Why are the Bambora and Beanstream API URLs changing?

Shift4 acquired Bambora and Beanstream and is consolidating all platforms under the Shift4 brand. As part of this alignment, all API endpoints and web-based portal URLs that previously used Bambora or Beanstream domains are being moved to a Shift4-owned domain convention.

This is a branding and infrastructure change only. No functionality is being altered.

Must know:

  • New endpoints are active from August 25, 2026, you can begin updating and testing immediately after that date. Refer to the full endpoint mapping list here.
  • You must update your integration before December 31, 2026.
  • Only the domain is changing, API functionality, credentials, and data are unaffected

Understanding the Impact

Does this affect my API functionality, data, or transaction history?

No. The API behavior, request and response formats, authentication, and all transaction data remain the same. This is a URL-only change.

I am a merchant. Does this affect me directly?

It depends on how you access Shift4 services.

If your systems connect directly to Bambora/Beanstream API endpoints (typically handled by an internal developer, IT agency, or third-party software provider), those integrations must be updated. Pass this document along to the appropriate technical team.

I send customers to a hosted checkout page. Do I need to do anything?

Yes. If you link customers directly to our hosted checkout solution, that URL needs to be updated.

Only the first part of the URL (the domain) needs to change. Everything after it — your merchant ID, amount, order details, and any other parameters — stays exactly the same.

Before: https://web.na.bambora.com/scripts/payment/payment.asp?merchant_id=123456789&trnAmount=19.99...

After: https://checkout.bam.shift4api.net/payment/payment.asp?merchant_id=123456789&trnAmount=19.99...

In other words, replace: https://web.na.bambora.com with: https://checkout.bam.shift4api.net.

The rest of the URL, the path (/scripts/payment/payment.asp) and all the parameters after the question mark do not change.

If your checkout link is hardcoded in a website, invoice template, email, or button, pass this to your developer or IT provider and ask them to swap out the domain portion only.

I use a third-party software provider or payment plugin. What should I do?

Forward this document and the original migration email to your software provider or plugin vendor. Ask them to confirm whether their product requires an update and when they plan to release it.

You should also confirm with them before the December 31, 2026 deadline that the update has been applied.

Will IP addresses change? Do I need to update my firewall?

Firewall allow-list updates may be required. New IP addresses will be provided in a follow-up communication. Ensure your network or IT team reviews and updates firewall rules before the December 31, 2026 go-live date.

If your firewall currently allows traffic by domain name rather than IP, you will need to add the new *.bam.shift4api.net domain to your allow list.

I received this document from a merchant. What do I need to do as their developer or IT provider?

As a technical implementer acting on behalf of a merchant, you are responsible for:

  • Updating all API endpoint URLs in the merchant's integration from the legacy Bambora/Beanstream domains to the new Shift4 domain convention.
  • Reviewing and updating firewall allow-lists once new IP addresses are provided.
  • Testing the updated integration in staging before deploying to production.
  • Completing the migration before December 31, 2026.

Refer to the full endpoint mapping list here for all impacted URLs.

For Developers and Technical Teams

How do I update my integration for the Shift4 API domain rebranding?

The update process depends on how your integration is built, but the steps are generally:

  • Locate all references to Bambora/Beanstream domains in your codebase, configuration files, environment variables, and infrastructure (e.g., DNS, load balancer, firewall rules).
  • Replace all occurrences of with the corresponding endpoint. Refer to the full endpoint mapping list here.
  • Update any TLS/SSL certificate pinning or validation rules that reference the old domain.
  • Update firewall allow-lists to permit traffic to new IP addresses (to be provided in follow-up communication).
  • Test your integration in a staging or sandbox environment before deploying to production.
  • Deploy changes to production before December 31, 2026.
Do the authentication methods or API keys change?

No. Your existing API keys, credentials, and authentication methods remain valid. No re-authentication or credential rotation is required as part of this migration.

Do request or response formats change?

No. All API request structures, response formats, error codes, and data schemas remain identical. Your existing integration logic does not need to change beyond the URL update.

How do I prepare for this update?

We recommend the following preparation steps:

  • Review the endpoint mapping list now and identify which URLs your system uses.
  • Audit your codebase, CI/CD pipelines, environment configs, and infrastructure-as-code for hardcoded Bambora/Beanstream URLs.
  • Update your staging/development environments first and validate end-to-end functionality.
  • Plan your production deployment ahead of the December 31, 2026 deadline to allow time for testing.
  • Coordinate with any third-party vendors or plugins to confirm they will be updated in time.
  • Watch for the follow-up communication with new IP addresses and update firewall rules accordingly.

Timeline and Deadlines

What is the timeline for this migration?
Date Event What it means
August 25, 2026 New endpoints go live New Shift4 endpoints become active. You may begin using them immediately.
December 31, 2026 Migration deadline All integrations must be using new endpoints by this date.
What happens if I miss the December 31, 2026 migration deadline?

After December 31, 2026, legacy endpoints will be permanently disabled and all requests to legacy URLs will start to fail. You should completing migration before December 31, 2026 to avoid disruption.

Good to know:

  • The new endpoints are live and available for testing before the deadline, you don't have to wait until December 31.
  • If a third-party provider or plugin handles your payments, you may not need to do anything yourself, but you should confirm with them that they will have it updated in time 
  • Your API keys and authentication do not change, no need to re-register or reset credentials.
  • Firewall rules may need updating, new IP addresses will be provided in a follow-up communication
Was this article helpful?
0 out of 0 found this helpful