olek/AI_template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
12f3b625f50bd7c77308fb37328a177454c791d8
AI_template/docs/backend/payment-flow.md
olekhondera 3f4a98d42d create AI_template
2025-11-18 03:15:04 +02:00

46 lines
2.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Payment & Billing Flow (Provideragnostic)
---
**Last Updated:** 2025-01-17
**Phase:** Phase 0 (Planning)
**Status:** Draft — finalize in Phase 1
**Owner:** Backend Architect
**References:**
- `/docs/project-overview.md`
- `/docs/backend/architecture.md`
- `/docs/backend/api-design.md`
- `/docs/backend/security.md`
---
Single source of truth for subscription billing with an external payment provider. No raw card data is handled by our app.
## 1) High-Level Flow
1. Frontend calls backend to create a Checkout/Portal Session (`POST /billing/session`) with tenant/context.
2. Backend creates/updates the Customer (if needed) and Session at the payment provider; returns `sessionUrl`.
3. User completes checkout on providerhosted page.
4. Payment provider sends webhooks (e.g., subscription created/updated/canceled).
5. Backend verifies signatures, updates subscription state in DB, and logs events (`BILLING_UPDATED`).
6. Frontend reads subscription status from backend (`/billing/status`) — webhookdriven source of truth.
## 2) Required Endpoints
- `POST /billing/session` — init checkout/plan change. Request: tenant ID inferred from auth; plan/tier; success/cancel URLs. Response: `sessionUrl`.
- `GET /billing/status` — return subscription status, current plan, renewal/cancel info (cached from webhookdriven DB state).
- `POST /billing/webhooks/provider` — verify signature; idempotent upsert of subscription state; update tenant access.
## 3) Data Model Notes
- Store provider customer ID, subscription ID, price/plan, status, current period dates, cancel_at/canceled_at, seats (if applicable).
- All writes must be idempotent (webhook retries). Use provider event IDs for dedupe.
- Permissions are enforced per tenant based on subscription status.
## 4) States & Mapping (common)
- `trialing`, `active`, `past_due`, `canceled`, `incomplete/incomplete_expired`, `unpaid` → map to internal states that drive access. Deny critical actions when subscription is inactive.
## 5) Security & Compliance
- Verify webhook signatures with provider secret; reject if invalid; log failures with trace IDs.
- Do not log sensitive payloads; store only necessary billing identifiers.
- Expose no card data; rely on providerhosted UIs (Checkout/Portal) for payment method management.
## 6) Frontend UX Notes
- Use provider trust cues and clear statuses after redirect: success/pending/fail with recovery (retry checkout, contact support).
- All status displays must read from backend (webhookdriven), not query params.
Reference in New Issue View Git Blame Copy Permalink