Change Log
IP Allow List by Authentication Key
Applies to: All APIs
What's Changed: A new security add-on has been implemented, enabling merchants to establish and manage a whitelist of IP addresses and ranges for authentication keys (both basic and OAuth clients). With this feature activated, any server-to-server request originating from an unapproved IP address will be rejected during authentication.
Previous Behavior: Authentication keys did not have IP restrictions, allowing requests from any IP address.
New Behavior: When the IP allow list feature is enabled, only requests from whitelisted IP addresses and ranges will be accepted during authentication. All other requests will be rejected.
Why This Matters:
- Enhances security by restricting API requests to trusted infrastructure
- Minimizes the risk of unauthorized access
- Offers enterprises increased control over their API integrations
For access to this feature, contact Banked support at support@banked.com.
Shopify Plugin
What's Changed: The Waave Shopify Payments Partner Program (PPP) and Shopify Payment Application have been successfully migrated and re-branded to Banked. This was accomplished without needing to re-apply and seek re-approval from Shopify for the PPP. Merchants on Shopify can now install the Banked Pay by Bank Payments App into their store without any technical coding or integration work required.
Previous Behavior: Merchants had to integrate with Banked through custom API implementations for Shopify stores.
New Behavior: Merchants can now easily install the Banked payments app directly from the Shopify app store, with onboarding following the usual process for direct merchants.
Why This Matters:
- Enables easy installation for merchants on Shopify, which has around 25% market share of e-commerce in Australia and UK
- No technical coding or integration work required
- Supports both AUD and GBP currencies for future UK merchant expansion
Webhooks: Configuration and Logs in Merchant Dashboard
Applies to: Merchant Dashboard
What's Changed: A new feature now allows merchants to configure webhook endpoints directly in the dashboard and view detailed delivery logs. This includes support for adding, editing, and removing endpoints, as well as inspecting past webhook attempts with status, payload, and response details.
Previous Behavior: Webhook configuration was limited to API access, and there was no visibility into webhook attempt logs.
Current Behavior: Merchants can now fully manage webhook endpoints from the dashboard and access delivery logs to debug issues, reducing reliance on API calls or support teams.
Why This Matters:
- Enables faster troubleshooting when webhook deliveries fail
- Allows non-technical users to manage webhooks without API knowledge
- Provides improved transparency and control over event-driven integrations
Custom Roles for Merchant Dashboard
Applies to: Merchant Dashboard
What's Changed: We can now help merchants define custom roles with fine-grained permissions for dashboard access. Instead of relying only on predefined roles, businesses can tailor access levels to their organizational needs.
Previous Behavior: Role-based access was limited to a fixed set of predefined roles with broad permissions, limiting flexibility in managing user access.
Current Behavior: Merchants can now assign specific permissions (e.g., reporting, payments, webhook management) and have custom roles to better match their internal structures and responsibilities.
Why This Matters:
- Enforces the principle of least privilege, reducing security risks
- Increases operational flexibility by aligning roles with actual business processes
- Helps larger teams scale access management without over-permissioning users
To add custom roles to your account, contact Banked support at support@banked.com.