New Feature: Multiple Card Limits

You can now create cards with multiple concurrent spend limits in a single request. Each additional limit has its own monetary cap, renewal frequency, and optional scope targeting a subset of transactions by merchant category, acceptance method, or ATM.

The additionalLimits array is optional. Existing integrations without it are unaffected.

Updated Endpoint: POST /api/cards (v2.1.0)

{
  "additionalLimits": [
    {
      "limitRenewFrequency": "MONTHLY",
      "limit": { "value": 20000, "currency": "EUR" },
      "scope": { "atmWithdrawal": true }
    },
    {
      "limitRenewFrequency": "MONTHLY",
      "limit": { "value": 150000, "currency": "EUR" },
      "scope": { "categories": ["TRAVEL_AND_ACCOMMODATION"] }
    }
  ]
}

Affected Endpoints:

• POST /api/cards - Create card with additional limits
• POST /api/cards/requests - Create a card request with additional limits
• POST /api/cards/limits/requests - Create a limit change request including additional limits
• PUT /api/cards/limits/{cardId} - Add, update, or remove additional limits on an existing card
• GET /api/cards/{cardId} - Returns additionalLimits with current balance info
• POST /api/cards/details (batch) - Returns additionalLimits per card
• GET /api/cards/requests/{cardRequestId} - Returns additionalLimits for card requests

Note: Requires the ADVANCED_CARD_LIMITS feature module to be enabled.

More information can be found here: https://customer-api.getpliant.com/docs/advanced-limits

New Feature: Callback Management Endpoints

You can now search, inspect, and resend callbacks directly via the API. The old /callback-log endpoint is deprecated.

New Endpoints:

• GET /api/callbacks - Search and filter callbacks with pagination
• GET /api/callbacks/{callbackId} - Fetch details and payload for a single callback
• POST /api/callbacks/{callbackId}/resend - Resend a previously delivered callback

Deprecated: GET /api/callback-log - Replaced by the endpoints above.

Improvement: cardAccountId in Callback Payloads

The cardAccountId field is now included in the following callback payloads:

• Copilot callbacks
• Card controls callbacks
• Card tokenization status change callbacks
• Card tokenization OTP callbacks

Improvement: HEALTHCARE Accounting Category

HEALTHCARE has been added as a valid value for the category field on transactions and accounting categories.

Affected: GET /api/transactions, GET /api/accounting-categories, and related transaction callbacks.

Improvement: CASH_WITHDRAWAL in Test Transactions

The CASH_WITHDRAWAL transaction type is now available when generating test transactions in sandbox environments.

Affected Endpoint: POST /api/test/generate-transactions

Change: Default maxTransactionCount for Travel Cards Lowered

The default value of maxTransactionCount for travel cards has been lowered from 5 to 3. This only affects newly created travel cards where maxTransactionCount is not explicitly set.

No breaking changes in this release. All changes are backward compatible.

🚧

Changes effective the 30.01

We are introducing quotas for Auth0 Access Tokens.

Enforcement

Quotas are now enforced for new API consumers upon activation.

Monitoring Usage

Specific limits vary based on account type and program requirements.

Please refer to the API response header to monitor the available tokens and remaining quota for your specific use case.

For a comprehensive breakdown of our rate-limiting logic, please visit the Access Token Request Quotas guide.

We released a change that enables consumers to subscribe to callback events with more than one url.

1. Add Multiple Callback Subscriptions: POST /subscriptions/bulk-upsert

This creates multiple callback subscriptions in a single request; returns both newly created subscriptions and already-existing matches (same eventType + callbackUrl).

Multiple subscriptions per eventType are supported as long as callbackUrls differ.

If a subscription with the same eventType + callbackUrl already exists, it is not modified and is still included in the response.

Only the subscriptions included in the request are affected; other existing subscriptions remain unchanged.

Limit: max 42 subscriptions per event type.

2. Delete Callback Subscription: DELETE /subscriptions/id

This deletes a callback subscription by its UUID. It respond with 204 No Content on successful deletion.

This release introduces full lifecycle management for custom fields and options, adds support for SELECT field types, and extends card request APIs and webhooks with customFields capabilities.

Details

• Custom Field Management Endpoints New endpoints to manage custom fields and their options:

  • Create, update, and delete custom fields
  • List, create, update, and delete custom field options

• Callbacks Added callback support for:

  • Custom Fields
  • Custom Field Options

• New Field Type Support Added support for custom fields of type SELECT in the CaaS/Pro API layer for:

  • Cards
  • Accounting transactions

• Card Request Enhancements Added support for custom fields (independent of text) in:

  • Card Request endpoints
  • Card Request webhook

We've introduced the Card Copilot feature, enabling organizations to share travel purchasing card access with multiple users. Copilots have full card privileges including viewing details, managing settings, and making transactions.

What's New

• Card Sharing: Grant full card access to users beyond the original cardholder
• Team Support: Assign entire teams as copilots for shared departmental cards
• Audit Trail: All copilot activities are tracked for compliance and security
• Seamless Transfers: Transfer card ownership between copilots when needed

Getting Started

1. Enable: Activate the module via Modules page (owner/admin only)
2. Assign: Add copilots when issuing cards using the copilots parameter in Issue Card endpoints
3. Manage: Update copilots anytime via Update Card Copilots
4. Transfer: Allow copilots to claim cards using Claim Card As Copilot

API Updates

• Issue Card endpoints now accept the copilots parameter with cardholderIds and/or teamIds
• New endpoints:
  • Update Card Copilots
  • Claim Card As Copilot

📘

Note

This feature is exclusive to Travel Purchasing Cards and requires Module activation

What changed?
We’ve updated the expected audience value used when authenticating with our API on the sandbox environment.

Previous value:
audience: api.staging.v2.infinnitytest.com/api/integration

New value:
audience: api.staging.infinnitytest.com/api/integration

Impact:
Make sure your token’s audience claim now matches the updated value above. This change ensures proper validation against our sandbox environment.

Reference:
Authenticated API Usage – Pliant Partner Docs

❗️

This change applies only to sandbox environments and does not affect production.

We've introduced two new card limit renewal frequency options that can be used when issuing cards:

• DAILY - Card limits reset on a daily basis
• WEEKLY - Card limits reset on a weekly basis

Example Usage

When creating a card, you can now specify:

{
  "limitRenewFrequency": "DAILY"
}

or

{
  "limitRenewFrequency": "WEEKLY"
}

Backwards Compatibility

This change is fully backwards compatible. Existing card limit renewal frequencies remain unchanged and continue to function as before.

We have added the cardAccountId property to the following event types:

Cards

CARD_CREATED
CARD_ISSUED
CARD_DETAILS_CHANGED
CARD_STATUS_CHANGED

Transactions

TRANSACTION_CREATED
TRANSACTION_UPDATED

Statements

STATEMENT_GENERATED
STATEMENT_UPDATED

We introduced two new endpoints.

Deactivate Organization Authorization

This endpoint completes the existing "Activate Organization Authorization" and will enable you to reset and organization authorization when needed.

Redeem Cashback

The following endpoint will enable a specific organization to redeem the accumulated cashback (totally or partially), completing the "cashback flow" together with the existing endpoints.

We have added further type<>status combinations for our mock service in the sandbox environment. Changes visible here.