Backwards Compatibility

Updated On 10 Jul 2024
12 Minutes To Read

Print
Share
Dark
Light
PDF

Article summary

Did you find this summary helpful?

Thank you for your feedback

This page gives the full list of backwards compatibility changes, as far back as 2018. For more information on our user agreements with regards to backwards compatibility, refer to Mambu Release Cycle - Breaking changes.

Change	More information	Reference ID	Backwards compatible until
Mambu is enhancing the interest rate change management capabilities in Deposits products while maintaining backwards compatible options for a definite period.	Interest Rate Management Enhancements	-	Undetermined
Mambu is extending the IP whitelisting feature to include capabilities beyond the cloud banking platform. Consequently, whitelisted IP addresses will now apply universally to all Mambu capabilities with the exception of MPO. (e.g. Cloud banking platform, Audit Trail, Payments, Streaming API, Mambu Functions etc).	Access Preferences	-	July 2024
Mambu is moving towards returning 409 response code instead of 102 response code, when there already is an in progress call with the same idempotency key.	Idempotency	-	June 2024
We are introducing limits to custom field definitions and custom field values. This limitation only applies to the number of custom fields values linked to an entity (the actual value it holds. I.e. “Zimbabwe”), and not to the number of custom fields definitions (the custom field you create. I.e. “Country of Residence”).	Custom Fields	-	Q3 2024
We will be issuing the Accounts Updated event when all the accounts have been updated. Previously the Account Updated event coincided with the completion of the end-of-day job. This unnecessarily prolonged the notification due to the inclusion of jobs unrelated to updating the accounts status. The completion of the daily job can be observed by querying the Background Process endpoints for the state of the `CRON_JOBS` job.	End of day processing	EOD-90	January 2024
We are removing the hold check when posting card transactions where the state of the referenced authorization hold is other than Pending (Settled, Reversed, or Expired). Once posting a card transaction, the state of such a hold will not be changed and the transaction will be successfully posted.	Affected endpoint: POST /cards/{cardReferenceToken}/financialtransactions	CARDS-1670	July 2023
Whenever a credit transaction is reversed and funds are not available as part of the deposit account total balance, a reversal debit transaction will be executed using the technical overdraft of that account.	Affected endpoint: POST /cards/{cardReferenceToken}/financialtransactions/{cardTransactionExternalReferenceId}:decrease	CARDS-1768	July 2023
For customers that have federated authentication enabled, branch assignment for users will no longer be performed using the Mambu UI or API v2, instead it must be performed from their identity provider (IdP).	Managing Users under Federated Authentication - Branch assignment.	CIAM-2668	November 2023
We made the product category field required for all loan and deposit products. To edit or create a loan or deposit product, you have to assign it a product category. We advise that you revisit your product configurations and assign the right product category where needed.	-	ADM-3031	March 31, 2023
We enabled negative interest rates on deposits on all Mambu tenants. The feature also changes the way accounting entries are generated for interest accruals on Current Accounts. From now on, each interest accrual type will create separate journal entries instead of a net amount. This only occurs within one period of overdraft interest, where positive interest has accrued.	-	DPS-49 DPS-53	February 27, 2023
Upgrade to latest AWS Application Load Balancer (ALB) security policy requiring forward secrecy and strong protocols and ciphers.	We continuously improve our product as well as our product security. In order to provide a secure communication channel and keep high security standards, we are announcing the intention to make scheduled update of the AWS Application Load Balancer (ALB). Since this update cannot be done while maintaining backwards compatibility, we would like to let you know that we intend to update the AWS Application Load Balancer for all Mambu Capabilities. What is the impact? We will switch all our load balancer security policies to the latest version of ALB; this includes the Mambu core, new capabilities, MPO and MyMambu. This update might break existing customer integration and the usage of Mambu app with outdated browsers as ELBSecurityPolicy-FS-1-2-Res-2019-08 is the most restrictive policy available till date. This policy supports TLS 1.2 only and includes only ECDHE (PFS) and SHA256 or stronger (384) ciphers.	IAM-356	March 2021
