# Service Design Specification **workforceos-subscriptionmanagement-service** documentation **Version:** `1.0.26` ## Scope This document provides a structured architectural overview of the `subscriptionManagement` microservice, detailing its configuration, data model, authorization logic, business rules, and API design. It has been automatically generated based on the service definition within Mindbricks, ensuring that the information reflects the source of truth used during code generation and deployment. The document is intended to serve multiple audiences: * **Service architects** can use it to validate design decisions and ensure alignment with broader architectural goals. * **Developers and maintainers** will find it useful for understanding the structure and behavior of the service, facilitating easier debugging, feature extension, and integration with other systems. * **Stakeholders and reviewers** can use it to gain a clear understanding of the service's capabilities and domain logic. > **Note for Frontend Developers**: While this document is valuable for understanding business logic and data interactions, please refer to the [Service API Documentation](#) for endpoint-level specifications and integration details. > **Note for Backend Developers**: Since the code for this service is automatically generated by Mindbricks, you typically won't need to implement or modify it manually. However, this document is especially valuable when you're building other services—whether within Mindbricks or externally—that need to interact with or depend on this service. It provides a clear reference to the service's data contracts, business rules, and API structure, helping ensure compatibility and correct integration. ## `SubscriptionManagement` Service Settings Manages company AI subscriptions through Stripe payments. Companies must pay via Stripe to activate AI features—no manual subscription creation allowed. Handles the full Stripe payment lifecycle: checkout, payment confirmation, activation, and cancellation. The subscription status is entirely driven by Stripe webhook events. SuperAdmin/saasAdmin bypass payment for platform management. ### Service Overview This service is configured to listen for HTTP requests on port `3009`, serving both the main API interface and default administrative endpoints. The following routes are available by default: * **API Test Interface (API Face):** `/` * **Swagger Documentation:** `/swagger` * **Postman Collection Download:** `/getPostmanCollection` * **Health Checks:** `/health` and `/admin/health` * **Current Session Info:** `/currentuser` * **Favicon:** `/favicon.ico` The service uses a **PostgreSQL** database for data storage, with the database name set to `workforceos-subscriptionmanagement-service`. This service is accessible via the following environment-specific URLs: * **Preview:** `https://workforceos.prw.mindbricks.com/subscriptionmanagement-api` * **Staging:** `https://workforceos-stage.mindbricks.co/subscriptionmanagement-api` * **Production:** `https://workforceos.mindbricks.co/subscriptionmanagement-api` ### Authentication & Security - **Login Required**: Yes This service requires user authentication for access. It supports both JWT and RSA-based authentication mechanisms, ensuring secure user sessions and data integrity. If a crud route also is configured to require login, it will check a valid JWT token in the request query/header/bearer/cookie. If the token is valid, it will extract the user information from the token and make the fetched session data available in the request context. ### Service Data Objects The service uses a **PostgreSQL** database for data storage, with the database name set to `workforceos-subscriptionmanagement-service`. Data deletion is managed using a **soft delete** strategy. Instead of removing records from the database, they are flagged as inactive by setting the `isActive` field to `false`. | Object Name | Description | Public Access | Tenant Level | |-------------|-------------|---------------| --------------| | `companySubscription` | Represents a company's active or inactive subscription record for feature gating (AI, analytics, etc.). Used to track activation/expiry, status, available features, and audit trail of renewals. 1 per company; used for entitlement checking. | accessPrivate | Yes | | `sys_companySubscriptionPayment` | A payment storage object to store the payment life cyle of orders based on companySubscription object. It is autocreated based on the source object's checkout config | accessPrivate | Yes | | `sys_paymentCustomer` | A payment storage object to store the customer values of the payment platform | accessPrivate | Yes | | `sys_paymentMethod` | A payment storage object to store the payment methods of the platform customers | accessPrivate | Yes | ## companySubscription Data Object ### Object Overview **Description:** Represents a company's active or inactive subscription record for feature gating (AI, analytics, etc.). Used to track activation/expiry, status, available features, and audit trail of renewals. 