Scheduled Maintenance For June 23, 2014 

This Monday, June 23, between 15:00 and 16:00 UTC (11am-12pm EDT/8am-9am PDT), we’ll be performing a few package updates on our primary database server.

Due to our recent platform upgrades, we now have full redundancy at our database layer. As a result, we anticipate that this routine maintenance will cause zero downtime. However, since this is the first time we’ll be testing our forced failover system since migration, we’re scheduling the entire hour as a maintenance window to be sure. In the future, we will most likely not schedule any downtime for this sort of routine maintenance.

As usual, if you have any questions or concerns, please don’t hesitate to contact our team via our support forum, Twitter, or Facebook.

Thanks for growing with us,

Team Cheddar

Subscription Billing

Important Information Regarding Our Recent SSL Upgrade

On May 14, 2014 we upgraded our SSL certificate to use SHA-256, the most widely supported SHA-2 hashing algorithm. SHA-2 was developed by NIST (National Institute of Standards and Technology) to replace the aging SHA-1 hashing algorithm which may have mathematical weaknesses.

NIST has recommended that SHA-1 not be used for digital signature generation after December 31, 2013. Microsoft will cease trusting Code Signing Certificates using SHA-1 on January 1, 2016 and SSL Certificates using SHA-1 on January 1, 2017.

At this point, most browsers, applications and servers support SHA-256. However some older operating systems and devices do not (i.e. Windows XP without SP3). Also, some systems that support SHA-256 have not been updated to trust the new root certificates used to sign newer SHA-256 certificates.

As a result, a handful of CheddarGetter customers have experienced issues connecting to CheddarGetter’s API due to SSL verification errors. This can be resolved temporarily by ignoring verification, and permanently by updating you SSL library and/or installing the Go Daddy Root 2 certificate as a trusted certificate.

We are committed to providing the highest level of security and customer service possible. We believe to have resolved all known customer issues related to this matter. However, if you are experiencing any SSL verification issues please contact us immediately on our support forum.

Subscription Billing

Downtime Window Tonight - 4/11/2014

Starting at around 2014-04-10 20:00 UTC (approximately 22 hours ago) we noticed elevated memory usage on our primary database server. While primary API services continue to operate normally, we have temporarily disabled recurring transaction processing. We are working diligently to pinpoint the problem and release memory to its normal level without the need for a database server restart. However, we are scheduling a downtime window from 2014-04-12 02:00-03:00 UTC (10pm-11pm EDT/7pm-8pm PDT tonight) to reboot our primary database server if necessary. Once the db layer is stable, recurring processing will be reenabled and delayed transactions will be queued for processing.

We expect resulting downtime to be 30 seconds or less. However, if we experience an issue requiring fail over to our backup database server, we could experience as much as 10 minutes of downtime.

This is in no way related to the “Heartbleed” bug, which CheddarGetter remains wholly unaffected by, and is separate from the cut over to our new hosting platform still scheduled for Monday morning. In fact, this scenario is the type of issue that our new high availability system will help mitigate. After Monday, we will be able to rotate database servers in and out without experiencing noticeable downtime.

If you have any questions or concerns, please don’t hesitate to contact our team via our support forum, Twitter, or Facebook.

Thanks,

Team Cheddar

Subscription Billing

Maintenance Window For April 14, 2014

After months of planning, we’re excited to make the final cut over to our new hosting platform. This new platform is engineered to provide scalability and redundancy at every level. As we continue to grow, we’re excited to enhance performance, security and reliability for all CheddarGetter customers.

As a result of the migration, we’ll be experiencing a maintenance window on Monday, April 14, between 11:00 and 12:00 UTC (7am-8am EDT/4am-5am PDT).

We expect no more than five minutes of actual downtime during the process, and we’re working diligently to keep that time to a minimum.

As we migrate to our new platform, you need to be aware of an important change that may affect your service.

If your system does any IP-based filtering or verification when communicating with CheddarGetter, you will need to ensure your system allows communication with our new IP addresses.

