Status
All Systems Operational
As part of our ongoing commitment to maintaining the highest security standards for our employment and payroll services, we are introducing an important security enhancement to our platform.
In our upcoming release, we will be implementing mandatory Cross-Site Request Forgery (CSRF) validation across our platform.
Why Are We Implementing This?
Our primary goal is to continuously improve our collective security posture. CSRF is a vulnerability where unauthorized commands are transmitted from a user that the web application trusts. By enforcing strict CSRF validation, we are adding a robust layer of defense to ensure that every state-changing request originating from our partners and users is fully authenticated, intentional, and secure.
This proactively protects sensitive payroll data and user sessions from malicious interception.
What is Changing?
-UI Protection: All state-changing actions performed through the platform's web browser interface (such as clicking save, submitting forms, or updating payroll details) will contain session-specific CSRF token which will be validated automatically.
-Validation Checks: The platform will automatically reject any incoming requests that lack a valid token or fail the validation check, returning a 400 Bad Request error.
Action Required
No action is required from your team - This security feature applies strictly to browser-based UI interactions, our platform will handle the generation and validation of these tokens automatically. Your standard workflows and any server-to-server API integrations will continue to function without interruption.
Release Timeline
Production Rollout: Enforced on 15th June 2026.
