API TLS upgrade

If you have an API integration to Reepay, this information might be important to you.

To keep your API integration with Reepay secure, we have planned to phase out support for old technologies: SHA-1, TLS 1.0, and TLS 1.1. (These protocols and TLS 1.2 power the 'Secure' in 'HTTPS'.)

Why

SHA-1 is one of the algorithms you can use to authenticate who you’re talking to. It’s now considered dangerously weak, and might allow an adversary to spoof their identity. This is why all modern browsers have stopped accepting SHA-1 certificates.

TLS 1.0 and 1.1 ensure that your communications stay private. In order to do this, they generate a series of random bytes used to encrypt your connection. TLS 1.0 provides two ways of doing this (CBC and RC4), but several vulnerabilities have been discovered in both of them (including BEAST and the RC4 biases). If you kept using old versions of TLS, someone could theoretically sniff your connection.

As a result the internet is moving towards SHA-2 and TLS 1.2. These technologies have few known attacks and were subject to more rigorous security design than their predecessors.

What this means to you

The upgrade process will be seamless for most users. Most frameworks and operating systems support TLS 1.2 out of the box without any changes required, but older clients might be affected, e.g. Java 6. To test if your client supports TLS 1.2, you can make a test HTTPS GET request for the following url:

https://sandbox.reepay.com/api/helloworld

If your client supports TLS 1.2 you will receive the a text response with content Hello world. Otherwise an error will be raised by the client.

If your client does not support TLS 1.2, you will need to make the necessary upgrades to your environment.

Don't hesitate to contact us at support@reepay.com if you have any questions.

Timeline

Reepay will only support TLS 1.2 by the 7th of May 2020

Webhook disable bug

A bug preventing to disable retrying webhooks has been squashed.

Refunds allow negative amount credit note lines

It is now possible to define credit note lines with negative amount as long as the total refund amount is positive.

New payment method added event type

A new event type (`customer_payment_method_added`) has been added for the event that a new payment method has been added to customer. The event can be used with webhook to register payment method after a Checkout recurring session flow, or a charge flow, with the option to store payment method for later use.

To receive the webhook the event type must be selected in webhook configuration. This can be done either in the Administration or using the API.

Subscription discount searching

It is now possible to search for subscriptions with certain discounts in the Administration and with the API.

Subscriptions can be searched by providing subscription discount handle or discount handle. When providing subscription discount handle all subscriptions with an attached subscription discount with that handle will be returned. When providing discount handle all subscriptions with subscription discounts created from the referenced discount will be returned.

Both in the Administration and through the API it can be defined whether to only return subscriptions for which the subscription discount is still active.

In the Administration a custom filter can be made to search with discount. The API documentation can be found here: https://reference.reepay.com/api/#get-list-of-subscriptions

Cheers, Reepay

Resource metadata

Reepay introduces resource metadata. It is now possible to store JSON metadata for the following resources:

  • Customer
  • Subscription
  • Plan
  • Add-on
  • Invoice

Metadata can be used to store additional resource data important to your business. E.g. shoe size for customer or product entitlement on a plan. Read more about it in our API documentation: https://reference.reepay.com/api/#metadata