Generated SDK #5364 (major)

[sdk-generation-automation]

Changelog

2026-06-11

Breaking Change

Add apiKey, providerAccountName, and accountType to ConnectedAccount

Products: Connected Accounts (Beta)

Scope: API + SDKs

• What's new
  Adds three new fields to the ConnectedAccount schema: apiKey for the API key identifier, providerAccountName for the provider-given account name, and accountType indicating the account classification.

• Impact
  Customers can now retrieve additional account details; however, accountType is now a required field in responses.

Affected endpoints:

1. Get connected accounts
2. Get connected account

Rename orderCreationRequirements to requiredParticipantsIdentificationOnOrder

Products: Trading (Beta)

Scope: API + SDKs

• What's new
  Renames the orderCreationRequirements property in the Quote schema to requiredParticipantsIdentificationOnOrder to better reflect its purpose.

• Impact
  Customers using the order creation requirements field must update to the new property name.

Affected endpoints:

1. Create a quote
2. Get all offers

Refactor webhook mTLS configuration to use object schema

Products: Webhooks V2

Scope: API + SDKs

• What's new
  Replaces the mtlsClientSignedCert string field with an mtls object reference, enabling richer mTLS configuration and the ability to remove mTLS by setting it to null.

• Impact
  Customers must update their webhook creation requests to use the new mtls object structure instead of the mtlsClientSignedCert string field. Customers must update their webhook update requests to use the new mtls object structure instead of the mtlsClientSignedCert string field. Customers must update their webhook requests to use the new mtls object structure instead of the mtlsClientSignedCert string field.

Affected endpoints:

1. Create a new webhook
2. Update webhook
3. Get all webhooks
4. Get webhook by id
5. Delete webhook

Add apiKey, providerAccountName, and accountType to ConnectedAccount

Products: Connected Accounts (Beta)

Scope: API + SDKs

• What's new
  Adds three new fields to the ConnectedAccount schema: apiKey for the API key identifier, providerAccountName for the provider-given account name, and accountType indicating the account classification.

• Impact
  Customers can now retrieve additional account details; however, accountType is now a required field in responses.

Affected endpoints:

1. Get connected accounts
2. Get connected account

Added

Add order requirement endpoints (beta)

Products: Trading (Beta)

Scope: API + SDKs

• What's new
  Adds beta endpoints to retrieve order requirement details, submit textual data, and upload files for orders in AWAITING_INFORMATION status.

• Impact
  Customers can programmatically respond to compliance information requests during order processing.

Affected endpoints:

1. Get order requirement details for an order
2. Submit a response to an order requirement
3. Upload a file for an order requirement
4. Create an order
5. Get orders
6. Get order details

Add staking position related transactions endpoint

Products: Staking

Scope: API + SDKs

• What's new
  Adds an endpoint to retrieve enriched transaction history for a staking position with cursor-based pagination, including in-flight transactions with pending status.

• Impact
  Customers can fetch transaction history for their staking positions programmatically.

Affected endpoints:

1. List related transactions for a position

Add tokenization onchain data endpoints

Products: Tokenization

Scope: API + SDKs

• What's new
  Adds new endpoints to query onchain tokenization data including access registries, token balances, transfers, transactions, RBAC roles, and supply history.

• Impact
  Customers can programmatically retrieve detailed onchain state for their tokenized assets.

Affected endpoints:

1. Get current state of addresses in an access registry
2. Get summary of an access registry
3. Get latest balances for all holders of a token
4. Get the latest balance for a specific account
5. Get balance history for a specific account
6. Get active RBAC roles for a token
7. Get onchain summary for a token
8. Get historical total supply for a token
9. Get onchain transactions for a token
10. Get onchain transfers for a token

Add connected accounts allowlist endpoints (beta)

Products: Connected Accounts (Beta)

Scope: API + SDKs

• What's new
  Adds beta endpoints to retrieve and manage address allowlists for connected accounts, starting with CoinbaseExchange support.

• Impact
  Customers can programmatically access exchange allowlist data for connected accounts.