Our current IPs are: 67.23.3.70 and 67.23.4.246

The new cheddargetter.com IPs will be: 198.90.23.195, 198.90.23.190, 198.90.23.192, 198.90.23.194 and 198.90.21.112

Depending on your system configuration, you may have to make modifications to your system to allow communication with our new IP addresses. Customers who are using Ogone as their payment gateway or are restricting their Web Hooks by IP address should pay special attention to this. We suggest you verify your configuration with your development team and make any necessary changes before April 14.

If you have any questions or concerns, please don’t hesitate to contact our team via our support forum, Twitter, or Facebook.

Thanks for growing with us,

Team Cheddar

Subscription Billing

Scheduled Downtime For March 19th, 2014

As a preliminary step toward migration to an improved hosting platform, we’ll be experiencing a few seconds of scheduled downtime this Wednesday, between 12:00 and 13:00 UTC (7am-8am EDT/4am-5am PDT).

We’re looking forward to this initial step in our larger migration project. We’ve been working behind the scenes for months developing a new hosting infrastructure. The new platform is engineered to provide scalability and redundancy at every level. As we continue to grow, we’re excited to be able to enhance performance, security and reliability for all CheddarGetter customers.

Over the coming weeks you’ll hear more about our final migration timing. We’ve worked tirelessly to make the migration have near zero downtime. We are aiming for less than a minute of total downtime throughout the process.

If you have any questions or concerns, please don’t hesitate to contact our team via our support forum, Twitter, or Facebook.

Thanks for growing with us,

Team Cheddar

Subscription Billing

Trello - Home of the CheeseMap

By now you’ve all probably heard of the awesome project management site Trello. Which means that you should be more than familiar with The CheeseMap - our CheddarGetter development board.

  • Want to know what we have in the works?
  • Have input on one of our suggested features?
  • Want to suggest some features of your own?
You can communicate with our Dev Team, vote for the features that matter to you, and much more just by keeping your eyes on The CheeseMap.
      Subscription Billing

      Need Some Help?


      Never fear, because now it’s easier than ever to get CheddarGetter support - or just to reach out and say hi - on Twitter, Tumblr, Facebook, or Google+.

      If we were any more heroic we’d need capes.

      Subscription Billing

      Zapier Is Giving You Even More App Integration Possibilities

      We’ve talked about how fantastic Zapier is in the past (*Spoilers* You can use Zapier to integrate CheddarGetter with a phenomenal number of services), so as you can imagine it makes us pretty pumped to announce that those crazy kids are at it again.

      In honor of “the month of love”, they’re adding 28 new apps to Zapier over the next 28 days of February. That means even more CheddarGetter combination possibilities.

      You can read the full announcement on their blog here - including a peek at the first batch of three new Zapier-ready apps - and tune in daily for new integration announcements.

      Subscription Billing

      A Look Back, A Look Forward, And A Flying Cat

      Time Flies. Which is why we’re doing a look back on everything that we accomplished in 2013 on 1/31/14…but it’s never to late to give an update on what you may have missed, or a forecast of all of the awesome things we have in store for 2014!

        Here’s a rundown on what we accomplished in 2013:

        • Native Zapier Support - Zapier could be the single most awe-inspiring addition to CheddarGetter in 2013. You can pretty much do anything. Check it out.
        • Significant improvements to customer lookup (speed, ease of use, etc).
        • Improved processor communication to increase fault tolerance and better handling for general internet glitches
        • Various improvements to PayPal Preapproval workflow (more to come!)
        • Massive overhaul of database schema including primary key switcheroo on several key tables with zero downtime!
        • Billing address info added to email template variables
        • Enable customers to enter coupon codes in hosted pages
        • Limit promotion application to certain charge types
        • Additional billing solution support
        • Increased PayPal preapproval limits to $10000 and 3 years
        • Resend invoice email receipts via API and GUI
        • Improvements to duplicate POST check
        • Refactored hook system. It’s not even more powerful and reliable. Added Bill Reminder as a hook event.
        • Improvements to credit card validation when payment method update does not result in a revenue transaction
        • Additional config options for Bill Reminder events.
        • Found and fixed some memory leaks in our background processing
        • Several additions to CG’s real-time automated auditor

