Service Design Specification

workforceos-subscriptionmanagement-service documentation Version: 1.0.26

Scope

This document provides a structured architectural overview of the subscriptionManagement microservice, detailing its configuration, data model, authorization logic, business rules, and API design. It has been automatically generated based on the service definition within Mindbricks, ensuring that the information reflects the source of truth used during code generation and deployment.

The document is intended to serve multiple audiences:

Note for Frontend Developers: While this document is valuable for understanding business logic and data interactions, please refer to the Service API Documentation for endpoint-level specifications and integration details.

Note for Backend Developers: Since the code for this service is automatically generated by Mindbricks, you typically won’t need to implement or modify it manually. However, this document is especially valuable when you’re building other services—whether within Mindbricks or externally—that need to interact with or depend on this service. It provides a clear reference to the service’s data contracts, business rules, and API structure, helping ensure compatibility and correct integration.

SubscriptionManagement Service Settings

Manages company AI subscriptions through Stripe payments. Companies must pay via Stripe to activate AI features—no manual subscription creation allowed. Handles the full Stripe payment lifecycle: checkout, payment confirmation, activation, and cancellation. The subscription status is entirely driven by Stripe webhook events. SuperAdmin/saasAdmin bypass payment for platform management.

Service Overview

This service is configured to listen for HTTP requests on port 3009, serving both the main API interface and default administrative endpoints.

The following routes are available by default:

The service uses a PostgreSQL database for data storage, with the database name set to workforceos-subscriptionmanagement-service.

This service is accessible via the following environment-specific URLs:

Authentication & Security

This service requires user authentication for access. It supports both JWT and RSA-based authentication mechanisms, ensuring secure user sessions and data integrity. If a crud route also is configured to require login, it will check a valid JWT token in the request query/header/bearer/cookie. If the token is valid, it will extract the user information from the token and make the fetched session data available in the request context.

Service Data Objects

The service uses a PostgreSQL database for data storage, with the database name set to workforceos-subscriptionmanagement-service.

Data deletion is managed using a soft delete strategy. Instead of removing records from the database, they are flagged as inactive by setting the isActive field to false.

Object Name Description Public Access Tenant Level
companySubscription Represents a company's active or inactive subscription record for feature gating (AI, analytics, etc.). Used to track activation/expiry, status, available features, and audit trail of renewals. 1 per company; used for entitlement checking. accessPrivate Yes
sys_companySubscriptionPayment A payment storage object to store the payment life cyle of orders based on companySubscription object. It is autocreated based on the source object's checkout config accessPrivate Yes
sys_paymentCustomer A payment storage object to store the customer values of the payment platform accessPrivate Yes
sys_paymentMethod A payment storage object to store the payment methods of the platform customers accessPrivate Yes

companySubscription Data Object

Object Overview

Description: Represents a company's active or inactive subscription record for feature gating (AI, analytics, etc.). Used to track activation/expiry, status, available features, and audit trail of renewals. 1 per company; used for entitlement checking.

This object represents a core data structure within the service and acts as the blueprint for database interaction, API generation, and business logic enforcement. It is defined using the ObjectSettings pattern, which governs its behavior, access control, caching strategy, and integration points with other systems such as Stripe and Redis.

Core Configuration

Composite Indexes

The index also defines a conflict resolution strategy for duplicate key violations.

When a new record would violate this composite index, the following action will be taken:

On Duplicate: throwError

An error will be thrown, preventing the insertion of conflicting data.

Stripe Integration

This data object is configured to integrate with Stripe for order management of AI Subscription. It is designed to handle payment processing and order tracking. To manage payments, Mindbricks will design additional Business API routes arround this data object, which will be used checkout orders and charge customers.

if an error occurs during the checkout process, the API will continue to execute, allowing for custom error handling. In this case, the payment error will ve recorded as a status update. To make a retry a new checkout, a new order will be created with the same data as the original order.