Update on the data access model for GET/POST:search APIs	We want to ensure that the data visibility model provided by the branch assignment for each user works consistently across all interfaces. This impacts all READ (GET or POST:Search) operations done via API, both 1.0 and 2.0, for the following entities: Clients & Groups Deposits Loans To better understand the change, let’s take two examples, one of the current behavior and one of the new behavior: Current behavior: Given a non-admin user with Mambu and API access rights, And the user is assigned to Branch A When the user retrieves all deposit accounts against all Branches Then all deposit accounts from all branches will be returned. New behavior: Given a non-admin user with Mambu and API access rights, And the user is assigned to Branch A When the user retrieves all deposit accounts against all Branches Then only deposit accounts for Branch A will be returned. Please see below the associated ticket numbers for each change: API 2.0 NTF-142 - Releases all changes related to `GET /POST:Search` endpoints for Clients and Groups CORE-2775 - Releases all changes related to `GET /POST:Search` endpoints for Loan Accounts DEP-1639 - Releases all changes related to `GET /POST:Search` endpoints for Deposit Accounts API 1.0 NTF-142 - Releases all changes related to `GET /POST:Search` endpoints for Clients and Groups CORE-2785 - Releases all changes related to `GET /POST:Search` endpoints for Loan Accounts DEP-1639 - Releases all changes related to `GET /POST:Search` endpoints for Deposit Accounts	NTF-133	February 5, 2021
Change for Users with restricted branch access via API 2.0 across Mambu	Mambu has made a change to `API GET request: /api/loans/` when an ‘accountState’ filter is used (for example: `/api/loans?accountState=PENDING_APPROVAL` or `/api/loans?accountState=ACTIVE`). This API call is used to retrieve all loan accounts with the given state and currently returns accounts at all branches even for users who have restricted branch access. Currently, when running a `GET` API call for any state of the loan account, we do not perform any branch validations. As an effect, regardless of a user's branch access, the `GET` API call for loan accounts of any state would return all matching accounts for all branches. In order to correct this behaviour, we have introduced filtering of the results, according to the branches to which the user has access. Running a `GET` API call will now return loan accounts from only those branches that the user has access to.	CORE-1843	September 24, 2020
Apply Read permission standards on API 1.0 `GET Branches` endpoints	With the introduction of Granular Administrator Permissions Standards and granular permissions for Branches with Mambu V9.54, you can now access and use `Branches` via Mambu UI and Mambu API 2.0, only if you have specific permissions to your user account or you have a user type Administrator. As the design of API 1.0 does not support adding this new behavior on top, we would like to let you know that *we will be requesting View* permission in order to access the following endpoints starting with the week on November 12th 2020**. `GET /api/branches` `GET /api/branches/{branchID}` This gives you 3 months to prepare the transition to this new behavior and ensure none of your integration relies on access without standard permission authorisation to these endpoints.	ADM-2011	November 12, 2020
Apply Read permission standards on API 1.0 `GET Centre` endpoints.	With the introduction of Granular Administrator Permissions Standards and granular permissions for Centres with Mambu V9.54, you can now access and use `Centres` via Mambu UI and Mambu API 2.0, only if you have specific permissions to your user account or you have a user type Administrator. As the design of API 1.0 does not support adding this new behavior on top, we would like to let you know that *we will be requesting View* permission in order to access the following endpoints starting with the week on November 12th 2020**. `GET /api/centres` `GET /api/centres/{centreID}` This gives you 3 months to prepare the transition to this new behavior and ensure none of your integration relies on access without standard permission authorization to these endpoints.	ADM-2083	November 12, 2020
Replacing Default Sort Criterion `lastModifiedDate` with `creationDate` for Paginated Lists via API 2.0 across Mambu.	When retrieving paginated lists of clients, deposit or loan accounts via API 2.0, Mambu might return the pages with missing and duplicate entries. By default the retrieved lists are currently sorted by “lastModifiedDate”, which is a mutable field. Between two API calls (to retrieve different pages of the same list), some accounts or clients could be modified and therefore they would change order in the retrieved pages. In certain integrations relying solely on an entity's position in the list, this could lead to missing entries and duplicates. To create predictable and consistent lists, we redesigned our API 2.0 GET endpoints to sort retrieved lists across Mambu by `creationDate` — an immutable field. This change affected the following endpoints: `GET /api/deposits` (DEP-1580) `GET /api/loans` (CORE-2721) `GET /api/clients` (CUS-2438) `GET /api/groups` (CUS-2445)	DEP-1580; CORE-2721; CUS-2438; CUS-2445	September 30, 2020
Apply Read permission standards on API 1.0 `GET Transaction Channels` endpoint.	With the introduction of Granular Administrator Permissions Standards via V9.48 and V9.49, you can now only access and use transaction channels via Mambu UI and Mambu API 2.0, only if you have specific permissions to your user account or you have a user type Administrator. As the design of API 1.0 does not support adding this new behavior on top, we would like to let you know that we are requesting View permission in order to access the following endpoints starting with the release of Mambu V9.63 from September 19th, 2020.	ADM-1958	September 18, 2020
