What's new in v0.15.2
Transactional template API
- Added
POST /api/v1/template-sendsfor API-key authenticated, workspace-scoped WhatsApp template sends. - Sends can target recipients by phone/external id, use approved UTILITY templates, and fill body variables, URL button variables, and DOCUMENT header PDF parameters.
- Idempotency support prevents duplicate external-system sends from creating duplicate messages.
Receipt template options
- Added starter utility templates for receipt links (Option A URL button) and PDF/document receipts (Option B DOCUMENT header) in Italian and English.
- Added implementation guidance for payment receipt and instalment receipt integrations.
Inbound webhook foundation
- Added tenant-managed inbound webhook configs with generated URLs, HMAC verification, dry-run defaults, one-time secret reveal, and run logs.
- Added Settings > Integrations > Webhooks & API for creating and managing inbound webhook configs.
- Verified live webhook runs can execute the transactional template-send service; dry-run remains the default.
Safety and compliance
- Marketing templates are blocked by default for transactional API/webhook automation.
- Webhook secrets are not accepted in query strings.
- Invalid signatures do not reserve verified idempotency keys.
- Webhook run logs store redacted headers, payload shape metadata, and sanitized mapped-request diagnostics rather than raw customer payloads or template variable values.