1 per company; used for entitlement checking. This object represents a core data structure within the service and acts as the blueprint for database interaction, API generation, and business logic enforcement. It is defined using the `ObjectSettings` pattern, which governs its behavior, access control, caching strategy, and integration points with other systems such as Stripe and Redis. ### Core Configuration - **Soft Delete:** Enabled — Determines whether records are marked inactive (`isActive = false`) instead of being physically deleted. - **Public Access:** accessPrivate — If enabled, anonymous users may access this object’s data depending on API-level rules. - **Tenant-Level Scope:** Yes — Enables data isolation per tenant by attaching a tenant ID field. ### Composite Indexes - **unique_company**: [companyId] This composite index is defined to optimize query performance for complex queries involving multiple fields. The index also defines a conflict resolution strategy for duplicate key violations. When a new record would violate this composite index, the following action will be taken: **On Duplicate**: `throwError` An error will be thrown, preventing the insertion of conflicting data. ### Stripe Integration This data object is configured to integrate with Stripe for order management of `AI Subscription`. It is designed to handle payment processing and order tracking. To manage payments, Mindbricks will design additional Business API routes arround this data object, which will be used checkout orders and charge customers. - **Order Name**: `AI Subscription` - **Order Id Property**: This MScript expression is used to extract the order's unique identifier from the data object. - **Order Amount Property**: This MScript expression is used to determine the order amount for payment. It should return a numeric value representing the total amount to be charged. - **Order Currency Property**: This MScript expression is used to determine the currency for the order. It should return a string representing the currency code (e.g., "USD", "EUR"). - **Order Description Property**: 'WorkforceOS AI Analytics Subscription for company ' + this.companyId This MScript expression is used to provide a description for the order, which will be shown in Stripe and on customer receipts. It should return a string that describes the order. - **Order Status Property**: paymentStatus This property is selected as the order status property, which will be used to track the current status of the order. It will be automatically updated based on payment results from Stripe. - **Order Status Update Date Property**: paymentStatusUpdatedAt This property is selected to record the timestamp of the last order status update. It will be automatically managed during payment events to reflect when the status was last changed. - **Order Owner Id Property**: ownerId This property is selected as the order owner property, which will be used to track the user who owns the order. It will be used to ensure correct access control in payment flows, allowing only the owner to manage their orders. - **Map Payment Result to Order Status**: This configuration defines how Stripe's payment results (e.g., started, success, failed, canceled) map to internal order statuses., `paymentResultStarted` status will be mapped to a local value using `'pending'` and will be set to `paymentStatus`property. `paymentResultCanceled` status will be mapped to a local value using `'canceled'` and will be set to `paymentStatus` property. `paymentResultFailed` status will be mapped to a local value using `'failed'` and will be set to `paymentStatus` property. `paymentResultSuccess` status will be mapped to a local value using `'paid'` and will be set to `paymentStatus` property. - **On Checkout Error**: if an error occurs during the checkout process, the API will continue to execute, allowing for custom error handling. In this case, the payment error will ve recorded as a status update. To make a retry a new checkout, a new order will be created with the same data as the original order. ### Properties Schema | Property | Type | Required | Description | |----------|------|----------|-------------| | `activationDate` | Date | Yes | Start date/time when subscription is (re)activated. | | `expiryDate` | Date | Yes | Planned end date/time of subscription validity (inclusive). | | `status` | Enum | Yes | Subscription status: active, inactive, pending, or expired. | | `subscribedFeatures` | String[] (array) | No | Array of enabled feature flags for this company's subscription (e.g., aiAnalytics, reporting, notifications). | | `lastRenewedBy` | ID | No | ID of user (admin/mod) who last renewed or updated the subscription record; for audit. | | `currency` | String | No | ISO currency code for the subscription payment. Defaults to usd. | | `paymentStatus` | Enum | Yes | Stripe payment status: pending (awaiting payment), paid (success), failed, canceled. | | `paymentStatusUpdatedAt` | Date | No | Timestamp of the last payment status change from Stripe. | | `ownerId` | ID | Yes | The user who initiated the subscription purchase. Used for Stripe payment ownership. | | `stripeSubscriptionId` | String | No | Stripe subscription ID for recurring billing management. Set after successful payment. | | `amount` | Integer | Yes | Subscription price in cents (e.g. 4999 = $49.99). Used by Stripe payment flow. | | `companyId` | ID | Yes | An ID value to represent the tenant id of the company | | `paymentConfirmation` | Enum | Yes | An automatic property that is used to check the confirmed status of the payment set by webhooks. | * Required properties are mandatory for creating objects and must be provided in the request body if no default value is set. * Properties marked `Type[] (array)` MUST be sent as a JSON array (e.g. `["a","b"]`), even when only one value is present (`["a"]`). Sending a bare scalar fails validation. ### Array Properties `subscribedFeatures` Array properties can hold multiple values and are indicated by the `[]` suffix in their type. Avoid using arrays in properties that are used for relations, as they will not work correctly. Note that using connection objects instead of arrays is recommended for relations, as they provide better performance and flexibility. ### Default Values Default values are automatically assigned to properties when a new object is created, if no value is provided in the request body. Since default values are applied on db level, they should be literal values, not expressions.If you want to use expressions, you can use transposed parameters in any business API to set default values dynamically. - **activationDate**: new Date() - **expiryDate**: new Date() - **status**: pending - **paymentStatus**: pending - **ownerId**: '00000000-0000-0000-0000-000000000000' - **amount**: 10000 - **companyId**: 00000000-0000-0000-0000-000000000000 - **paymentConfirmation**: pending ### Constant Properties `currency` `ownerId` `amount` `companyId` Constant properties are defined to be immutable after creation, meaning they cannot be updated or changed once set. They are typically used for properties that should remain constant throughout the object's lifecycle. A property is set to be constant if the `Allow Update` option is set to `false`. ### Auto Update Properties `activationDate` `expiryDate` `status` `subscribedFeatures` `lastRenewedBy` `currency` `paymentStatus` `paymentStatusUpdatedAt` `ownerId` `stripeSubscriptionId` `amount` An update crud API created with the option `Auto Params` enabled will automatically update these properties with the provided values in the request body. If you want to update any property in your own business logic not by user input, you can set the `Allow Auto Update` option to false. These properties will be added to the update API's body parameters and can be updated by the user if any value is provided in the request body. ### Enum Properties Enum properties are defined with a set of allowed values, ensuring that only valid options can be assigned to them. The enum options value will be stored as strings in the database, but when a data object is created an addtional property with the same name plus an idx suffix will be created, which will hold the index of the selected enum option. You can use the index property to sort by the enum value or when your enum options represent a sequence of values. - **status**: [active, inactive, pending, expired] - **paymentStatus**: [pending, paid, failed, canceled] - **paymentConfirmation**: [pending, processing, paid, canceled] ### Elastic Search Indexing `activationDate` `expiryDate` `status` `subscribedFeatures` `lastRenewedBy` `paymentStatus` `paymentStatusUpdatedAt` `ownerId` `stripeSubscriptionId` `amount` `companyId` `paymentConfirmation` Properties that are indexed in Elastic Search will be searchable via the Elastic Search API. While all properties are stored in the elastic search index of the data object, only those marked for Elastic Search indexing will be available for search queries. ### Database Indexing `activationDate` `expiryDate` `status` `paymentStatus` `ownerId` `stripeSubscriptionId` `companyId` `paymentConfirmation` Properties that are indexed in the database will be optimized for query performance, allowing for faster data retrieval. Make a property indexed in the database if you want to use it frequently in query filters or sorting. ### Secondary Key Properties `companyId` `paymentConfirmation` Secondary key properties are used to create an additional indexed identifiers for the data object, allowing for alternative access patterns. Different than normal indexed properties, secondary keys will act as primary keys and Mindbricks will provide automatic secondary key db utility functions to access the data object by the secondary