The issuer may opt to not store password with Apata to maintain a single system of record. If this is the case then a webhook will be configured to receive the password and verify it.

API Backwards Compatibility: Apata may introduce non-breaking changes to API requests and responses, including the addition of new fields. To ensure continued compatibility, please design API validation logic to tolerate and gracefully handle any extra fields that may be included in the payload.