Cancellation options for Account Management

In the scope of 3.16.0 we added three cancellation options for Account management: Cancel immediately, Cancel next billing cycle and Cancel at a future date. However, we realised that there was no way to manage these options' visibility, and also they were sending the wrong StopType. Those two issues were fixed in scope of this hotfix.

The ability to manage the visibility of the cancellation option through Account Management settings was added. The following settings can be set to either true or false:

• DisplayImmediateOption

• DisplayNextCycleOption

• DisplayScheduleDateOption

To manage CancellationTypeId for each option in addition to already existing SubCon.Cancel.DefaultStopType API setting in MG2 control the three new API settings were created:

• SubCon.Cancel.NextBillingCycleStopType

• SubCon.Cancel.ImmediateStopType

• SubCon.Cancel.ScheduleDateStopType

The setting value should be sent to the following:

• for the cancellation on the next billing cycle = 1

• for the immediate cancellation = 2 4

• for the cancellation at a scheduled date = 3 2

Areas Covered: Subcon Site (Account management), API

Backward compatibility for inApp starts

Starting from 3.16 onwards Purchase API must be for all the new starts. There are two endpoints /Purchases (to receive Standard, Comps, PaidPass, Gifts, etc for all Circs) and /Purchases/InApp (to receive InApp and SwG).

/Purchases/InApp is prepared to redirect to Subscriptions API or Pu

rchase API based on an MG2 Control setting. This works for consumer apps but it is going to be a problem for all the clients using InApp today since they were not notified they need to switch the endpoint. Since we want to have backward compatibility with our external InApp consumers, re-add the POST /Subscription endpoint with a condition that it can be used only for InApp new starts.

In the scope of this hotfix, we also fixed the issue with the Payway form not being loaded in the Edge browser in Account Management.

Areas Covered: API, Account Management

CircPro related fixes

This hotfix is dedicated to CircPro-related issues. The following issues are covered:

• wrong redelivery issue dropdown options when submitting a complaint in Account Management

• unit designator not being sent in CircPro for a new start

• scheduled vacation not being synced during overnight database sync

• new start with ApplePay or Google Pay passing zero amount to circ

• displaying negative balance in Account Management while it's actually positive

Areas Covered: Account Management, API

Auth0 issue fix

For Auth0 we had a problem with ProcessLogin failing because the Auth Endpoint was using the User ID instead of Internal_id for Advance Tennant. The issue was fixed in scope of this hotfix. Now for Advance Auth endpoint uses Internal_id.

Areas Covered: API

Digital payments issues: ApplePay with Payway, GooglePay

Some ApplePay starts with Payway were failing due to ApplePay Payload not having the ECI Indicator. The issue was fixed in scope of the current hotfix, new MG2Control's Setting (API Setting) was added:

• Key -> Edgil.SecureElectronicCommerceTransactionECI

• NULL NULL NULL Value -> 5

The changes had to be merged to several branches as several clients in production were affected. Please see the list of the branches below:

PurchaseAPI: 3.15.0.5, 3.15.1.6, 3.15.2.3, 3.15.3.1, 3.16.0.5

EdgilPaywayAPI: 3.15.0.2, 3.15.1.2, 3.15.2.2, 3.15.3.1, 3.16.0.5

Also included minor fixes for GooglePay:

• The old GooglePay watermark image is now replaced with the new watermark in the checkout flow

• Fixed the error of GooglePay icon still being visible in checkout flow even if unchecked in Solicitor Concierge

Areas Covered: API, Subscription Panel

Database focused

This fix contains the scripts that populate CancellationTypes and NewspaperCancellationTypes in subsvc database as part of the dacpack. These scripts are required for the cancellation options for Account Management to work correctly

The fix also includes some optimisation of the subsvc database used by One CSR Portal:

• ApiGetUserEmailPreference and ApiUpdateRegistration stored procedure optimised.

• The new index in the Registration table is created; EmailAddressId column is included in the existing index of the EmailAddress table.

Seamless flow with Independent Address fix

Previously, a bug was introduced that caused the user to have to click twice instead of a single click to purchase the subscription after entering billing details when the seamless presentation was configured with the Independent Address component. The issue was fixed in the scope of this hotfix.

Areas covered: Subscription Panel, CMS Admin

Braintree SDK update

Braintree is sunsetting their API on python platform. Hence, as per Braintree's recommendation, the backend Braintree SDK has been updated to version 4.18.1.

Areas covered: API

Logging out when switching between .com and Self-Service

Due to the cross-site validation, Auth0 was deleting the cookie when visiting Self-Service after .com and vice versa. This was fixed by ensuring that the cookie is deleted only when the user actually clicks the Logout button.

Areas covered: Self-Service

PayPal via Braintree Renewals fix

Paypal via Braintree Renewals have been getting declined in circulation. It was identified that the PaypalBAID parameter while purchasing the subscription on EZPay was not being sent accurately to Circ. The issue has been fixed by passing the appropriate parameter from the payment vendor to the circulation system.

Areas covered: Self-Service

Logout and access issues related with 3rd party cookies

The following issues were fixed:

• Not being able to access downgrade page or logout when 3rd party cookies are blocked

• Not being able to logout when 3rd party cookies are blocked

• Logout after browsing to Newsletter page

Auth0's Integration was fixed and defensive code was added to APP_INITIALIZER flow. Inconsistent logic from auth0.service.ts was removed

Areas covered: Self-Service

Subscription Panel now recognizes existing users even after logout

When a subscribed user logs out from the Subscription panel and then tries to buy a new Subscription with his existing account, the user was not recognized as an existing user by SP. This was because the Customer Registration ID of the user was not available and hence the user was treated as a new user.

To overcome this issue, it is ensured that even if the user logs out, the system will make sure to fetch the Customer Registration ID that recognizes the user.

SP - User registration after third-party authentication

When a user was trying to buy a subscription after getting registered via a third-party authentication system (e.g., a user on newspaper site clicks on a link ePaper-->Auth0-->Subscription Panel), even after the successful authentication by Auth0, the registration was not created in the Subscribe database. This issue has been resolved now.

Transport Layer Security (TLS) Upgrade to Version 1.2

The CMS Content module has been updated to support Transport Layer Security (TLS) version 1.2. The TLS version can now also be configured from the web.config file, and image uploads can now communicate with the AWS S3 bucket using the TLS 1.2 security protocol.

This update has been made as Amazon will no longer support TLS 1.1 for its S3 bucket.

The Hotfix 3.16.0.13 documentation was updated on June 12th, 2023.

Issue with 'Mark as processed' button

The issue with the 'Mark as processed' button in SubCon Admin has been resolved.

Seamless Flow updated for Credit Card Edgil Payment Method

In the seamless flow, if the Independent Address component for the payment page has been enabled, users could purchase or subscribe to a subscription with a single click after entering their credit card information. The issue occurs when the credit card details have been validated, the Submit button disappears, and the user is taken directly to the payment options, even if the fields, First and Last names, Phone, and Zip Code, have not been filled. This resulted in the AddSubscription call being triggered with incomplete information, and since the Submit iframe button is from a third-party payment site, it does not validate whether the aforementioned fields have been filled, resulting in no error warnings being displayed.

Changes have been made to allow the submission of incomplete fields if the credit card has already been validated in the seamless flow by introducing a delay time after each keystroke while filling the fields under the independent address component.

A key, "SeamlessInputDelayTime", must be added to the SP Config file with any numerical value. The value indicates the delay time in milliseconds, with the default value set at 1500 milliseconds (1.5 seconds).

For example, after entering the first name, it will wait 1.5 seconds and then call AddSubscription if no additional keystrokes have been detected. When the user starts entering the following fields, such as Last name, phone number, and zip code, the timer is reset after each keystroke, and the AddSubscription call is triggered only after a 1.5-second delay.

This release is in its beta version now.

Attention - Enhancement

Enhanced Sign-In Mechanism of Landing Application

Recently, major browsers have introduced additional security measures and constraints related to third-party cookies, as well as cross-domain data transfer and communication. The latest release of Chrome no longer supports third-party cookies. These were impacting the functioning of the Landing application and user experience negatively. Despite the implementation of workarounds, users were encountering issues in the sign-in flow at times.

Therefore, the sign-in logic for the Landing application has been revised without significantly affecting the existing functionality and behavior. The previous dependency on local storage has been replaced, and a Redis caching approach is now implemented for the users to sign in on the Landing for accessing consumer applications (SubCon Admin, SolCon & CMS).

• Following the new implementation, users can access any consumer application only through the Landing application.

• If a user has opened different consumer applications on different tabs in a browser, logging out from one application will force the user to log out from the other opened applications as well. The user will regain access to the application only by signing in through the Landing application.

• Page refresh will work as before and have no impact following the redesign.

• Multi-Factor Authentication (MFA) with Okta will also work as intended if the feature is turned ON for the specific client.

• There is no dependency on third-party cookies related to the Landing application, and the landing works perfectly fine on Safari, Firefox, Chrome, and Edge browsers.

• Consumer applications are no longer dependent on Local storage to fetch data.

• The CMS Idle Time functionality, which notifies the user if they have been inactive on a CMS page for an extended duration and provides the option to either continue or exit from the page, is working as before.

Lite Subscriptions Expiration Data & Status fix

Within Lite Subscriptions, the functionality to edit and update Expiration date from One CSR Portal UI was not working completely. The expiration date was being updated in one of the two dependent tables in the database and subscription status also remained Expired even if updated expiration date was set to a Future Date. This issue has been fixed by introducing new endpoints within One CSR Portal application.