key. ### Relation Properties `lastRenewedBy` `ownerId` Mindbricks supports relations between data objects, allowing you to define how objects are linked together. You can define relations in the data object properties, which will be used to create foreign key constraints in the database. For complex joins operations, Mindbricks supportsa BFF pattern, where you can view dynamic and static views based on Elastic Search Indexes. Use db level relations for simple one-to-one or one-to-many relationships, and use BFF views for complex joins that require multiple data objects to be joined together. - **lastRenewedBy**: ID Relation to `user`.id The target object is a sibling object, meaning that the relation is a many-to-one or one-to-one relationship from this object to the target. On Delete: Set Null Required: No - **ownerId**: ID Relation to `user`.id The target object is a sibling object, meaning that the relation is a many-to-one or one-to-one relationship from this object to the target. On Delete: Set Null Required: Yes ### CustomData-sourced Properties `paymentStatus` `amount` `paymentConfirmation` These properties have `source: 'customData'` — every create/update API on this data object declares the value via `apiOptions.dataClauseSettings.customData[]`. Refer to the per-API documentation for the concrete value each API writes. ### Filter Properties `activationDate` `expiryDate` `status` `paymentStatus` `companyId` `paymentConfirmation` Filter properties are used to define parameters that can be used in query filters, allowing for dynamic data retrieval based on user input or predefined criteria. These properties are automatically mapped as API parameters in the listing API's that have "Auto Params" enabled. - **activationDate**: Date has a filter named `activationDate` - **expiryDate**: Date has a filter named `expiryDate` - **status**: Enum has a filter named `status` - **paymentStatus**: Enum has a filter named `paymentStatus` - **companyId**: ID has a filter named `companyId` - **paymentConfirmation**: Enum has a filter named `paymentConfirmation` ## sys_companySubscriptionPayment Data Object ### Object Overview **Description:** A payment storage object to store the payment life cyle of orders based on companySubscription object. It is autocreated based on the source object's checkout config This object represents a core data structure within the service and acts as the blueprint for database interaction, API generation, and business logic enforcement. It is defined using the `ObjectSettings` pattern, which governs its behavior, access control, caching strategy, and integration points with other systems such as Stripe and Redis. ### Core Configuration - **Soft Delete:** Enabled — Determines whether records are marked inactive (`isActive = false`) instead of being physically deleted. - **Public Access:** accessPrivate — If enabled, anonymous users may access this object’s data depending on API-level rules. - **Tenant-Level Scope:** Yes — Enables data isolation per tenant by attaching a tenant ID field. ### Properties Schema | Property | Type | Required | Description | |----------|------|----------|-------------| | `ownerId` | ID | No | An ID value to represent owner user who created the order | | `orderId` | ID | Yes | an ID value to represent the orderId which is the ID parameter of the source companySubscription object | | `paymentId` | String | Yes | A String value to represent the paymentId which is generated on the Stripe gateway. This id may represent different objects due to the payment gateway and the chosen flow type | | `paymentStatus` | String | Yes | A string value to represent the payment status which belongs to the lifecyle of a Stripe payment. | | `statusLiteral` | String | Yes | A string value to represent the logical payment status which belongs to the application lifecycle itself. | | `redirectUrl` | String | No | A string value to represent return page of the frontend to show the result of the payment, this is used when the callback is made to server not the client. | | `companyId` | ID | Yes | An ID value to represent the tenant id of the company | * Required properties are mandatory for creating objects and must be provided in the request body if no default value is set. * Properties marked `Type[] (array)` MUST be sent as a JSON array (e.g. `["a","b"]`), even when only one value is present (`["a"]`). Sending a bare scalar fails validation. ### Default Values Default values are automatically assigned to properties when a new object is created, if no value is provided in the request body. Since default values are applied on db level, they should be literal values, not expressions.If you want to use expressions, you can use transposed parameters in any business API to set default values dynamically. - **orderId**: '00000000-0000-0000-0000-000000000000' - **paymentId**: 'default' - **paymentStatus**: 'default' - **statusLiteral**: started - **companyId**: 