API Release Notes

Upcoming changes


INFO there is no concrete release date yet, please get in contact with us to get more details

SOON these changes will be released within the next 2-4 weeks

NEXT these changes will be released within the next days

List of Upcoming changes



Adjustments to API integration

Adjustments to business process


Update of our testing environment (including connect-testing.secupay-ag.de)

The server is maybe not reachable during the update.


API adjustments for a new self on-boarding process of merchants by broker.

New properties for the endpoint POST Payment/Contracts/.../requestId.

New endpoint GET host/General/Merchants/me/Merchantcategories.


API adjustments for managing (external) SEPA mandates.

New endpoints GET/POST Payment/Mandates.


New major version 3.x of the Secuconnect PHP SDK for a better environment support.

The minimum supported PHP version will be PHP 8.1, and the version 2.x of the SDK will not be actively developed anymore.

Latest changes



Adjustments to API integration

Adjustments to business process


The Smart/Transaction endpoint uses the PayPal intent AUTHORIZE if the property payment_context.auto_capture is set to false.

This allows to capture the payment up to 29 days, instead of 3 hours after the confirmation.

Please note that we are not doing a re-authorize on PayPal. A fter the three-day honor period, the original authorized payment expires and a capture could fail.


Internal update of the TWINT integration.

The property iframe_url of the endpoint POST Payment/Transactions contains the direct URL to Saferpay/TWINT.

The process for the payer is now faster and there are less redirects in the browser.


The parent element/object is included on each merchant element in the API response.




Adjustments to API integration

Adjustments to business process


Live-Sync of Card Processing transactions.

New card processing transactions will now be visible within minutes instead of 2 days.


More refund transaction types (product id: 93) are available via GET Payment/Transactions endpoint.


The reference between Payout (POU_...) and Refund transactions (PCI_...) at payment transaction object includes now "related_transactions" with "ref_type_id": 14 ("Abzug von Auszahlung").


New release of secuconnect/secuconnect-java-sdk

see https://github.com/secuconnect/secuconnect-java-sdk/releases/tag/3.14.0

or https://github.com/secuconnect/secuconnect-java-sdk/blob/3.14.0/CHANGELOG.md


Introducing "prepayments for API payouts":

  • New endpoints

    • GET General/Contracts/GCR_.../getTransferBalance

    • POST Payment/Transactions/PCI_.../assignTransferBalance

  • New product IDs

  • New relation types in payment.transactions


Internal update of the TWINT integration.


New password policy for secuOffice.


New release of secucard/secucard-connect-php-sdk

see https://github.com/secucard/secucard-connect-php-sdk/releases/tag/1.25.0

or https://github.com/secucard/secucard-connect-php-sdk/blob/master/CHANGELOG.md


Introducing "debit collecting without payment guarantee":

  • New product IDs

    • debit collecting (ID 459)

    • Returned debit (ID 501)

  • New relation types in payment.transactions

    • ID 19

    • ID 125

It will behave similar to the other debit products in the Smart/Transactions and Payment/Transactions endpoints.


New release of secuconnect/secuconnect-php-sdk

see https://github.com/secuconnect/secuconnect-php-sdk/releases/tag/2.19.0

or https://github.com/secuconnect/secuconnect-php-sdk/blob/master/CHANGELOG.md


The endpoint GET /api/v2/Payment/Transactions/PCI_.../checkStatus will return 3 new properties:

  • status_text

  • status_simple

  • status_simple_text


In order to solve the inaccurate purpose of the amount parameter in the endpoint POST Payment/Transactions/{paymentTransactionId}/cancel this parameter is marked as deprecated. Please use the new reduce_amount_by parameter instead.

Use the new parameter reduce_amount_by, which will deduct the payment by this value.

An empty value will (still) cancel/refund the complete transaction.


The validation of the endpoint PUT Smart/Transactions/STX_... is extended to avoid invalid transaction data.

Make sure that every time you are updating the smart transaction, the data you send is up to date.


New release of secuconnect/secuconnect-php-sdk

see https://github.com/secuconnect/secuconnect-php-sdk/releases/tag/2.18.0

or https://github.com/secuconnect/secuconnect-php-sdk/blob/master/CHANGELOG.md


The validation of the endpoint PUT Smart/Transactions/STX_... was extended. Changing the basket of a payed transaction is no longer possible.