Lite subscriptions: One CSR Portal tab renamed

When a user clicks on ‘Start call’ push button, the first tab displayed contains the selected account information. For Lite subscriptions, this tab name is renamed as ‘Lite Account Information’ to give it more clarity from this release.

Lite subscriptions: Currency field added

A new field Currency is introduced in Lite Account Information tab under Account Details section. By default, the field displays the value of the currency entered by the user/CSR while creating the Subscription through the Subscription Panel Presentations. The field is editable and provides the following options in a drop-down to choose from: 1) Euro 2) US Dollar 3) Swiss Franc and 4) Pound Sterling

The above UI changes and the corresponding functionality works in tandem with the following updates in the API side.

• A new endpoint is created api/startCall/Currencies/{CountryCode} to get the currencies list

• The /Billing/Currencies endpoint from SubscriptionsAPI is called to verify the validity of the currency being sent. Only valid currencies can be sent

• To the Update Subscription API endpoint, the Currency parameter is added

One CSR Portal: Registration search within Subscription

In Subscribe, there are corporate accounts where each account having almost 2000 users registered under it. With the new enhancement, it is possible to search for a specific user within a corporate account.

Within the Digital Tab of Start Call push button, a new section ‘Search Registrations’ is added now. It has three search fields: Login name, First name and Last name along with Clear and Search buttons.

A new column Full name is also added in the result grid which shows the combined value of First name & Last name that brings more clarity.

The CSR can now filter the data of registrations grid by entering the login name (usually email id), by combination of First Name & Last Name, or all of them. The search results will be based on partial or exact match of the names given in the search fields.

When the Search button is clicked without any data being entered in the search fields, the grid displays all data related to active registrations under the subscription, without applying any filters.

One CSR Portal: Subscription Search by First Name or Last Name only

The Subscription Search is enhanced to be able to search with just one search field compared to the prior three search fields. With this new development, it is possible to search for user account(s) by giving either First name and/or Last name in the respective search fields.

This enhancement is enabled by an MG2Control App setting (Client Components Permission) with the key ‘SubscriptionSearchBasedOnFirstAndLastName’. If this key value is set to 1(true), then ‘Search only by First name or only by Last name’ is permitted. Or else, the current behavior follows (i.e, the user should enter value in First name, Last name and Newspaper). By default, the key value is set to 0 (false).

While the key value is 1, if the user attempts to search with fields such as House number, Street or Zip/Postal code that do not work independently, then the following error message will be displayed:

“Either First Name or Last Name or Account number or Phone number or Email or Company name or three other fields are required.”

Configuration Notes:

• Created new App setting key (Support Viewer > Management > App Settings > Setting type - Client Components Permission, App type - SubCon Admin, Key - SubscriptionSearchBasedOnFirstAndLastName)

• When key value is set to 1, it is possible to search with First name and/or Last name. However, a search with only House number, Street or Zipcode will trigger an error message.

• By default, the key is set to 0.

One CSR Portal: User Accounts Search by First Name or Last Name only

Certain clients can have a large number of users and hence it might get difficult to search registrations only by Login Name i.e. Email Id. Hence this new development.

• The User Accounts → Search Module is enhanced with additional search criteria for First Name and Last Name. With this new feature, users can now search for user accounts either by giving First name and/or Last name in the respective fields. The search results will be based on partial or exact match of name given in the search fields with the only requirement being that the initial characters of the search text must match exactly. For instance, a search using the text "HE" will return a match for "HELLO", but not for "LLO".

• A new column ‘Full Name’ is added in the search results grid to provide users with more accurate search outcomes.

• In addition, the "Show only registrations" checkbox is removed from the user interface. The checkbox was previously checked and disabled in all cases, rendering it redundant. However, this change does not affect the backend logic.

The above enhancement is made possible with the following API changes in the backend.

• The SearchUserByEmail endpoint is renamed to SearchUser.

• The APIs are modified to include FirstName and LastName as parameters.

One CSR Portal: Capture Additional Registration Data when creating a New Registration

Certain clients have corporate accounts in which each account can have a large number of registrations under it. The registrations data can be used by the client for their external activities and campaigns but currently the system does not capture enough information to fulfill this purpose. From this release, the Subscribe system is enabled to capture extra information for each user Registration. However, this is an optional function and can be switched on/off with a MG2Control App setting, RegistrationAdditionalData.

When the MG2Control RegistrationAdditionalData is set to true, the following happens:

• When a user clicks Invite / Invite Without Registration, additional fields for Company Name, Position (Job Title), Phone, Address, City, Postal Code, Country are displayed. Data entry to these fields are optional.

• Data entry to these fields are free text except for the Country field, which will be a dropdown. The Country drop-down has the same options as that are available under Lite Account Information tab.

When the MG2Control RegistrationAdditionalData is set to false then the additional fields are hidden.

One CSR Portal: Additional user details available in Profile settings of User account

Once the additional user registration data is captured in the system, it will be available under the Profile settings of User accounts (User accounts > Search > Registration > Profile settings). The additional user data fetched from the database will be editable with a Submit button. This functionality also depends on the value of the MG2Control App setting key, RegistrationAdditionalData.

Configuration Notes: The additional fields will be available under Profile settings only if the key value of RegistrationAdditionalData is set to 1 in MG2Control > App settings.

One CSR Portal: Downloadable CSV Template

From this release, a CSV template file is available for download with extra fields such as Company Name, Position, Phone, Address, City, Postal Code, and Country, along with existing fields. A push button Download CSV Template will be displayed side by side with the Import from CSV button. The headers in the downloaded template are in sequence with the expected import order. This helps the end user to identify the sequence of columns to be maintained while importing the CSV for registration invites.

Clicking Import from CSV captures additional data columns and stores them in the Registration table without impacting existing import behavior. Country field values are validated from Subscribe Country Setup. Error messages are displayed if columns are missing or out of sequence.

Configuration Notes: The Download CSV Template button is displayed only if the MG2Control App setting key ImportRegistrationButton value is 1. The value of RegistrationAdditionalData MG2 Control App setting determines if extra fields are to be included in the template or not. If the value is 1, the template file will have all the extra fields and if the value is 0, the template will have only the default fields (Email, First name, Last name and User Type). When this setting is 1, the additional fields are also saved in the Invitation table at the time the Registration invitation is sent.

One CSR Portal: Append action added for Registration Import from CSV

In the Bulk Invitations Import window, when importing the uploaded file, all existing entries were deleted and replaced with the records in the file. It was difficult to handle the requirement to add a couple of entries to an existing list of over 500 entries. Enhancements have been made to add records to the existing list rather than totally replace the entries.

• The Bulk Invitations Import window now includes the option "Choose an action." By default, the action has been set to "Append." An alert message— “This action will add the new records without deleting the existing ones." for the selected action will be shown at the bottom.

• The "Upload" button that appeared after choosing a file has been replaced with an "Import" button. Only after a file has been chosen for upload will the "Import" button become enabled.

• If a record in the uploaded file matches an existing registration (Pending or Active), the log file generates the message “Record already exists” against the record.

One CSR Portal: Add Address fields in Lite Account Information

• On the Lite Account Information tab, a new section called "Billing Address" has been added. This section consists the subscriber's Address, City, State, Postal Code, and Country.

  Note: The Country field, which was previously located under the Personal Details section, has now been moved under the Billing Address.

• The information in this section is already filled in based on the information given when the subscription was created. The values can be modified by clicking the Edit button at the bottom of the section.

  Note: All fields in this section are mandatory and cannot be left blank.

One CSR Portal: Change Resend Invitation endpoint

• One CSR Portal now uses the POST /Invitations/{invitationId}/Resend instead of PUT /Invitations/{invitationId} to resend the invitation email.

SubCon Site (Self-Service) - Change Resend Invitation endpoint

• The SubCon Site (Self-Service) now uses POST /Invitations/{invitationId}/Resend instead of PUT /Invitations/{invitationId} to resend the invitation email.

API - Modification in GET/User/{customerRegistractionId}/{type}, GET/User/{type}, and GET/User endpoints

• The above endpoints now include a new output parameter called "metadata" that returns the additional registration details that are added when creating a new registration (see the point above). Note: The metadata can contain any information in JSON format and is not restricted to the registration's additional fields.

API - Modification in POST User (Create User) and PUT User (Update User) endpoints

1. When a user is created using the POST /User endpoint, metadata information can now be added and stored in the database under the Registrations table.

2. When using the PUT /User endpoint to update the user details, the provided data will be used to update the user information in the Registrations table, including the metadata.

API - Modification in POST /Invitations and POST /Invitations/{Id} endpoints

1. When creating an invitation using the POST /Invitations endpoint, metadata information can now be added and stored in the database under the SubscriptionInvitations table.

2. Once the invitation has been accepted, the metadata details in the SubscriptionInvitations table will be copied to the Registrations table.

API - Modification in PUT /Invitations/{Id} endpoint

1. The PUT Invitations endpoint has been modified so that the API can only be used to change information about an invitation that is still pending registration.

2. The API modifies the information of an invitation in the SubscriptionInvitations table with the provided details, including the metadata.

API - New endpoint POST /Invitations/{invitationId}/Resend

• To resend the invitations email, a new endpoint POST /Invitations/{invitationId}/Resend was developed.

