Overview

Stripe has enhanced the Capabilities API by adding risk requirements to the requirements hash of the Capability object. Previously, risk requirements were only visible in the Account object, but lacked clarity about which specific capabilities they affected.

What Changed

• Risk requirements now appear in the Capabilities API: Connect platforms can now query the Capabilities API to see which capabilities are affected by risk verification requirements
• Accounts v1 users benefit most: Developers using the Accounts v1 API can now programmatically identify capability restrictions without cross-referencing multiple objects
• Accounts v2 users unaffected: If you're already using the Accounts v2 API, this change doesn't impact you, as v2 already includes capability impact information in each requirement entry

Action Items

To adopt this change, you must:

1. Update your API version to 2026-03-25.dahlia or later
2. If using an SDK, upgrade to the corresponding version; otherwise, update API requests to include Stripe-Version: 2026-03-25.dahlia
3. Update webhook endpoints to use the new API version
4. Test your integration in Stripe's test environment, including any Connect flows
5. Perform the upgrade in Workbench (with 72-hour rollback available if needed)

Why This Matters

For Connect platforms managing risk verification workflows, this change streamlines the process of identifying affected capabilities without maintaining complex mapping logic across different API endpoints. This is particularly valuable for platforms that programmatically manage or display capability status to connected accounts.