Properties Schema

Property Type Required Description
activationDate Date Yes Start date/time when subscription is (re)activated.
expiryDate Date Yes Planned end date/time of subscription validity (inclusive).
status Enum Yes Subscription status: active, inactive, pending, or expired.
subscribedFeatures String[] (array) No Array of enabled feature flags for this company's subscription (e.g., aiAnalytics, reporting, notifications).
lastRenewedBy ID No ID of user (admin/mod) who last renewed or updated the subscription record; for audit.
currency String No ISO currency code for the subscription payment. Defaults to usd.
paymentStatus Enum Yes Stripe payment status: pending (awaiting payment), paid (success), failed, canceled.
paymentStatusUpdatedAt Date No Timestamp of the last payment status change from Stripe.
ownerId ID Yes The user who initiated the subscription purchase. Used for Stripe payment ownership.
stripeSubscriptionId String No Stripe subscription ID for recurring billing management. Set after successful payment.
amount Integer Yes Subscription price in cents (e.g. 4999 = $49.99). Used by Stripe payment flow.
companyId ID Yes An ID value to represent the tenant id of the company
paymentConfirmation Enum Yes An automatic property that is used to check the confirmed status of the payment set by webhooks.

Array Properties

subscribedFeatures

Array properties can hold multiple values and are indicated by the [] suffix in their type. Avoid using arrays in properties that are used for relations, as they will not work correctly. Note that using connection objects instead of arrays is recommended for relations, as they provide better performance and flexibility.

Default Values

Default values are automatically assigned to properties when a new object is created, if no value is provided in the request body. Since default values are applied on db level, they should be literal values, not expressions.If you want to use expressions, you can use transposed parameters in any business API to set default values dynamically.

Constant Properties

currency ownerId amount companyId

Constant properties are defined to be immutable after creation, meaning they cannot be updated or changed once set. They are typically used for properties that should remain constant throughout the object’s lifecycle. A property is set to be constant if the Allow Update option is set to false.

Auto Update Properties

activationDate expiryDate status subscribedFeatures lastRenewedBy currency paymentStatus paymentStatusUpdatedAt ownerId stripeSubscriptionId amount

An update crud API created with the option Auto Params enabled will automatically update these properties with the provided values in the request body. If you want to update any property in your own business logic not by user input, you can set the Allow Auto Update option to false. These properties will be added to the update API’s body parameters and can be updated by the user if any value is provided in the request body.

Enum Properties

Enum properties are defined with a set of allowed values, ensuring that only valid options can be assigned to them. The enum options value will be stored as strings in the database, but when a data object is created an addtional property with the same name plus an idx suffix will be created, which will hold the index of the selected enum option. You can use the index property to sort by the enum value or when your enum options represent a sequence of values.

Elastic Search Indexing

activationDate expiryDate status subscribedFeatures lastRenewedBy paymentStatus paymentStatusUpdatedAt ownerId stripeSubscriptionId amount companyId paymentConfirmation

Properties that are indexed in Elastic Search will be searchable via the Elastic Search API. While all properties are stored in the elastic search index of the data object, only those marked for Elastic Search indexing will be available for search queries.

Database Indexing

activationDate expiryDate status paymentStatus ownerId stripeSubscriptionId companyId paymentConfirmation

Properties that are indexed in the database will be optimized for query performance, allowing for faster data retrieval. Make a property indexed in the database if you want to use it frequently in query filters or sorting.

Secondary Key Properties

companyId paymentConfirmation

Secondary key properties are used to create an additional indexed identifiers for the data object, allowing for alternative access patterns. Different than normal indexed properties, secondary keys will act as primary keys and Mindbricks will provide automatic secondary key db utility functions to access the data object by the secondary key.

Relation Properties

lastRenewedBy ownerId

Mindbricks supports relations between data objects, allowing you to define how objects are linked together. You can define relations in the data object properties, which will be used to create foreign key constraints in the database. For complex joins operations, Mindbricks supportsa BFF pattern, where you can view dynamic and static views based on Elastic Search Indexes. Use db level relations for simple one-to-one or one-to-many relationships, and use BFF views for complex joins that require multiple data objects to be joined together.

The target object is a sibling object, meaning that the relation is a many-to-one or one-to-one relationship from this object to the target.

On Delete: Set Null Required: No

The target object is a sibling object, meaning that the relation is a many-to-one or one-to-one relationship from this object to the target.