API - Modification in GET /Invitations and GET /Invitations/{Id} endpoints

• The above endpoints now include a new output parameter called "metadata" that returns the metadata details that are added when creating an invitation.

API - Modification in PUT /Subscriptions/{subscriptionId}/Address endpoint

1. The above endpoint has been updated so that the Billing and Delivery address details of offline subscribers who don't have a Circ system can now be modified.

2. Except for CircPro, the API modifies the address of the subscription in the repository (Subsvc) and the Lite Account Information tab with the provided details for all clients.

3. If the specified City and State do not match the provided Postal Code, the address will be standardized with Melissa, and the response will return the correct City and State based on the Postal Code. Melissa will fail address standardization if an invalid address is provided, resulting in an error in the response.

Missing First Name and Last name for Registered Users in Profile Settings - fix

When the CSR sends an invite to an end user to register an account or when invites were sent via bulk upload, the first name and last name were entered alongside the email and guest/owner fields. However, after registration, the First Name and Last Name fields were not populated in the user's profile settings in One CSR Portal.

The root cause of this issue was that the first name and last name of an invited user were getting saved only on the Subscriptioninvitations Table and not in the Registration table. This data was not getting stored or introduced in any other scenario of the entire Invitations flow.

To rectify this, we have added an extra step. When a user accepts an invitation, the site calls /Invitations API as always, and the /Invitations API also pass first name and last name information to /Users API (endpoint PUT /User). This results in an update of firstname and lastname in the Registration table (Subsvc DB of a specific client).

Thus, with this new release, the first name and last name fields are now correctly populated in the user's profile settings upon registration.

PayPal Braintree Autorenewal - fix

Paypal via Braintree Renewals have been getting declined in circulation. It was identified that the PaypalBAID parameter while purchasing the subscription on EzPay was not being sent accurately to Circ. The issue has been fixed by passing the appropriate parameter from payment vendor to circulation system.

Areas covered:

API, One CSR Portal, SubCon Site (Self-Service)

SubCon Site (Self-Service) - Incorrect Tip Payment processing in CircPro

For CircPro clients, when a signed in subscriber selects an offer and do the bill payment, the tip amount entered in the corresponding field was getting added twice to the subscription amount resulting in a high cost of subscription. This issue has been fixed now.

Subscription Panel - Added client-specific GTM script in layout pug

The client specific GoogleTagManager (GTM) script has been included in the Subscription Panel configuration.

Subscription Panel - User registration after third-party authentication

When a user was trying to buy a subscription after getting registered via a third party authentication system (e.g., a user on newspaper site clicks on a link ePaper-->Auth0-->Subscription Panel), even after the successful authentication by Auth0, the registration was not created in the Subscribe database. This issue has been resolved now.

API - Seamless flow failure

Within the Seamless presentation flow of Subscription Panel, there was an issue while completing the purchase flow that did not let the user purchase a subscription. The issue has been identified and fixed now.

API - Resend Invite button error

The issue of users getting error messages while clicking on the Resend Invite button under Pending Invites has been resolved.

Activation of users from One CSR Portal

A CSR can now create and directly activate users from the One CSR Portal. When a CSR activates an invited user, a registration will be created for the user with a system-generated password. Additionally, it is possible to notify the newly created user of their username and password via email.

If the CSR attempts to activate a user who already exists in the Subscribe database (typically a registered user with a different subscription), the system will deny the activation and display a notification message.

Lite Subscriptions - Saving of Unstandardized Addresses

From this release, it is possible for the CSR to re-attempt and save the address in Lite Accounts even if the Melissa standardization of the entered address fails. The application will provide an option to update the unstandardized address only with the user’s consent. The user can consent in a pop-up asking “The address standardization failed. Do you want to retry and save the best available match?”. If the user confirms with a ‘Yes’, then the unstandardized address will be accepted and the success message “Address has been standardized to the best available match & updated“ will be displayed.

Note: The details are updated based on the address returned by Melissa. Hence if a CSR enters a partially incorrect address that Melissa would consider as Standardization failure but would also return a best available match, in this case, the best available match gets updated which could be partially different than what CSR had originally entered.

The UpdateSubscriptionAddress endpoint (PUT /Subscriptions/{subscriptionId}/Address) has now been updated so that address standardization is performed at every call irrespective of the value of the ValidAddress element. If standardization fails and the ValidAddress element value is true, the API will return an error.

Captcha added to Newsletter Unsubscribe Links

reCAPTCHA V2 has now been implemented on requested client sites, ensuring that when a user goes to the site's Newsletter Unsubscribe Links and clicks on any of the unsubscribe options (either "Unsubscribe from this newsletter" or "Unsubscribe from all newsletters"), they must pass captcha verification to complete the unsubscribe request.

One CSR Portal - Company name search results available on partial search

The GET /Subscriptions endpoint has been updated so that when a client searches for a subscription based on a partial name of the company, all records containing the keyword are returned if the keyword is present in the CompanyName column.

One CSR Portal - Partial search on User Search Screen by checking keywords with Contains logic

The GET /User endpoint has been updated such that the logic for searching for a user is now based on "Contains" rather than "Starts with". Searching for a user with a partial name under the FirstName, LastName, and Login Name fields will now return all records containing the keyword if the keyword is present in the relevant columns.

One CSR Portal - Description correction of the Pending invites grid

The grammatical error in the description of Pending invites grid has been corrected. The word being has been removed from the description of the Pending invites to make it accurate. Now the description for Pending invites grid is read as “These people have not accepted your invite”.

Solicitor Concierge - Timeout error when selecting a team member

The timeout error occurring in SolCon when selecting specific team members has been resolved.

CMS - Getting error message (Error400:) while selecting an Offer available under Presentation Properties V3

The error message "Error400:" that is displayed while selecting DefaultOfferGroupId from the 'Available Offer Groups' in the CMS module's Presentation Properties V3 due to the presence of an excessive number of offers on SolCon has now been resolved.

Subscription Panel - Confirmation page Login button not working for known users

Changes have been made to the Subscription Panel confirmation page such that:

• When creating a subscription for a new user, the user will be directed to the website after the subscription has been successfully purchased.

• Once an existing user's subscription has been successfully purchased, they must authenticate with Auth0 before being taken to the website.

• These changes do not impact clients using SSOR authentication.

Configuration Notes:

• Auth0 should be set up for the user.

• In config.System "AuthCookieDomain" key is mandatory.

Subscription Panel - Special characters related issues

Allow Special Characters in Presentation Fields

Users can now enter:

1. ' , - & / . in the First and Last name fields.

2. All special characters are allowed in the Email field.

3. ' - & / # . in the Card Holder Name field.

4. # - . / \ in the Address Line 1 field.

5. . - # in the Address Line 2 field.

• When purchasing a subscription, CreateSubscriber failed with the error message “Child Event: CREATESUBSCRIBER failed. Error: FirstName field contained invalid characters that were removed. (19) LastName field contained invalid characters that were removed. (19)" when special character “," was used in the cardholder's name field (First Name and Last Name) on the payment page. This issue has now been resolved. The issue has occurred since the comma (,) was not one of the earlier permitted special characters ('- & /.) for the name fields. The name fields now allow the usage of special characters: (' , - & / .).

• When creating a subscription, AddSubscription failed with the error message "The entered payment information was not accepted" when special characters (&/.,') were used in the Cardholder's name field (First Name and Last Name) on the payment page when using Cybersource gateway. This issue has now been resolved.

Self-Service - Users on vacation unable to raise complaints

For NCS Clients, the issue of the user on vacation, who has paused his subscription with a specific restart date, not being able to raise a complaint, has been resolved now.

Note: Please ensure that the Business Rule within the NCS application is set to allow a user to submit a complaint while on vacation.

Self-Service - Stalling of the My Account First Page

For clients using SSOR authentication, the issue of a logged-in user experiencing a prolonged loading time and the failure to open the dashboard or verified account page on the My Account page has been resolved, and the user can now access the page without the need for a refresh.

SolCon - Timeout error while selecting a team member

The timeout error occurring in SolCon when selecting specific team members has been resolved.

Transport Layer Security (TLS) Upgrade to Version 1.2

The CMS Content module has been updated to support Transport Layer Security (TLS) version 1.2. The TLS version can now also be configured from the web.config file, and image uploads can now communicate with the AWS S3 bucket using the TLS 1.2 security protocol.

This update has been made as Amazon will no longer support TLS 1.1 for its S3 bucket.

Auth0 Client-Specific Custom Configuration for Social Login

Client specific custom configuration for social login has been added to the Subscription Panel config files so that subscribers can authenticate through Auth0 to the client's site using their social media login connections (Facebook, Google, and Apple) based on the respective client's custom configurations. Clients that have not opted for this method of authentication will be able to utilize the default method for subscribers to login to their sites.

Areas covered: Subscription Panel

Subscription Panel - Error loading the offer group page

The error “Sorry, the page you requested was not found. See current offers.“ that was displayed when using the input parameter "ofrgp_id" to purchase a subscription in the Subscription Panel has now been resolved. There was an issue with the SolCon GetOffers logic, which has been reworked.

Solicitor Concierge - Unable to add Division to a published offer

The user was not able to add a Division to a published offer in SolCon. An error message was displayed during this update. This issue has been resolved.

API - Complaints

Previously, in SubCon Site (Self-Service), the GET /Complaints/{subscriptionId}/Problems endpoint was failing because the complaint problem codes retrieved from CircPro were not available in Subsvc, which resulted in an error. This issue has now been resolved.

