May 31, 2022¶
1.179, 1.178, 1.177, 1.176, 1.175, 1.174, 1.173, 1.172, & 1.171
Cheery Greetings from the Corefy team!
This month we've focused our efforts on security issues, refactoring and overall platform improvements. And we are inspired to share the latest news and, besides that, we kindly ask you to pay attention to the previous notifications.
- Integration updates: added signature keys for Commerce API request-response verification
- Dashboard UX updates: added possibility to handle connected provider account statuses
- Payment gateway updates: expanded the list of original data attributes; started to send the payment card ID in the payload
- Other noticeable improvements
In the details¶
We continue upgrading processing safety, and improved signature verification algorithm for Commerce API request-response interaction. The algorithm became time-based; thus, the permissible discrepancy between generation time (on request) and checking time (on response) is no more than 1 minute.
We also have added Signature keys for Commerce Private API that, for now, performs the same functionality as the Private API keys (Live and Test). Besides, in the nearest future, we're completely switching to the use of new keys only and adding the Force signature verification option to the Commerce account settings.
Connected account status handling¶
We've added the logic and interface to manage connected account status from the dashboard. So, users with related access rights can:
- deactivate an active account to deactivate and disconnect all child merchant and deposit accounts, and consequently deactivate all routes related to this one and its child accounts;
- activate a deactivated account to reconnect it; thus, this option does not provide the automatic activation of child accounts and connected routes, you should check it all and activate ones you need;
- archive a deactivated account to archive as well all child accounts and routes.
You should be especially careful when making a decision about an account archiving, therefore this action clears associated credentials from the data storage without any opportunity of recovery.
Payment gateway updates¶
Payment original data¶
original_data object in payment invoices contains actual payment information obtained from a payment provider and also extends important data for reconciliation and verification. So, in order to optimise these processes, we've updated and expanded the list of attributes.
Original data information is available for obtaining through API response and Callbacks if you turned on the Expose internal data option in the commerce payment settings.
Payment card ID¶
Payment card ID is the unique identifier for the card vault which allows to check the card without access to full card number and other sensitive data. So that we've started to send it in the
payment_card object in the invoice statement payload.
Other platform improvements¶
Batch payouts and reports updates¶
- As stated in the previous announcements, all changes took effect for batch payouts and reports, respectively.
User interface improvements¶
Updated the Balance widget for Merchant portal: added the Show more link to quickly get to the related section.
Upgraded to the latest version the merchant widget in the Sandbox section, in the Dashboard. So now, it's much more convenient to customize the look and feel of the Commerce Checkout.
Whereas we continue growing platform quality and performance, we've also made numerous fixes for our products.
Stay tuned for the next updates!