On Delete: Set Null Required: Yes

CustomData-sourced Properties

paymentStatus amount paymentConfirmation

These properties have source: 'customData' — every create/update API on this data object declares the value via apiOptions.dataClauseSettings.customData[]. Refer to the per-API documentation for the concrete value each API writes.

Filter Properties

activationDate expiryDate status paymentStatus companyId paymentConfirmation

Filter properties are used to define parameters that can be used in query filters, allowing for dynamic data retrieval based on user input or predefined criteria. These properties are automatically mapped as API parameters in the listing API’s that have “Auto Params” enabled.

sys_companySubscriptionPayment Data Object

Object Overview

Description: A payment storage object to store the payment life cyle of orders based on companySubscription object. It is autocreated based on the source object's checkout config

This object represents a core data structure within the service and acts as the blueprint for database interaction, API generation, and business logic enforcement. It is defined using the ObjectSettings pattern, which governs its behavior, access control, caching strategy, and integration points with other systems such as Stripe and Redis.

Core Configuration

Properties Schema

Property Type Required Description
ownerId ID No An ID value to represent owner user who created the order
orderId ID Yes an ID value to represent the orderId which is the ID parameter of the source companySubscription object
paymentId String Yes A String value to represent the paymentId which is generated on the Stripe gateway. This id may represent different objects due to the payment gateway and the chosen flow type
paymentStatus String Yes A string value to represent the payment status which belongs to the lifecyle of a Stripe payment.
statusLiteral String Yes A string value to represent the logical payment status which belongs to the application lifecycle itself.
redirectUrl String No A string value to represent return page of the frontend to show the result of the payment, this is used when the callback is made to server not the client.
companyId ID Yes An ID value to represent the tenant id of the company

Default Values

Default values are automatically assigned to properties when a new object is created, if no value is provided in the request body. Since default values are applied on db level, they should be literal values, not expressions.If you want to use expressions, you can use transposed parameters in any business API to set default values dynamically.

Constant Properties

orderId companyId

Constant properties are defined to be immutable after creation, meaning they cannot be updated or changed once set. They are typically used for properties that should remain constant throughout the object’s lifecycle. A property is set to be constant if the Allow Update option is set to false.

Auto Update Properties

ownerId orderId paymentId paymentStatus statusLiteral redirectUrl

An update crud API created with the option Auto Params enabled will automatically update these properties with the provided values in the request body. If you want to update any property in your own business logic not by user input, you can set the Allow Auto Update option to false. These properties will be added to the update API’s body parameters and can be updated by the user if any value is provided in the request body.

Elastic Search Indexing

ownerId orderId paymentId paymentStatus statusLiteral redirectUrl companyId

Properties that are indexed in Elastic Search will be searchable via the Elastic Search API. While all properties are stored in the elastic search index of the data object, only those marked for Elastic Search indexing will be available for search queries.

Database Indexing

ownerId orderId paymentId paymentStatus statusLiteral redirectUrl companyId

Properties that are indexed in the database will be optimized for query performance, allowing for faster data retrieval. Make a property indexed in the database if you want to use it frequently in query filters or sorting.

Unique Properties

orderId

Unique properties are enforced to have distinct values across all instances of the data object, preventing duplicate entries. Note that a unique property is automatically indexed in the database so you will not need to set the Indexed in DB option.

Secondary Key Properties

orderId companyId

Secondary key properties are used to create an additional indexed identifiers for the data object, allowing for alternative access patterns. Different than normal indexed properties, secondary keys will act as primary keys and Mindbricks will provide automatic secondary key db utility functions to access the data object by the secondary key.

Session-sourced Properties

ownerId

These properties have source: 'session' — their values are read from the authenticated session at create/update time and cannot be supplied in the request body.

This property is the data object’s ownership field, used by ownership-based access control.

CustomData-sourced Properties

statusLiteral

These properties have source: 'customData' — every create/update API on this data object declares the value via apiOptions.dataClauseSettings.customData[]. Refer to the per-API documentation for the concrete value each API writes.