One CSR Portal - Issue with 'Mark as processed' button

The issue with the 'Mark as processed' button in SubCon Admin has been resolved.

Self-Service - Invalid Logout call on some flows and 500 error by Update user endpoint

The issue of an increased number of 500 and 404 errors found on clients' servers has been successfully resolved. This was an Authentication system-specific issue. For SSOR clients, even if the user was logged out while navigating to the SubCon site, the logout call was triggered and returned a 500 error. For MG2 Auth clients, the wrong login credentials triggered the logout action. After the fix, for SSOR clients, the logout call will be executed with a status 200 and for MG2 Auth clients, there will not be any logout call while entering the bad login credentials.

Self-Service - Delayed Login for Publications using SSOR Authentication

The issue of publications using SSOR authentication taking too long to load SubCon Sites has been resolved. This delay was primarily because of an additional API call triggered by an internal cookie with an empty value. With the issue resolved, it is now possible to log in to the My Account pages of publications using SSOR authentication without any delays.

API - Failure of Newstart due to Invalid Email Characters

In the Self-Service Portal, when creating a start with an email address that included the special character "+" (e.g., user+1@domain.com), the new start failed to create with the error message "Child Event: ADDSUBSCRIPTION failed. Error: EbillEmail field contained invalid characters that were removed." Since the special characters in the Query String Parameter had been removed, the FindAddressOccupant method failed to find the occupants with the specified email address and returned the error "No occupant record found."

The special character ‘+’ has now been encoded in the Query String Parameter when communicating between EventsAPI and CircAPI in the FindAddressOccupant method, so that when entering an email address with the special character "+," new starts will now be created and errors will no longer be displayed.

Seamless Flow updated for Credit Card Edgil Payment Method

In the seamless flow, if the Independent Address component for the payment page has been enabled, users can purchase or subscribe to a subscription with a single click after entering their credit card information. The issue occurs when the credit card details have been validated, the Submit button disappears, and the user is taken directly to the payment options, even if the fields, First and Last names, Phone, and Zip Code, have not been filled. This resulted in the AddSubscription call being triggered with incomplete information. Since the Submit iframe button is from a third-party payment site, it does not validate whether the aforementioned fields have been filled, resulting in no error warnings being displayed.

Changes have been made to allow the submission of incomplete fields if the credit card has already been validated in the seamless flow by introducing a delay time after each keystroke while filling the fields under the independent address component.

A key, "SeamlessInputDelayTime", must be added to the SP Config file with any numerical value. The value indicates the delay time in milliseconds, with the default value set at 1500 milliseconds (1.5 seconds).

For example, after entering the first name, it will wait 1.5 seconds and then call AddSubscription if no additional keystrokes have been detected. When the user starts entering the following fields, such as Last name, phone number, and zip code, the timer is reset after each keystroke, and the AddSubscription call is triggered only after a 1.5-second delay.

Areas Covered

API, Self-Service, Subscription Panel, One CSR Portal

Attention: Enhancement

Self-Service - Auth0 changes to bypass Intelligent Tracking Prevention on Safari

Recent versions of the Safari browser introduced a new feature called Intelligent Tracking Prevention (ITP). ITP is designed to prevent websites from tracking user activity across multiple websites. By default, ITP is active or enabled on the Safari browser. These advancements in user privacy controls of browser adversely impact the user experience by preventing access to third-party cookies. Following this update, the Mac users on Safari browser were experiencing issues while logging into the self-service portal. Auth0 integration was not working on Safari browsers when Intelligent Tracking Prevention was enabled.

To overcome this issue, starting from this release, the Self-Service portal has successfully upgraded the Auth0 SDK from 1.8.0 to 2.1.3. Changes have been made in SS to accommodate Auth0 2.1.3 SDK.

After the enhancement users now have a smooth login process ensuring a better user experience even if the Intelligent Tracking Prevention is enabled on their Safari browsers of Mac systems.

Bug Fixes

API - ApplePay Integration Error

The issue with the Cybersource gateway rejecting payment authorization attempts due to ApplePay integration not sending CountryCode to CyberSource has now been resolved.

SP - User unable to redeem Coupon Codes

The issues with redeeming Coupon Codes (One-time and Multi-use) in the Subscription Panel have now been resolved.

Self-Service - Unable to maintain login state from .com to MyAccount when redirected

Post client upgrade to version 3.16.2.4, the logged-in user from .com site was unable to navigate to the Myaccount page in Self-Service portal in the logged-in state. The user could only login at the self-service portal when the value of cookies/cache was cleared. This critical issue has been resolved now.

Self-Service - Myaccount shows data of logged out user

When a logged-in user navigated to the Myaccount page in the Self-Service portal, they were unable to see their own account information. Instead, the Myaccount page displayed information from the previous logged-out user. This issue has been resolved now.

SolCon - Terms & Conditions exceptions not working

The Terms & Conditions content added under Exceptions (SolCon > Offer Group > Terms & Conditions > Exception) for publications was not displayed correctly wherever the offer was displayed through consumer applications (Subscription Panel and SubCon Site). Instead of the Exception Terms & Conditions content, the original Terms & Conditions content appeared on the checkout page. This issue has been resolved now.

Application Covered:

API, Subscription Panel, Self-Service, SolCon

Attention: Enhancement

SS - Support tab selection on both Auth0 ULP Classic and New

The Identity provider Auth0 has introduced a new Universal login experience for its clients. Starting from this version, Subscribe clients will have access to this new Universal login experience through the Self-Service portal. However, there will be no visual changes for the user.

When a user hits the ‘Login’ button, the Self-Service portal will direct the user to the Sign-in page. Similarly, clicking the 'Register' button will still direct the user to the Sign-up page, as before. For those interested in learning more about the advantages of this new login experience, you may find additional information here: Universal Login Experience (auth0.com)

Application Covered:

SubCon Site

This release is in its beta version now.

Attention - Enhancement

Enhanced Sign-In Mechanism of Landing Application

Recently, major browsers have introduced additional security measures and constraints related to third-party cookies, as well as cross-domain data transfer and communication. The latest release of Chrome no longer supports third-party cookies. These were impacting the functioning of the Landing application and user experience negatively. Despite the implementation of workarounds, users were encountering issues in the sign-in flow at times.

Therefore, the sign-in logic for the Landing application has been revised without significantly affecting the existing functionality and behavior. The previous dependency on local storage has been replaced, and a Redis caching approach is now implemented for the users to sign in on the Landing application for accessing consumer applications (SubCon Admin, SolCon & CMS).

• Following the new implementation, users can access any consumer application only through the Landing application.

• If a user has opened different consumer applications on different tabs in a browser, logging out from one application will force the user to log out from the other opened applications as well. The user will regain access to the application only by signing in through the Landing application.

• Page refresh will work as before and have no impact following the redesign.

• Multi-Factor Authentication (MFA) with Okta will also work as intended if the feature is turned ON for the specific client.

• There is no dependency on third-party cookies related to the Landing application, and the landing works perfectly fine on Safari, Firefox, Chrome, and Edge browsers.

• Consumer applications are no longer dependent on Local storage to fetch data.

• The CMS Idle Time functionality, which notifies the user if they have been inactive on a CMS page for an extended duration and provides the option to either continue or exit from the page, is working as before.

Bug fixes and general enhancements

Subscription search against Company name in One CSR Portal

Subscription search against company name is now available in One CSR Portal. The Company field is enough to perform the search. Search is done based on 'contains' To enable the Company name field please set the SubscriberSearchCompanyNameOption MG2 control setting for a certain client to 1. By default the field is hidden (value = 0).

Customer details included in Payment Token for Matrix

Both Payment & Customer details are now included in the Payment Token for a new start in Matrix circ system. This fixes the 3.16.1 issue of Customer details being omitted. Matrix version required is 30.00.034.ITSP5.

Bulk Delete for Corporate Subscriptions in One CSR Portal

Unwanted registrations can be deleted by CSR in one go. During the bulk import of registrations from CSV file, the registrations that do not exist in the newly uploaded file will be removed from the database. Please note that The 'Import from CSV' button is only available for Subscription Kind 'Lite'.

Registration creation for Auth0

Users receiving invitations to corporate subscriptions can now create registrations in Auth0. The button from the invitation will redirect them to the Auth0 modal window showing the Signup tab. When the user enters the relevant credentials, the confirmation is received through email and also displayed in Account Management. To turn this on please set Auth0.App.CanRegister mg2control setting to False.

Areas covered

API, One CSR Portal

Bug fixes & general enhancements

Removal of unnecessary special characters (NCS Circ specific)

Whenever a subscription/subscriber related API call is made to NCS Circ, the special characters from the following parameters will be discarded before submitting the request with an exception mentioned against each:

• First Name: ' - & / .

• Last Name: ' - & / .

• Cardholder Name: ' - & / # .

