Overview
Lemonway maintains three active API specifications:
-
DirectKit API 2.0
-
Account & Onboarding Management API
-
KYC Update Simulation API (sandbox only).
Deprecations apply to all three. Impacted developers are notified by email with at least 60 days' notice before retirement.
Prerequisites
Before migrating away from a deprecated endpoint, confirm the following:
- API access: You have valid credentials for the target API (DirectKit API 2.0, Account & Onboarding Management API, or KYC Update Simulation API).
- Environment: Test all migrations in the sandbox environment before promoting to production.
- PCI-DSS scope: If you handle card data, confirm your environment's PCI-DSS compliance level. Non-compliant environments must use the 3-D Secure flow (
POST /v2/moneyins/card/direct/3dinit→PUT /v2/moneyins/card/direct/{transactionid}/3dconfirm) and must not store raw card data at any point. - Account mapping: Identify all accounts, wallets, and UBOs created through legacy endpoints so you can map them to the replacement resources.
- Notification channel: Ensure your team monitors the email address registered with Lemonway — deprecation notices are sent there with at least 60 days' notice.
Legacy Account Endpoints - Sunset December 1, 2026
ImportantAfter December 1, 2026, all legacy account endpoints listed below will return
410 Gone. Platforms must complete migration before this date to avoid service disruption.
Affected Endpoints
| Legacy endpoint | Retirement date | Recommended replacement |
|---|---|---|
POST /createIndividualAccount | December 1, 2026 | POST /accounts/individual |
POST /createLegalAccount | December 1, 2026 | POST /accounts/legal-entity |
POST /createWallet (individuals) | December 1, 2026 | POST /accounts/individual/{id}/profiles/{profileId}/wallets |
POST /createWallet (legal entities) | December 1, 2026 | POST /accounts/legal-entity/{id}/profiles/{profileId}/wallets |
POST /createUbo | December 1, 2026 | POST /onboardings/ - when UBO info is required during legal entity onboarding |
POST /updatePaymentAccountStatus | December 1, 2026 | POST /sandbox/kyc-update/{{accountId}} |
Lifecycle states
| Status | Description |
|---|---|
| Active | Fully supported. Receives updates, bug fixes, and security patches. |
| To be deprecated | Sunset date announced. Still functional, but migration must be completed before retirement. |
| Deprecated | No longer recommended. A retirement date and replacement endpoint have been announced. |
| Retired | Endpoint has been removed. Requests will return 410 Gone. Migration is required. |
| Discontinued | Payment method or service discontinued. The parent endpoint may still exist, but will reject those codes. |
Migrating to Replacements
When an endpoint is deprecated, migrate all usage to the recommended replacement before the retirement date. Requests to retired endpoints will return a 410 Gone or equivalent error.
For PCI-DSS non-compliant environments, do not store raw card data at any point during migration. The recommended 3-D Secure flow (POST /v2/moneyins/card/direct/3dinit → PUT /v2/moneyins/card/direct/{transactionid}/3dconfirm) handles card authentication server-side.
Endpoint status
All endpoints across Lemonway's API specifications and their current lifecycle state.
