Studio 2.3 - New Hidden Upsell Step For Regular Giving 🚀

Need Help? Let's Find the
Answer Together!

Sorry, we didn't find any relevant articles for you.

Send us your queries using the form below and we will get back to you with a solution.

Salesforce Alerts/Notifications

Topics on Salesforce Alerts/Notifications

Why is Object XXX showing in RED

Please see procedure When and how are the permissions used? to determine if the o ...

Please see procedure When and how are the permissions used? to determine if the object in question needs to have public access. Please FULLTEST any updates should you reduce the recommended settings.

Can we disable the Potential Risk (RED) Permissions shown in the GUAR report associated with Payments2US Guest user profile

The Permissions that are associated with Payments2Us Guest User Profile which you ...

The Permissions that are associated with Payments2Us Guest User Profile which you can disable.

  1. permissionspasswordneverexpires
  2. permissionsenablenotifications
  3. permissionsactivitiesaccess
  4. permissionsallowuniversalsearch
  5. permissionscontentworkspaces
  6. permissionsselectfilesfromsalesforce
  7. permissionsadddirectmessagemembers
  8. permissionsenablecommunityapplauncher
  9. permissionsuseweblink
  10. permissionsemailtemplatemanagement
  11. permissionsemailadministration
  12. permissionsmanagechattermessages
  13. permissionsshowcompanynameasuserbadge

You can use Workbench to set these Permissions to False. Please see the instructions below.

  1. Open the link provided in the GUAR Report. Login to your instance of Salesforce.
  2. Set the Permissions which are True to False and Confirm Update.

Our organisation is moving to Hyperforce does this impact our custom domain?

Yes, there is a known issue where having a custom domain using your own certifica ...

Yes, there is a known issue where having a custom domain using your own certificate and CDN.

To check, go to setup and search for "Domains". For the domains where the certificate is entered, if these are hosted on the Salesforce Cloud, there can be an issue moving to Hyperforce. In this instance, the migration would be blocked. Furthermore, salesforce generally will not select you for migration to Hyperforce if they believe there will be an issue. This is one of the criteria they look at.

Enabling Salesforce Enhanced Domains?

Salesforce has delayed the timeframe for the deployment of enhanced domains rollo ...

Salesforce has delayed the timeframe for the deployment of enhanced domains rollout. Note, the seasons mentioned are Northern Hemisphere.

From Salesforce notifications:

To ensure customers have adequate time to prepare, test, and make necessary adjustments for enhanced domains, the deployment timeline for this feature changed. The new timeline is as follows:

  • Spring ’23: Enhanced domains deployed in all orgs that don’t have enhanced domains deployed, with options to opt-out & disable the feature.
  • Summer ’23: Enhanced domains deployed in all orgs that don’t have enhanced domains deployed, with an option to disable the feature.
  • Winter ’24: Enhanced domains enforced in all orgs.

For additional timeline details, see Enhanced Domains Timeline in Salesforce Help.

 

This help article is being updated as we learn more. Contacting our support team or us directly is not going to be able to provide more information as this article is the most up to date. Please book mark and check back regularly. 

We have been running enhanced domains internally since December, our test and development environments were updated months ago. We are also aware of customers using Windcave Webservice and Stripe with enhanced domains for a while. If electing to turn on, we do suggest testing your normal business as usual. Ideally testing from a Sandbox first.

 

Whilst we are not aware of any current issues, we need to go through and do some thorough checks. This section will be updated as progress is made.

Actions Required by you after enabling Enhanced Domains:

  • NOTE: These are actions known to date. We are still reviewing an more may be required.
  • The Base Site URL on all Merchant Facilities will need to be updated.
  • You should update your website where forms are iframed in to to have the updated Base Site URL.
  • For Experience Cloud/Communities, you will need to add a new CSP Trusted Site.

Known Issues

  • Create Samples does not assign the correct Base Site URL on DEMO FACILITY. This is addressed in 9.2 (release now available for install from the AppExchange)
  • Failure to update Base Site URL will cause PayPal to stop functioning. Symptons of this issue is when pressing the PayPal payment method button, the PayPal login screen flashes up, then disappears. 
    Might show the redirection with "CORS Error Access-Control-Allow-Origin"
  • If using custom CSS and with your specific Fonts then the static resource CSS will need to be updated to use the new force.com - Sites Base URL.
  • Create Remote Site settings component in the Payments2Us Settings Tab/App sub tab will always show, even after successfully creating the remote site. This is addressed in the current version 9.3.

