain special characters. | 50 | N | The type of the user's device |
| "deviceName" | String - may not contain special characters. | 100 | N | The name given to the user's device. |
| "deviceOperatingSystem" | String - may not contain special characters. | 100 | N | The OS of the user's device. |
| "deviceIPAddress" | String - should follow the dot-decimal notation, consisting of four decimal numbers, each ranging from 0 to 255, separated by dots. | 15 | N | Current IP Address for the device. |
| "deviceLocation" | String - may not contain special characters. | 100 | N | Current location for the device. |
| "deviceLongitude" | String - should conform to the [ISO 6709:2022](https://www.iso.org/standard/75147.html) standard for longitudes and latitudes. | 50 | N | Device's location longitude. |
| "deviceLatitude" | String - should conform to the [ISO 6709:2022](https://www.iso.org/standard/75147.html) standard for longitudes and latitudes. | 50 | N | Device's location latitude. |
| "deviceUser" | String - may not contain special characters. | 50 | N | The name of the user of the device. |
| "deviceIMEINumber" | String - may not contain special characters. | 15 | N | Mobile device unique equipment identifier. |
| "deviceTorEnabled" | Boolean - can only be Y/N | 1 | N | Device is/is not using Tor browser. |
| "deviceFirstSeen" | String; [ISO 8601 YYYY-MM-DD](https://www.iso.org/iso-8601-date-and-time-format.html) | 10 | N | Date/Time the device was first used to access Avenu. |
| "deviceLastSeen" | String; [ISO 8601 YYYY-MM-DD](https://www.iso.org/iso-8601-date-and-time-format.html) | 10 | N | Date/Time the device was last used to access Avenu. |
Error codes have also been modified to provide more useful and specific details for why and error occurred.
#### Error Codes
For Required, Size, and Format restrictions an error code may be returned for each field. Only one error code is returned per field each time in that order. For example, if `firstName` is >50 characters and has special characters, only the size restriction error code and message will be sent back **first** as:
```json
{
"code": "CA3107",
"message": "firstName: Invalid Length"
}
none
16 November 2023 - Release Notes
about 1 year ago by Mike Ireson
- Additional context provided in fraud check
- Enhancement to
idScanresponse handling from vendor 🆔
none
2 November 2023 - Release Notes
about 1 year ago by Mike Ireson
- Increase ACH transmission jobs to twice daily
- Improvements to handling of ACH ODFI Returns
idScanresponse logging improvements- Continued payment webhook notification enhancements
none
19 October 2023 - Release Notes
about 1 year ago by Mike Ireson
- Enhancement to
transferendpoint - Update to GET
payment statusendpoint - Payment webhook status notification enhancements 💰
none
5 October 2023 - Release Notes
about 1 year ago by Mike Ireson
- Enhanced error code handling for
transferendpoint - Fix for
paymentsendpoint to return ACH_TRANSFER on applicable payment types for recent payments. - Additional payment details added in
transferendpoint response body
none
21 September 2023 - Release Notes
over 1 year ago by Dan V
- New
transferendpoint - Updates to the Payment Status Webhook and
paymentsendpoint - Sandbox customer onboarding defect resolutions
none
20 July 2023 - Release Notes
over 1 year ago by Mike Ireson
- Rationalizing duplicate customer account creation error message
none
29 June 2023 - Release Notes
over 1 year ago by Dan V
- Performance improvement for GET Payment Details endpoint
- Incorrect status code for 'Missing Required Information' error
none
15 June 2023 - Release Notes
over 1 year ago by Dan V
- Introducing Webhooks! 🎣
- Performance improvement for GET Payment Details endpoint