• House number: / -

• Unit number: No Special Chars

• Email: @. + - _ ,

Email update not working - bug fix (NCS specific)

Transfer Links endpoint was enhanced to update the email both in Subscribe database and in NCS Circ

Activate Page button redirecting to the Sign Up tab

When a user clicks the Login/Register (or any text defined in CMS) button at the Activate page, they are now redirected to the Sign Up tab instead of the Login tab

Activate page logic reworked to recognise Publication Code/ Site Code

The logic for the Activate page has been reworked to redirect users referring to the publication code: the Site Code in URL is changed in accordance with the subscription selected. To set this up please go to Support Viewer → APISetting, then updated the Site codes for the SubCon.AllowedPaperCodesByClient API setting

Subscription Search via Phone number optimization in One CSR Portal

Subscription search via Phone number in One CSR Portal logic was optimised by adding appropriate Indexes in the database table so that it is now able to handle large datasets of up to 7.5M records

Authpanel Buttons visibility control via SS Config

The visibility control for AuthPanel buttons SignIn, Register, Custom has been reworked. It can now be managed individually for these buttons via SS Config (HideSigInBox, HideRegisterBox, HideCustomBox, respectively). However, the other properties, like text can be managed from CMS

Areas covered

One CSR Portal, Self-Service, Database

Auth0 / SSOR related fixes

Social Media Login/SignUp Options in Subscription Panel

Fix the login/signup via social media option in Subscription Panel.

The following properties configuration is required in CMS: Subscription Panel --> Presentations --> Page V3 Landing Page --> Step V3 User Information --> User Information --> Switch on 'Google show: ', Facebook show:' and 'Apple show:' properties

User Creation via Subscription Panel Auth0

The realm Auth0 integration is now configurable via Subscription Panel configuration file to be able to work with SSOR.

To configure the flow to work with SSOR please go to Config --> Systems --> Auth0 within SP and set the 'realm' key value to 'AutomaticMigrationSSOR’. The default 'realm' key value is 'Username-Password-Authentication'.

Login failure for subscribers with multiple subscriptions

To prevent potential login failures with subscribers with multiple subscriptions caused by SSOR / Auth0 migration the User Provider configuration setting was created in MG2Control must be set appropriately (e.g. SSOR, Firefly, Gigya, Auth0, etc.)

Logged-in state not carrying over to MyAccount

Logged-in user state not carrying over to MyAccount was fixed by modifying the session recovery logic in SSOR.

VWO script changes

For a certain client the hardcoded VWO smartcode on the checkout pages was outdated. This script has been updated with the details shared by the client.

Delayed Login in Self-Service for Publications using SSOR Authentication

Added on October 16th, 2023.

The issue of publications using SSOR authentication taking too long to load SubCon Sites has been resolved. This delay was primarily because of an additional API call triggered by an internal cookie with an empty value. With the issue resolved, it is now possible to log in to the My Account pages of publications using SSOR authentication without any delays.

Areas covered

Self-Service, Subscription Panel

Braintree SDK update

Braintree is sunsetting their API on python platform. Hence, as per Braintree's recommendation, the backend Braintree SDK has been updated to version 4.18.1.

Areas covered: API

Self-Service logging in/out issues

Logging out when switching between .com and Self-Service

Due to the cross-site validation, Auth0 was deleting the cookie when visiting Self-Service after .com and vice versa. This was fixed by ensuring that the cookie is deleted only when the user actually clicks the Logout button.

Areas covered: Self-Service

Users getting logged out from the main news site after visiting their My Account page

The issue of registered users getting logged out from the main news site after visiting their My Account page and the issue of users getting logged out from the My Account page after visiting the main news site have been resolved now.

Stalling of the My Account First Page

For clients using SSOR authentication, the issue of a logged-in user experiencing a prolonged loading time and the failure to open the dashboard or verified account page on the My Account page has been resolved, and the user can now access the page without the need for a refresh.

Self-Service - Users on vacation unable to raise complaints while on vacation

For NCS Clients, the issue of a user on vacation who has paused his subscription with a specific restart date not being able to raise a complaint has been resolved.

Solicitor Concierge issues

Error message while updating Google Pay payment option

When attempting to update the payment method using the Google Pay option and saving the offer group, the system was throwing an error message stating “Subscribe with Google SKU codes can be specified only if Subscribe with Google Payment Method selected" for clients on version 3.16.1.X. This issue has been resolved now.

Timeout error when selecting a team member

The timeout error occurring in SolCon when selecting specific team members has been resolved.

CMS - Getting error message (Error400:) while selecting Offer available under Presentation Properties V3

The error message "Error400:" that was displayed while selecting DefaultOfferGroupId from the 'Available Offer Groups' in the CMS module's Presentation Properties V3 due to the presence of an excessive number of offers on SolCon has now been resolved.

Subscription Panel - User registration after third-party authentication

When a user was trying to buy a subscription after getting registered via a third-party authentication system (e.g., a user on a newspaper site clicks on a link ePaper-->Auth0-->Subscription Panel), even after the successful authentication by Auth0, the registration was not created in the Subscribe database. This issue has been resolved now.

Subscription Panel - Confirmation page Login button not working for known users

Changes have been made to the Subscription Panel confirmation page such that:

• When creating a subscription for a new user, the user will be directed to the website after the subscription has been successfully purchased.

• Once an existing user's subscription has been successfully purchased, they must authenticate with Auth0 before being taken to the website.

Configuration Notes:

• Auth0 should be set up for the user.

• In config.System "AuthCookieDomain" key is mandatory.

Subscription Panel - Special characters related issues

Allow Special Characters in Presentation Fields

• Below Special Characters are now allowed in the fields listed below in the Subscription Panel. Users can now enter:

  1. ' , - & / . in the First and Last name fields.

  2. All special characters are allowed in the Email field.

  3. ' - & / # . in the Card Holder Name field.

  4. # - . / \ in the Address Line 1 field.

  5. . - # in the Address Line 2 field.

• When purchasing a subscription, CreateSubscriber failed with the error message “Child Event: CREATESUBSCRIBER failed. Error: FirstName field contained invalid characters that were removed. (19) LastName field contained invalid characters that were removed. (19)" when special character “," was used in the cardholder's name field (First Name and Last Name) on the payment page. This issue has now been resolved. The issue has occurred since the comma (,) was not one of the earlier permitted special characters ('- & /.) for the name fields. The name fields now allow the usage of special characters: (' , - & / .).

• When creating a subscription, AddSubscription failed with the error message "The entered payment information was not accepted" when special characters (&/.,') were used in the Cardholder's name field (First Name and Last Name) on the payment page when using Cybersource gateway. This issue has now been resolved.

PayPal via Braintree Renewals fix

Paypal via Braintree Renewals have been getting declined in circulation. It was identified that the PaypalBAID parameter while purchasing the subscription on EZPay was not being sent accurately to Circ. The issue has been fixed by passing the appropriate parameter from the payment vendor to the circulation system.

Areas covered: Self-Service

Auth0 Client-Specific Custom Configuration for Social Login

Client specific custom configuration for social login has been added to the Subscription Panel config files so that subscribers can authenticate through Auth0 to the client's site using their social media login connections (Facebook, Google, and Apple) based on the respective client's custom configurations. Clients that have not opted for this method of authentication will be able to utilize the default method for subscribers to login to their sites.

Areas covered: Subscription Panel

CMS - Transport Layer Security (TLS) Upgrade to Version 1.2

The CMS Content module has been updated to support Transport Layer Security (TLS) version 1.2. The TLS version can now also be configured from the web.config file, and image uploads can now communicate with the AWS S3 bucket using the TLS 1.2 security protocol.

This update has been made as Amazon will no longer support TLS 1.1 for its S3 bucket.

The Hotfix 3.16.1.7 documentation was updated on June 12th, 2023.

Subscription Panel - Error loading the offer group page

The error “Sorry, the page you requested was not found. See current offers.“ that was displayed when using the input parameter "ofrgp_id" to purchase a subscription in the Subscription Panel has now been resolved. There was an issue with the SolCon GetOffers logic, which has been reworked.

Solicitor Concierge - Unable to add Division to a published offer

The user was not able to add a Division to a published offer in SolCon. An error message was displayed during this update. This issue has been resolved.

API - Complaints

Previously, in SubCon Site (Self-Service), the GET /Complaints/{subscriptionId}/Problems endpoint was failing because the complaint problem codes retrieved from CircPro were not available in Subsvc, which resulted in an error. This issue has now been resolved.

One CSR Portal - Issue with 'Mark as processed' button

The issue with the 'Mark as processed' button in SubCon Admin has been resolved.

Areas Covered

One CSR Portal

Self-Service - Invalid Logout call on some flows and 500 error by Update user endpoint

The issue of an increased number of 500 and 404 errors found on clients' servers has been successfully resolved. This was an Authentication system-specific issue. For SSOR clients, even if the user was logged out while navigating to the SubCon site, the logout call was triggered and returned a 500 error. For MG2 Auth clients, the wrong credentials during login were triggering the logout action. After the fix, for SSOR clients, the logout call will be executed with a status 200 and for MG2 Auth clients, there will not be any logout call while entering the bad login credentials.

Seamless Flow updated for Credit Card Edgil Payment Method

In the seamless flow, if the Independent Address component for the payment page has been enabled, users could purchase or subscribe to a subscription with a single click after entering their credit card information. The issue occurs when the credit card details have been validated, the Submit button disappears, and the user is taken directly to the payment options, even if the fields, First and Last names, Phone, and Zip Code, have not been filled. This resulted in the AddSubscription call being triggered with incomplete information, and since the Submit iframe button is from a third-party payment site, it does not validate whether the aforementioned fields have been filled, resulting in no error warnings being displayed.

Changes have been made to allow the submission of incomplete fields if the credit card has already been validated in the seamless flow by introducing a delay time after each keystroke while filling the fields under the independent address component.

A key, "SeamlessInputDelayTime", must be added to the SP Config file with any numerical value. The value indicates the delay time in milliseconds, with the default value set at 1500 milliseconds (1.5 seconds).

