We have introduced a new MFA step-up for API session (POST /v3/mfa/step-up) endpoint.

Ideally, when you sign in with POST /v3/login, set rememberMeId and device in your request to generate an MFA-trusted API session.

In case you sign in without rememberMeId and device in your request, you can use this POST /v3/mfa/step-up endpoint to mark the current API session as MFA trusted.

📘

NOTE

In addition, we have added a new field in the API login endpoint response. You now see a trusted field in the response. This field is set as true if the current API session is MFA-trusted.

See POST /v3/mfa/step-up in the API reference for more information.

When you create a vendor with vendor bank account information, BILL has restrictions for updating this bank account information. To stay consistent with this BILL policy, we have removed the ability to update vendor bank account information with the Update a vendor (PATCH /v3/vendors/{vendorId}) endpoint.

At the same time, we have introduced a set of endpoints for vendor bank account operations. You can now add and manage vendor bank account information with a dedicated set of endpoints.

📘

NOTE

To update vendor bank account information, you must first delete the existing vendor bank account (with DELETE /v3/vendors/{vendorId}/bank-account), and then create a new vendor bank account (with POST /v3/vendors/{vendorId}/bank-account) with the updated information.

OperationAPI endpoint
Create a vendor bank accountPOST /v3/vendors/{vendorId}/bank-account
Get vendor bank account detailsGET /v3/vendors/{vendorId}/bank-account
Delete a vendor bank accountDELETE /v3/vendors/{vendorId}/bank-account

You can get details about your current API session with GET /v3/login/session. In the response, we have introduced PHONE_VERIFICATION as a new value for the mfaStatus field.

Your organization mfaStatus is set as PHONE_VERIFICATION when the organization does not use MFA. See GET /v3/login/session in the API reference for more information.

We have added a new recipe for showcasing the MFA sign in workflow with the v3 API. See MFA sign in the Recipes section for more information.

We have introduced AP Card as a new funding account type for vendor payments with the v3 API.

The AP Card is a payment method that enables you to send fast payments with no transaction fees or annual fees. You can use the AP Card with any vendor who accepts credit card payments. See AP Card Frequently Asked Questions (FAQs) in the BILL Help to learn more about AP Cards.

Vendor payments

When you create a vendor payment with POST /v3/payments, you can now set the AP_CARD as the funding account type.

See POST /v3/payments in the API reference for more information.

Get list of AP Cards

We have introduced GET /v3/funding-accounts/ap-cards for getting a list of AP Cards available in the current organization.

See GET /v3/funding-account/ap-cards in the API reference for more information.

Payment webhook improvements

The payment.updated webhook notification is available for the BANK_ACCOUNT, CARD_ACCOUNT, and WALLET funding type. We have now added notification capabilities for the AP_CARD funding account type.

See Payment notification payloads for more information.

When you create a vendor payment with a card account, we now require you to specify the card funding purpose for the payment. Set the card funding purpose as the vendor industry.

In your create payment request with POST /v3/payments, cardFundingPurpose is a new required body parameter for the CARD_ACCOUNT funding account type.

See POST /v3/payments in the API reference for more information.