        Now a sneak peek into what we’ve been working on behind the scenes:

        • Massive overhaul hosting infrastructure and migration to new hosting provider. Flipping the switch in early 2014!
        • Full rebrand and rewrite of marketing site. Easier to use documentation. Coming in Q1 2014.
        • New PCI DSS Service Provider Level 1 assessment. Certification expected to be complete in Q1 2014.
        • Admin GUI rewrite including significant improvements to dashboard reporting and customer search
        • JSON API interface. Read-only metrics in JSON format.
        Stay tuned for more developments, features, and nature/gravity defying animals from CheddarGetter in 2014! Subscription Billing

        Balancing Usage Levels and Charges

        CheddarGetter has long been a proponent of bootstrapped startups. In every single planning meeting, we talk about our core customer base as being the startup. This has caused some degree of trouble for us when talking to larger customers, as they don’t understand how a company like ours can grow and sustain itself by catering to what they see as a fickle, unprofessional group. In our experience, professionalism, talent, and potential have little or nothing to do with a company’s age. It has everything to do with a team’s integrity and standards.

        In our search for balance between catering to startups with a low-cost offering, and servicing larger businesses with a powerful and flexible offering, we have made some pricing decisions that have negatively affected our ability to service either.

        We currently charge our merchants for any transaction that results in a movement of money from the end customer to the merchant (you, perhaps). That works great if all end customers pay the merchant monthly. In that case, we collect $0.20/customer/month and that covers all of the expenses we incur to service that account over that month plus a little. Unfortunately in many cases, that’s not what happens.

        Our current model does not accommodate for other hard costs or high levels of non-revenue generating activity. In other words, other types of services including web hooks and API calls cost money and our current model doesn’t cover for those costs when usage of those services exceeds the norm.

        As such, we’re writing this post to start a discussion about pricing for a few valuable services.

        API Calls

        In most cases, API calls to CheddarGetter occur fairly infrequently. Businesses who correctly integrate with our API, and use it as it was meant to be used, present a reasonable load on our server, and cause no problems. The cost of providing an API is just a cost of doing business, and we have no desire to charge any more than what is necessary to cover those costs. Most will never pay us directly for a single API call but in the case where a merchant’s usage of the API is significantly disproportionate to the amount of revenue we receive from that customer, we need to do something about it.

        With API calls, there may be an additional charge for exceeding a set velocity or exceeding a set total number of API calls in a month. In each case, the limits will be set relative to, say, the number of revenue transactions in a month. We’re not yet doing this but plan to soon. First, we will begin tracking API call quantities and velocities to get a baseline measurement. Based on that data, we will determine what’s normal, then decide at what level to start charging. Our goal here is only to charge for usage well above the average so the vast majority of our customers will not be charged for API calls. Only those with an abnormally high usage will be charged. The fees, if any, will be nominal.

        Web Hooks

        As with API calls, CheddarGetter handles your web hooks with ease in most cases. However when your services hits a snag (something hangs), our service retries that hook multiple times, for multiple seconds each time. This, of course, is a good thing because it makes the hook system tolerant of failure of the listener to process the hook. This can cause significantly elevated usage of resources by our background processes, which can delay other customers’ webhooks if there’s a backlog. This is bad juju, and we feel that good users should not bear the weight of those who are causing the problems.

        Similar to API calls, we’re looking at setting some velocity and total limits as well as total time waited for listeners to respond. We’re not doing this yet but plan to soon. Again, only those with abnormally high usage of hooks will be affected.

        Transactions

        As you know, transaction charges are a part of life. Some processors charge percentage fees, some charge flat rates, others charge both. We’ve always felt that a flat fee is the most fair method to cover these costs, because it puts a standard value on the process of transacting, rather than sliding number up or down to capture a larger piece of your higher-dollar transactions. In real terms, paying 3% of $100 is a lot harder to swallow than paying $0.20, compared to the difference between paying $0.20 on a $10 transaction vs $0.03. This varies of course depending on your pricing model, but in the end we determined that it was the most equitable model for our customer base.