For example, after entering the first name, it will wait 1.5 seconds and then call AddSubscription if no additional keystrokes have been detected. When the user starts entering the following fields, such as Last name, phone number, and zip code, the timer is reset after each keystroke, and the AddSubscription call is triggered only after a 1.5-second delay.

This release is in its beta version now.

Attention - Enhancement

Enhanced Sign-In Mechanism of Landing Application

Recently, major browsers have introduced additional security measures and constraints related to third-party cookies, as well as cross-domain data transfer and communication. The latest release of Chrome no longer supports third-party cookies. These were impacting the functioning of the Landing application and user experience negatively. Despite the implementation of workarounds, users were encountering issues in the sign-in flow at times.

Therefore, the sign-in logic for the Landing application has been revised without significantly affecting the existing functionality and behavior. The previous dependency on local storage has been replaced, and a Redis caching approach is now implemented for the users to sign in on the Landing application for accessing consumer applications (SubCon Admin, SolCon & CMS).

• Following the new implementation, users can access any consumer application only through the Landing application.

• If a user has opened different consumer applications on different tabs in a browser, logging out from one application will force the user to log out from the other opened applications as well. The user will regain access to the application only by signing in through the Landing application.

• Page refresh will work as before and have no impact following the redesign.

• Multi-Factor Authentication (MFA) with Okta will also work as intended if the feature is turned ON for the specific client.

• There is no dependency on third-party cookies related to the Landing application, and the landing works perfectly fine on Safari, Firefox, Chrome, and Edge browsers.

• Consumer applications are no longer dependent on Local storage to fetch data.

• The CMS Idle Time functionality, which notifies the user if they have been inactive on a CMS page for an extended duration and provides the option to either continue or exit from the page, is working as before.

API - UsersOrchestrator

The UsersOrchestrator refactor changes have been implemented in this release to achieve performance benefits as early as possible.

The UsersOrchestratorAPI has been developed in order to replace the UserAPI, which will be used for handling workflow orchestration between integration services (such as MG2Auth, Auth0, Gigya, SSOR, and Firefly) and the Subscribe Registration API.

Changes have now been made to various internal services in order to prevent breaking changes so that consumer applications can be switched to utilize UsersOrchestrator without issues.

The following changes have been made to internal services:

1. For ProxyAPI, the strategy has been changed in order to map the old Query String parameters to the new UsersOrchestrator parameters.

2. Changes to the response model of UsersOrchestrator.

3. Changes to the SPROC (Stored Procedure) of Subsvc Api_GetSubscribeRegistrations.

4. Changes to the response model of SubscribeRegistrations.

The MG2 control flow setting, "Flow.Users.RedirectToOrchestrator," has to be set to 1 for the ProxyAPI redirection to the UsersOrchestratorAPI.

Note: Make sure that the MG2 control flow setting, "Flow.UserProvider,” has been set correctly.

API - Failure of Newstart due to Invalid Email Characters

In the Self-Service Portal, when creating a start with an email address that included the special character "+" (e.g., user+1@domain.com), the new start failed to create with the error message "Child Event: ADDSUBSCRIPTION failed. Error: EbillEmail field contained invalid characters that were removed." Since the special characters in the Query String Parameter had been removed, the FindAddressOccupant method failed to find the occupants with the specified email address and returned the error "No occupant record found."

The special character ‘+’ has now been encoded in the Query String Parameter when communicating between EventsAPI and CircAPI in the FindAddressOccupant method, so that when entering an email address with the special character "+," new starts will now be created and errors will no longer be displayed.

Seamless Flow updated for Credit Card Edgil Payment Method

In the seamless flow, if the Independent Address component for the payment page has been enabled, users could purchase or subscribe to a subscription with a single click after entering their credit card information. The issue occurs when the credit card details have been validated, the Submit button disappears, and the user is taken directly to the payment options, even if the fields, First and Last names, Phone, and Zip Code, have not been filled. This resulted in the AddSubscription call being triggered with incomplete information, and since the Submit iframe button is from a third-party payment site, it does not validate whether the aforementioned fields have been filled, resulting in no error warnings being displayed.

Changes have been made to allow the submission of incomplete fields if the credit card has already been validated in the seamless flow by introducing a delay time after each keystroke while filling the fields under the independent address component.

A key, "SeamlessInputDelayTime", must be added to the SP Config file with any numerical value. The value indicates the delay time in milliseconds, with the default value set at 1500 milliseconds (1.5 seconds).

For example, after entering the first name, it will wait 1.5 seconds and then call AddSubscription if no additional keystrokes have been detected. When the user starts entering the following fields, such as Last name, phone number, and zip code, the timer is reset after each keystroke, and the AddSubscription call is triggered only after a 1.5-second delay.

API - GET /User/Encrypted

The issue with the GET /User/Encrypted endpoint not working has now been resolved.

Areas Covered

API, Subscription Panel, Database

API - Purchase

Previously, Subscribe used the Start Date as the earliest possible date (today) since the next available publish date within CircPro was not accessible. Changes have now been made to integrate the CircPro Law API, getNextPublishDate, with the Newstart flow to add a step to retrieve the Next Publish Date from CircPro before triggering the AddSubscription event. This date will be utilized as the StartDate (EffectiveDate parameter) in the AddSubscription event processing.

Note:

1. The date returned by the getNextPublishDate event will not be applicable for EZPay, and the StartDate will remain Today.

2. The MG2 Control Internal Setting, "CircPro.Law.EndpointAddress," has to be set to the correct URL.

API - Purchase - Incorrect mapping of address fields for CircPro clients

Previously, if a user entered only the Billing Address while creating a new subscription in the Subscription Panel, since the Delivery and Billing addresses were the same, the Purchase API incorrectly sent the Billing Address against the mailing address fields instead of the regular address fields in the updateDataWithMailingAddress endpoint in CircPro.

This issue has been resolved, and the address fields will now be sent to CircPro as mentioned below:

1. When creating a new start with only a single address (delivery or billing), the address entered will be sent to the regular address fields in the CircPro application.

2. And if creating a new start with different addresses in the delivery and billing address fields, the delivery address will be sent to the regular address fields and the billing address to the mailing address fields in CircPro.

Landing - Client details not getting saved

While creating a user from the Landing application, client details were not getting saved. This issue was specifically observed when the Role type of the created user was Generic. This issue has been resolved now.

Areas Covered

API, Landing application

User data getting wiped out from Auth0

All the user metadata stored in the client’s Auth0 dashboard was being wiped out when the user executed a change password via myaccount/myprofile page or a CSR changed a password via Subcon Admin. This issue has been resolved now.

Self-Service - Error while changing password on myprofile page

The user was not able to change password successfully on myprofile page of Self-Service portal. The user was receiving an error message stating, ‘Could not update user’. This issue has been fixed.

Areas Covered

Self-Service, One CSR Portal

SL - Add ExternalSalesPlatform as a Sales platform

A new generic Sales Platform called ‘ExternalSalesPlatform’ has been introduced in SolCon starting from this release to manage external integrations from clients. An Offer Group can be configured now with ExternalSalesPlatform as its Sales platform. Clients can further use these offers in their external integrations for the purchase subscription flow.

Note: Offers with ExternalSalesPlatform will be returned in get/Offers response to consumer applications when the source system does not match the Sales Platform in SolCon & OfferId or OfferGroup Id are not part of the API request.

Unable to purchase offers from an external system

The user was restricted from purchasing a subscription through an external system, encountering an error notification saying “The offer does not exist or it is not available." This issue was specifically observed in clients who were upgraded to version 3.16.3. Importantly, this error did not occur in prior versions and has been resolved now.

Following the fix, a user can now purchase offers through any external system if the corresponding offer is configured with the 'ExternalSalesPlatform' option in SolCon.

Delayed Login in Self-Service for Publications using SSOR Authentication

The issue of publications using SSOR authentication taking too long to load SubCon Sites has been resolved. This delay was primarily because of an additional API call triggered by an internal cookie with an empty value. With the issue resolved, it is now possible to log in to the My Account pages of publications using SSOR authentication without any delays.

Areas Covered

Self-Service, SolCon

SP - Payment Completion Errors

The user received an error message stating 'The entered payment information was not accepted' when attempting to complete a payment from the Subscription Panel. This issue has been resolved now. The root cause of the issue was missing billing information provided to the payment gateway. The issue was resolved once that information was provided.

Implementation Notes:

• A new Api setting key has been added, ‘CyberSource.DefaultCurrencyCode’ with USD as default value (Mediagroup Null, Clientcode Null, PaperCode Null). ->This setting will be used as a fallback if no CurrencyCode is being sent from the consumer application to the API.

• The Api setting key ‘UpdateProfileForThridPartyPurchase’ should have the value 0. (For CyberSource integration there is no need to update the payment profile as part of the purchase flow. With this setting, profile update step can be skipped.)

SP - User unable to redeem Coupon Codes

The issues with redeeming Coupon Codes (One-time and Multi-use) in the Subscription Panel have now been resolved.

Implementation Notes:

The "Require Code for Access" checkbox should be unchecked in versions higher than 3.16.3.

SL - Terms & Conditions under Exception not displayed

The Terms & Conditions content added under Exception (SolCon > Offer Group > Terms & Conditions > Exception) for publications was not displayed correctly wherever the offer was displayed through consumer applications (Subscription Panel and SubCon Site). Instead of the Exception Terms & Conditions content, the original Terms & Conditions content appeared on the client pages. This issue has been resolved now.

