As you may be aware, there was a critical bug exploitation with log4j, however, we are happy to inform you that Argyle has not had exposure to this vulnerability and we have taken extra precautions to ensure that all available patches were pushed to production as soon as they were available. In reassurance that we were not affected by the log4j bug:

• Our API is coded in Python, and the API Gateway we use (Traffik) is written in Go. This vulnerability has not impacted them, and we have conducted an internal penetration test to confirm we were not exposed.
• Our broader tech stack contains a small number of Java repositories, and we use Logback instead of log4j. Our Java-based services have not been impacted by this vulnerability.
• As for our broader tooling, only Metabase was listed among the vulnerable apps. This was not exposed to the internet, and we have pushed the latest patched version to production.
• Finally, our hosted Elastic Cloud solution, which does not contain any user data, has been confirmed as not vulnerable. A new patch has been released, and our production cluster is running on this latest version.

API Updates:

• Starting on December 14th, 2021, additional events will be added to the accounts.pay_distribution_failed webhook. This webhook will now be triggered for confirmation_timeout in addition to the pre-existing events. Check out the docs for more information about these new errors on the direct deposit switching failure.
• As part of the migration from the argyle.io domain to the argyle.com domain, the credentials for the sandbox accounts will also change from [email protected] to [email protected].
• New logic to prevent duplicates in the Activity data point will delete duplicates once they are detected. We are adding a new activities.removed webhook that will notify you about the deletion of a certain activity. You will be able to subscribe to the webhook starting from December 16th, 2021. Payload example below:

  {
  "name": "test",
  "event": "activities.removed",
  "data": {
    "account": "017d9bdc-49cb-bcf6-9a99-f3ed32ddb2c2",
    "user": "017d8fed-b702-7675-e9be-00d6b2d24614",
    "available_from": "2019-09-03T17:56:22Z",
    "available_to": "2021-12-09T00:01:01Z",
    "available_count": 1237,
    "removed_from": "2021-09-27T00:22:54Z",
    "removed_to": "2021-09-27T00:22:54Z",
    "removed_count": 1,
    "removed_activities": [
      "017d9f62-84e1-15ad-b269-624458d343c8"
    ]
  }
}

You can find more information in the Webhooks Guide.

• To be even more transparent and give you valuable information, we have exposed the field known_limitations on the /Link-items endpoint that will provide you with any known limitations on the item in question. Learn more about the new object here.
• To make it easier for you to track the allocations set in pay distribution configs, starting December 16th, 2021, we are adding the new field allocation_id to accounts.pay_distributions.updated that will provide you with the respective Allocation ID that was set. You can check out the new payload in the docs.