Recommended Updates

Webhook setup again if you are using:

1. Enhanced Domains FAQ

Q: What will happen to links for membership renewals that have already been sent out? 
A: Salesforce has implemented redirects. These renewal links will be redirected and should continue to work. For more info, see Salesforce Help Article Redirect Site URLs After you enable Enhanced Domains.

2. Disabling Enhanced Domains

Should you wish to disable Enhanced Domains after Salesforce has completed the Spring 23 release update an automatically turned on Enhanced Domains, then:

  1. Click on setup cog (top right)
  2. Quick find "My Domain"
  3. Click on "My Domain" menu
  4. Click "Edit" button
  5. Untick "Use enhanced domains"

End of life Workflow notification / Migration from Workflow/Process Builder to Flow

Salesforce have announced the retirement of Workflows and Process Builder. Follow ...

Salesforce have announced the retirement of Workflows and Process Builder. Following are some notes regarding this update:

  1. Organisations with Workflows/Process Builders will still be able to use and edit these for a little while, but cannot add new ones.
  2. You cannot use the migration wizard to migrate the standard Payments2Us Managed Package Items. This has been done as part of a release update (see below).

 

Important Update (Version 11.0 onwards)

Payments2Us has introduced Salesforce Flow-based automation to replace legacy Workflow Rules.

For step-by-step guidance on transitioning from Workflow Rules to Flows, please refer to: How to migrate Workflow to Flow 

This guide explains how to safely test, transition, and activate Flows in your organisation.

 

 

JDK Locale Format Retirement

Salesforce is migrating from JDK to ICU Locales. You can see more details in thei ...

Salesforce is migrating from JDK to ICU Locales. You can see more details in their online help: JDK Locale Format Retirement

Our checks have not located any issues with this announcement.

Should we subsequently discover anything, then we will post updates in this FAQ.
The latest and most up-to-date information is in the FAQ - Contacting us directly or via support will not have any additional information that we can provide.

Update Unsupported Legacy API Version - Upto Version 30.0

You may receive an email from Salesforce along the lines of "You are receiving th ...

You may receive an email from Salesforce along the lines of "You are receiving this email because you’re an admin of an org that is actively using the legacy API endpoints. Versions 21.0 through 30.0 of the Salesforce Platform SOAP, Bulk, and REST APIs are currently unsupported and you need to take action before May 2023. "

This does not impact Payments2Us.

We have received an email that our Salesforce Org is due to be migrated to a new server/instance

Question: I've seen that our Salesforce Org is due to be migrated this weekend, a ...

Question:

I've seen that our Salesforce Org is due to be migrated this weekend, and I wanted to check in to see if I need to update anything with Payments2Us? (e.g. hard-coding in anything)?

Answer:

From the Payments2Us Perspective, there is nothing that will be impacted.

Customer orgs are migrated to new instances of Salesforce all the time.

You may need to check for any of your own customisations that your Admin or Consulting partners has done. Those sort of checks are outside of our support as they are general Salesforce Admin related.

Enforce RFC 7230 Validation for Apex RestResponse Headers

Salesforce is alerting customers with the following message for Spring 24 Enforce ...

Salesforce is alerting customers with the following message for Spring 24

Enforce RFC 7230 Validation for Apex RestResponse Headers

  1. Apex that invokes the RestResource.addHeader(name, value) method, with a header name that isn’t RFC 7230-compliant results in a runtime exception of type InvalidHeaderException.
  2. Before activating this update in production, check with your package providers to make sure that all your installed packages are compatible.
  3. There is no use of RestResponse.addHeader(name, value) in the instance, just need to confirm with the Package providers.
 

We have run code scans and checks and are currently not aware of any issues. Nor, have we had any customers report any issues.

Please book mark this FAQ and check back. We will update this FAQ if we learn of any new updates.

Getting the error 'URL No Longer Exists'

We've had a couple of recent cases where customers have suddenly come up with "UR ...

We've had a couple of recent cases where customers have suddenly come up with "URL No Longer Exists" for existing payment forms/card updates/URL Tokens.

Note: This issue is due a change made by Salesforce and NOT Payments2us.
This update was made was first made available in Summer ’21 release by salesforce. For more details please see Enhanced Domain Timeline article from Salesforce help.

 

 

Part of Error:

URL No Longer Exists
You have attempted to reach a URL that no longer exists on salesforce.com.

 

Quick overview of the issue:

Salesforce has now enabled MyDomain for all customers.  Or, the main domain has been updated by an Administrator.
The force.com site (public website) URL does not match the Site Base URL on the Merchant Facility.
The  cases logged recently have the URL for the donation form have .secure.force.com/... in them.
The correct URL will have  .… my.salesforce-sites.com/... in them.