New release of secucard/secucard-connect-php-sdk to support new PHP versions.

see https://github.com/secucard/secucard-connect-php-sdk/releases/tag/1.24.0

or https://github.com/secucard/secucard-connect-php-sdk/blob/master/CHANGELOG.md


New release of secucard/secucard-connect-javascript-sdk to remove unneeded dependencies.

see https://github.com/secucard/secucard-connect-javascript-sdk/releases/tag/0.7.0

or https://github.com/secucard/secucard-connect-javascript-sdk/blob/master/CHANGELOG.md




Adjustments to API integration

Adjustments to business process


New release of secuconnect/secuconnect-php-sdk to support the aggregation features of the API and to add missing Smart/Transaction endpoints.

see https://github.com/secuconnect/secuconnect-php-sdk/releases/tag/2.17.0

or https://github.com/secuconnect/secuconnect-php-sdk/blob/master/CHANGELOG.md


The endpoint GET /api/v2/Payment/Transactions/PCI_.../checkStatus allows also the old id/hash format:
GET /api/v2/Payment/Transactions/abcdefg123456/checkStatus


Improved support for PayPal subscriptions with digital goods and a new field name " product_type" in the /Subscription/Plans endpoints.


The Endpoint Smart/Transactions will allow a new "item_type": " reauthorization".

A new endpoint POST Smart/Transactions/SUB_.../UpdatePaymentContainer is added to update the payment instrument of a subscription (with debit and credit card).


Unification of the field "object" in push notifications.

Push notifications with the following object will be send in lower case:

  • payments.subscriptions (before Payments.Subscriptions)

  • general.contracts (before General.Contracts)

  • payments.transactions (before Payments.Transactions for PayPal transactions)

The deprecated push notification for "payment.contracts" will be removed, as this one was replaced with the "general.contracts" push notification, which is send out in the same time.


JAVA and PHP-SDK update




The endpoint POST Services/Identrequests (and related) will allow the new provider type "3rdParty".


Push-Notifications for partial amount reduction will be send too.

When the application receives a push notification for a payment transaction, the application should check for a changed amount as the status will change only if there is a complete cancellation.


A new payment method called "eps Überweisung" is available via the smart transaction endpoints.


A new payment method called "giropay" is available via the smart transaction endpoints.


A new payment method called "Ratenkauf by easyCredit" is available via the smart transaction endpoints.


The endpoint POST Payment/Secupaypayout allows to specify an order_id for each item in the transaction_list.


A new element "purpose" is added to the GET Loyalty/Transactions endpoints.


Push-Notifications for partial refunds are send for the main payment transaction.

When the application receives a push notification for a payment transaction, the application should check for a changed status and also for new related_transactions (of ref_type_id: 19) as the status will change only if there is a complete refund.

Sample response of GET /payment/transactions/PCI_...

"object": "payment.transactions",
"merchant": {...},
"related_transactions": [
"object": "payment.transactions",
"hierarchy": "child",
"ref_type_id": 19,
"ref_type_raw": "Gutschrift / Refund",
"trans_id": 21314564
"trans_id": 21313900
"product": "Payment in advance",
"status": 6,
"status_text": "abgeschlossen",


If the given push_url begins with https:// the server needs to send a valid certificate, which can be validated correctly.

Make sure that the application does not use self-signed certificates and that all required intermediate certificates are also send by the server.

You can use https://www.sslshopper.com/ssl-checker.html or a similar service to check the server settings.


New endpoints Smart/Articles to setup articles for the terminal application.


The new endpoint POST General/Contracts/GCR_.../terminate can be used to dismiss a specific (sub-)contract.

To use this functions an update of the SDK would be necessary.


The all endpoints of Loyalty/Beacons and Loyalty/Checkins has been removed, as they were deprecated and not in use anymore.


The endpoint POST Smart/Transactions/STX_.../prepare returns a more accurate error message if the basket_sum is 0.


The endpoint POST Smart/Transactions got a new parameter "accrual", which allows to set the accrual-flag individually for each transaction.

The payload for create Smart Transaction can contain:

"payment_context": {
"accrual": true,


The endpoint GET /Payment/Transactions/me/CrowdFundingData/MRC_... got new response fields.

If you are using our SDKs you need to update to the newest version.

