Release Notes

What's new in ClientLoop, newest first.

June 28, 2026

Website verification on applications — a website entered on an application must now resolve to a live page, catching mistyped or dead domains before they're saved. The field stays optional.
Breaking: the PaymentSessionLinkChannel value Sms has been renamed to Phone for payment-session and payment-plan link delivery. Clients sending Sms will now get a validation error. (Phone delivery itself is not yet available.)
Self-service signup — prospective merchants can now apply directly at /signup, an embedded apply experience with light and dark themes.
Fixed loading older organizations — resolved an error that could occur when reading organizations created before the status field was introduced.

New org.status.changed.v1 webhook event — fires whenever an organization's status changes, so you can react to onboarding progress in real time. The webhook events documentation now also includes a full event index.

Manage webhooks through the API — create, update, and delete webhook subscriptions via the public GraphQL API instead of by hand.
Versioned webhook payloads — webhook deliveries now carry a payload version and a cl-request-id header to make handling and support easier.
Branding on payment sessions — override the logo and business name shown to payers with brandLogoUrl and brandName.
Onboarding for publicly-listed businesses — applications can now capture stock-exchange details for public companies.
Fixed a checkout error — resolved a 401 when starting a Plaid session during anonymous checkout.
Clearer API reference — payment operations are now grouped by category and the reference navigation is alphabetized.

Themed apply sessions — the embedded apply component now accepts a dynamic theme override so it can match your brand.
Fractional line-item quantities — order line items now accept decimal quantities. If you use generated client types, regenerate them against the latest schema.

GoHighLevel invoice tipping — the GoHighLevel integration now supports tips on invoices.

Environment selection on Contact IDV — the <contact-idv-session> component now takes an env attribute, so you no longer wire up a raw endpoint URL.

More API examples — the GraphQL API reference now includes PHP, Java, and .NET examples alongside the existing ones.

Credit card surcharging guide — a new guide walks through enabling and configuring surcharging.
Surcharge and tip handling at checkout — adding a surcharge or tip no longer blocks payment; unsupported pay-over-time options are simply disabled instead.
Fixed a sign-out error — resolved a 500 that could occur when signing out.

Interactive "Try it" in the docs — run GraphQL operations directly from the API reference.
Simpler component setup — ClientLoop session components now take an env attribute instead of a raw graph URL.
Quieter console — stopped a spurious 401 from the session probe used by embedded components.

Client package import — the generated GraphQL schema is now exported from the @clientloop/client package root.

Richer API reference — type pages now show a "Used by" section, and operation pages include ready-to-run curl and fetch examples.

Developer docs site — the ClientLoop developer documentation now lives at docs.clientloop.com, including the embeddable component guides.

Contact mutations in the public API — contact operations are now exposed in the public GraphQL graph under the Contact category.
Better type docs — GraphQL operation pages now show the definitions of the types they reference.

Redesigned API keys — create and manage API keys with roles and soft-delete, each scoped to its owner.
Checkout component attributes — checkout web components now use kebab-case attribute names (for example brand-name). Update any existing embeds that use the old casing.
Auth requirements in the docs — the API reference now shows which operations require authentication.

Verified apply sessions — the new applySessionCreate mutation issues a verified, embeddable apply session.
Stronger address validation — applications now reject PO box and PMB addresses.
Automatic business verification — submitting an application now places a business-verification order automatically.