You can see the article about MyDomain linked in the following sentence. This article explains Actions Required by you, Known Issues, Recommended Updates and has Enhanced Domains FAQs as well.

 

Solution: 

The action to correct the "URL No Longer Exists" is to update the Base Site URL on ALL Merchant Facilities.  For steps on how do do this, please see this article.

Please note that this updating Base Site URL on the Merchant Facility will:
- Correct the renewal URLs going forward however If there are reminders that have already gone out, then those links will likely be invalid.
- Not update webhooks setup for stripe, shopify, paypal and payments2us. For webhook updates see Recommended updates
- Not update URL setup in Iframe on the website

 

Salesforce Connected Apps Changes

This is for the Salesforce Critical Incident announcement. Please refer to Salesf ...

This is for the Salesforce Critical Incident announcement. Please refer to Salesforce Help Article.

 

Last updated: 28/08/2025

Summary of the article: 

What’s Changing
Starting September 2, 2025, Salesforce is enforcing tighter security around the use of uninstalled connected apps. These are apps that users have authorized but were never formally installed into the org via the AppExchange or admin processes.

Why This Matters
This change is aimed at reducing security risks - including social engineering attacks - by preventing non-admin users from authorizing or accessing uninstalled connected apps. It also addresses vulnerabilities in the OAuth 2.0 device flow.

How this affects Payments2us Application

Payments2Us uses a connected app to support the Authorise Payments2Us step. In most cases, this step was already completed when you first installed the package, so your current setup is likely to continue to work without interruption.

That being said, with Salesforce’s upcoming security changes, there’s a small chance that you could run into issues and need to re-authorise the app (for example, if a connected user changes or the app needs to be reconnected), you may encounter issues after 2nd September unless the Payments2Us connected app has been installed. Hence, if you would like to be on the safe side, we recommend installing the Payments2Us connected app now. The installation steps are provided in the next section.

Installing the connected app:

  • Aligns with Salesforce’s new security requirements
  • Ensures future re-authorisations work smoothly
  • Does not affect your existing configuration or data
     

The manual steps listed below will be required for any new Payments2Us installation after 2nd September.

 

 

Steps to Install Payments2Us Connected app:

Following steps can be performed to install Payments2Us Connected app.

  • Go to Setup 
  • Search and find "Connected apps" > Connected Apps OAuth Usage
  • Find Payments2us in list
  • Click Install button
  • Confirm the Installation on the next screen

We are also working to automate this setup in a future release but until then you manually install Payments2Us connected app.

Connected Apps in Sandbox

If you are unable to find Payments2Us under Connected Apps OAuth Usage, it may be because the connected app was not installed in Production at the time the sandbox was created.
To resolve this, install the connected app in Production, and then refresh your sandbox. After the refresh, Payments2Us should appear under Connected Apps in the sandbox.

 

 

Email: IMPORTANT: Prepare for Upcoming Root Certificate Changes Effective February 5 2026

Question We received this notification from Salesforce: “Starting February 5, 202 ...

Question

We received this notification from Salesforce:

“Starting February 5, 2026, Salesforce certificates will begin to be chained from the DigiCert Global Root G2 (DigiCert G2 Root).”

What does this mean? Do I need to take any action?

Answer

This notification means that Salesforce is updating the root certificate authority used to secure its services. From February 5, 2026, Salesforce’s SSL/TLS certificates will be chained to DigiCert Global Root G2, which is a widely trusted and industry-standard root certificate.

 

Does it affect Payments2Us Application?

No. From the Payments2Us Perspective, there is nothing that will be impacted.

You may need to check for any of your own Salesforce certifications that your Admin or Consulting partners has done. Those sort of checks are outside of our support as they are general Salesforce Admin related.  For more details, please review: Certificates in Salesforce
 

If Salesforce provides additional guidance or if any edge-case actions are required for specific environments, we will update this article accordingly.

Email: IMPORTANT: Upcoming Changes to Certificate Lifespans

On 21st Jan 2026, we received this notification from Salesforce: “Salesforce is i ...

On 21st Jan 2026, we received this notification from Salesforce:

“Salesforce is implementing changes to Transport Layer Security (TLS) certificate lifespans as mandated by the Certification Authority Browser Forum (CA/Browser Forum).”

  • Until March 15, 2026, the maximum lifespan is 398 days.
  • As of March 15, 2026, the maximum lifespan is 200 days.
  • As of March 15, 2027, the maximum lifespan is 100 days.
  • As of March 15, 2029, the maximum lifespan is 47 days.

