This week focused on API reliability and developer experience across the platform.
- Consistent API error responses: Error handling across the Transfers, Cards, Virtual Accounts, and Webhooks APIs has been standardized for more predictable responses and easier client-side handling.
- Session handling improvements: Login session management has been upgraded for better reliability, reducing the chance of unexpected logouts during active use.
- Portal scope hardening: Scope and permission resolution in the developer portal now uses a claims-first approach, improving accuracy when switching between workspaces in multi-workspace environments.
- Faster marketing pages: The public website has been migrated to a system font stack, eliminating external font loading and improving page load times.
A lighter week focused on polish and reliability across the platform.
- Marketing website refresh: The public website now features smoother interactive elements and an updated navigation bar for a more polished browsing experience.
- Card issuing reliability: The card issuing pipeline has been updated for improved request handling. See Cards overview for the full API surface.
- CI/CD hardening: Build and deployment workflows have been streamlined for faster, more reliable releases going forward.
You can now belong to multiple workspaces under a single identity, and phone verification is available as a preview for eligible tenants.
- Multi-workspace membership: Users can join and switch between multiple workspaces without signing out. Organization-level tenant scoping keeps data isolated while letting you operate across projects from one account.
- Phone verification OTP (preview): A new phone-number verification flow using one-time passcodes is available for tenants with the feature enabled. See Identity Verification for the current contract.
- Unified admin authentication: The admin platform now uses a single identity model with OIDC and SAML support, replacing the previous per-service login flow.
- SDK refresh: All eleven SDKs have been updated to reflect the latest reviewed API surface, including improved error handling for iOS and aligned client patterns across languages.
- Security improvements: Session and scope resolution across the developer portal and admin dashboard has been hardened to prevent stale tenant context in multi-workspace environments.
- Notifications enhancements: The in-app notification channel and email webhook delivery have been improved for more reliable message processing.
A new marketplace for discovering and installing third-party integrations, enterprise single sign-on support for team workspaces, and richer connector metadata across the admin platform.New features
- Interactive marketplace: A new marketplace in the admin dashboard lets you browse, install, connect, and manage third-party integrations from a single place. Supabase is available as the first supported app — connect your Supabase account to view organizations and projects directly from Zentra. Marketplace apps can be installed per workspace with full audit logging.
- Marketplace admin controls: Platform operators can manage publishers, create and version marketplace apps, and publish or unpublish listings through dedicated admin endpoints.
- Enterprise SSO login: Developer and partner portal users can now sign in with enterprise identity providers via OIDC or SAML. Login tickets are issued as short-lived, one-time tokens for a secure handoff between identity provider and portal session.
- Notifications service: A dedicated notifications rail is now live, providing its own API and background worker for managing notification delivery, metrics, and retry pipelines.
- Connector catalog metadata: Each connector in the admin platform now includes
connection_modelandconnected_surfacefields, giving you clearer visibility into how a connector exchanges data and what surfaces become visible after connection. This applies to reconciliation imports, webhook sinks, SIEM & observability, and linked systems connectors. - Improved platform observability: All services now emit standardized OpenTelemetry traces and metrics to a shared Grafana endpoint. A new delivery-and-retries dashboard provides real-time insight into notification pipeline health.
- Webhook and notifications workers: Admin platform and notifications services now run dedicated background workers, separating long-running tasks from request-serving processes for improved reliability.
A major platform update shipping new card management endpoints, a redesigned payment flow, a new bill payment rail, and aligned SDK support across all 11 languages.New features
- Full card lifecycle API: New endpoints for balance checks, funding history, auto-reload, just-in-time funding, security controls (spending limits, merchant category restrictions, geofencing), and lock/unlock. Single-use virtual cards are now supported at creation time.
- Charge-based payment flow: Payments now use a charge/verify/refund model with support for saved payment tokens and recurring billing via
merchant_initiatedcapture mode. See the updated Accepting Payments guide. - Bill payment rail: A new tenant-gated
billpayproduct for verifying meters, executing bill payments, and querying payment history. - Webhook management API: Full CRUD endpoints for creating, listing, updating, and deleting webhook endpoints programmatically.
- React SDK payment hooks: The
@zentra/reactSDK now includes ausePayments()hook covering charges, refunds, tokenization, and device signal collection. - Plans & Subscriptions reference: New Plans and Subscriptions reference pages (draft namespace).
- Dashboard MFA enrollment: Multi-factor authentication setup flow with TOTP, passkey, and recovery code support.
- Dashboard API key rotation: New rotation dialog with configurable expiry and environment awareness.
- SDK alignment across all languages: All 11 SDKs (JavaScript, Python, Go, Rust, Flutter, iOS, Android, Java, C#, PHP, Ruby) now expose reviewed public payment helpers for charges, refunds, and reusable tokens.
- Card API terminology:
freeze/unfreezereplaced bylock/unlock;update-limitsreplaced by security controls. The Issuing Cards guide reflects the new naming. - Reviewed public surface: A new Reviewed Public Surface reference page and SDK Surface Status page clearly document which APIs and SDK resources are production-reviewed versus draft.
- API base URL standardized: Sandbox and production now share a single base URL pattern. Field naming standardized to
amount_minoracross all endpoints. - Dashboard display currency: New settings option for choosing a preferred display currency in balance summaries.
External docs are being aligned to the current reviewed public API control-plane model.
- Primitive-first positioning: docs now distinguish core primitives from optional rail add-ons.
- Recurring payments: reviewed payment docs now describe the saved-token recurring flow using customer-present setup charges plus later
merchant_initiatedrenewals. - Doc review scope: transfers, payments, cards, virtual accounts, and webhooks are now treated as the reviewed public surfaces while older draft pages are reconciled.
Card funding now uses
transaction_reference as the preferred request correlation field.- Preferred Field: Use
transaction_reference/transactionReferencefor funding retries and reconciliation. - Deprecated Alias: Legacy
referenceis still accepted for backward compatibility, but is now marked deprecated. - Migration Guidance: Existing integrations should migrate to
transaction_referenceto avoid future breaking removal.
We’ve completely redesigned our documentation and added comprehensive guides to help you build faster.
- New Guides: Added complete guides for Accepting Payments, Issuing Cards, KYC, and Webhooks.
- Docs UI refresh: Refreshed the docs with the calmer Zentra workspace language that later evolved into today’s neutral-first, blue-accent brand system.
- Better Navigation: Simplified sidebar and improved search.
Major improvements to the React UI SDK for better customization and security.
- Added
CardRevealcomponent for secure PCI-compliant display - Improved theming support for
PaymentForm - Fixed accessibility issues in form inputs
Official support for Python and PHP is now available.
- Python SDK: Async support, type hints, and full API coverage.
- PHP SDK: PSR-compliant, Laravel integration ready.
- Available via
pip install zentraandcomposer require zentra/sdk.
Enhanced card issuing capabilities with more granular controls.
- Spending Limits: Set daily, monthly, and per-transaction limits.
- Merchant Controls: Allow/block specific merchant categories.
- Instant Issuance: Create virtual cards in < 2 seconds.
Performance improvements and new identity verification features.
- Faster Webhooks: Reduced delivery latency by 40%.
- NIN Verification: Added support for National ID verification.
- Liveness Checks: New endpoint for selfie verification.