Skip to main content
June 3, 2026
Maintenance

PCI Control Adjustment

Refined how merchant network token data is decrypted in composition with Guardian, keeping the data path aligned with our PCI DSS controls.
May 28, 2026
New ReleaseImprovement

Composing Commerce v2 with Guardian

Advancing our Composable Payment Architecture, Commerce v2 now composes natively with Guardian for network token data, cryptograms, and issuer metadata. Opt an account in with the new guardian_cpa_mode and issuer_metadata_enabled settings (alongside its contract_id): Commerce resolves cryptograms by reference through Guardian and surfaces each token’s expires_at with the resolved token data. A new POST /tokens/{id}/refresh-metadata endpoint lets you refresh issuer metadata on demand instead of waiting for the next payment.

User MFA Recovery

A new endpoint revokes a user’s multi-factor authentication, so you can reset MFA for a locked-out operator instead of escalating to support.

Improvements and bugfixes

  • Token responses now include the currency field.
  • Clearer errors when retrieving payment data, plus a precise message when a contract_id exceeds the allowed length instead of an opaque bad request.
  • Unsupported network token creation now returns a readable error message.
  • 3DS requests now return a clean 502 when the upstream authentication provider’s TLS handshake fails, instead of an ambiguous error.
  • Issuer metadata falls back to card scheme data when a lookup is disabled or unavailable, so scheme information is always populated.
  • Hardened data-request logging to never persist x-api-key or authorization headers, and restored a missing Content-Security-Policy header.
  • Updated dependencies to clear a security advisory.
March 11, 2026
New ReleaseMaintenance

Allowed Card Schemes per Account

You can now restrict which card schemes are accepted on a given account or session. A new endpoint lets you configure the allow-list, sessions pick it up automatically, and the Web SDK validates it client-side before the cardholder even hits submit. Great for merchants with acquirer- or region-specific scheme constraints.

Improvements and bugfixes

  • Sub-merchants can now only see their own payment data — tightened scoping across reads.
  • Hardened against several 500 paths: invalid UUIDs in API-logs queries, missing required fields on authentication installments, Guardian authentication-failed responses, and oversized AOC document links.
  • Network token decline reports and scheme-percentage views render consistently for accounts with allowed-schemes configured.
February 27, 2026
New ReleaseMaintenance

Network Token Statistics and Details

You now have deeper visibility into your network tokenization activity. New reporting endpoints let you export BIN statistics as CSV, review declined network tokenizations, and access a token activity summary — giving you the data you need to monitor performance and troubleshoot issues.Token filtering has also been extended to support lookup by token ID or last four digits, making it easier to find specific tokens.

Improvements and bugfixes

  • Webhooks no longer fire when there are no changes to a token.
  • Fixed a date format issue in 3DS session context.
  • Ecosystem accounts and sub-merchants can now execute proxy forwards.
  • Improved error handling for Guardian serialization errors and unknown tokens.
January 29, 2026
New ReleaseMaintenance

Introduction of Generic Tokens

With the rollout of TMS support on Guardian, Commerce v2 now supports this tokenization backend as well.

Bugfix

  • Improved the SDK session protocol against unexpected data and up-stream errors.
December 19, 2025
Maintenance

Bugfixes

  • Improved session error handling on CDE import.
  • Handle card-art corner cases for some issuers.
  • Handle BIN data gracefully when missing some attributes.
October 6, 2025
New ReleaseMaintenance

Deterministic TPANs

We added support for deterministic TPANs (Token PAN) on the Network Token Sandbox. This is a great help for developers to test their integration with consistent data.

Payment Splits are generally available

We rolled out payment splits for all our customers on the platform operating model. This allows you to split the payment amount between multiple accounts.

Improvements and bugfixes

  • Better error messages on invalid payloads for session completion (specifically encrypted CHD payloads)
  • Wider support of metadata in requests.
  • Fixed issuer metadata retrieval for cards without default currency.
  • Support more exotic cardart data from issuers.
August 29, 2025
New ReleaseMaintenance

Templating

  • We added a new filter last(n) to the forwarding templates.

Improvements and bugfixes

  • We optimized the performance of our authentication subsystem, which makes literally every API interaction just faster.
  • Apply correct scoping of sub-merchant level API keys.
  • Fix issues with certain compliance proxy forwards.
August 8, 2025
New ReleaseMaintenance

Bring your own Guardian

Mix and match - Use your own dedicated Guardian in Commerce setups.

Bugfix

  • Fixed the replenishment of encryption keys for account owners on eco-system operating model.
July 7, 2025
New Release

Hello CPA 👋

July has been nothing short of monumental for the Hellgate® engineering team – and we’re beyond thrilled to finally unveil what we’ve been building behind the scenes.Say hello to the next generation of payment innovation: The Composable Payment Architecture.

Built for Seamless Integration

With CPA, we’re rewriting the rules of payment technology. Hellgate® is no longer just a powerful platform – it’s a composable, integratable powerhouse. We’re opening up our legendary “secret sauce” to empower developers, partners, and innovators everywhere.Think modular. Think agile. Think tailor-made payments infrastructure.We’re rolling out these new services step by step – purpose-built for scalability, flexibility, and collaboration. It’s everything you love about Hellgate, now available piece by piece for maximum integration and innovation.

Hellgate Evolves: Introducing Hellgate Commerce

We’re all-in on the orchestration journey.Say hello to Commerce – your full-stack command center for modern payments. We’re pushing the limits of productivity, control, and performance in every update. The name is new, but our commitment to excellence remains stronger than ever.

Meet Guardian CPA: Power Meets Privacy

Kicking off our Early Access Program is Guardian – the cornerstone of CPA. Guardian delivers a fully managed PCI DSS-compliant cardholder data vault, so you can store sensitive data with confidence and speed.Need more control? We’ve got you covered with private Guardian deployments, bringing top-tier data privacy and security directly to your Commerce environment.