Filter Properties

ownerId orderId paymentId paymentStatus statusLiteral redirectUrl companyId

Filter properties are used to define parameters that can be used in query filters, allowing for dynamic data retrieval based on user input or predefined criteria. These properties are automatically mapped as API parameters in the listing API’s that have “Auto Params” enabled.

sys_paymentCustomer Data Object

Object Overview

Description: A payment storage object to store the customer values of the payment platform

This object represents a core data structure within the service and acts as the blueprint for database interaction, API generation, and business logic enforcement. It is defined using the ObjectSettings pattern, which governs its behavior, access control, caching strategy, and integration points with other systems such as Stripe and Redis.

Core Configuration

Properties Schema

Property Type Required Description
userId ID No An ID value to represent the user who is created as a stripe customer
customerId String Yes A string value to represent the customer id which is generated on the Stripe gateway. This id is used to represent the customer in the Stripe gateway
platform String Yes A String value to represent payment platform which is used to make the payment. It is stripe as default. It will be used to distinguesh the payment gateways in the future.
companyId ID Yes An ID value to represent the tenant id of the company

Default Values

Default values are automatically assigned to properties when a new object is created, if no value is provided in the request body. Since default values are applied on db level, they should be literal values, not expressions.If you want to use expressions, you can use transposed parameters in any business API to set default values dynamically.

Constant Properties

customerId platform companyId

Constant properties are defined to be immutable after creation, meaning they cannot be updated or changed once set. They are typically used for properties that should remain constant throughout the object’s lifecycle. A property is set to be constant if the Allow Update option is set to false.

Auto Update Properties

userId customerId platform

An update crud API created with the option Auto Params enabled will automatically update these properties with the provided values in the request body. If you want to update any property in your own business logic not by user input, you can set the Allow Auto Update option to false. These properties will be added to the update API’s body parameters and can be updated by the user if any value is provided in the request body.

Elastic Search Indexing

userId customerId platform companyId

Properties that are indexed in Elastic Search will be searchable via the Elastic Search API. While all properties are stored in the elastic search index of the data object, only those marked for Elastic Search indexing will be available for search queries.

Database Indexing

userId customerId platform companyId

Properties that are indexed in the database will be optimized for query performance, allowing for faster data retrieval. Make a property indexed in the database if you want to use it frequently in query filters or sorting.

Unique Properties

userId customerId

Unique properties are enforced to have distinct values across all instances of the data object, preventing duplicate entries. Note that a unique property is automatically indexed in the database so you will not need to set the Indexed in DB option.

Secondary Key Properties

userId customerId companyId

Secondary key properties are used to create an additional indexed identifiers for the data object, allowing for alternative access patterns. Different than normal indexed properties, secondary keys will act as primary keys and Mindbricks will provide automatic secondary key db utility functions to access the data object by the secondary key.

Session-sourced Properties

userId

These properties have source: 'session' — their values are read from the authenticated session at create/update time and cannot be supplied in the request body.

This property is the data object’s ownership field, used by ownership-based access control.

Filter Properties

userId customerId platform companyId

Filter properties are used to define parameters that can be used in query filters, allowing for dynamic data retrieval based on user input or predefined criteria. These properties are automatically mapped as API parameters in the listing API’s that have “Auto Params” enabled.

sys_paymentMethod Data Object

Object Overview

Description: A payment storage object to store the payment methods of the platform customers

This object represents a core data structure within the service and acts as the blueprint for database interaction, API generation, and business logic enforcement. It is defined using the ObjectSettings pattern, which governs its behavior, access control, caching strategy, and integration points with other systems such as Stripe and Redis.

Core Configuration

Properties Schema

Property Type Required Description
paymentMethodId String Yes A string value to represent the id of the payment method on the payment platform.
userId ID Yes An ID value to represent the user who owns the payment method
customerId String Yes A string value to represent the customer id which is generated on the payment gateway.
cardHolderName String No A string value to represent the name of the card holder. It can be different than the registered customer.
cardHolderZip String No A string value to represent the zip code of the card holder. It is used for address verification in specific countries.
platform String Yes A String value to represent payment platform which teh paymentMethod belongs. It is stripe as default. It will be used to distinguesh the payment gateways in the future.
cardInfo Object Yes A Json value to store the card details of the payment method.
companyId ID Yes An ID value to represent the tenant id of the company

Default Values

Default values are automatically assigned to properties when a new object is created, if no value is provided in the request body. Since default values are applied on db level, they should be literal values, not expressions.If you want to use expressions, you can use transposed parameters in any business API to set default values dynamically.

