Risk Requirements Now Available in Capabilities API

Stripe has added risk requirements to the requirements hash of the Capability object. Previously, risk requirements only appeared in the requirements and future_requirements hashes of the Account object, but those hashes didn't indicate which specific capabilities were affected by each requirement.

What This Enables

When using the Accounts v1 API, you can now use the Capabilities API to programmatically identify which capabilities are or can be affected by risk requirements. This provides better visibility into capability-specific compliance needs.

Note: If you're using the Accounts v2 API, you don't need to adopt this change—the v2 API's requirements entries already include an impact.restricts_capabilities array that lists affected capabilities.

Breaking Change Notice

This is a breaking change that requires API version 2026-03-25.dahlia or later. To upgrade:

• Update your API version to 2026-03-25.dahlia in Workbench
• Upgrade SDKs for Ruby, Python, PHP, Java, Node.js, Go, and .NET to the latest versions, or update REST requests with the Stripe-Version: 2026-03-25.dahlia header
• Update webhook endpoints to use the new API version
• Test thoroughly against both standard and Connect integrations
• Roll back safely within 72 hours if needed

Refer to the Stripe API upgrade guide for detailed SDK-specific upgrade instructions.