Skip to main content
July 13, 2026
Breaking changeAdded

Breaking: SELECT_MULTIPLE removed from UnderwritingDynamicFieldType

SELECT_MULTIPLE is removed from the UnderwritingDynamicFieldType enum.

agentReview query on underwriting applications

agentReview returns the latest AI agent review for an underwriting application. New types: UnderwritingApplicationAgentReview and UnderwritingApplicationAgentReviewComponent. New enums: UnderwritingApplicationAgentReviewDisposition (LIKELY_PROBLEM, LOOKS_ACCEPTABLE, NEEDS_A_CLOSER_LOOK, NOT_YET_ASSESSABLE) and UnderwritingApplicationAgentReviewStatus (COMPLETED, FAILED, IN_PROGRESS, NOT_STARTED).
July 9, 2026
Changed

displayInformation masks sensitive PII on application events

displayInformation on ApplicationEvent masks sensitive PII field values such as names and addresses instead of showing plaintext. Original values remain accessible via the revealChange resolver.
July 3, 2026
Added

dynamicFields on applications and decision components

UnderwritingApplication exposes dynamicFields and dynamicField resolvers for retrieving dynamic field values from the org-applicable catalog, optionally scoped to a decision-component item. DecisionComponentItem also carries a dynamicFields resolver.

dynamicFields input on updateDecisionComponent

updateDecisionComponent accepts a dynamicFields input for adding, removing, or updating dynamic field values via the @oneOf UnderwritingDynamicFieldInput.

Dynamic field types

New types: UnderwritingDynamicField, UnderwritingDynamicFieldSchema, and UnderwritingDynamicFieldSensitiveFields. New enums: UnderwritingDynamicFieldKind (CHOICE, GROUP, SCALAR) and UnderwritingDynamicFieldType (CHECKBOX, CURRENCY, DATE_PICKER, SELECT, SELECT_MULTIPLE, TEXTAREA, TEXT_FIELD, TEXT_FIELD_MASKED).
June 30, 2026
Fixed

PCI Certification Check items for multi-provider applications

The PCI Certification Check decision component correctly creates and labels distinct items per software provider when an application has multiple providers.
June 26, 2026
Changed

PCI Certification Check evaluates software providers

The PCI Certification Check decision component evaluates application software provider names against the Visa PCI listing registry, returning ACCEPTED or ACTION_REQUIRED status with detailed review data per provider.

Software provider removal updates PCI Certification Check

Removing a software provider name from an application automatically excludes its PCI Certification Check items. Re-adding the provider re-includes them.
June 24, 2026
Fixed

revealChange and sensitiveChanges fix for one-sided PII changes

revealChange and sensitiveChanges on ApplicationEvent no longer fail on one-sided PII changes — such as a field first populated or cleared — where the serializer omits the absent value. Change history for those events is now viewable.
June 19, 2026
Changed

legalEntityName validation relaxed on sole proprietors

legalEntityName no longer needs to match the owner’s name on sole proprietor applications. The value is accepted as-is.

birthDate requirement narrowed on person stakeholders

birthDate is only required for owner, guarantor, primary contact, and control person roles. Authorized persons can omit it, but any provided value must still be a date in the past.

Stakeholder requirement on application submission

Application submission requires at least one person stakeholder with a role. Submissions without a qualifying stakeholder return a MISSING_STAKEHOLDER validation error.
June 18, 2026
AddedFixed

revealChange covers updateDecisionComponent edits

revealChange on ApplicationEvent returns decrypted before/after values for encrypted PII fields edited via updateDecisionComponent, not just direct application input edits.

sensitiveChanges null value fix

sensitiveChanges no longer throws a deserialization error when previousValue or updatedValue is null, which could prevent viewing application change history.
June 17, 2026
Added

sensitiveChanges on application events

ApplicationEvent carries a sensitiveChanges field with masked before/after values for encrypted PII changes in the audit change log.

revealChange resolver on application events

revealChange on ApplicationEvent provides audited, per-entry decryption of sensitive change-log values.
June 16, 2026
Added

softwareProviderNames on application identity

softwareProviderNames is available on application identity input and output types.

