API Changelog
Stay informed about new features, improvements, and breaking changes to the 123hub API.Subscribe to our developer newsletter to receive changelog updates via email.
2026
April 2026
v2.2.2 - Webhook Resend & Routing Reliability
2026-04-24
Webhook Resend & Routing ReliabilityAdded merchant-facing recovery controls and improved payment routing reliability.
- Added
POST /payments/{paymentId}/webhook/resendto re-queue webhook delivery for a specific payment - Added a 10 requests/minute throttle to webhook resend requests
- Improved deposit routing reliability with automatic provider fallback when cascade routing is enabled
- Expanded accepted MultiHub request fields for payer, receiver, bank, redirect, identifiers, and per-payment
webhook_url - Tightened per-payment
webhook_urlvalidation to require a valid public HTTP(S) URL - Fixed webhook consumer handling for queued delivery payloads
- Per-payment
webhook_urlnow must be a valid public HTTP(S) URL
v2.2.1 - Documentation Contract Sync
2026-04-24
Documentation Contract SyncPublic documentation was reconciled with the current gateway contracts.
- Added dedicated reference pages for MultiHub methods, outgoing webhooks, webhook management, and public payment pages
- Corrected
payment.statusandpayment.notificationlookup identifiers toc_idandh_id;p_idis returned for reconciliation and is not a lookup key - Corrected Mexico payout examples: CLABE is sent in
receiver.bank.account.id;receiver.bank.clabeis not accepted by the DTO - Reworked webhook payload docs to use
data.result.payment, omit internal_payment_id, and documentX-Data-Hashplus replay-protection headers - Documented actual webhook delivery defaults: timeout 30s,
max_retriesdefault 3,retry_delay_secondsdefault 1, jittered exponential retry with a 24h cap - Expanded the error code reference to cover every current
MultihubErrorCode - Documented successful API response signing with
X-Data-Hash
v2.2.0 - Turkey Direction & Payment Method Expansion
2026-04-02
v2.2.0 — Turkey (TRY) Payment Direction & Documentation RefreshNew payment direction for Turkey and updated documentation to reflect actual system capabilities.New: Turkey (TRY) deposits:
- Currency:
TRY(Turkish Lira) - Payment methods:
havale(bank transfer),papara(e-wallet),kredikarti(credit/debit card) - Deposits:
havale(bank transfer),papara(e-wallet),kredikarti(credit/debit card) - Withdrawals:
bank_transferwith IBAN
AUD(Australian Dollar) — deposit & withdrawalLKR(Sri Lankan Rupee) — deposit & withdrawal
upi— Unified Payments Interface (India, primary deposit method)havale— Turkish bank transfer (Havale/EFT)papara— Papara e-wallet (Turkey)kredikarti— Turkish credit/debit cardimps— Immediate Payment Service (India)
payment.notification method documented:- Re-send webhook notification for a specific payment
- Webhook payload now documents the delivered outer envelope (
id,data,created_at,merchant_id) and keeps internal_payment_idout of merchant-facing examples - Documented fields absent in webhooks vs API (
service_id,description,redirect,receiver.bank)
- Added
operations[]andoperationfields to response reference - Added
receiver.bank_accountformat for deposit responses (TRY, ARS) - Documented
redirect.totype variations by region (array for UPI, string for Havale) - Clarified
status.errortype asinteger | string | null - Noted
h_idformat varies by provider (numeric string or UUID) - Documented that
receiver.bankis not returned inpayment.statusor webhooks
- Removed currencies with no active provider: BRL, CNY, COP, EUR, GEL, USD
- Changed INR default method from
bank_transfertoupi - Turkey (TRY) supports both deposits and withdrawals (not deposit-only)
- Added region-specific bank fields: IFSC (India), CLABE (Mexico), bank code (Argentina), IBAN (Turkey)
- None (additive only; removed currencies were never functional)
February 2026
v2.1.0 - Error Handling & Response Format Improvements
2026-02-12
v2.1.0 — Error Handling, Balance, and Validation ImprovementsImproved API compatibility with the 123hub specification. Error handling, response formats, and validation have been updated.HTTP status codes (breaking change):
- Error responses now return HTTP 400 (previously HTTP 200)
- Unknown method errors (
1002) return HTTP 404 - Successful responses continue to return HTTP 200
