Release Notes

ACH risk mitigation

Release date

Apr 3, 2024

Release type

Actionable – Updates impact platform experience

Summary

Zero Hash is introducing identity checks for ACH account creation, along with fraud and risk checks for ACH transaction requests.

Identity checks ensure that the Zero Hash participant on file matches the bank account owner information. Zero Hash conducts fuzzy matching with Plaid data to determine if the account is safe to use or not.

Risk checks help mitigate return risk for platforms by ensuring money is only moving when authorized. Risk rules guarantee that an excessive number of bank accounts aren’t linked for a single participant, multiple transactions are not in flight at the same time, and transaction limits are not exceeded.

With both identity checks and risk rules, Zero Hash is introducing new statuses to external accounts and to ACH transactions.

Action required

Identity checks

When reaching POST /payments/external_accounts you will first receive a “pending” status in the API response. There will be subsequent webhooks with external account updates, such as “approved”, to let you know the external account is ready for use.

Note: This means there will be a delay between requesting a linked bank account and it being available for use. Delays are typically between 1 and 20 seconds.

External account statuses

The following external account statuses are emitted via webhook. Platforms are notified at account creation and at any point throughout the lifecycle of the account.

StatusDefinition
pendingAccount creation requested, basic validations passed, and Zero Hash is running identity checks.
approvedIdentity checks passed and the account is created and ready for use.
rejectedIdentity checks failed and the account cannot be used.
closedEither the account was returned as closed when making a payment request, or the end customer actively closed their account.
lockedZero Hash risk and compliance team was alerted to suspicious activity and locked the account for further investigation.
disabledZero Hash risk and compliance team investigations resulted in a positive hit of suspicious activity and the team determined that the account can no longer be used.

Note: Most often lock and disable actions will be at the whole participant level, rather than individually at the account level. See Participant status updates for more.

Risk checks

Platforms may or may not be subject to certain risk checks. An evaluation is done when onboarding with Zero Hash to gauge ACH risk. Based on this risk, certain rules are applied for a launch period and throughout a platform’s ACH program.

Potential rules

Rules may include:

  • Count of linked bank accounts
  • Count of transactions over a certain period
  • Count of transactions in flight
  • Daily and weekly transaction amount limits
  • Debit (from bank account) and credit (to bank account) amount limits
  • +others

Response based on rules

If no rules are triggered, the request proceeds and platforms see results based on the processing of the account creation or transaction requests. If rules are triggered, platforms receive messages detailing the rule that was hit.

For external accounts, if risk rules are hit, then the account is not created and platforms receive an error message.

Sample response with error for external accounts:

{
  "errors": [
    "account rules: failed max_account_number(accounts_count_by_participant)"
  ]
}

For transaction requests, Zero Hash will respond to the request with a “submitted” status. We will then run risk checks. If no rules are hit, the transaction proceeds as expected. If rules are hit, Zero Hash updates the transaction status to “rejected” and emits a webhook with the updated status.

Sample webhook with reject for transaction request:

{
  "participant_code":"ABC123",
  "type":"debit",
  "transaction_id":"0220358e-6053-43e1-9f94-bb1a09ff2fc7",
  "payment_status":"rejected",
  "rejected_reason":"max_transaction_amount(max_transaction_amount_per_transaction)"
}

Webhooks

Platforms are notified of status updates via webhook. Platforms should ensure they’re subscribed to participant status, external account status, and ACH payment status webhooks.

For more information, please refer to our public documentation.

Endpoints impacted

  • POST /payments/external_accounts – identity and risk checks
  • POST /payments – risk checks
  • POST /payments/execute – risk checks [new endpoint coming soon]
  • Webhooks – identity and transaction status updates

Coming soon

Closing linked bank accounts

In the coming months, Zero Hash will add an endpoint for closing an account connection. This means that end customers can request removal of a specific bank account for ACH payments.

