Breaking: SELECT_MULTIPLE removed from UnderwritingDynamicFieldType
SELECT_MULTIPLE is removed from the UnderwritingDynamicFieldType enum.agentReview query on underwriting applications
agentReview returns the latest AI agent review for an underwriting application. New types: UnderwritingApplicationAgentReview and UnderwritingApplicationAgentReviewComponent. New enums: UnderwritingApplicationAgentReviewDisposition (LIKELY_PROBLEM, LOOKS_ACCEPTABLE, NEEDS_A_CLOSER_LOOK, NOT_YET_ASSESSABLE) and UnderwritingApplicationAgentReviewStatus (COMPLETED, FAILED, IN_PROGRESS, NOT_STARTED).displayInformation masks sensitive PII on application events
displayInformation on ApplicationEvent masks sensitive PII field values such as names and addresses instead of showing plaintext. Original values remain accessible via the revealChange resolver.dynamicFields on applications and decision components
UnderwritingApplication exposes dynamicFields and dynamicField resolvers for retrieving dynamic field values from the org-applicable catalog, optionally scoped to a decision-component item. DecisionComponentItem also carries a dynamicFields resolver.dynamicFields input on updateDecisionComponent
updateDecisionComponent accepts a dynamicFields input for adding, removing, or updating dynamic field values via the @oneOf UnderwritingDynamicFieldInput.Dynamic field types
New types:UnderwritingDynamicField, UnderwritingDynamicFieldSchema, and UnderwritingDynamicFieldSensitiveFields. New enums: UnderwritingDynamicFieldKind (CHOICE, GROUP, SCALAR) and UnderwritingDynamicFieldType (CHECKBOX, CURRENCY, DATE_PICKER, SELECT, SELECT_MULTIPLE, TEXTAREA, TEXT_FIELD, TEXT_FIELD_MASKED).PCI Certification Check items for multi-provider applications
The PCI Certification Check decision component correctly creates and labels distinct items per software provider when an application has multiple providers.PCI Certification Check evaluates software providers
The PCI Certification Check decision component evaluates application software provider names against the Visa PCI listing registry, returningACCEPTED or ACTION_REQUIRED status with detailed review data per provider.Software provider removal updates PCI Certification Check
Removing a software provider name from an application automatically excludes its PCI Certification Check items. Re-adding the provider re-includes them.revealChange and sensitiveChanges fix for one-sided PII changes
revealChange and sensitiveChanges on ApplicationEvent no longer fail on one-sided PII changes — such as a field first populated or cleared — where the serializer omits the absent value. Change history for those events is now viewable.legalEntityName validation relaxed on sole proprietors
legalEntityName no longer needs to match the owner’s name on sole proprietor applications. The value is accepted as-is.birthDate requirement narrowed on person stakeholders
birthDate is only required for owner, guarantor, primary contact, and control person roles. Authorized persons can omit it, but any provided value must still be a date in the past.Stakeholder requirement on application submission
Application submission requires at least one person stakeholder with a role. Submissions without a qualifying stakeholder return aMISSING_STAKEHOLDER validation error.revealChange covers updateDecisionComponent edits
revealChange on ApplicationEvent returns decrypted before/after values for encrypted PII fields edited via updateDecisionComponent, not just direct application input edits.sensitiveChanges null value fix
sensitiveChanges no longer throws a deserialization error when previousValue or updatedValue is null, which could prevent viewing application change history.sensitiveChanges on application events
ApplicationEvent carries a sensitiveChanges field with masked before/after values for encrypted PII changes in the audit change log.revealChange resolver on application events
revealChange on ApplicationEvent provides audited, per-entry decryption of sensitive change-log values.Underwriting data export columns
The underwriting data export correctly populates status, decision timestamp, and decline reason columns.Breaking: declineCodes input restructured on updateUnderwritingApplication
declineCodes changed from [DeclineCode!] to [DeclineCodeInput!], a @oneOf input. Use { addDeclineCodeInput: CODE } to add or { removeDeclineCodeInput: CODE } to remove individual codes instead of replacing the full set.Unrestricted declineCodes on updateUnderwritingApplication
updateUnderwritingApplication accepts any number of decline codes. The previous limit is removed.Decline reasons on underwriting applications
UnderwritingApplication carries a declineReasons field, and updateUnderwritingApplication accepts declineCodes. A DeclineCode enum and DeclineReason type capture adverse action reasons on declined applications.Potential exposure rounding and threshold enforcement
Potential exposure values round to 2 decimal places. Decision components reset toACTION_REQUIRED when recalculated exposure exceeds the threshold.Owner Sanctions Watchlist Check potential match results
Owner Sanctions Watchlist Check potential match results now appear correctly in decision component responses.CURRENCY field type on decision components
CURRENCY is a value on the DecisionComponentFieldType enum.Expanded sanctions decision component results
Sanctions decision component results include per-source detail and source identification.stateOfIncorporation validation
stateOfIncorporation is validated as a 2-character US state or territory code on underwriting applications and normalized to uppercase on all applications.Auto-accept on potential exposure threshold drop
Decision components with potential exposure thresholds are automatically accepted when recalculated exposure drops below the action-required threshold.Processing activity fields on decision components
Processing activity field values now appear correctly in decision component fields for underwriting applications.State of Incorporation on Business Identity Verification
The Business Identity Verification decision component includes a state of incorporation verification result and an editable field, auto-populated from upstream evaluation data.Approval validation on updateDecisionComponent
updateDecisionComponent validates required application data when approving a decision component. The mutation returns validation errors (UnderwritingApplicationFieldValidationError, UnderwritingApplicationValidationError, etc.) if required fields are incomplete.Real-time potential exposure on approval components
