API Changelog
Public changes to the BillerAPI client API. Entries document additive changes to the /v1 contract and any active deprecations.
Active deprecations
`?env=sandbox|production` query parameter
Sunset 2026-08-23The `?env=` query parameter on the activity and logs endpoints (`/v1/activity`, `/v1/activity/:id`, `/v1/activity/:id/deliveries`, `/v1/activity/:id/related`, `/v1/activity.csv`, `/v1/logs`) is deprecated. Callers still receive a 200 with the parameter silently ignored, and responses carry the RFC 9745 headers `Deprecation: true` and `Sunset: 2026-08-23`. After the sunset date the deprecation headers are removed; the parameter itself stays accepted-and-ignored so long-tail SDK callers never break. Environment is determined by the API key you authenticate with, not by a query parameter.
`X-Client-ID` + `X-Client-Secret` header pair and HTTP Basic auth
Sunset 2027-07-03The legacy client-id/secret header pair and HTTP Basic authentication are deprecated in favor of a single `Authorization: Bearer bak_test_…` / `bak_live_…` API key. Legacy requests still succeed unchanged, but responses carry the RFC 9745 headers `Deprecation: true` and `Sunset: 2027-07-03`. Bearer is a drop-in replacement — the same credential works either way, so migration is header-only.
First public client API
- Bearer API keys for sandbox and production server-side requests.
- Hosted account-linking flow with link token creation and public token exchange.
- Bill retrieval APIs for connected biller accounts.
- Signed webhook delivery for link and bill lifecycle events.
- OpenAPI 3.0 document for typed client generation.
Related
- Getting Started - first sandbox integration
- Authentication - API keys and access tokens
- OpenAPI Spec - machine-readable API contract