Expanded revealSensitiveFields mutation

revealSensitiveFields supports additional PII fields across application identity, bank account, and stakeholder data.
June 8, 2026
Fixed

Underwriting data export columns

The underwriting data export correctly populates status, decision timestamp, and decline reason columns.
June 5, 2026
Breaking change

Breaking: declineCodes input restructured on updateUnderwritingApplication

declineCodes changed from [DeclineCode!] to [DeclineCodeInput!], a @oneOf input. Use { addDeclineCodeInput: CODE } to add or { removeDeclineCodeInput: CODE } to remove individual codes instead of replacing the full set.
June 4, 2026
Changed

Unrestricted declineCodes on updateUnderwritingApplication

updateUnderwritingApplication accepts any number of decline codes. The previous limit is removed.
June 2, 2026
Added

Decline reasons on underwriting applications

UnderwritingApplication carries a declineReasons field, and updateUnderwritingApplication accepts declineCodes. A DeclineCode enum and DeclineReason type capture adverse action reasons on declined applications.
May 29, 2026
ChangedFixed

Potential exposure rounding and threshold enforcement

Potential exposure values round to 2 decimal places. Decision components reset to ACTION_REQUIRED when recalculated exposure exceeds the threshold.

Owner Sanctions Watchlist Check potential match results

Owner Sanctions Watchlist Check potential match results now appear correctly in decision component responses.
May 27, 2026
AddedChangedFixed

CURRENCY field type on decision components

CURRENCY is a value on the DecisionComponentFieldType enum.

Expanded sanctions decision component results

Sanctions decision component results include per-source detail and source identification.

stateOfIncorporation validation

stateOfIncorporation is validated as a 2-character US state or territory code on underwriting applications and normalized to uppercase on all applications.

Auto-accept on potential exposure threshold drop

Decision components with potential exposure thresholds are automatically accepted when recalculated exposure drops below the action-required threshold.

Processing activity fields on decision components

Processing activity field values now appear correctly in decision component fields for underwriting applications.
May 19, 2026
AddedChanged

State of Incorporation on Business Identity Verification

The Business Identity Verification decision component includes a state of incorporation verification result and an editable field, auto-populated from upstream evaluation data.

Approval validation on updateDecisionComponent

updateDecisionComponent validates required application data when approving a decision component. The mutation returns validation errors (UnderwritingApplicationFieldValidationError, UnderwritingApplicationValidationError, etc.) if required fields are incomplete.

Real-time potential exposure on approval components

Potential exposure on approval decision components reflects recalculated values in real time instead of a static result.
May 13, 2026
Breaking changeAddedChanged

Breaking: nameOnAccount removed from bank account types

nameOnAccount is removed from UnderwritingBankAccount, UnderwritingApplicationAddBankAccountInput, and UnderwritingApplicationUpdateBankAccountInput. Use underwritingIdentity.legalEntityName instead.

stateOfIncorporation on application identity

stateOfIncorporation is available on application identity input and output types.

Automatic potential exposure recalculation

Updating application fields that affect potential exposure triggers an automatic recalculation. Affected decision components may reset to ACTION_REQUIRED.
May 6, 2026
Added

type field and DecisionComponentReviewType on DecisionComponentReview

DecisionComponentReview carries a type field with a DecisionComponentReviewType enum (INQUIRY_DATA, REVIEW), distinguishing supplied inquiry data from match results. Sanctions components include an inquiry data review alongside matches.
April 27, 2026
Fixed

Application submission stall in CREATED status

Applications no longer stall in CREATED status when transient upstream communication errors occur during submission.
April 20, 2026
Fixed

SUBMISSION_FAILED status on decision components

Decision components correctly reflect SUBMISSION_FAILED status when the upstream evaluation returns no items.
April 17, 2026
Changed

Auto-accept on decision component acceptance

Accepting a decision component automatically sets all non-INFORMATIONAL item statuses to ACCEPTED.
April 16, 2026
AddedChanged

STATUS_CHANGED webhook for SUBMISSION_FAILED

The UNDERWRITING_APPLICATION_UPDATED webhook fires with a STATUS_CHANGED change type when an application reaches SUBMISSION_FAILED status.

averageAnnualSalesAmount on acceptor processing activity

averageAnnualSalesAmount is available on AcceptorApplicationProcessingActivityInput and AcceptorApplicationProcessingActivityOutput, previously limited to underwriting-specific processing activity types.

Guidance text replaces status messages for missing website URL

Decision component results no longer include status messages when a business website URL is missing. Guidance text is the sole indicator.

