Skip to main content

7 May 2026

ยท 2 min read

Improvementsโ€‹

๐Ÿงญ Starting June 4, Standing Orders execute on their lastExecutionDate value. For example, a Standing Order with lastExecutionDate set to January 10 now runs on January 10 itself.

๐Ÿ›ก๏ธ Starting May 25, Single Device Authentication rolls out gradually to all OAuth2 flows. A 6-digit verification code replaces the clickable SMS link across all partner integrations, matching the approach already live on Swan's web banking. This closes a remaining authentication fraud vector for partners using their own client_id.

For your end users signing in or signing up from desktop:

  • They receive a 6-digit verification code by SMS, replacing the previous clickable link.
  • They enter the code on desktop to complete the flow.

For identification, two text messages are sent: one with a redirection link, and one to trigger identification on mobile.

No code changes are required, but please update your support documentation, guides, and flow screenshots accordingly.

API updatesโ€‹

Upcoming breaking changesโ€‹

โš ๏ธ On June 4, Swan renames Card-prefixed merchant types and mutations to OnlineCard equivalents for accepting online card payments. The deprecated names are removed on this date; update your queries and mutations before then.

This rename clarifies the distinction between online card acceptance and in-person card acceptance (terminals, Tap to Pay). It only affects partners accepting payments through merchant profiles. Card issuing is unchanged.

Queries:

Mutations and simulations:

  • requestMerchantPaymentMethods now requires OnlineCard instead of Card.
  • simulateMerchantPaymentMethodRequestOutcome now requires the OnlineCardMerchantPaymentMethod typename.
  • simulateIncomingCardAuthorization โ†’ simulateIncomingOnlineCardAuthorization.
  • simulateIncomingCardBooking โ†’ simulateIncomingOnlineCardBooking.