In a rare case the push-service could send event messages twice. This will be blocked now.

The push notifications for sub-transations were not send to the individual URL, if some generic URL was set in the contract. This is fixed now.

The Push-Service could send messages for IDs that are not accessible via the common API endpoint. This is fixed now. 

In order the merchant can communicate it the buyer, the API caller receives the Card Security Codes (CSC) when creating secucards.

An API call to POST Loyalty/MerchantCards/MRC_xyz/CreateMerchantcards/CRG_xyz will return the CSCs of the cards among the card data.

Removed the "Sofort" payment method from the API, as Klarna discontinued this service on 30 September 2025.

As a user I want to have an endpoint for creating User Attributes so that they can then be added to sub-contracts when they are created via the General/Contracts/ Endpoint.

New Endpoints "POST|PUT|GET|DELETE General/Contracts/.../AdditionalInformation/..."

Adjustments for credit card handling, to meet new PCI-DSS requirements.

You should whitelist the domain https://sppf.secupay.com/ if your application is using the credit card checkout process. This new domain will replace https://cc.secupay.com/. All requests to the old domain will be redirected to the new one in the near future.

We adjusted the account owner and purpose input sanitizing for the following endpoints:

POST /Payment/Secupaypayout

POST /Payment/Secupaypayout/me/PayoutWithoutCustomer

The endpoints shall reject all entries that do not match the following restricted character set for the owner and description key value:

^[A-Za-zÄÖÜäöüß0-9'?:,()\-+./&*$% ]*$

When creating creating a store, the country code was not saved. This is fixed now.

As a merchant, I would like to see the new 'Refund Retoure' products in secuoffice payment transaction grid.

As a merchant, I would like to be able to submit a dynamic descriptor per transaction to allow the cardholder to recognize the business name and city on their card or bank statement.

As an API user, I can choose which payment methods are displayed on the Payment Page / Smart Checkout.

Improvements for Push-Service, to avoid postponed messages.

Failed push messages will be send repeatedly in a longer interval, if it was failed multiple times (not every 5 minutes, like before).

Fixed some issues with IBAN validation for Italy.

The description of the payment transaction for product ID 38 and 39 will be not overwritten anymore.

Improve processing speed POST /Services/Identrequests

Improve processing speed POST /Payment/Contracts/{id}/requestId

Improved processing speed GET /Payment/Contracts/{id}

New product ids for "VISA Debit" and "Gutschrift VISA Debit"

Small improvements for Twint payments.

Fix for getAvailablePaymentMethods endpoint. On contracts with multiple currencies, the result was in some rare cases not correct.

Adjustments to avoid an unwanted (full) cancellation of a transaction.

This request will result in an error:

POST /Payment/Transactions/PCI_.../cancel 
{
    "reduce_amount_by": 0
}

If you want to cancel a transaction over the full amount you can still send:

POST /Payment/Transactions/PCI_.../cancel 
{
    "reduce_amount_by": null
}

Removed some old error codes.