How does it affect Payments2Us App and what actions do you need to take?

Answer

This is a general notification to inform the lifespan changes for all new Salesforce Certificates signed by a public Certificate Authority (CA) at the time of creation.

Up till now, the Salesforce Certificates were created with 1 year or more expiry time. Moving forward, the certificates will need to be replaced/reissued more often to ensure continuous service. To make sure you are notified timely for any upcoming certificate expiry, please review the following article from Salesforce: Set Expired Certificate Notification Permission.

 

Does it affect Payments2Us Application?

No. From the Payments2Us Perspective, there is nothing that will be impacted.

You may need to check for any of your own Salesforce certifications that your Admin or Consulting partners has done. Those sort of checks are outside of our support as they are general Salesforce Admin related.  For more details, please review: Certificates in Salesforce
 

If Salesforce provides additional guidance or if any edge-case actions are required for specific environments, we will update this article accordingly.

Mandatory Salesforce Security Upgrade & What It Means for Payments2us Orgs on Version 11.x

**Article Regularly Updated ** This article is regularly updated. Latest material ...

**Article Regularly Updated **

This article is regularly updated. Latest material changes/updates appear at the top with timestamps. We recommend bookmarking this page. You will also receive email notifications as material updates are posted.

 

👉Update 06/05/2026 5:30 PM AEST

[06/05/2026] — Sandbox Service Advisory

Our development team is currently conducting critical testing of the v11.4 release in our Sandbox environment. To prepare for the upcoming mandatory Salesforce security changes, we have temporarily enabled PKCE and RTR on the Payments2Us Sandbox Connected App.

While this testing is underway, you may experience intermittent downtime or "Re-Authorization" errors within your own Sandbox environments. This work is a vital step in ensuring a seamless transition for the upcoming production push. We expect to deploy v11.4 to Sandboxes soon or disable these settings once testing is finalised.

We apologize for any disruption to your testing schedule in sandboxes. Please note: Production environments are unaffected and remain fully operational.

👉Update 05/05/2026 11AM AEST

[05/05/2026 11:00 AM] — Article published. Initial guidance for v11.x customers. See below

 

A. What is happening?

Salesforce has issued a mandatory security directive requiring all apps on the AppExchange to implement new OAuth security standards — specifically PKCE (Proof Key for Code Exchange) and Refresh Token Rotation — across every Connected App and External Client App on its platform. This is not specific to Payments2us. Every ISV on the AppExchange is subject to the same requirements, with a hard enforcement deadline of May 11, 2026.

Salesforce issued the final enforcement advisory on April 29, 2026, giving the ISV community less than two weeks to implement what is a fundamental architectural change. Like many in the Salesforce partner community, we were given very little notice. Our engineering team mobilised immediately and has been working at full capacity since to build these mandated security changes into our upcoming release, which at this stage is anticipated to be Release 11.4 (note: release number subject to final confirmation).

At Payments2us, we take our obligations to Salesforce's security standards seriously. Where security is concerned, we do not wait — we comply. Release 11.4 is being built specifically to ensure your org remains secure, compliant and fully operational beyond May 11.

B. Does this affect me?

Yes — but not in the way you might expect. Because you are on v11.x, you are on a supported and current version of Payments2us. Our team is handling all of the technical code changes entirely on our end. This article is here to keep you informed and prepared.

That said, it is important to understand the stakes: if Release 11.4 is not successfully pushed to your org by May 11, Payments2us will cease to function in your environment — including all payment processes and any business processes that depend on the application. This is why we are working urgently to ensure the release lands on every org by May 11.

C. What action do I need to take right now — and what happens after Release 11.4?

As a customer on v11.x, you are in a better position than most. The technical work is entirely on our side, however there are a couple of things we want you to be aware of and prepare for so that when Release 11.4 lands, your org is back up and running as quickly as possible.

We are now expecting to push Release 11.4 on Monday May 11. When the push occurs, there will be a period of downtime for Payments2us in your org while the new security changes take effect. This is expected and temporary.

Here is what we are anticipating will need to happen on your side after the push:

  • Re-authorisation of the Payments2us app. Once Release 11.4 has landed in your org, your Salesforce Administrator will need to complete a re-authorisation step to reconnect Payments2us with your Salesforce org under the new security standards. This is a one-time process and we expect it to take no more than 10 minutes. Until this is completed, Payments2us will not be operational in your environment.
     
  • How to prepare now. We recommend letting your Salesforce Administrator know this is coming. We will publish the full step-by-step re-authorisation process in this article on or before May 8 — bookmark this page so your admin has it ready to go the moment the push lands. The sooner the re-authorisation is completed after the push, the sooner your org is back up and running.