Application Covered:

Subscription Panel, SolCon

Attention: Enhancements

InApp Subscriptions

1. The Newstart InApp flow has been modified to allow new Subscriptions created on external consumer applications to send a StartDate in the past. Validation checks have been implemented so that the InApp newstart flow will accept past dates but not null values. Implementation Notes:

   • For each client, the MG2 Control flow setting, "Flow.Purchase.InApp.Redirect," must be set to "0" in order to process any InApp purchases.

2. Previously, when creating InApp purchases, only FirstName and LastName were included in the input model as part of the GoogleInfo object.

   Since not all external consumer apps provide these two fields, changes have been made to include the Subscriber object in the input model, exactly as the regular Newstarts in Purchase API does.

   The Subscriber object will include the following fields:

   • FirstName

   • LastName

   • Email

   • Title

   • CompanyName

   • CompanyType

   • Country

   • Phone

3. For InApp subscriptions, the "AutoRenewing" property of the external market receipt (Google, AppleV1, or AppleV2) will now be used to populate the EZPayFlag column when creating a subscription record.

   Note: Regardless of the EZPay value that is defined at the Offer level in SolCon, the EZPayFlag value for InApp will be completely based on the external market receipt.

SubCon Admin - New endpoint to fetch Subscription status

A new endpoint, Subscriptions/{SubscriptionId}, has been introduced in this release to fetch subscription statuses. Previously, the status was retrieved through the microAPI endpoint -subscriptionLive/{SubscriptionId}, which could only return statuses for subscriptions in circulation systems and would return a blank status for inApp/SwG subscriptions without circulation system dependencies.

The new endpoint, Subscriptions/{SubscriptionId}, retrieves the status from the circulation system or, when applicable, from Subscribe DB. This ensures that, during a Subscription search Start call, the Subscription Status is consistently returned and displayed in SubCon Admin, even for subscriptions not part of any Circ System and only available in Subscribe DB.

The field 'Subscriber status value' in the Account information tab of SubCon Admin will now derive its value from the "Subscriptions/{SubscriptionId}" microAPI after clicking Start call on the Subscription search screen.

SL - Removing dependency from Subsvc tables while creating/fetching SwG Offers

Creating new offers with the payment method 'Subscribe with Google,' (offers with a product do not present in the Subsvc Google tables) used to result in validation errors. To streamline the process and remove the overhead, the dependency on Subsvc tables during the creation or retrieval of Subscribe with Google (SwG) offers has been removed, as these tables are not utilized elsewhere in the current workflow.

Users can now create new SwG Offers without relying on SubCon Google tables (GooglePublication, GoogleProduct, and Product_GoogleProduct) in Subsvc. The SwG carousel shows these offers and end-users can successfully purchase the subscription.

Subscription Panel - Implemented MPANs for ApplePay Payway Integration

Payway now supports secure tokenization of Merchant Tokens (MPAN—Merchant Pay Account Number) for Apple Pay transactions. Since Device Tokens (DPAN—Device Personal Account Number) are associated with the user's device, when the subscriber upgrades their Apple device, the DPAN changes, and the existing EZPAY tokens registered to the old device become invalid, resulting in the failure of renewals. MPANs offer a solution to the issue with the DPANs. Since tokens are associated with the merchant rather than the device, subscriber device upgrades do not affect the validity of the tokens, and renewals can be processed successfully.

Changes have now been made to the Subscription Panel so that when purchasing a subscription through ApplePay Payway, the request to ApplePay will now be submitted as Merchant Tokens (MPAN) instead of Device Tokens (DPAN).

The PurchaseAPI has been modified to support the usage of Apple Pay Merchant Tokens (MPAN) in addition to Device Tokens (DPAN).

Implementation Notes:

The following key can be configured if a client prefers for ApplePay to display a localized billing agreement and a description of the recurring payment on the payment page before the user approves the payment. If the value has not been defined for the key, it will consider the specified default value.

• A new "Constants" key has been added under the "ApplePay" key in the SP config file for implementing the MPAN. config.ThirdPartySystems -> ApplePay -> Constants

• Under this key, customers can set the values for the two string key objects based on their requirements. The keys are as follows:

  • PaymentDescription: 'String value' A description of the recurring payment that Apple Pay displays in the payment sheet. Default value: "Billing Message"

  • BillingAgreement: 'String value' A localized billing agreement that the payment sheet displays to the user before the user authorizes the payment. Default value: "Billing Agreement"

Self-Service - Auth0 changes to bypass Intelligent Tracking Prevention on Safari

Recent versions of the Safari browser introduced a new feature called Intelligent Tracking Prevention (ITP). ITP is designed to prevent websites from tracking user activity across multiple websites. By default, ITP is active or enabled on the Safari browser. These advancements in user privacy controls of browser adversely impact the user experience by preventing access to third-party cookies. Following this update, the Mac users on Safari browser were experiencing issues while logging into the self-service portal. Auth0 integration was not working on Safari browsers when Intelligent Tracking Prevention was enabled.

To overcome this issue, starting from this release, the Self-Service portal has successfully upgraded the Auth0 SDK from 1.8.0 to 2.1.3. Changes have been made in SS to accommodate Auth0 2.1.3 SDK.

After the enhancement users now have a smooth login process ensuring a better user experience even if the Intelligent Tracking Prevention is enabled on their Safari browsers of Mac systems.

Bug Fixes

SubCon Admin - Failure to display Subscriber Status

When searching for an account number in the SubCon Admin, the Subscriber Status was not displayed, and a Subscribe API error message "Get subscription's information failed" was returned. This occurred because the Get Subscription Live API received the expiration date information from the Circ system in the dd/mm/yyyy format, when the Subscribe expected the format to be mm/dd/yyyy.

This issue has been resolved, and the date format used while parsing the expiration date returned in the Get Subscription Live endpoint will now be determined by the value defined in the MG2 Control API Internal Setting InputMonolithDateFormat.

Note: For versions 3.17.0 and above, the date format will be taken from the MG2 Control API Internal Setting DTI.Monolith.InputDateFormat.

SubCon Admin - Getting Subscriber status as 'In Grace Period'

When the CSR user clicked on the Start call button, the Subscriber status brought by getsubscriptionbyid micro-API was In Grace Period instead of In Grace. When the same action was repeated once more after closing the screen, the response was updated correctly in the 'Subscriber status' field. This behavior has been corrected now. After the resolution, if a subscription is Active in Subsvc, but in Grace period in NCS circulation system, the micro-API now correctly returns "In Grace" instead of "In Grace Period" as Subscriber status.

SubCon Admin - Incorrect subscription start date for the Google subscription purchased from Engage

When a subscription was purchased through SwG, the Start Date displayed in SubCon Admin (Subscription search > Start call > Account information tab > Subscription start date) did not match the Start Date in the database. This issue has now been resolved.

InApp Subscriptions

The issue with the scheduled tasks failing to run to either retry the notifications or change the subscription status, even though set up to run every day for InApp, has now been resolved.

Task Client and Hangfire server schedules, as well as process tasks, will now be filtered according to the queue name. In addition, automatic startup and processing of tasks have been implemented on the Hangfire server in the OnPremise API.

Payment Gateway

The issue with the Cybersource gateway rejecting payment authorization attempts due to ApplePay integration not sending CountryCode to CyberSource has now been resolved.

Self-Service - Newstart Error

When creating a new start for an Australian address in the Self-Service Portal, the addSubscription failed with the error message "Child Event: PAYMENTNEWSTART failed." No value was given for the mandatory field, TranDate." This occurred because the date format sent to the Circ system was in American (mm/dd/yyyy) instead of Australian (dd/mm/yyyy).

This issue has been resolved, and the date format for the TranDate will now be determined by the value set in the MG2 Control API Internal Setting InputMonolithDateFormat for versions up to 3.16.3. For Australian addresses, the value of the InputMonolithDateFormat should be set to dd'/'MM'/'yyyy.

Note: For versions 3.17.0 and above, the date format for the TranDate will be taken from the MG2 Control API Internal Setting DTI.Monolith.InputDateFormat.

Affected Endpoints:

1. POST Payments/CircAPI

2. POST Billing/{subscriptionId}

3. POST DeliverySchedules

Self Service - Issues in Autopay Sign up

On the Autopay signup page, when attempting to sign up for the Autopay payment option, the ‘Complete EZ-Pay Sign Up+’ button remained disabled even after entering the credit card details. Consequently, users were unable to proceed with the Autopay sign-up process. Additionally, the Amount field displayed a message stating, “There are not autopay options”. This issue has now been resolved.

Self-Service - Myaccount shows data of logged out user

When a logged-in user navigated to the Myaccount page in the Self-Service portal, they were unable to see their own account information. Instead, the Myaccount page displayed information from the previous logged-out user. This issue has been resolved now.

Self-Service - Unable to maintain login state from .com to MyAccount when redirected

Post client upgrade to version 3.16.2.4, the logged-in user from .com site was unable to navigate to the Myaccount page in Self-Service portal in the logged-in state. The user could only login at the self-service portal when the value of cookies/cache was cleared. This critical issue has been resolved now.

Self-Service - Error in Autopay manage

The user was displayed with error messages when trying to make payments with a credit card for Autopay manage after entering the payment info and clicking on the Save button. This issue has been resolved now. After the fix, the user is now able to complete payment flows successfully without encountering any error messages.