- Always check the
successfield to determine the outcome
error.detailsanderror.contextare now always present in error responses (value isnullwhen not applicable)- Missing required field errors now use code
1005with descriptivedetailsobject - Wrong hash/signature errors now return code
3000(Authentication error) nextfield removed from response envelope
6001— Incorrect transaction amount (zero or negative)6002— Incorrect currency code (mismatch withservice_id)6009— Payment already exists (duplicatec_id)- Missing
payerobject inpayment.innow returns1005with specific description
gateway.ping format change (breaking change):- Response changed from
"result": "pong"to"result": {"message": "pong"}
balance.get format change (breaking change):- Response restructured from
result.balances[]toresult.balance.{id, amounts[], enabled} - Balance fields renamed:
available→value,frozen→value_freezing, addedvalue_blockingandenabled
- Provider HTTPS payment page URLs are no longer included in
redirect.to - Only UPI deep-link URLs (for India) are returned in
redirect.to
- HTTP status codes for errors changed from 200 to 400/404
nextfield removed from response envelopegateway.pingresponse format changedbalance.getresponse structure completely changed- Error code for missing fields changed from 9000 to 1005
- Error code for wrong hash changed from 3002 to 3000
January 2026
v2.0.0 - 123hub API Migration
2026-01-31
v2.0.0 — 123hub API Migration (Breaking Change)Complete API redesign to 123hub.pro format. This is a breaking change — all integrations must be updated.New API format:
- Single endpoint:
POST /public/api/multihub/v1replaces all previous REST endpoints - Method-based routing via
body.method:payment.in,payment.out,payment.status,balance.get,gateway.ping - Standardized response envelope:
{ success, result, error, request_id, processing_time } - Success returns HTTP 200, errors return HTTP 400/404
X-Data-Application-Id(integer) +X-Data-Hash(SHA512) replacesX-API-Key- Webhook signatures changed from HMAC-SHA256 to SHA512 with
X-Data-Hashheader
service_id— integer mapping to provider + payment method combinationc_id/h_id/p_id— structured payment identifiers- Numeric error codes (1000-9000) replace HTTP status code-based errors
- REST endpoints (
POST /api/v1/payments,GET /api/v1/balance, etc.) X-API-Keyauthentication- P2P payment infrastructure (account-service, sms-service, qr-service)
- Team management functionality
- Device management functionality
v1.5.0 - In-Request Webhooks
2026-01-30
Per-Payment Webhook URLYou can now pass a webhook URL directly in the payment creation request, enabling per-payment notification routing without pre-configuring webhooks.New Features
webhook_url: Optional field inPOST /payments— specify a URL to receive webhook events for this specific paymentwebhook_events: Optional array to choose which events to subscribe to (defaults topayment.created,payment.completed,payment.failed)- Automatic deduplication: If the same merchant sends the same
webhook_urlacross multiple payments, the system reuses the existing webhook configuration - Default webhook secret: In-request webhooks are signed using a per-merchant default secret, visible in the merchant settings panel
- Pass
webhook_url(and optionallywebhook_events) when creating a payment - The system automatically creates (or reuses) a webhook endpoint for your merchant
- Events are delivered to both admin-configured webhooks and in-request webhooks in parallel
- In-request webhooks use SHA512 signature verification (updated in v2.0.0 from HMAC-SHA256)
POST /paymentsnow accepts optionalwebhook_url(string, max 2048 chars) andwebhook_events(string array)- In-request webhooks are excluded from
GET /webhookslisting by default (use?source=in_requestto view them) - Merchant detail response now includes
default_webhook_secretfield
- None (backwards compatible)
v1.4.0 - Webhook Security & Contract Stabilization
2026-01-20
Webhook Payload WhitelistImproved security and API contract stability for webhook payloads.Changes
customer_datain webhook payloads now uses a whitelist approach — only specific, documented fields are included- Internal processing data (IP addresses, user agents, internal IDs, processing metadata) is no longer sent to merchant webhooks