Expanded risk rulesets

Zero Hash is continually improving transaction monitoring and may expand on request reject reasons in the coming months.

Fund with Stablecoins

Release date

April 2nd, 2024

Release type

Informational - Optional action from platforms

Summary

Introducing a new set of dedicated endpoints that allows platforms to offer an alternative funding method to their customers. Deposits are automatically converted to USD, allowing you to instantly credit a customer's balance. Fund with Stablecoins can live side-by-side next to card, wire, ACH, etc.

Scope

This launch includes the API offering only; SDK to be released at a later date.
The following assets and networks will initially be supported:

  • USDC.ARBITRUM
  • USDC.AVAX
  • USDC.ETH
  • USDC.OPTIMISM
  • USDC.POLYGON
  • USDC.SOL

Action required

If interested in Fund with Stablecoins, please reach out to your Zero Hash contact.

Endpoints impacted

  • POST /participants/customers/new
  • POST /fund/rfq
  • GET /fund/transactions
  • GET /assets
  • New webhook event*

Ethereum L2 Liquidity support

Release date

Apr 3, 2024

Release type

Informational – Optional action from platforms.

Summary

Zero Hash now provides liquidity support for Ethereum on the Arbitrum and Optimism networks.
Platforms can now request quotes for ETH.ARBITRUM/USD and ETH.OPTIMISM/USD through the /liquidity/rfq and /convert_withdraw/rfq endpoints.

Note: ETH.OPTIMISM is not supported for the /convert_withdraw/rfq endpoint in our CERT environment.

Action required

No action required.

Endpoints impacted

  • GET /liquidity/rfq
  • GET /convert_withdraw/rfq
  • POST /convert_withdraw/rfq

Example Request

  • Request : GET /liquidity/rfq 
 {  
    'participant_code' :'HN853Q',  
    'side': 'buy',  
    'underlying': 'ETH.ARBITRUM',  
    'quoted_currency': 'USD',  
    'total': 60  
}
  • Response : GET /liquidity/rfq
{  
    "message": {  
        "request_id": "77b1e1c0-8cd9-4d27-a0cc-fe5732ac88ca",  
        "participant_code": "S8NSEL",  
        "quoted_currency": "USD",  
        "side": "buy",  
        "quantity": "0.0170896204846822",  
        "price": "3510.9030100334475027",  
        "quote_id": "6432ad1e-ac5a-4ce8-8a3b-1f9259e5d502",  
        "expire_ts": 1711727578126,  
        "account_group": "00SCXM",  
        "account_label": "general",  
        "obo_participant": {  
            "participant_code": "HN853Q",  
            "account_group": "S8NSEL",  
            "account_label": "general"  
        },  
        "parent_link_id": "",  
        "parent_link_id_source": 0,  
        "underlying": "ETH.ARBITRUM",  
        "asset_cost_notional": "60",  
        "spread_notional": "0.075",  
        "spread_bps": "12.5"  
    }  
}
  • Request : POST /convert_withdraw/rfq
{  
    'underlying' : 'ETH.ARBITRUM' ,  
    'quoted_currency' : 'USD',  
    'side': 'buy',  
    'total' : '100.00',  
    'withdrawal_address': '0xd3c5967d94d79F17bDc493401c33f7e8897c5f81',  
    'participant_code':'HN853Q',  
    'fee_inclusive' : True,  
}
  • Response : POST /convert_withdraw/rfq
{  
    "message": {  
        "request_id": "9acc103b-6ad6-4fdf-afb7-12b9fe096fe1",  
        "participant_code": "S8NSEL",  
        "quoted_currency": "USD",  
        "side": "buy",  
        "quantity": "0.0284164549373376",  
        "price": "3518.7358951175449631",  
        "quote_id": "bde0a5da-8873-4bde-aba1-0ad3b86e71f3",  
        "expire_ts": 1711742459479,  
        "account_group": "00SCXM",  
        "account_label": "general",  
        "obo_participant": {  
             "participant_code": "HN853Q",  
             "account_group": "S8NSEL",  
             "account_label": "general"  
        },  
        "network_fee_notional": "0.01",  
        "network_fee_quantity": "0.000003045",  
        "total_notional": "100",  
        "underlying": "ETH.ARBITRUM",  
        "asset_cost_notional": "99.99",  
        "spread_notional": "0.249975",  
        "spread_bps": "25"  
    }  
}

