Changelog

• PRODUCTION RELEASE DATE: 10/11/2025
• SANDBOX RELEASE DATE: 03/11/2025

Go to Release notes 107

API Enhancements:

• Implemented CIT/MIT indicators for Cybersource gateway

Added support for Customer Initiated Transaction (CIT) and Merchant Initiated Transaction (MIT) indicator fields in Cybersource requests. This ensures accurate transaction classification and aligns with Cybersource’s compliance recommendations.

Impacted Functionality: Cybersource

• BIN Input Validation for Rule Endpoints

Introduced comprehensive validation for BIN inputs on rule creation and update endpoints. Only numeric strings of 6 or 8 digits are accepted, with matching lengths and correct range order enforced.

Impacted Functionality: Rules Engine

• Comprehensive IP Input Validation for Rule Endpoints

Added validation for IP address rules on creation and update. Ensures valid IPv4/IPv6 formats, matching IP versions in ranges, and correct ordering.

Impacted Functionality: Rules Engine

.

UI Enhancements:

• Enhanced Reporting: Timezone Display

Updated reporting functionality to reflect the selected timezone instead of defaulting to UTC, improving accuracy and clarity for users across the merchant and brand level

Impacted Functionality: Reporting

.

Widget Enhancements:

No enhancements in this release.

• PRODUCTION RELEASE DATE: 22/10/2025
• SANDBOX RELEASE DATE: 09/10/2025

Go to Release notes 106

API Enhancements:

• PayPal Authorization Expiry Mapping

Introduced and mapped the PayPal expiration_time to the Paydock authorization_expiry field for PayPal Authorized charges. This field is now visible at the charge level, ensuring merchants are aware of the authorization expiration timeline.

Impacted Functionality: Paypal Vaulting

.

UI Enhancements:

• Card Expiration Year Range Extended

Expanded the card expiration year selection range in the UI to 2039. Merchants can now select expiration years up to 2039 on the charges, subscriptions, and customer pages.

Impacted Functionality: Charges, subscriptions, and customer

• Improved Transaction Search Functionality

Implemented a fix to resolve the issue where transactions could not be retrieved when searching by first name, last name, or email within the Apply New Filter option on the Charge page.

Impacted Functionality: Charges (Apply New Filter - Search input)

• Enhanced Reporting Experience

Improved reporting to provide greater accuracy and flexibility:

• Timezone Dropdown – now includes flexible search using partial/full text or city/region for quicker selection.
• Date Range Fields (From & To) – both are optional, auto-populate from Charge page filters, and can be set during report creation.
• Mandatory Date Type – a new required field (Creation Date, Settlement Date, Update Date, or Processed At) that defines which date type is applied for the report.

These updates ensure reports align seamlessly with filter criteria and deliver more reliable results..

Impacted Functionality: Charge Reporting

• Corrected Services Page Default Behaviour for Click to Pay

Fixed an issue where the Services page defaulted to Gateway services after adding a ClickToPay service from Registration. The page now correctly reflects the selected service, preventing user confusion.

Impacted Functionality: Services page (Click to pay)

.

Widget Enhancements:

• Updated Google Pay Mark for Brand Compliance

Resolved an issue where the Google Pay mark in the checkout widget was missing the required border. The Google Pay logo mark has been updated to align with the latest brand guidelines, ensuring merchants can successfully activate Google Pay in production.

Impacted Functionality: Checkout

• PRODUCTION RELEASE DATE: 03/10/2025
• SANDBOX RELEASE DATE: 18/09/2025

Go to Release notes 105

API Enhancements:

• Encryption Standards Enhancement

To strengthen security, the following restrictions applied to all new imported PGP keys.

Hash Algorithms

Older algorithms like MD5 and SHA1 were deprecated. All keys and signatures now use modern, NIST-approved algorithms, including SHA3-512, SHA3-256, SHA512, SHA384, SHA256, and SHA224.

Encryption & Decryption

The minimum required key sizes were increased for the following algorithms:

• RSA, ElGamal, and DSA: The new minimum is 2000 bits.
• ECDSA and EDDSA: The new minimum is 250 bits.

Impacted Functionality: Reporting(report encryption/decryption)

.

UI Enhancements:

• Not Possible to Edit Existing Notification Template

Fix an issue where the HTML source panel is not present when editing notification templates on the web-app.

Impacted Functionality: Edit notification templates page

• Implemented filter by transactions.status in the Dashboard (Brand Level)

Implemented support for merchants to filter transactions by transactions.status at the Master Merchant (Brand) level.

Impacted Functionality: Charge (Apply Filter), Brand

• Implemented filter by Card Scheme

Introduced a new multi-select filter option for Card Schemes (Mastercard, Visa, AMEX, and UnionPay) within Apply Filter on the charge page at both the brand and company levels.

• Selecting Mastercard or Visa will now return only transactions made with those card schemes, excluding co-branded cards.
• Selecting AMEX will return all AMEX transactions, including AMEX co-branded cards.

