Skip to content

Open Beta – help us test! All listings are examples only.

WOHNO

API Changelog

Chronological, additive history of the WOHNO REST API: every new resource, endpoint and scope, wave by wave.

This changelog tracks every change to the WOHNO REST API (/api/v1). The API is versioned as v1 and evolves additively — new fields, endpoints and scopes never break existing integrations. For the rules behind this (deprecation windows, DTO versioning), see the Versioning & Deprecation Policy.

Each entry lists the date, the wave it shipped with, the new endpoints, and the new scopes. Unless noted, every change is purely additive.

Dark-shipped vs. GA: Some resources are implemented and live behind a feature flag (*_PUBLIC_API_ENABLED) but not yet generally available (GA). They are documented here for transparency; availability for your key depends on the flag and any resource-specific gate.

2026-06 — Listings owner override

Added

  • POST /api/v1/listings accepts an optional owner_email field. It assigns the new listing to that team member (instead of the API key's creator), as long as the email belongs to a member of the same organization (role owner, admin or member). Honored on create only; ignored on external_ref upsert and PATCH.

Notes

  • Purely additive — omitting owner_email keeps the previous behavior (the key creator owns the listing).
  • An unknown email and a non-member return the same 403 FORBIDDEN, so the field cannot be used to enumerate WOHNO accounts.
  • See Sync listings from your CRM for usage.

2026-05 — Analytics & Usage (Wave 5)

Added

  • GET /api/v1/usage — quota and usage self-service for your own organization. Scope usage:read (secret keys only). GA-ready (own data only).
  • GET /api/v1/analytics/listings/{id} — aggregated listing analytics (org-isolated, no PII). Scope analytics:read (secret keys only). Dark-shipped until production-volume performance testing completes.

Notes

  • Both endpoints are secret-key (sk_) only and excluded from publishable keys.
  • Additive: no changes to existing endpoints or response shapes.

2026-04 — Utility & Discovery (Wave 4)

Added

  • POST /api/v1/wbs/check — stateless WBS (Wohnberechtigungsschein) eligibility quick-check. Scope wbs:check, publishable-key allowed (browser-safe). GA-ready.
  • GET /api/v1/discovery/listings — discreet, cross-org listing discovery with ETag support. Scope discovery:read, publishable-key allowed. Dark-shipped.
  • POST /api/v1/matching/score — matching score as a service (Premium). Scope matching:score (secret keys only), aggregate output only. Dark-shipped.

Notes

  • Additive only. wbs:check and discovery:read are the first publishable (pk_) scopes added since the read endpoints; matching:score stays sk_-only.

2026-03 — Applications / Bewerbungen (Wave 3)

Status: dark-shipped — NOT GA. This resource handles applicant PII. It is implemented and live behind its feature flag, but generally availability is blocked pending a GDPR (DSGVO) review and consent gate. Do not build against it assuming GA timing.

Added

  • GET /api/v1/listings/{id}/applications — list applications for a listing. Scope applications:read (secret keys only).
  • GET /api/v1/applications/{id} — read a single application (reduced, whitelisted DTO). Scope applications:read (secret keys only).
  • PATCH /api/v1/applications/{id} — update application status / tags. Scope applications:write (secret keys only).

Notes

  • Secret-key (sk_) only; a double gate applies (feature flag and consent).
  • Reduced ApplicationPublicDto and per-read audit logging protect applicant PII.
  • Additive: no existing endpoint changes.

2026-02 — Listings Write & Syndication (Wave 2)

Added

  • POST /api/v1/listings — create / upsert a listing (supports external_ref and Idempotency-Key). Scope listings:write (secret keys only).
  • PATCH /api/v1/listings/{id} — update a listing. Scope listings:write.
  • DELETE /api/v1/listings/{id} — delete a listing. Scope listings:delete.
  • POST / DELETE /api/v1/listings/{id}/images — signed-URL image upload and removal. Scope listings:write.

Notes

  • The previously read-only Listings resource gained write operations — additive, the existing GET endpoints and listings:read scope are unchanged.
  • Write endpoints accept an Idempotency-Key header so retried bulk writes are safe. Dark-shipped.

2026-01 — Webhooks, API Keys & Members (Wave 1)

Added

  • POST /api/v1/webhooks, GET/PATCH/DELETE /api/v1/webhooks/{id} — manage webhook subscriptions (the delivery pipeline, HMAC signing and event types already existed). Scopes webhooks:read / webhooks:write.
  • GET /api/v1/webhooks/{id}/deliveries and POST .../deliveries/{deliveryId}/redeliver — delivery log + re-delivery.
  • GET/POST /api/v1/api-keys, GET/DELETE /api/v1/api-keys/{id} — manage your own API keys programmatically. Scopes api-keys:read / api-keys:write.
  • GET/POST /api/v1/organizations/{id}/members and PATCH/DELETE /api/v1/organizations/{id}/members/{userId} — manage team members. Scopes members:read / members:write.

Notes

  • All Wave 1 endpoints are secret-key (sk_) only and excluded from publishable keys. Dark-shipped.
  • These scopes (webhooks:*, api-keys:*, members:*) were previously defined but had no endpoints; this wave activated them. Additive only.