Constant Properties

paymentMethodId userId customerId cardHolderName cardHolderZip platform companyId

Constant properties are defined to be immutable after creation, meaning they cannot be updated or changed once set. They are typically used for properties that should remain constant throughout the object’s lifecycle. A property is set to be constant if the Allow Update option is set to false.

Auto Update Properties

paymentMethodId userId customerId cardHolderName cardHolderZip platform cardInfo

An update crud API created with the option Auto Params enabled will automatically update these properties with the provided values in the request body. If you want to update any property in your own business logic not by user input, you can set the Allow Auto Update option to false. These properties will be added to the update API’s body parameters and can be updated by the user if any value is provided in the request body.

Elastic Search Indexing

paymentMethodId userId customerId cardHolderName cardHolderZip platform cardInfo companyId

Properties that are indexed in Elastic Search will be searchable via the Elastic Search API. While all properties are stored in the elastic search index of the data object, only those marked for Elastic Search indexing will be available for search queries.

Database Indexing

paymentMethodId userId customerId platform cardInfo companyId

Properties that are indexed in the database will be optimized for query performance, allowing for faster data retrieval. Make a property indexed in the database if you want to use it frequently in query filters or sorting.

Unique Properties

paymentMethodId

Unique properties are enforced to have distinct values across all instances of the data object, preventing duplicate entries. Note that a unique property is automatically indexed in the database so you will not need to set the Indexed in DB option.

Secondary Key Properties

paymentMethodId userId customerId companyId

Secondary key properties are used to create an additional indexed identifiers for the data object, allowing for alternative access patterns. Different than normal indexed properties, secondary keys will act as primary keys and Mindbricks will provide automatic secondary key db utility functions to access the data object by the secondary key.

Session-sourced Properties

userId

These properties have source: 'session' — their values are read from the authenticated session at create/update time and cannot be supplied in the request body.

This property is the data object’s ownership field, used by ownership-based access control.

Filter Properties

paymentMethodId userId customerId cardHolderName cardHolderZip platform cardInfo companyId

Filter properties are used to define parameters that can be used in query filters, allowing for dynamic data retrieval based on user input or predefined criteria. These properties are automatically mapped as API parameters in the listing API’s that have “Auto Params” enabled.

Business Logic

subscriptionManagement has got 19 Business APIs to manage its internal and crud logic. For the details of each business API refer to its chapter.

Edge Controllers

handlePaymentSuccess

Configuration:

REST Settings:

deletePaymentMethod

Configuration:

REST Settings:

onSubscriptionPaymentDone

Configuration:

REST Settings:

Service Library

Functions

subscriptionCheckNoActive.js

const db = require("dbLayer");

module.exports = async function subscriptionCheckNoActive(companyId) {
  if (!companyId) throw new Error("companyId is required");
  
  // Check if company already has an active or pending (awaiting payment) subscription
  const existing = await db.getCompanySubscriptionListByMQuery({
    companyId,
    status: { $in: ['active', 'pending'] },
    isActive: true
  });
  
  if (existing && existing.length > 0) {
    throw new Error('An active or pending subscription already exists for this company. Cancel the existing one first.');
  }
  
  return true;
};

subscriptionValidateUpdate.js

// DEPRECATED: No longer used. Subscription updates are now restricted to superAdmin/saasAdmin only.
module.exports = async function subscriptionValidateUpdate() {
  return true;
};

Edge Functions

onSubscriptionPaymentDone.js

const db = require("dbLayer");

module.exports = async (request) => {
  // This edge function is triggered by Stripe after successful payment.
  // The request contains the companySubscription order data.
  const subscription = request.companySubscription;
  
  console.log('onSubscriptionPaymentDone: Called with subscription:', JSON.stringify(subscription, null, 2));
  
  if (!subscription || !subscription.id) {
    console.error('onSubscriptionPaymentDone: No subscription data in request');
    return;
  }