        Transactions are a hard cost for us as well. In the past, we have charged only for Approved (Successful) and Refunded transactions. These are $0.20 for the Blowing Up plan, and $0.25 for the Paypal Only plan. What you haven’t seen are the costs for other transaction types, like Declined, Failed, Authorization (Auth), and Voided. Approved and Refunded transactions are pretty straightforward but the others are not. I’ll explain.

        Declined transactions may seem innocuous but these amount to a significant cost to for us. They occur more often than you might think. First, consider repeated failed signups, some are even attempts to fraudulently use one or more stolen cards. Second, consider dunning retries. CG by default continues to attempt to charge the customer 4 more times over 8 days before giving up. You can configure your dunning retry schedule here: https://cheddargetter.com/admin/configuration

        Failed is a special transaction that occurs when a transaction is first approved, then later found to be declined. This is typical of ACH (aka echeck) transactions. This mostly occurs when a PayPal payment is backed by a bank draft instead of a credit card. The transaction is initially approved but PayPal then later informs us that the money could not be taken from the PayPal account holder’s bank account.

        Authorizations and Voids apply only to those merchants using a validation transaction on signup or payment method change events. When a validation transaction is configured, CG issues a small authorization transaction which tests the card all the way to the issuer including CVV verification (if applicable) and AVS checks (if applicable). This is extremely valuable for those who accept payment methods with a delayed initial bill and for payment method changes mid billing cycle. Without them, you have to trust the customer to enter all of their information properly without validation other than basic format checks. If the payment information is wrong at bill time, it will be declined. That’s a hassle for everyone.

        Voids are related to the Authorization. When an Authorization is successful, we need to issue a Void to indicate that we never intend to capture that small Authorization. If this isn’t done, the Authorization will remain on the cardholder’s card statement for several weeks. Hanging Authorizations are a no-no for that reason but also because the banks consider them to be a liability when there’s a large quantity of hanging auths.

        In order to continue providing a great service, we felt that it was necessary and fair to pass these costs to the people who are using them.

        For most of our customers, these costs will amount to a very small increase on their monthly bill.

        For CheddarGetter, the sum of these costs across our entire customer base accounts for a very significant expense each month. That is money that we could and should be using to shore up our service, provide higher availability, and generally make our system stronger and better.

        We know that this is a touchy subject.

        We know that people don’t like to pay for something that they didn’t realize they were getting for free.

        We also know that our competitors already charge for these things, and it is possible that some of our customers made the decision to use CheddarGetter because we did not.

        So…

        To alleviate potential future discomfort for all involved, here is our plan.

        As of yesterday, we turned on the charge system for these “other” transactions (Auths, Voids, Declines, and Failures) on the PayPal Only and Blowing Up plans (legacy plans are not affected). Everyone is able to see these pending transaction charges, if any, on the Billing page: https://cheddargetter.com/admin/billing.

        As promised, we are giving all of you the option to tell us you don’t want to pay for them. If you are on a super-tight budget and simply cannot afford the extra charges, we understand. Or maybe you don’t think that these charges should be passed on to customers on principle. Either way, let us know and we will adjust your account so you will not be charged for those transactions.

        In Summary

        API Calls Now: No change
        Soon: Plan to charge for extreme usage / Costs TBD but will be minimal
        Take action: This topic is open for discussion here (http://support.cheddargetter.com/discussions/questions/5850-api-and-webhooks-overage-pricing).

        Web Hooks Now: No change
        Soon: Plan to charge for extreme usage / Costs TBD but will be minimal
        Take action: This topic is open for discussion here (http://support.cheddargetter.com/discussions/questions/5850-api-and-webhooks-overage-pricing).

        Transactions Now: Charge for all transaction types on current plans (legacy plans, Basic, Advanced, Premium, etc, are not affected)
        Soon: No further changes
        Take action: Review your charges as they accrue here: https://cheddargetter.com/admin/billing. Evaluate how they affect your budget in relation to the benefits to the health of CheddarGetter’s system. If acceptable, no action needed. If you choose to opt out, let us know here (team@cheddargetter.com).

        Subscription Billing