# API Changelog

## 2026-04-29

### Sandbox environment

This release removes the sandbox environment from the public API. The `https://api.sandbox.transactionlink.io` server has been decommissioned - all integrations should target `https://api.transactionlink.io` exclusively. The `workspaceType` field now only accepts `LIVE`.

### Permissions model

Each API endpoint enforces a specific permission scope required on the resource. Table-level operations use `can_read_data`, `can_edit_data`, `can_read_attachments`, `can_edit_attachments`, and `can_comment`. Workflow operations require `can_run` on the workflow definition or `can_view_workspace` on the workspace. Organisation management endpoints require `can_manage_users`, `can_reset_2fa`, `can_manage_workspace_access`, or `can_view_workspace` depending on the operation. The required permission for each endpoint is listed in its description - requests made with a token that lacks the required scope will receive a 403 Forbidden response.

Permissions can be managed in appropriate section in dashboard.

###  User Management API

A new set of public endpoints for managing users within an organization. All endpoints require the `can_manage_users` permission on the organization.

[GET /organizations/users](/docs/transactionlink-api/api-reference/users.md#get-organizations-users)

[GET /organizations/users/{userId}](/docs/transactionlink-api/api-reference/users.md#get-organizations-users-userid)

[POST /organizations/users/{userId}/terminate](/docs/transactionlink-api/api-reference/users.md#get-organizations-users-userid)

[POST /organizations/users/{userId}/reinstate](/docs/transactionlink-api/api-reference/users.md#get-organizations-users-userid)

[PUT /organizations/users/{userId}/role](/docs/transactionlink-api/api-reference/users.md#get-organizations-users-userid)

[PUT /organizations/users/{userId}/profile](/docs/transactionlink-api/api-reference/users.md#get-organizations-users-userid)

[POST /organizations/users/{userId}/reset-mfa](#id-2026-04-29)

### Enrollment (Invitation) API

Endpoints for managing invitations sent to new users joining an organization. Requires `can_manage_users` permission.

[GET /organizations/enrollments](/docs/transactionlink-api/api-reference/users.md#get-organizations-users)

[POST /organizations/enrollments](/docs/transactionlink-api/api-reference/users.md#get-organizations-users)

[POST /organizations/enrollments/{enrollmentId}/resend](/docs/transactionlink-api/api-reference/users.md#get-organizations-users)

[POST /organizations/enrollments/{enrollmentId}/cancel](/docs/transactionlink-api/api-reference/users.md#get-organizations-users)

### Workspace Membership API

Endpoints for managing which users belong to a workspace and with what role. Membership management requires `can_manage_workspace_access`; listing requires `can_view_workspace`.

[PUT /workspaces/{workspaceId}/memberships/{userId}](#id-2026-04-29)

[DELETE /workspaces/{workspaceId}/memberships/{userId}](#id-2026-04-29)

[GET /workspaces/{workspaceId}/memberships](#id-2026-04-29)

[GET /organizations/workspaces/{workspaceId}/memberships](#id-2026-04-29)

### Organization API

Read-only endpoints for discovering available roles and workspaces.

[GET /organizations/roles](#id-2026-04-29)

[GET /organizations/workspaces/{workspaceId}/roles](#id-2026-04-29)

[GET /organizations/workspaces](#id-2026-04-29)

{% hint style="warning" %}
JWT Bearer tokens are now deprecated for all endpoints in favor of **Organization Tokens** (`tot_`). Organization tokens should be passed in the `Authorization` header.

```
Authorization: tot_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
```

JWT-based authentication will continue to work during a transition period but will be removed in a future release. All new integrations should use organization tokens exclusively.
{% endhint %}

## 2025-02-13

Breaking: Updated token and link endpoints with versioning in the Accept header

* [POST /token](broken://pages/XbAYgIGkmoEg8qhjBSb9#token)
* [POST /link](broken://pages/HmZeLIMNbysUwBjS9HS0#link)
* [POST /link/send](broken://pages/HmZeLIMNbysUwBjS9HS0#link-send)
* [POST /workflows/run](/docs/transactionlink-api/api-reference/workflows.md#workflows-run)

In the older version, these endpoints strictly relied on caseId for identification and did not require specifying an email address when sending links. This design was less flexible and bound each request to a single case context.

In the current version, indicated by using the header **`Accept: application/json;version=2`**, a recordId may be used (optionally) instead of caseId, offering more flexibility in linking tokens or generated links to various records. Additionally, when calling /link/send under version 2, an email must be provided to ensure proper delivery of the generated link. The older version (caseId-based) is now scheduled for deprecation.

{% hint style="warning" %}
**The API for Cases has been marked as deprecated in favor of the new Records system and will be removed according to the scheduled timeline. Workflows can still be run independently, even without using Records.**
{% endhint %}

## 2024-04-08

### Breaking: Changing case structure 

* [GET /cases/{caseId} ](broken://pages/2jmBuabVCbO7fHR3PVCA)

In the older version, the Case structure mirrored the workflow outcome exactly. Each workflow's completion would generate a case. This configuration helped users trace the case's origin and outcome easily, tied to a specific workflow.

In the current version, the Case structure has been redefined to adapt to the needs of the introduced Case Management system. Now, instead of making an exact replica of the workflow outcome, the case structure emphasizes managing the different aspects and stages of a case. This updated case structure allows for more flexibility and comprehensive management, offering intricate details of the case's intricate path and progress, which was missing in the old structure.

## 2024-01-24

### API for workflow automation

We're introducing new API interfaces enabling the automation of workflow execution with integrations that don't require user interaction.

* [<mark style="background-color:purple;">/workflows/run</mark>](/docs/transactionlink-api/api-reference/workflows.md#post-run-workflow)
* [<mark style="background-color:purple;">/workflows/{id}</mark>](/docs/transactionlink-api/api-reference/workflows.md#get-check-workflow-status)
* [<mark style="background-color:purple;">/workflows/{id}/result</mark>](/docs/transactionlink-api/api-reference/workflows.md#get-get-workflow-result)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.transactionlink.io/docs/transactionlink-api/api-changelog.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.