On November 10th 2025 we will be making some changes to the First AML Public API and how some of the lower level HTTP response values are used. At a very high level this is implementing the GraphQL over HTTP specification.
This change has already been made in our Sandbox environment.
This change has now been made in our Production environments.
For most of our integration partners there will be no changes to how the Public API responds to your requests. The following will be the most impactful changes:
HTTP Status Code Changes
- When an invalid GraphQL query is sent the HTTP response code will be
400 Bad Requestinstead of200 OK, the content of the response will be the same. - Server errors (500-level) may be returned for infrastructure issues instead of always returning
200 OKwith error details in the response body
Content-Type Header Changes
- Responses will now include the proper
application/graphql-response+jsonContent-Type header when appropriate - Accept header validation may be more strict for certain requests
Error Response Structure
- Error responses for malformed requests will maintain the same JSON structure but arrive with appropriate HTTP status codes
- HTTP-level errors (4xx/5xx) will still include GraphQL error details in the response body where applicable
What This Means for Your Integration
- If you only check response body content: No changes required
- If you rely on HTTP status codes: Update error handling to expect
400for client errors instead of always200 - If you parse Content-Type headers: Verify your client handles the new GraphQL-specific content types