  // Check payment status - check both paymentStatus and paymentConfirmation fields
  const paymentStatus = subscription.paymentStatus || subscription.paymentConfirmation;
  console.log('onSubscriptionPaymentDone: Payment status found:', paymentStatus);
  
  if (paymentStatus !== 'paid') {
    console.log('onSubscriptionPaymentDone: Payment status is not paid, skipping activation. Status:', paymentStatus);
    return;
  }

  const now = new Date();
  const expiryDate = new Date(now.getTime() + 30 * 24 * 60 * 60 * 1000); // 30 days from now

  try {
    console.log('onSubscriptionPaymentDone: Activating subscription', subscription.id);
    
    const updateData = {
      status: 'active',
      activationDate: now,
      expiryDate: expiryDate,
      subscribedFeatures: ['aiInsights', 'aiWorkforceAnalytics']
    };
    
    console.log('onSubscriptionPaymentDone: Update data:', JSON.stringify(updateData, null, 2));
    
    const result = await db.updateCompanySubscriptionById(subscription.id, updateData);
    
    console.log('onSubscriptionPaymentDone: Subscription activated successfully. Result:', JSON.stringify(result, null, 2));
    console.log('onSubscriptionPaymentDone: Subscription activated for company', subscription.companyId, 'until', expiryDate);
  } catch (err) {
    console.error('onSubscriptionPaymentDone: Failed to activate subscription', err);
    console.error('onSubscriptionPaymentDone: Error stack:', err.stack);
  }
};

handlePaymentSuccess.js

module.exports = async (eventPayload) => {
  const { paymentData, companySubscription } = eventPayload;
  
  console.log('[handlePaymentSuccess] Received payment success event:', JSON.stringify({
    subscriptionId: companySubscription?.id,
    paymentStatus: paymentData?.status,
    paymentId: paymentData?.paymentId
  }));
  
  if (!companySubscription || !companySubscription.id) {
    console.error('[handlePaymentSuccess] No subscription ID in event payload');
    return { success: false, error: 'No subscription ID' };
  }
  
  try {
    // Update subscription status to active using M2M API
    const db = require('dbLayer');
    
    const updateResult = await db.updateCompanySubscriptionById(
      companySubscription.id,
      {
        status: 'active',
        paymentStatus: 'paid',
        paymentConfirmation: 'paid',
        paymentStatusUpdatedAt: new Date()
      }
    );
    
    console.log('[handlePaymentSuccess] Subscription updated successfully:', {
      subscriptionId: companySubscription.id,
      updateResult
    });
    
    return { 
      success: true, 
      message: 'Subscription activated',
      subscriptionId: companySubscription.id
    };
  } catch (error) {
    console.error('[handlePaymentSuccess] Error updating subscription:', error.message);
    return { 
      success: false, 
      error: error.message 
    };
  }
};

deletePaymentMethod.js

const db = require("dbLayer");
const { getIntegrationClient } = require("integrations");

module.exports = async (context) => {
  const { paymentMethodId } = context.params;
  const userId = context.session.userId;
  const companyId = context.session.companyId;

  try {
    // Find the payment method in local DB by LOCAL ID (UUID)
    const paymentMethod = await db.getSys_paymentMethodById(paymentMethodId);

    if (!paymentMethod) {
      const error = new Error("Payment method not found");
      error.status = 404;
      throw error;
    }

    // Verify ownership
    if (
      paymentMethod.userId !== userId ||
      paymentMethod.companyId !== companyId
    ) {
      const error = new Error("Payment method not owned by user");
      error.status = 403;
      throw error;
    }

    // Get Stripe client from integrations
    const stripe = await getIntegrationClient("stripe");

    // Detach from Stripe using the Stripe paymentMethodId
    await stripe.paymentMethods.detach(paymentMethod.paymentMethodId);

    // Delete from local DB
    await db.deleteSys_paymentMethodById(paymentMethodId);

    return {
      result: "OK",
      message: "Payment method deleted successfully",
      deletedPaymentMethodId: paymentMethodId,
    };
  } catch (error) {
    console.error("Error deleting payment method:", error);
    throw error;
  }
};

This document was generated from the service architecture definition and should be kept in sync with implementation changes.