Apply Read permission standards on API 1.0 `GET Roles` endpoint.	With the introduction of Granular Administrator Permissions Standards via V9.48 and V9.49, you can now only access and use roles via Mambu UI and Mambu API 2.0, only if you have specific permissions to your user account or you have a user type Administrator. As the design of API 1.0 does not support adding this new behavior on top, we would like to let you know that we are requesting View permission in order to access the following endpoints starting with the release of Mambu V9.63 from September 19th, 2020: `GET /api/userroles` `GET /api/userroles/{encodedKey}`	IAM-815	September 18, 2020
Enforce task visibility based on branch access.	We have updated our visibility policy for tasks in Mambu. More specifically, we have restricted users to view only tasks that are associated with a branch that they have access to. The task view rights update comes in to help ensure data privacy and that users will be able to see only data from the branches that they are assigned to. For example, right now a user could view a task unrelated to his clients that might contain sensitive information. If you want to learn more on tasks and visibility rights, please refer to our updated support page.	TCS-1779	May 20, 2020
Enforce "View User Details" permission for APIs.	The original design of the APIs assumed that an API user should have access to user information by default. We have since added the “View user details” permission to restrict view rights in the user interface, and now we are extending this to cover the APIs as well. We will update both versions of our APIs to enforce the “View user details” permission, bringing them in line with the behavior of the UI. This means that in order to read user data (except the password) via API, you must have a user that is configured as follows: API access View user details permission Any user without these permissions will no longer be able to read user data via our APIs.	IAA-227	March 20, 2020
Mambu-SSO Role Mapping on user provisioning.	Starting with September 2019, given your organization is using Federated Authentication, you can only manage Roles assignments to users directly from the SSO. If you had any access issues with Mambu-SSO Role Mapping, please post your question in the Mambu Community to get an answer from our Product team or contact tech support. Read more in our Mambu-SSO Role Mapping on User Provisioning. support article. Reference ID: TCS-83 Deployment date: January 20th, 2019 on Production Deployment version: V9 Backwards compatible until : August 31st, 2019 Impacted Area(s): User Authentication Tenant action required: Potential	IAA-24	August 31, 2019
Mambu Platform TLS 1.0 and 1.1 restriction	Due to several weaknesses found in TLS 1.0 and 1.1, many websites and internet services are starting to require the use of TLS 1.2. Here at Mambu we take security very seriously and as such we will update the Mambu platform to make use only of TLS 1.2 going forward. Mambu will first restrict TLS 1.0 and 1.1 on all Sandbox environments, then, after 6 weeks, the restriction will be enforced on all Production environments. This requires your action, otherwise, you won't be able to connect to Mambu and you are at risk for integrations failures. Reference ID: APP-712 Deployment date: 25 Feb-2019 on Sandbox Deployment version: None. Backwards compatible until : The restriction will happen at a fixed date, does not require a new version deployment. Impacted Area(s): General - All Areas Tenant action required: Yes An email with the exact date when TLS 1.0 and 1.1 will be restricted will be sent to Mambu Champions.	APP-712	April 8, 2019
Android App TLS 1.0 and 1.1 restriction.	TLS 1.0 and 1.1 restriction for the platform is also applicable for Mambu's Android App. The update will have no impact on Android devices running an OS version 5.0 and above. For devices running the OS version 4.4 may encounter issues, as not all devices with with version have a native support for TLS 1.2. Lower versions of Android OS are not supported by the Mambu Android application. To combat possible issues with Android devices running on OS version 4.4 we strongly recommend that you update your Google Play Services to the latest version and check the compatibility with your device manufacturer. Reference ID: MOB-401 Deployment date: April 8th, 2019 on Production Deployment version: 9.1 Backwards compatible until : April 7th, 2019 Impacted Area(s): Android Application Tenant action required: Potential	MOB-401	April 8, 2019
Custom Field Set ID Update.	API 2.0 brings a new structure for exposing custom field data as being native to the resource. Due to this, we have both custom field sets and Mambu native fields on the same level of the JSON structure. As to avoid any unpleasant events where a native field would have the same value as a custom field set, we will automatically append a prefix to any custom field set that you create. This will be visible in the custom field set ID when transmitted via APIs 2.0. Please see the below example: Custom Field Set ID prior update: `MonthlySalary` Custom Field Set ID after update: `_MonthlySalary` Reference ID: API-1721 Deployment date: December 2018 Deployment version: 9.0 Backwards compatible until : December 2018 Impacted Area(s): API 2.0 Tenant action required: Yes	API-1721	December 2018

Was this article helpful?

What's Next

Getting Support