If you are using a customized integration this would be a sample of the new response:

"project": {
"currency": "CHF",
"debit": {
"count": 0,
"amount": 0
"credit_card": {
"count": 27,
"amount": 464000
"prepay": {
"count": 17,
"amount": 205000
"sofort": {
"count": 0,
"amount": 0
"twint": {
"count": 123,
"amount": 1251500
"deposited_amount": 2002000,
"paid_out": 1982000,
"deducted_amount": 8000,
"open": {
"total": 12000,
"outside_cancellation_period": {
"total": 8900
"inside_cancellation_period": {
"total": 3100,
"debit": 500,
"credit_card": 0,
"prepay": 2000,
"sofort": 0,
"twint": 600


The endpoint POST Payment/PaymentSecupaydebits will now return the error "Payment method not available (for this customer)" (Code 3006) when the scoring logic denies to complete the transaction.

It's now the same behavior as for the endpoint POST Payment/PaymentSecupayinvoices. No adjustments are necessary.


Validation rules will be extended for the parameter reason at the endpoint POST Payment/Transactions/PCI_.../cancel:

  • maximum of 100 valid chars

  • valid chars:

    • a - z

    • A - Z

    • 0 - 9

    • special characters: / ? : ( ) . , ' + -

    • spaces

In order to avoid validation errors from the secuconnect API, your application needs to filter or replace other characters from the input.

Allowed Characters:

regular expression
[0-9a-zA-Z .,+\-:?()\/']*

Additional information: https://www.europeanpaymentscouncil.eu/document-library/guidance-documents/sepa-requirements-extended-character-set-unicode-subset-best


Validation rules will be extended for the parameter nationality at the endpoint POST Payment/Contracts/.../requestId and POST Payment/Contracts/.../clone:

  • ISO 3166-1 alpha-2

  • One of the iso_code from the endpoint GET Public/Website/me/AvailableCountries

The application should send correct values or skip this input field.


New Input fields are added to the endpoint POST Loyalty/MerchantCards/MRC/createMerchantcards to send additional information of the related customer.

To use this functions an update of the SDK would be necessary.


The payment methods sofort and paypal will also allow loyalty transactions within the checkout of a smart transaction with assigned smart device.


In order to simplify the API (by removing not used functions), the endpoint POST Payment/Contracts/.../requestId will NOT allow to send a CNT_... ID instead of the contact data anymore.

Your implementation MUST NOT use any CNT_... IDs (which is normally the case).


The endpoints of the Smart/Transactions will also pass non-numeric article numbers.


Google Pay and Apple Pay support for payment containers and smart transactions.


The endpoints for Payment/Contracts will only provide GCR-IDs.
The endpoints will still work with existing PCR-IDs but they will not create or return new PCR-IDs anymore.

If you validate the IDs you need to adjust your validation rules to allow "GCR_..." values too.


The application_context in the Smart Transaction object allows now to send details about the used shop plugin to for a better integration/customer support.

If you are a vendor of shop plugin please get in contact with us to get more details about this feature.


There is a new endpoint POST Payment/Transactions/PCI_.../increaseAmount to change the amount for existing prepay transactions.

It's now possible to change the amount for an open (not paid) prepaid transaction, f.e. in case the payer wants to add something afterwards, or want to change the shipping method.


The endpoint GET Services/Identcontracts will return some new fields, to support external Post-Ident settings.

The endpoint POST Services/Identrequests will allow the new provider type "post_ident_extern".


The endpoints for Smart/Transactions will also provide the payment_links if there was no customer data given.

The payment customer data could be collected within the checkout process on the smart checkout page.


revision of the endpoints "Services/Ident..."

The request and response elements has been changed and needs to be adjusted.


The endpoint PUT Payment/Transactions/.../shippingInformation now also accepts the "order_id" to provide the order number in case it is not yet available at the time of submission.


The product PayPal via secupay changes its name to PayPal Collecting in order to achieve a uniform name for similar products.

The endpoint POST General/Contracts/GCR_.../GetAvailablePaymentMethods then returns a new value PayPal instead of PayPal via secupay.

The endpoint GET Payment/Transactions/ is also affected by this and now returns the name PayPal Collecting.


The endpoint GET /Payment/Transactions/me/CrowdFundingData/MRC_... now returns the currency and other payment types such as PayPal.