Affected endpoints:

1. Get allowlist for connected account
2. Sync allowlist for connected account
3. Get a single allowlist entry for a connected account

Add business registration fields to identification schema | Enhance personal identification with structured documents

Products: Trading (Beta)

Scope: API + SDKs

• What's new
  Adds optional dateOfRegistration and countryOfRegistration fields to the business identification schema for enhanced compliance data. Adds nationality field and identificationDocuments array while deprecating legacy flat ID fields (idNumber, idType, additionalIdNumber, additionalIdType).

• Impact
  Customers can now provide business registration date and country when creating trading accounts. Customers should migrate to the new identificationDocuments array for submitting identification documents.

Affected endpoints:

1. Create an order
2. Create a quote
3. Get order details

Add WALLET_POOL transaction source type

Products: Off exchanges, Transactions

Scope: API + SDKs

• What's new
  Adds WALLET_POOL as a new peer type for transaction sources, enabling customers to create and filter transactions from wallet pool sources.

• Impact
  Customers can now use wallet pools as transaction sources.

Affected endpoints:

1. Get a specific transaction by external transaction ID
2. Get a specific transaction by Fireblocks transaction ID
3. Get transaction history
4. Create a new transaction
5. Estimate transaction fee
6. Add Collateral
7. Remove Collateral

Add WALLET_POOL transaction source type

Products: Transactions

Scope: API + SDKs

• What's new
  Adds WALLET_POOL as a new peer type for transaction sources, enabling customers to create and filter transactions from wallet pool sources.

• Impact
  Customers can now use wallet pools as transaction sources.

Affected endpoints:

1. Get transaction history
2. Create a new transaction
3. Get a specific transaction by external transaction ID
4. Get a specific transaction by Fireblocks transaction ID

Changed

Enhance personal identification with structured documents

Products: Trading (Beta)

Scope: API + SDKs

• What's new
  Adds nationality field and identificationDocuments array while deprecating legacy flat ID fields (idNumber, idType, additionalIdNumber, additionalIdType).

• Impact
  Customers should migrate to the new identificationDocuments array for submitting identification documents.

Affected endpoints:

1. Create an order
2. Create a quote
3. Get order details

Fixed

Fix expiresAfterSeconds location in transaction request

Products: Off exchanges, Transactions

Scope: API + SDKs

• What's new
  Corrects the OpenAPI spec to nest expiresAfterSeconds under a new configurations object, matching the actual API implementation.

• Impact
  SDK consumers now see the correct property path matching the actual API behavior.

Affected endpoints:

1. Create a new transaction
2. Estimate transaction fee
3. Add Collateral
4. Remove Collateral

---

[github-actions]

We appreciate your contribution. Our team will investigate this request shortly. (Note that this SDK code is auto generated)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	axios@​1.16.0 ⏵ 1.16.1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm caniuse-lite is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/ts-jest@29.0.5 → npm/jest@29.4.2 → npm/caniuse-lite@1.0.30001793 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/caniuse-lite@1.0.30001793. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm caniuse-lite is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/ts-jest@29.0.5 → npm/jest@29.4.2 → npm/caniuse-lite@1.0.30001793 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/caniuse-lite@1.0.30001793. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm caniuse-lite is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/ts-jest@29.0.5 → npm/jest@29.4.2 → npm/caniuse-lite@1.0.30001793 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/caniuse-lite@1.0.30001793. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm caniuse-lite is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/ts-jest@29.0.5 → npm/jest@29.4.2 → npm/caniuse-lite@1.0.30001793 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/caniuse-lite@1.0.30001793. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[semgrep-code-fireblocks]

Semgrep found 12 block-public-registry-refs-in-package-lock findings:

• package-lock.json
  • L1079 - Triage
  • L1163 - Triage
  • L1298 - Triage
  • L1438 - Triage
  • L1719 - Triage
  • L2173 - Triage
  • L2345 - Triage
  • L2900 - Triage
  • L3090 - Triage
  • L3238 - Triage
  • 2 more - Triage

package-lock.json contains a reference to a public package registry or CDN (https://registry.npmjs.org/semver/-/semver-7.8.1.tgz). Dependencies must be resolved through the approved internal JFrog/Artifactory registry. Update your .npmrc to point at the approved registry, delete node_modules and package-lock.json, then re-run npm install and commit the regenerated lockfile.