Annual sales in Alloy journey payloads

Alloy journey application request payloads include annual_sales alongside monthly_sales, supporting potential exposure calculations based on annual volume.
April 14, 2026
AddedChanged

GraphQL schema descriptions

Enums, types, and error types carry GraphQL descriptions. Schema introspection doubles as documentation.

guidance field on decision component items

DecisionComponentItem carries a guidance field with actionable text for items in ACTION_REQUIRED status.

Attach uploads to multiple decision components

The attachment upload endpoint accepts an optional decisionComponentIds array. Link one upload to multiple decision components in a single request.

Expanded Guarantor Credit Check and Mastercard MATCH results

Both decision components return expanded result data.

Unrestricted businessName length

The 22-character cap on businessName is removed. Business names of any length are accepted.

Website URL optional on MCC Confirmation and Site Inspection

The website URL field on both decision components is no longer required.
April 7, 2026
Added

TRUST business entity type

TRUST is a value on the BusinessEntityType enum.

underwritingReference and acceptorReference on boarding webhooks

Both fields are included in boarding webhook payloads.
March 31, 2026
AddedChangedDeprecatedFixed

averageAnnualSalesAmount on processing activity

averageAnnualSalesAmount is available on underwriting processing activity input and output, giving integrators a direct field for annual volume.

QUESTION info request type reactivated

QUESTION is back as an active option on UnderwritingInformationRequestType.

UNDERWRITING_APPLICATION_UPDATED webhook expanded

This webhook fires for attachment changes, decision component updates, and terminal status transitions. New change types: DECISION_COMPONENT_UPDATED and FILE_DELETED.

Org-level DefaultDaysInCycle config

When set, daysInCycle auto-populates on new underwriting applications if the input omits it.

Relaxed chargebackRate and refundRate validation

Both fields are truly optional on submitUnderwritingApplication.

Deprecated: nameOnAccount

nameOnAccount on UnderwritingBankAccount and related input types is deprecated. Use underwritingIdentity.legalEntityName instead.

Minor bug fixes and improvements

March 20, 2026
Breaking changeAddedChangedDeprecatedFixed

Breaking: info request input restructured

CreateUnderwritingInformationRequestInput uses a flat type-based input instead of the OneOf pattern with customInput/fromOptionInput. Specify a type enum value directly — CreateUnderwritingInformationRequestCustomInput and CreateUnderwritingInformationRequestFromOptionInput are removed.

Breaking: info request option fields removed

id, isActive, createdDateTime, and updatedDateTime are removed from UnderwritingInformationRequestOptionOutput.

New info request document types

Eight new values on UnderwritingInformationRequestType: ARTICLES_OF_INCORPORATION, BANK_LETTER_VOIDED_CHECK, BANK_STATEMENTS, BUSINESS_LICENSE, CERTIFICATE_OF_GOOD_STANDING, FINANCIAL_STATEMENTS, PASSPORT, and PROOF_OF_ADDRESS.

defaultMerchantCategoryCode replaces merchantCategories

merchantCategories on UnderwritingApplicationIdentityInput is deprecated — only a single MCC is supported. Use defaultMerchantCategoryCode instead.

Deprecated: BANK_LETTER, VOIDED_CHECK, and QUESTION request types

Use BANK_LETTER_VOIDED_CHECK instead of the first two. QUESTION is no longer available as a request option.

Info request output enriched

type and fulfillmentTypes are available on underwriting info request output and option output types.

Decision component schema authorization

requiredScopes and requiredRoles on UnderwritingDecisionComponentSchema expose per-component authorization requirements.

RISK decision component result status

A new RISK value on DecisionComponentResultStatus supports fraud risk scoring.

Org-scoped info request options

underwritingInformationRequestOptions returns options scoped to the requesting organization, with platform defaults as fallback.

Webhook payload expanded for info requests

description and fulfillmentTypes are included in the UNDERWRITING_APPLICATION_UPDATED webhook payload for information request events.

Expanded decision component result data

New result fields across Business Sanctions, MATCH, MCC Confirmation, Owner Identity, Owner ID Fraud, Owner Sanctions, and Site Inspection decision components.

Website Review MCC field

MCC field status on the Website Review decision component always shows NOT_VERIFIED.

Business Sanctions display fix

Watchlist match results display correctly; “workflow not run” results are hidden.

Partial errors on decision component resolver

Decision component resolver errors no longer nullify the entire response. Failures surface in the errors array with safe defaults for affected fields.

Minor bug fixes and improvements