DirectKit API 2.0 — Cards & Payments
| Method | Endpoint | Status | Deprecated | Recommended replacement |
|---|---|---|---|---|
POST | /v2/moneyins/card/direct | Deprecated | Jan 2021 | /v2/moneyins/card/direct/3dinit |
POST | /v2/moneyins/card/register | Deprecated | Jan 2021 | /v2/moneyins/card/direct/3dinit |
POST | /v2/moneyins/card/direct/3dinit | Active | — | — |
PUT | /v2/moneyins/card/direct/{transactionid}/3dconfirm | Active | — | — |
POST | /v2/moneyins/card/webinit | Active | — | — |
POST | /v2/moneyins/card/{cardid}/rebill | Active | — | — |
POST | /v2/moneyins/card/paymentform | Active | — | — |
POST | /v2/moneyins/paybybank/transfer/init | Active | — | — |
POST | /v2/moneyins/sdd/init | Active | — | — |
POST | /v2/moneyins/paypal/init | Active | — | — |
POST | /v2/moneyins/buynowpaylater/init | Active | — | — |
POST | /v2/moneyins/bankwire/iban/create | Active | — | — |
POST | /v2/moneyouts | Active | — | — |
POST | /v2/p2p | Active | — | — |
Account & Onboarding Management API
| Method | Endpoint | Status | Notes |
|---|---|---|---|
POST | /accounts/individual | Active | Use for new accounts. For existing accounts needing onboarding, use POST /onboardings/individual. |
POST | /accounts/legal-entity | Active | — |
POST | /onboardings/individual | Active | Preferred flow for KYC onboarding of individuals. |
POST | /onboardings/company | Active | — |
POST | /onboardings/association | Active | — |
POST | /onboardings/sole-trader | Active | — |
PUT | /accounts/legal/{accountId} | Deprecated | Retirement date December 1, 2026. Replacement endpoint TBA. |
PUT | /accounts/individual/{accountId} | Deprecated | Retirement date December 1, 2026. Replacement endpoint TBA. |
KYC Update Simulation API (Sandbox)
| Method | Endpoint | Status | Notes |
|---|---|---|---|
POST | /kyc-update/{accountId} | Active | Sandbox only. Simulates KYC lifecycle events for integration testing. |
Payment Method Status
Several payment method codes accepted by POST /v2/moneyins and related endpoints have been discontinued. Sending discontinued method codes will result in an error. The endpoint itself remains active for supported methods.
Active Payment Methods
| Code | Method | Status |
|---|---|---|
0 | Card | Active |
1 | Bank transfer (MoneyIn) | Active |
3 | Bank transfer (MoneyOut) | Active |
4 | P2P | Active |
13 | iDEAL | Active |
14 | SEPA Direct Debit | Active |
15 | Cheque | Active |
19 | Multibanco | Active |
21 | MBWAY | Active |
30 | Buy Now Pay Later (BNPL) | Active |
35 | PayPal | Active |
Discontinued Payment Methods
WarningThe following payment method codes are no longer accepted. Remove any references to these codes from your integration and contact your Lemonway account manager if you need an alternative.
| Code | Method |
|---|---|
16 | Neosurf |
17 | Sofort |
18 | PFS Physical Card |
20 | Payshop |
22 | Polish Instant Transfer |
23 | Pagare |
24 | MobilePay |
25 | Paytrail |
26 | WeChat Pay |
27 | P24 (Przelewy24) |
28 | MoneyIn by TPE |
29 | Trustly |
Error Handling
Requests to deprecated or retired endpoints return specific HTTP status codes. Handle them explicitly in your integration.
Response Codes
| Status code | Meaning | Recommended action |
|---|---|---|
200 OK | Endpoint is active or deprecated but still functional. | Continue using, but plan migration if the endpoint is marked Deprecated. |
400 Bad Request | Discontinued payment method code or invalid deprecated parameter sent. | Remove the discontinued code or parameter from your request payload. |
410 Gone | Endpoint has been retired and is no longer available. | Switch to the recommended replacement endpoint listed above. |
426 Upgrade Required | Returned by some endpoints in the deprecation window to signal required migration. | Migrate to the replacement endpoint before the retirement date. |
Required Error Handling
- Catch
410 Goneexplicitly: Do not retry the request. Route the call to the replacement endpoint. - Catch
400 Bad Requeston payment method codes: Inspect the error body for discontinued codes (see the Discontinued Payment Methods table) and remove them from your request. - Log deprecation warnings: Some responses include a
SunsetorDeprecationheader. Log these to identify integrations still calling deprecated endpoints. - Fail closed in production: If a retired endpoint is called in production, surface the error to your monitoring system rather than silently retrying.
Parameter Deprecations
Occasionally, individual request parameters are deprecated without retiring the parent endpoint.
| Endpoint | Parameter | Status | Notes |
|---|---|---|---|
POST /v2/moneyins/card/direct | specialConfig | Deprecated | Leave empty. No effect on processing. |
POST /v2/moneyins/card/register | specialConfiguration | Deprecated | Leave empty. No effect on processing. |
POST /v2/moneyins/card/direct | isPreAuth / delayedDays | Active | Mercanet only. Use with caution -delays over 6 days risk authorization failure. |
Need help?Contact [email protected] or your account manager if you need migration assistance or have questions about a specific endpoint retirement timeline.