Self-Service - Address change error

The user was receiving an error message stating “Address Second Pass” while changing the address from SubCon Site. This issue has been fixed now.

Self Service -Error while updating address

While updating the address from the SubCon Site, users were encountering an error message stating, “Failed to get external address id.” This issue has been resolved.

After the fix, the user now receives the validation message, “Address has been successfully changed”. The pending address moves are also displayed under Scheduled Moves section correctly.

SL - Ratecodes not being stored after selection

Previously, certain predefined Rate codes in SolCon were not being stored or displayed in the corresponding field after selection from the drop-down. This issue caused the drop-down field to go blank, specifically for rate codes that contained special characters. Following the fix, users can now successfully select Rate codes and display them in the field, enabling their use in offers.

SL - Issues with action buttons when editing T&C of Exceptions

When editing an Offer group, if the new Terms & Conditions content was added under Exceptions (SolCon > Offer Group > Terms & Conditions > Exception) after unlinking the original Terms & Conditions, then the ‘Cancel’ and ‘Save As New’ buttons were not working. This issue has been resolved.

SL - Passing Incorrect Paper Code

The issue of incorrect paper code being passed to the circulation system for a Publication has been resolved. This issue was particularly observed when there was a mismatch in the values of NS_Paper_Code and paper_code of a publication.

Webhooks: Notification Processing Failure

When trying to reprocess a SUBSCRIPTION_PURCHASED notification in the Self-Service Portal, the issue that caused the Webhook API (POST /Notifications/{id}/Retry) to fail has now been resolved.

Webhooks: Subscription Status and Date Stopped not updated correctly

The issue with the delayed synchronization of subscription status between SubCon Admin and Google Play Console has been resolved. Now, when a user refunds a Google subscription (via Google Play Console >> Order management), the Subscription_Revoked notification triggers in the SubCon DB on the same day, updating the subscription status to 'Stopped' in SubCon Admin immediately. The DateStop is correctly set to the refund date, ensuring accurate reflection of the refund status and stopped date in both SubCon Admin and Google.

Applications Covered:

API, Self-Service Portal, SubCon Admin, Subscription Panel, SolCon

Bug Fixes

API - AddSubscription Failure for ZIP-only Starts for CircPro Clients

The issue with ZIP-only subscriptions for CircPro clients not working correctly in the Subscription Panel has been resolved.

Applications Covered:

API

Bug Fixes

SolCon - Issue in adding images to the new Marketing Text Inventory

The issue where users were unable to add images in the new Marketing Text Inventory element (Inventory > Marketing Text > + (Add New) during creation) has been resolved.

Application Covered:

SolCon

Attention: Enhancement

SS - Supporting Classic and New Universal Auth0 login

The Identity provider Auth0 has introduced a new Universal login experience for its clients. Starting from this version, Subscribe supports both Classic and new Universal login of Auth0 through the Self-Service portal. However, there will be no visual changes for the user.

When a user hits the ‘Login’ button, the Self-Service portal will direct the user to the Sign-in page. Similarly, clicking the 'Register' button will still direct the user to the Sign-up page, as before. For those interested in learning more about the advantages of this new login experience, you may find additional information here: Universal Login Experience (auth0.com)

Bug Fixes

SS - Recurring Tip checkbox unavailable

Previously, the recurring tip checkbox was unavailable on the 'Add a Tip' page (/autopay/addtip) of the Self-Service portal. This issue has been resolved. Following the fix, the checkbox will be visible below the payment field on the 'Add a Tip' page based on the internal configuration setting.

SP - User Session Issue

The user session in the Subscription Panel was getting lost for a specific client. The issue was identified as related to a third-party JS library integration and now it has been fixed. Note: This issue does not apply to all the clients but only to specific ones using the third-party JS Library.

Applications Covered:

SubCon Site, Subscription Panel

Attention: Enhancements

API - Removal of ExpireDate Check

Starting from this release, the validation that prevents InGrace users with ExpireDate in the past from canceling their subscriptions has been removed. The subscribers will be able to cancel their subscriptions even if their subscriptions are in a grace period regardless of the expiration date being past/future. Cancelling a subscription will not have any dependency on the expiration date.

CMS - Title property of 'ApplePay Braintree V3’ component

The Title property of the 'ApplePay Braintree V3’ component has been changed from 'HTML type' to ‘text type'.

SS - Upgrading Braintree SDK

The Braintree-web library and other Braintree scripts have been upgraded from version 3.62.0 to the latest version, 3.100.0. There was a known issue in the Braintree SDK where the Cardholder Name field appeared as a numeric field on iPhones. This issue has been resolved in the newer versions of Braintree. The SDK upgrade has successfully addressed this issue in SubCon Site.

Bug Fix

SS - Unable to cancel subscription

The 'Cancel subscription' button was disabled and unclickable for users on the Stopsaver page, preventing them from canceling their subscription and completing the flow. This issue has been resolved. Following the fix, the 'Cancel Subscription' button is now accessible on the Stopsaver page and it is functional.

Bug Fix

SS - Account linking issue in the Gift redemption workflow

After redeeming a gift, when an existing user clicked on the 'Sign in' button and entered the previously used credentials, they were prompted to verify the account in order to sign in to the SubCon Site. This issue has now been resolved.

Updated on 17 Sep 2024.

Removal of Special Characters Encoding

The encoding of special characters has been removed due to issues arising when the rate code length exceeds 20 characters in the circulation system after encoding.

Bug Fix

Error message when subscribing via ApplePay Braintree

The transaction failed when a user attempted to purchase a subscription using ApplePay via Braintree, and an error message was displayed. This issue has now been resolved. After the fix, users can successfully complete their subscription transactions through the Subscription Panel using ApplePay via Braintree, without encountering any error messages.

Application Covered:

API

Attention: Refactor

1. SL Refactor

Updating an existing Sales Team with a large data set (such as adding many offer groups and/or team members) was causing time-out errors. The Sales Teams update functionality has been refactored to address this issue for performance enhancement.

There are no functional changes. It is now possible to successfully update large numbers of offer groups or sales team members within existing Sales Teams without encountering time-out errors. After the refactoring, the performance has significantly improved while updating the sales team.

2. Enhanced Sign-In Mechanism of Landing Application

Recently, major browsers have introduced additional security measures and constraints related to third-party cookies, as well as cross-domain data transfer and communication. The latest release of Chrome no longer supports third-party cookies. These were impacting the functioning of the Landing application and user experience negatively. Despite the implementation of workarounds, users were encountering issues in the sign-in flow at times.

Therefore, starting with this release, the sign-in logic for the Landing application has been revised without significantly affecting the existing functionality and behavior. The previous dependency on local storage has been replaced, and a Redis caching approach is now implemented for the users to sign in on the Landing application for accessing consumer applications (SubCon Admin, SolCon & CMS).

• Following the new implementation, users can access any consumer application only through the Landing application.

• If a user has opened different consumer applications on different tabs in a browser, logging out from one application will force the user to log out from the other opened applications as well. The user will regain access to the application only by signing in through the Landing application.

• Page refresh will work as before and have no impact following the redesign.

• Multi-Factor Authentication (MFA) with Okta will also work as intended if the feature is turned ON for the specific client.

• There is no dependency on third-party cookies related to the Landing application, and the landing works perfectly fine on Safari, Firefox, Chrome, and Edge browsers.

• Consumer applications are no longer dependent on Local storage to fetch data.

• The CMS Idle Time functionality, which notifies the user if they have been inactive on a CMS page for an extended duration and provides the option to either continue or exit from the page, is working as before.

Bug Fixes

1. Issue with In-App Subscription Purchase

This intermittent issue was specific to Apple's in-app purchase. When users purchased subscriptions through the Apple app (V1) via in-app purchase, the corresponding transaction was not reflected in the Subscribe database, and the user was unable to access the website. The issue occurred because Apple was intermittently sending receipt tokens larger than the int32 data type could handle. This has now been resolved. After the fix, Apple V1 in-app purchases are correctly updated in the Subscribe database, and users can access the website without issues.

2. Removal of Special Characters Encoding

The encoding of special characters has been removed due to issues arising when the rate code length exceeds 20 characters in the circulation system after encoding.

Applications Covered:

API, SolCon

Attention - Enhancement

1. Merchant Password in the P12 file for Cybersource

Following an urgent update regarding the P12 merchant file for Cybersource keys, Subscribe will now send Password, Filename, and Merchant ID to ensure successful payment transactions with the Cybersource payment gateway. Previously, only the Merchant ID was included in the Cybersource request.

Implementation Notes:

A new Api setting key CyberSource.Password has been introduced to get the Cybersource password from MG2 database.

Bug Fix

Subscription failure while using Amex Credit card with Apple Pay

When a user tried to pay the subscription amount via Apple Pay with American Express credit card, the transaction failed. This issue has been resolved. After the fix, user can successfully purchase a subscription with American Express credit card via Apple Pay.

Application Covered: API

InApp subscribers not getting website access

Users who successfully purchased subscriptions via In-App Apple Pay and were created in Subscribe did not gain access to the website. This issue was due to the large download_id sent by Apple Pay, which led to incomplete user details being recorded in Subscribe and thus preventing website access.

This issue has been resolved. After the fix, the details of successful In-app Apple Pay subscriptions are now updated correctly in Subscribe, ensuring that subscribers gain valid access to websites as per their subscriptions.

Application Covered:

API