Skip to content
Stawka Docs

Changelog

Stawka uses additive changes plus a deprecation window for anything breaking. New fields can appear without notice; existing fields don’t disappear without a Sunset header and a written timeline.

2026-05-30 — Rate-change feed + webhook

Section titled “2026-05-30 — Rate-change feed + webhook”
  • New endpoint GET /changes — the materialized day-to-day diff of /rates. Query the changelog by ?since=YYYY-MM-DD, ?country=XX, and ?limit=N. Steady-state days with no rate moves return 200 with count: 0, not 404.
  • New endpoint GET /changes/YYYY-MM-DD — all changes detected on a specific snapshot date. Immutable cache.
  • New webhook event rates.changed — fires once per cron tick when a numeric VAT field moves vs. the previous snapshot. Payload carries the same diff array /changes returns. See Webhooks.
  • /changes and rates.changed share the RateChange shape: { id, snapshotDate, country, field, old, new, detectedAt }.
  • Backfill caveat. The rate_change log starts populating from this release. Historical /rates/YYYY-MM-DD snapshots predating it remain available; the diff feed only contains moves the cron has had a chance to observe.

2026-05-29 — Keys required, deprecation window closed

Section titled “2026-05-29 — Keys required, deprecation window closed”
  • Unkeyed traffic now returns 401 INVALID_KEY. The originally announced sunset was 2026-07-31; we cut over early because no live prod surface predated the dashboard. All endpoints — /rates, /rates/YYYY-MM-DD, /fx, /fx/YYYY-MM-DD, /vies/{country}/{vat}, and / — now require a bearer token.
  • Per-IP /vies/* rate limit removed. The 30-req/60s anonymous cap is gone with the unkeyed branch. Keyed traffic remains bounded by per-org plan limits and the monthly quota.
  • CORS hardened. access-control-allow-origin is now https://stawka.eu (the dashboard + docs origin) instead of *. Server-to-server callers are unaffected; browser clients on other origins will be blocked at the CORS layer.
  • 429 RATE_LIMITED error envelope is now stable. The body field is exactly RATE_LIMITED (was a lowercase free-text string in some 429 paths); docs already documented the uppercase code.

2026-05-28 — Plans, quotas, dashboard

Section titled “2026-05-28 — Plans, quotas, dashboard”
  • New dashboard at stawka.eu for managing organizations, members, and API keys.
  • New plans — Free, Hobby (€9/mo), Pro (€49/mo). Each plan has a per-minute rate limit and a monthly request quota. See Rate limits & quotas.
  • New monthly quotas — calls in excess of the monthly cap return 429 QUOTA_EXCEEDED with Retry-After set to the seconds until the next CET month.
  • New error code: QUOTA_EXCEEDED (429). The existing RATE_LIMITED code now means “per-minute limit”, not “any 429”.
  • New response headers on quota-near-limit responses: X-Quota-Limit and X-Quota-Remaining.

2026-05 — Keyed traffic supported (opt-in)

Section titled “2026-05 — Keyed traffic supported (opt-in)”
  • Authorization: Bearer cp_live_... headers now route to the per-org rate limit and the dashboard-issued key. Unkeyed traffic continues to work during the deprecation window. (The window closed early on 2026-05-29 — see entry above.)

Pre-dashboard era

Section titled “Pre-dashboard era”

Stawka previously ran as a single Worker with a global per-IP rate limit and no authentication. The endpoints and their response shapes have not changed; the changelog reflects the surface around them.