payoutobject is now only included forwithdrawaltype payments (not for deposits)
- Top-level:
note,customer_email,customer_phone,customer_name,external_id,reference,description,expires_at,requested_payment_type commission:currency,total_minorpayout(withdrawals only):bank_code,bank_account,recipient_name,bank_name
- Webhook payloads no longer include internal fields that were previously exposed unintentionally
- If your integration relied on undocumented fields in
customer_data, you may need to update your webhook handler
2025
December 2025
v1.3.0 - Customer Management System
2025-12-22
Customer Base & Payment LinkingNew customer management system that enables tracking and analytics across payments.New Features
- Customer ID: Merchants can optionally pass
customer_idwhen creating payments to link to an existing customer - Auto-linking: When
customer_idis not provided, customers are automatically created/matched by email or phone - Customer Data in Response: Payment responses now include
customerobject withid,email,phone,name
POST /paymentsnow accepts optionalcustomer_idfield (integer)- Payment responses include
customer_idandcustomerobject customerobject in request body remains required (name, email, phone)
- None (backwards compatible)
v1.2.2 - Payment Page Enhancements
2025-12-03
Standalone Payment Page & Return URL SupportMajor improvements to the hosted payment page experience.New Features
- Return URLs: Merchants can now provide
success_urlandcancel_urlfor merchant settings for automatic redirect after payment completion - Mercado Pago Integration: Quick-pay button with deep link support (mobile devices only)
- Improved bundle size and performance
- Fixed SSE event handling for real-time payment status updates
- Payment page now correctly updates UI when payment status changes via SSE
GET /payment-pages/:token/detailsnow returnsreturn_urlsobject withsuccess_urlandcancel_url
- None (backwards compatible)
v1.2.1 - API Consistency & Validation
2025-12-02
API key format alignment and validation improvementsThis release fixes inconsistencies between API validation, documentation, and Swagger schemas.API Key Format Changes
- Standardized API key format validation:
- Test keys:
qp_test_sk_*(e.g.,qp_test_sk_abc123...) - Production keys:
qp_prod_sk_*(e.g.,qp_prod_sk_xyz789...)
- Test keys:
- Removed support for deprecated formats:
qp_sandbox_sk_*,qp_live_* - Updated all documentation and Swagger examples to reflect correct key formats
- Added
refundedandpartial_refundstatuses to payment API schemas - Payment pages now correctly display refund statuses
- DTOs and filters now support filtering by refund statuses
recipient_nameandbank_accountare now required fields for withdrawal requests for ARS flow.- Improved error messages for missing payout details
- Consistent validation across all withdrawal types
- Payment page URLs are now documented as dynamic (vary by currency/method/region)
- Updated all code examples with correct API key formats
- Clarified payout field requirements for different countries
- API keys using
qp_sandbox_sk_*orqp_live_*formats will no longer be accepted - Withdrawal requests without
recipient_nameorbank_accountwill return400 Bad Request
November 2025
v1.2.0 - Production Stability Release
2025-11-29
Major improvementsFollowing the successful scaling deployment, we shipped a set of optimizations based on real world usage patterns.Improvements
- Optimized payment processing pipeline for higher throughput
- Increased rate limits for payment creation to 5000 requests per minute (burst: 500 requests per 10 seconds)
- Improved webhook delivery reliability and retry mechanism
- More descriptive error messages for validation failures
- Reduced average API response time by about 40%
- Faster payment status transitions
- None
2025-11-25
Enhanced testing and quality of life
- Improved consistency of API responses across endpoints
- None
2025-11-18
Optimization and refactors
- Internal architecture improvements for better scalability
- Enhanced payment method validation rules
- Improved balance calculation accuracy
- None
October 2025
v1.1.0 - Webhooks Improvements
2025-10-30
Webhook manager improvementsNew features
- Enhanced webhook signature binding for improved security and verification
- Make sure your webhook handlers are idempotent to safely handle retries.