Again, we will update this article with timestamped entries as things progress and will notify you by email when material updates are posted, including when the re-authorisation guide is live.

We do not anticipate any issues once re-authorisation is complete and expect business to continue as usual. Your payment processes, configurations and data should not be affected. That said, we ask that you stay close to this article and our email updates in the days following the push — if anything unexpected arises, we will communicate it here immediately and work through it together with you.

D. What is happening on May 11?

As outlined above, May 11, 2026 is Salesforce's hard enforcement deadline and we are targeting this date for the Release 11.4 push to all v11.x orgs. We cannot confirm an exact time at this stage. What we can confirm is that when the push occurs, it is likely to be a rollout across Sandbox and Production environments. We may push to Sandbox a day or 2 prior, with Production following on May 11.

We want to be transparent: our normal protocol is to push to Sandbox first, giving customers at least 3-weeks testing time before Production push. On this occasion, the deadline Salesforce has given us left no room for a staged rollout. We are testing the release thoroughly on our end and our goal is for this transition to be as seamless as possible.

We will update this article and notify you by email as soon as we have a confirmed time for the push.
There are two important exceptions to be aware of:

If you have previously opted out of push updates, you will not automatically receive Release 11.4 — and without it, Payments2us will cease to function in your org after May 11, which means your payment processes and any business processes that depend on Payments2us will stop working. Please email us immediately at support@payments2us.com to re-include yourself for push updates. Do not delay.

If your org is on v9.x or v10.x, this article is not intended for you until you have upgraded to the latest stable release on v11.x. We sent a separate and urgent email to those customers on May 4, 2026. If you did not receive it, please contact us at support@payments2us.com with urgency.

E. Will there be any disruption/downtime to my org?

There will be a period of unavoidable downtime on May 11 while the release takes effect. Once we initiate the push, Salesforce typically takes a couple of hours to propagate the release at org level. Once that is confirmed, your Salesforce Administrator will need to complete the re-authorisation process which we expect to take no more than 10 minutes. The combination of these two steps represents the total downtime window for Payments2us in your environment.

On or before May 8, we will send an email confirming the exact time we plan to initiate the push on May 11 — we recommend sharing this with your Salesforce Administrator and any relevant stakeholders so they can plan accordingly. Please note that once we initiate the push, the propagation time at org level is managed by Salesforce and may vary, though in most cases this is a couple of hours.

Outside of this window, our goal is zero disruption. Release 11.4 is being built and tested specifically to land cleanly on all v11.x environments. We will communicate immediately via both this article and email if anything changes.

F. What is this security change about — and why is Salesforce doing this?

In early 2025, a significant security breach affecting multiple Salesforce-connected applications exposed how vulnerable static, long-lived authentication tokens can be. Once compromised, those tokens gave attackers persistent access to customer Salesforce environments across hundreds of organisations.

In response, Salesforce has mandated two core security changes across its entire platform:

PKCE (Proof Key for Code Exchange) is a security extension to the OAuth login process. In simple terms, it ensures that even if an authorisation code is intercepted during login, it cannot be used by anyone other than the application that originally requested it. It makes the initial handshake between Payments2us and your Salesforce org significantly more secure.

Refresh Token Rotation (RTR) means that every time Payments2us silently refreshes its connection to your org in the background, the old token is immediately invalidated and replaced with a new one. Previously, a single token could be reused indefinitely — meaning a stolen token was a permanent key. With rotation, a stolen token becomes useless almost immediately.

Together, these two changes represent a meaningful improvement in the security of your org's connection to Payments2us and to Salesforce as a platform. Release 11.4 will implement both in full.

G. Where can I read more about the technical requirements?

For further reading on the Salesforce mandate and how the broader ISV community is responding, the following articles may be helpful:

H. I am on v11.0 and not on 11.1 or 11.2 — what happens to Flows when Release 11.4 is pushed?

We introduced Flows in versions 11.1 and 11.2. If you are using or aware of this feature, you may be wondering whether the Release 11.4 push will automatically activate Flows in your org, disabling workflows. The short answer is NO.

Flows were deliberately rolled out in a turned-off state and will remain that way as part of the Release 11.4 upgrade. You do not need to take any action and nothing will change in your org with respect to Flows as a result of this push. 

When you are ready to explore migrating from Workflows to Flows at a time of your choosing, please refer to our guide here: https://help.payments2us.com/en_US/workflows-optional/how-to-migrate-workflow-to-flow