Potential exposure on approval decision components reflects recalculated values in real time instead of a static result.Breaking: nameOnAccount removed from bank account types
nameOnAccount is removed from UnderwritingBankAccount, UnderwritingApplicationAddBankAccountInput, and UnderwritingApplicationUpdateBankAccountInput. Use underwritingIdentity.legalEntityName instead.stateOfIncorporation on application identity
stateOfIncorporation is available on application identity input and output types.Automatic potential exposure recalculation
Updating application fields that affect potential exposure triggers an automatic recalculation. Affected decision components may reset toACTION_REQUIRED.type field and DecisionComponentReviewType on DecisionComponentReview
DecisionComponentReview carries a type field with a DecisionComponentReviewType enum (INQUIRY_DATA, REVIEW), distinguishing supplied inquiry data from match results. Sanctions components include an inquiry data review alongside matches.Application submission stall in CREATED status
Applications no longer stall in CREATED status when transient upstream communication errors occur during submission.SUBMISSION_FAILED status on decision components
Decision components correctly reflect SUBMISSION_FAILED status when the upstream evaluation returns no items.Auto-accept on decision component acceptance
Accepting a decision component automatically sets all non-INFORMATIONAL item statuses to ACCEPTED.STATUS_CHANGED webhook for SUBMISSION_FAILED
The UNDERWRITING_APPLICATION_UPDATED webhook fires with a STATUS_CHANGED change type when an application reaches SUBMISSION_FAILED status.averageAnnualSalesAmount on acceptor processing activity
averageAnnualSalesAmount is available on AcceptorApplicationProcessingActivityInput and AcceptorApplicationProcessingActivityOutput, previously limited to underwriting-specific processing activity types.Guidance text replaces status messages for missing website URL
Decision component results no longer include status messages when a business website URL is missing. Guidance text is the sole indicator.Annual sales in Alloy journey payloads
Alloy journey application request payloads includeannual_sales alongside monthly_sales, supporting potential exposure calculations based on annual volume.GraphQL schema descriptions
Enums, types, and error types carry GraphQL descriptions. Schema introspection doubles as documentation.guidance field on decision component items
DecisionComponentItem carries a guidance field with actionable text for items in ACTION_REQUIRED status.Attach uploads to multiple decision components
The attachment upload endpoint accepts an optionaldecisionComponentIds array. Link one upload to multiple decision components in a single request.Expanded Guarantor Credit Check and Mastercard MATCH results
Both decision components return expanded result data.Unrestricted businessName length
The 22-character cap on businessName is removed. Business names of any length are accepted.Website URL optional on MCC Confirmation and Site Inspection
The website URL field on both decision components is no longer required.averageAnnualSalesAmount on processing activity
averageAnnualSalesAmount is available on underwriting processing activity input and output, giving integrators a direct field for annual volume.QUESTION info request type reactivated
QUESTION is back as an active option on UnderwritingInformationRequestType.UNDERWRITING_APPLICATION_UPDATED webhook expanded
This webhook fires for attachment changes, decision component updates, and terminal status transitions. New change types: DECISION_COMPONENT_UPDATED and FILE_DELETED.Org-level DefaultDaysInCycle config
When set, daysInCycle auto-populates on new underwriting applications if the input omits it.Relaxed chargebackRate and refundRate validation
Both fields are truly optional on submitUnderwritingApplication.Deprecated: nameOnAccount
nameOnAccount on UnderwritingBankAccount and related input types is deprecated. Use underwritingIdentity.legalEntityName instead.Minor bug fixes and improvements
Breaking: info request input restructured
CreateUnderwritingInformationRequestInput uses a flat type-based input instead of the OneOf pattern with customInput/fromOptionInput. Specify a type enum value directly — CreateUnderwritingInformationRequestCustomInput and CreateUnderwritingInformationRequestFromOptionInput are removed.Breaking: info request option fields removed
id, isActive, createdDateTime, and updatedDateTime are removed from UnderwritingInformationRequestOptionOutput.New info request document types
Eight new values onUnderwritingInformationRequestType: ARTICLES_OF_INCORPORATION, BANK_LETTER_VOIDED_CHECK, BANK_STATEMENTS, BUSINESS_LICENSE, CERTIFICATE_OF_GOOD_STANDING, FINANCIAL_STATEMENTS, PASSPORT, and PROOF_OF_ADDRESS.defaultMerchantCategoryCode replaces merchantCategories
merchantCategories on UnderwritingApplicationIdentityInput is deprecated — only a single MCC is supported. Use defaultMerchantCategoryCode instead.Deprecated: BANK_LETTER, VOIDED_CHECK, and QUESTION request types
Use BANK_LETTER_VOIDED_CHECK instead of the first two. QUESTION is no longer available as a request option.Info request output enriched
type and fulfillmentTypes are available on underwriting info request output and option output types.Decision component schema authorization
requiredScopes and requiredRoles on UnderwritingDecisionComponentSchema expose per-component authorization requirements.RISK decision component result status
A new RISK value on DecisionComponentResultStatus supports fraud risk scoring.Org-scoped info request options
underwritingInformationRequestOptions returns options scoped to the requesting organization, with platform defaults as fallback.Webhook payload expanded for info requests
description and fulfillmentTypes are included in the UNDERWRITING_APPLICATION_UPDATED webhook payload for information request events.Expanded decision component result data
New result fields across Business Sanctions, MATCH, MCC Confirmation, Owner Identity, Owner ID Fraud, Owner Sanctions, and Site Inspection decision components.Website Review MCC field
MCC field status on the Website Review decision component always showsNOT_VERIFIED.Business Sanctions display fix
Watchlist match results display correctly; “workflow not run” results are hidden.Partial errors on decision component resolver
Decision component resolver errors no longer nullify the entire response. Failures surface in theerrors array with safe defaults for affected fields.