Impacted Functionality: Charge (Apply Filter)

• Implemented “Auth/Sale“ filter on Master Merchant Level

Implemented support for “Auth/Sale“ filter transactions at the Master Merchant (Brand) level. This filter enables differentiation between the Direct Charge and Auth & Capture flow.

Impacted Functionality: Charge (Apply Filter)

.

Widget Enhancements:

• Implemented Method to Disable Widget Messages

Added a new method, widget.disableResultMessage(), to our HTML Simple widget to allow merchants to hide unnecessary payment result messages like "Payment details collected". This enhancement provides merchants with greater control over the UI, enabling a more streamlined and configurable payment flow.

Impacted Functionality: Simple HTML Widget

• PRODUCTION RELEASE DATE: 15/09/2025
• SANDBOX RELEASE DATE: 03/09/2025

Go to Release notes 104

API Enhancements:

• Fixed error when creating a charge without a cardholder name charge fails

Fixed the error that the charge failed when it was created without a cardholder name

Impacted Functionality: Charges

• Regex errors appearing in Console log on Firefox when cardholder name is entered into widget

Fixed the issue that when entering the cardholder’s name in the card form on the Firefox browser, errors appeared in the console log.

• Fat Zebra: Omit Expiry only when the card has expired

When “Omit Expiry Date“is enabled, Paydock will send the omit expiry flag as true only when the card is expired and the payment is recurring (ECM = 32).

• Improved permission options for Checkout Templates

Updated the Checkout permission process to use separate, permission-based API endpoints for creating, updating, and deleting configuration and customisation templates. This change ensures that merchants can only interact with the appropriate template type through the UI and API.

Impacted Functionality: Checkout

• Implemented version-based filtering for Checkout Templates

Enabled URL filtering for the type and version fields in the GET /v1/checkouts/templates endpoint. This resolves an issue where the API was not correctly filtering templates by version, ensuring that requests now return only templates that match the specified type and version parameters.

Impacted Functionality: Checkout

• Implemented a fix for Apple Pay Express Checkout to ensure shipping information accuracy

Implemented a fix to ensure that when consumers update shipping address during checkout (ApplePay Express), the amount displayed in the Apple popup also reflects the new shipping cost instead of the order and shipping amount. Also fixed the non-updating of shipping address in the logs after a successful charge creation

Impacted Functionality: Apple Pay Express, Charge

• API Core V2 can generate X.509 certificates with custom subject
  • The API payload for the SSO Setup endpoint has been enhanced to support optional X.509 certificate subject fields. This update enables customers to add, edit, or remove these fields, providing greater compatibility with varying Identity Provider (IdP) configurations.

Impacted Functionality: SSO/SAML

.

UI Enhancements:

• As a user I want to specify X.509 certificates subject fields via web-app
  • This enhancement allows users who access the SSO Setup page on the web-app to customize the subject fields attached to the self-signed X.509 Certificate which is used in SSO/SAML flows.

Impacted Functionality: SSO/SAML

• As a user I want to be able to download or copy X.509 certificate
  • This enhancement allows users who access the SSO Setup page to download a .pem file or copy to clipboard the X.509 Certificate which is used in SSO/SAML flows.

Impacted Functionality: SSO/SAML

• Updated the “Transaction Id” and “Order Id” labels in Apply New Filter

Updated the labels for "Transaction Id" to “Custom Transaction Id” and "Order Id" to “Custom Order Id” with explanatory tooltips on the Charge page filters.

Impacted Functionality: Charge (Apply New Filter)

• Addressed the non-display of the Company Phone Number and Website fields

Implemented a fix to address the non-display of the Company Phone Number and Website fields in Company Profiles and when editing a Company from the Brand level.

Impacted Functionality: Company & Brand

.

Widget Enhancements:

No enhancements in this release.

• PRODUCTION RELEASE DATE: 26/08/2025
• SANDBOX RELEASE DATE: 12/08/2025

Go to Release notes 103

API Enhancements:

• Restricted webhook notifications to be sent only by HTTPS

Change POST https://<api-url>/v1/notifications and PUT https://<api-url>/v1/notifications/:nid to require HTTPS protocol when the DTO field destination is a URL. This will ensure that Notifications with type webhook deliver messages via secure communication channels.

Impacted Functionality: Notifications

• Fixed issue that the message is not mapped into the transaction object when sent from Forter

Fixed issue that the message returned in Forter’s response was not set to the transaction “specific_message“.

Impacted Functionality: Forter

.

UI Enhancements:

• As a stakeholder I want all webhook notifications to be sent by HTTPS

Change the notification creation and edit forms such that they prevent submissions of HTTP URLs when the notification type is webhook.

Impacted Functionality: Notifications

• Implemented filter by transactions.type = fraud in the Dashboard

Implemented ability to filter transactions by transactions.type = fraud enabling merchants view all fraud transactions.

Impacted Functionality: Charge reporting

.

Widget Enhancements:

No enhancements this release.