CERT Support for Sepolia ETH

Release Date

Thursday, March 21, 2024

Release Type

Action Required – Please recreate wallets and deposit addresses on CERT now that the Goerli ETH testnet is changed to Sepolia ETH and balances may have reset to 0. PROD is not impacted.

Summary

Zero Hash has updated the CERT environment to use the Sepolia ETH testnet and removed Goerli support. Balances for ETH and ERC20 tokens in CERT will reset to zero. Below are some provided faucets to top up balances of Sepolia ETH and some tokens.

Impacted Assets

Please refer to the Assets FAQ to see the latest assets with CERT support. Some ERC20 tokens that previously had older testnet support now have CERT support, while others do not. Balances for ETH and ERC20 tokens will reset because they will now point to a different test network.

Removed CERT testnet support:

  • BAT.ETH
  • BUSD.ETH
  • ZUSD.ETH
  • GYEN.ETH
  • GRT.ETH
  • MKR.ETH
  • ZRX.ETH

The Assets FAQ will be updated if additional testnet contracts for ERC20 tokens are found as they are deployed to Sepolia.

List of ERC20 Token Contracts and Faucets

Sepolia ETH Faucets:


ERC20 Sepolia Faucets:

  • MATIC.ETH
  • USDT.ETH

CERT Sepolia Token Contracts:

  • AAVE.ETH: 0x88541670E55cC00bEEFD87eB59EDd1b7C511AC9a
  • LINK.ETH: 0x779877A7B0D9E8603169DdbD7836e478b4624789
  • DAI.ETH: 0xFF34B3d4Aee8ddCd6F9AFFFB6Fe49bD371b8a357
  • KNC.ETH: 0xD701e3e1A327d13564ba072e6C0806129Fea4671
  • MATIC.ETH: 0x3fd0A53F4Bf853985a95F4Eb3F9C9FDE1F8e2b53
  • SHIB.ETH: 0x9f885f12cb3179817324839a035288b0d74d24fa
  • UNI.ETH: 0x1f9840a85d5aF5bf1D1762F925BDADdC4201F984
  • USDC.ARBITRUM: 0x75faf114eafb1BDbe2F0316DF893fd58CE46AA4d
  • USDC.BASE: 0x036CbD53842c5426634e7929541eC2318f3dCF7e
  • USDC.ETH: 0x1c7D4B196Cb0C7B01d743Fbc6116a902379C7238
  • USDC.OPTIMISM: 0x5fd84259d66Cd46123540766Be93DFE6D43130D7
  • USDC.Polygon: 0x41e94eb019c0762f9bfcf9fb1e58725bfb0e7582
  • USDP.ETH: 0x513421d7fb6A74AE51f3812826Aa2Db99a68F2C9
  • USDT.ETH: 0xaA8E23Fb1079EA71e0a56F48a2aA51851D8433D0
  • WBTC.ETH: 0x29f2D40B0605204364af54EC677bD022dA425d03
  • WETH.ETH: 0xfFf9976782d46CC05630D1f6eBAb18b2324d6B14

Related Links

CERT Adding Support for Sepolia ETH Testnet and Sunsetting Goerli

Release Date

Friday, March 15, 2024

Release Type

Action Required – Your platform will be required to recreate wallets and deposit addresses on CERT after the Goerli ETH testnet is changed to Sepolia ETH. PROD is not impacted.

Summary

The Ethereum Dencun update went live on March 13, 2024, marking the beginning of the one-month countdown to the sunset of the Goerli ETH Testnet. Some tools have already ended support for the network, such as certain block explorers.

