API Updates — June 22, 2026

New physical card endpoints (beta) — List, fetch, create, update, terminate, suspend, and unsuspend physical cards via dedicated endpoints under /developer/v1/cards/physical. These new endpoints use fund_id instead of the legacy spend_limit_id and return detailed physical card resources including fulfillment and shipping information. View endpoint

New virtual card endpoints (beta) — List and fetch virtual cards via GET /developer/v1/cards/virtual and GET /developer/v1/cards/virtual/{card_id}, returning a streamlined virtual card resource with fund_id, user_id, and suspension status. View endpoint

New card vault endpoints (beta) — Create a spend limit and retrieve sensitive card details via POST /developer/v1/cards/vault, and fetch sensitive card details via GET /developer/v1/cards/vault/{card_id}. These replace the legacy /developer/v1/vault/cards endpoints. View endpoint

Multiple vendor addresses — Vendor responses now include an addresses array containing all vendor addresses with id and is_default fields. The existing address field continues to return the default address. View endpoint

Improved vendor state field documentation — The vendor state field now clearly specifies it expects a two-letter US state abbreviation (e.g., VA) when the vendor country is US. This applies to both vendor-level and address-level state fields. View endpoint

Filter rules for inactive accounting connections — Added optional accounting_connection_id query parameter to GET /developer/v1/accounting/field-option-filter-rules and request body field to the create and delete endpoints, enabling you to manage filter rules belonging to inactive accounting connections. View endpoint

PKCE support for OAuth application handoff — Added optional code_challenge field to the application OAuth authorize params, enabling PKCE (S256) security during the authorization flow. View endpoint

New webhook event types — Added transactions.all_requirements_met_and_approved_changed, which fires when a transaction's approval and requirements status changes, while keeping transactions.all_requirements_met_and_approved as a deprecated alias. Also added transactions.body_coding_updated, which fires when a transaction's body-level accounting coding is created or changed. View endpoint

New audit log event types — Added Accounting fixed asset changed, Accounting fixed asset class changed, Approval policy set as default, and Synced draft policy from workflow event types for audit log filtering. View endpoint

New audit log entity types — Added Fixed asset and Fixed asset class as filterable entity types in the audit logs endpoint. View endpoint

Tracking category is_erp_sourced field — Tracking category responses now include an is_erp_sourced boolean indicating whether the tracking category exists in the connected ERP system.

Purchase order total in business currency — Purchase order line item details now include total_amount_details_in_business_default_currency for the amount converted to the business's default currency.

.xlsm file support — Macro-enabled Excel files (.xlsm / application/vnd.ms-excel.sheet.macroEnabled.12) are now accepted for receipt and document uploads.

Card state descriptions — The card state enum now includes descriptions for each value: ACTIVE, CHIP_LOCKED, SUSPENDED, TERMINATED, and UNACTIVATED.