- None
2025-10-24
Webhook delivery fixes
- Fixed webhook signature generation for consistent verification on client side
- Improved webhook retry logic with exponential backoff
- Enhanced request binding for webhook payloads
- None
2025-10-22
Payment limits update
- Corrected maximum amount validation rules
- Improved amount formatting in API responses
- None
2025-10-17
Production deployment optimizations
- Enhanced API key handling and validation
- Improved error responses for invalid credentials
- Added support for additional payment method configurations
- None
- API key formats
qp_sandbox_sk_*andqp_live_*are deprecated and will stop working in December 2025 - Please use the standard formats:
qp_test_sk_*for test mode,qp_prod_sk_*for production
September 2025
v1.0.2 - Integration Fixes
2025-09-14
Webhook flow corrections
- Fixed
payment.completedwebhook not being sent in some scenarios - Improved webhook scheduling reliability
- Enhanced stale webhook detection and cleanup
- None
2025-09-10
Balance and withdrawal improvements
- Resolved issues with balance calculations
- Fixed withdrawal validation edge cases
- Improved payment and requisite lock expiry handling
- None
2025-09-08
API key and proxy compatibility
- Fixed API key validation in specific edge cases
- Improved proxy compatibility by handling
X-Forwarded-Hostheaders - Strengthened request validation
- None
2025-09-05
Documentation updates
- Updated API documentation with corrected parameters
- Removed redundant request parameters
- Improved example payloads
- None
August 2025
v1.0.1 - Private Beta Improvements
2025-08-28
Payment processing enhancements
- Improved SPEI transfer handling
- Enhanced bank account validation (CLABE format)
- More informative error messages for invalid bank accounts
- None
2025-08-15
Webhook reliability improvements
- Added automatic retry for failed webhook deliveries
- Implemented webhook event deduplication
- Enhanced HMAC-SHA256 signature verification
- Webhook receivers should remain idempotent due to retries and deduplication.
- None
2025-08-05
Balance API enhancements
- Added
/balance/allendpoint for multi-currency support - Improved balance precision handling
- Added
availableandpendingbalance breakdown
- None
July 2025
v1.0.0 - Initial Release
2025-07-25
Public API v1.0.0 releasePublic release of the 123hub Payment Gateway API.Core features
- Payment creation (deposits and withdrawals)
- Multiple payment methods support
- Hosted payment pages (
deposit_pp,withdrawal_pp) - Real time webhook notifications
- Balance inquiry API
- Test and production modes via API key prefixes (
qp_test_sk_*,qp_prod_sk_*)
bank_transfer- bank transfers (Argentina, Uruguay)spei- Mexican interbank transfers (SPEI)oxxo- cash payments at OXXO storescard- credit and debit cards (tokenized)cash- cash paymentscrypto- cryptocurrency payments
ARS- Argentine pesoUYU- Uruguayan pesoMXN- Mexican peso
payment.created- payment initializedpayment.processing- payment is being processedpayment.completed- payment successfulpayment.failed- payment failedpayment.cancelled- payment cancelledpayout.created- payout initiatedpayout.completed- payout successfulpayout.failed- payout failed
2025-07-10
Private beta launch
- Initial API endpoints for selected partners
- Core payment functionality
- Basic webhook support
- Authentication via API keys
Versioning Policy
The 123hub API uses semantic versioning:- Major versions (v1, v2) indicate breaking changes
- Minor versions add new features that are backwards compatible
- Patches include bug fixes and minor improvements
Breaking changes
We strive to minimize breaking changes. When they occur:- We announce them at least 1 month in advance
- We provide migration guides
- We support the previous version during a transition period
Deprecation policy
Deprecated features will:- Be announced in the changelog
- Continue working for at least 3 months
- Return deprecation warnings in API responses when possible
Upcoming Changes
These features are planned but not yet released. Timelines may change.
Q2 2026 (planned)
- Refunds API - programmatic refund management
- Transaction Reports - export transaction history and analytics
- Merchant Settings API - configure merchant preferences via API
- Batch Payouts - bulk payout operations (up to 1000 payouts per request)
- Webhook Filtering - subscribe to specific event types and filter by criteria
Migration Guides
When breaking changes occur, we will publish detailed migration guides here.API Status
Check current API status and subscribe to incident updates.