The Ethereum Foundation recommends projects migrate to the Sepolia test network for most use-cases. Zero Hash plans to point the CERT environment to this test network on Thursday, March 21, 2024. PROD is not impacted and will be available during this time.

Sepolia Testnet

Ethereum has moved to a model where an older testnet will sunset and a new one will be added every two years. Goerli is being sunsetted in April 2024, and Sepolia is now the recommended ETH testnet, which itself will sunset sometime in 2026. Holesky is a longer-term testnet planned to sunset in 2028.

Despite the shorter lifespan, Zero Hash will move to Sepolia to support a majority of testnet assets, including Circle’s USDC, which are only supported on Sepolia. Options are also being considered to support multiple testnets simultaneously for future transitions.

Cutover Schedule

Zero Hash will open a maintenance window on Thursday, March 21st at 10am ET for CERT to have approximately one hour of downtime. After the maintenance window, using ETH blockchain assets in the CERT environment will point to the Sepolia network.

After the cutover, no prior Goerli balances, transactions, or deposit addresses will be available through Zero Hash systems.

Impacted Assets

Any tokens on the ETH blockchain, including Level 2 Ethereum chains, will be impacted. This change does not impact PROD, and the maintenance window will only apply to CERT. Impacted CERT assets include:

  • ETH base token
  • ERC20 Assets
    • Assets ending in .ETH such as USDC.ETH and ENJ.ETH
  • Ethereum Level 2 networks like ETH.Arbitrum

Preparation

You should prepare a plan to recreate deposit addresses for CERT ETH/ERC20/ETH L2 wallets once the CERT environment is brought online after the maintenance window. Sepolia faucets can be used to add free testnet funds to those wallet addresses.

Endpoints Impacted

Any CERT endpoint where a digital asset symbol like “ETH” or “USDC.ETH” is input will be impacted (for example /withdrawals/, /convert_withdraw/, and /deposits/digital_asset_addresses). Prior Goerli balances will not carry over, so new deposit addresses will need to be created, and Sepolia faucets may need to be used to replenish the testnet assets to those wallets.

Related Links

New Asset support Aptos

Release Details

  • Release Date: Feb 12, 2024

Release Type

Informational – Optional action from platforms

Summary

Zero Hash is pleased to announce adding support for the Aptos Blockchain including the ability to buy, sell, deposit, and withdraw the native APT token.

If you would like to enable this token on your platform, you can begin submitting your existing API requests using the Aptos symbol found in our Assets page in the supported environments.

Action Required

No action required.

Endpoints Impacted

There are no changes to existing endpoints as a result of this launch. Use the new APT symbol to create or view deposit addresses, initiate a withdrawal, request a quote, or execute a trade. Feel free to reach out to your client team for assistance.

Relevant Documentation

Trading and Custody Support for EURC.XLM

Release Details

  • Release Date: Dec 15, 2023
    • Updated 4/15/24 for the addition of RFQ support (see notes in Summary and Endpoints sections below)
  • Release Type: Informational – Optional action from platforms.

Summary

Zero Hash has released trading and custody support for Circle's Euro-backed stablecoin: EURC. This support will be initially provided on the Stellar blockchain using the EURC.XLM symbol.

Update 4/15/24: RFQ support has been added for this asset available via the RFQ endpoints for buys and sells. A EUR account is required for buys and sells due to the trading pair denomination in Euros.

Our asset support page has been updated to reflect this.

Action Required

No action required.

