October 2025
In October 2025 we updated the maximum length for message fields, added redirect codes, added a new parameter, added info about card activation and PCI compliance, updated Get Card and Get Account Cards info, clarified balance accuracy, fixed an example field value, added a new product guide, added a new event reference, released Dispute API 3.0, added more details about the new Auth API fields, clarified ACH retry support, added a skip-validation function, corrected an RDF field, added a warning about response codes, and fixed some Modify Status type descriptions. Click October 2025 to see the details.
Updated maximum length for message fields in Create Account Transfer
We updated the max length values for the message and senderMessage fields in Create Account Transfer. For the message field, we also added a note specifying Galileo truncates the string to 80 characters.
Added missing HTTP 302 redirect codes
We updated the table of HTTP 302 redirect codes in the Direct POST PIN-Set Procedure to include the following codes:
-3— Bad signature-4— Account is in charged-off status and cannot be modified-8— Inactive payment account-9— Problem with the redirect URL configuration-10— Direct POST not allowed-103— Expired token
New velocity-limit behavior
By default, velocity limits are applied on a per-PRN basis. To apply the limits on a per-balance basis, you can now set the ALBID parameter.
Card activation and PCI compliance
We added information about which card-activation methods are available to you according to your level of PCI compliance.
Get Card and Get Account Cards updates
We updated some information for the Get Card and Get Account Cards endpoints:
- The
_datefield descriptions in the responses are clearer. - The example responses have been updated to include populated
embossed_cardsobjects
Balance fields in Get All Transaction History
We added notes of caution to emphasize that calculated_balance and beginning_balance in the response to Get All Transaction History should not be considered authoritative. Instead, use the ROLLING BALANCE field in the Posted Transactions RDF.
Fixed example value for the templateValues field
templateValues fieldWe updated the example value for the templateValues field, adding missing field inputs to make it more correct and usable. The documentation for this field in Create Simulated Incoming ACH Transaction now links to Incoming ACH Simulation Payload Values, which contains the updated example.
New co-brand debit program guide
We published the Co-Brand Debit Application Platform guide, which contains information about Galileo's new rewards debit card platform and supporting features and services. This is a program managed, full-stack solution, Galileo acts as an extension of your business.
New Payment Risk Platform guide
We added the new Messaging Service for PRP guide, which explains how to use real-time SMS alerts to verify suspicious transactions detected by the Payment Risk Platform.
Added new event
We added the prp_sms_suspicious_txn_alert event, which notifies you when a cardholder responds to an SMS fraud alert.
Dispute API 3.0 general availability
Dispute API 3.0 is now generally available. This Dispute API has the same functionality as Dispute API 2.0 but uses different conventions in the API calls. All new clients will be onboarded to Dispute API 3.0, and those currently using API 2.0 will eventually migrate to API 3.0.
New Auth API fields
In August, we announced the several new fields and objects that were added to the Auth API webhook payload. You can now find more detailed information about these fields on the Auth API Field Detail and Payment Risk Platform guides.
ACH retry
We clarified that Galileo does not currently support ACH retry.
Expiry date validation in Mexico
Mexico only. At your request, Galileo can enable a feature to skip expiry-date validation for recurring transactions.
Dispute and Chargeback RDF correction
The list of valid values for TRANSACTION_TYPE in the Dispute and Chargeback RDF has been updated to remove NEW and add ACH.
Response code 05 overuse
In the Overrides section of the Authorization Controller API guide, we clarified that networks might assess a monetary penalty for overuse of the generic response_code: 05.
Modify Status type values
The descriptions for Modify Status type 12 and 13 have been corrected.