Endpoints Impacted

  • POST /trades
  • GET /deposits
  • GET /deposits/digital_asset_addresses
  • POST /deposits/digital_asset_addresses
  • GET /withdrawals/requests
  • GET /withdrawals/requests/:id
  • POST /withdrawals/requests
  • DELETE /withdrawals/requests/:id
  • GET /withdrawals/digital_asset_addresses
  • GET /withdrawals/locked_network_fee
  • POST /withdrawals/execute

Updated 4/15/24

  • GET /convert_withdraw/rfq
  • POST /convert_withdraw/rfq
  • GET /liquidity/rfq

Participants added fields for enhanced due diligence (EDD)

Release Details

  • Release Date: Dec 5, 2023
  • Release Type: Informational – No immediate action required from platforms

Summary

The Zero Hash compliance team consistently monitors network risk. At times, platform customers may undergo enhanced due diligence (EDD) to authenticate the identity and/or transactional activity of the customer. Platforms may be asked to submit additional details about the end customer to Zero Hash for review via PATCH /participants/customers/:participantCode.

Zero Hash has added new fields to the participants database to accommodate EDD instances.

Action Required

No immediate action required from platforms.

Zero Hash contacts platforms directly if EDD information is required for submission.

Endpoints Impacted

  • PATCH /participants/customers/:participantCode – If EDD information is requested by the Zero Hash compliance team, it must be submitted to the PATCH endpoint. Note: You must also include <platform_updated_at> as per the PATCH endpoint guidelines.

  • POST /participants/customers/new – Platforms are not yet expected to pass EDD information when creating a participant; however as these fields (employment_status, industry, source_of_funds) are now a part of the Zero Hash participants database, platforms can expect to see the new fields included in the POST response with a null or unknown designation.

Please see the PATCH documentation for implementation guidelines.

Related Documentation

Release notes for the PATCH endpoint here.

Transaction Fees

Release Details

  • Release Date: Dec 5, 2023
  • Release Type: Informational – Optional action from platforms

Summary

We have released the Transaction Fees feature to Production. Platforms configured to use this feature of the Convert Withdraw product will be able to specify the fees that were assessed on the order.

NOTE:

  • This feature is only offered to Platforms who use Zero Hash Liquidity Services. A future release will be made to open this up to our Trade Settlement (/trades) product.
  • We are adding a new endpoint called POST /convert_withdraw/rfq. It functions the exact same as the GET /convert_withdraw/rfq version. Both of them will continue to be supported indefinitely until stated otherwise. See 1-pager below, section “Flow” to see an example.
  • See dedicated 1-pager here for technical details, use cases, and more.

Action Required

If interested in the feature, please reach out to your Zero Hash representative.

Endpoints Impacted

  • POST /convert_withdraw/rfq
  • GET /trades
  • GET /trade/:trade_id
  • GET /accounts/:account_id/movements

Custom Spreads

Release Details

  • Release Date: Dec 5, 2023
  • Release Type: Informational – Optional action from platforms

Summary

We have released the Custom Spreads feature to Production. Platforms configured to use this feature of the Convert Withdraw product will be able to, on a per order basis, define the spread amount themselves programmatically. Previously, the spread configuration was only editable manually by a Zero Hash employee upon request.

NOTE:

  • This feature is only offered to Platforms who use Zero Hash Liquidity Services
  • We are adding a new endpoint called POST /convert_withdraw/rfq. It functions the exact same as the GET /convert_withdraw/rfq version. Both of them will continue to be supported indefinitely until stated otherwise. See 1-pager below, section “Flow” to see an example.
  • With this release, we also began exposing 2 new fields on the GET /trades and trades/:trade_id:
    • spread_notional: notional value of the spread applied, expressed in terms of the quoted_currency
    • spread_bps: basis point value of the spread applied
      These fields are not only useful for Platforms who use the Convert Withdraw product, but any Zero Hash Liquidity Services products (excluding the Central Limit Order Book). For revenue reconciliation, Platforms can use these fields to determine the monthly amount of spread collected.

Action Required

If interested in the feature, please reach out to your Zero Hash representative.

Endpoints Impacted

  • POST /convert_withdraw/rfq
  • GET /convert_withdraw/rfq
  • GET /trades
  • GET /trades/:trade_id