00000000-0000-0000-0000-000000000000 ### Constant Properties `orderId` `companyId` Constant properties are defined to be immutable after creation, meaning they cannot be updated or changed once set. They are typically used for properties that should remain constant throughout the object's lifecycle. A property is set to be constant if the `Allow Update` option is set to `false`. ### Auto Update Properties `ownerId` `orderId` `paymentId` `paymentStatus` `statusLiteral` `redirectUrl` An update crud API created with the option `Auto Params` enabled will automatically update these properties with the provided values in the request body. If you want to update any property in your own business logic not by user input, you can set the `Allow Auto Update` option to false. These properties will be added to the update API's body parameters and can be updated by the user if any value is provided in the request body. ### Elastic Search Indexing `ownerId` `orderId` `paymentId` `paymentStatus` `statusLiteral` `redirectUrl` `companyId` Properties that are indexed in Elastic Search will be searchable via the Elastic Search API. While all properties are stored in the elastic search index of the data object, only those marked for Elastic Search indexing will be available for search queries. ### Database Indexing `ownerId` `orderId` `paymentId` `paymentStatus` `statusLiteral` `redirectUrl` `companyId` Properties that are indexed in the database will be optimized for query performance, allowing for faster data retrieval. Make a property indexed in the database if you want to use it frequently in query filters or sorting. ### Unique Properties `orderId` Unique properties are enforced to have distinct values across all instances of the data object, preventing duplicate entries. Note that a unique property is automatically indexed in the database so you will not need to set the `Indexed in DB` option. ### Secondary Key Properties `orderId` `companyId` Secondary key properties are used to create an additional indexed identifiers for the data object, allowing for alternative access patterns. Different than normal indexed properties, secondary keys will act as primary keys and Mindbricks will provide automatic secondary key db utility functions to access the data object by the secondary key. ### Session-sourced Properties `ownerId` These properties have `source: 'session'` — their values are read from the authenticated session at create/update time and cannot be supplied in the request body. - **ownerId**: ID property will be mapped to the session parameter `userId`. This property is the data object's ownership field, used by ownership-based access control. ### CustomData-sourced Properties `statusLiteral` These properties have `source: 'customData'` — every create/update API on this data object declares the value via `apiOptions.dataClauseSettings.customData[]`. Refer to the per-API documentation for the concrete value each API writes. ### Filter Properties `ownerId` `orderId` `paymentId` `paymentStatus` `statusLiteral` `redirectUrl` `companyId` Filter properties are used to define parameters that can be used in query filters, allowing for dynamic data retrieval based on user input or predefined criteria. These properties are automatically mapped as API parameters in the listing API's that have "Auto Params" enabled. - **ownerId**: ID has a filter named `ownerId` - **orderId**: ID has a filter named `orderId` - **paymentId**: String has a filter named `paymentId` - **paymentStatus**: String has a filter named `paymentStatus` - **statusLiteral**: String has a filter named `statusLiteral` - **redirectUrl**: String has a filter named `redirectUrl` - **companyId**: ID has a filter named `companyId` ## sys_paymentCustomer Data Object ### Object Overview **Description:** A payment storage object to store the customer values of the payment platform This object represents a core data structure within the service and acts as the blueprint for database interaction, API generation, and business logic enforcement. It is defined using the `ObjectSettings` pattern, which governs its behavior, access control, caching strategy, and integration points with other systems such as Stripe and Redis. ### Core Configuration - **Soft Delete:** Enabled — Determines whether records are marked inactive (`isActive = false`) instead of being physically deleted. - **Public Access:** accessPrivate — If enabled, anonymous users may access this object’s data depending on API-level rules. - **Tenant-Level Scope:** Yes — Enables data isolation per tenant by attaching a tenant ID field. ### Properties Schema | Property | Type | Required | Description | |----------|------|----------|-------------| | `userId` | ID | No | An ID value to represent the user who is created as a stripe customer | | `customerId` | String | Yes | A string value to represent the customer id which is generated on the Stripe gateway. This id is used to represent the customer in the Stripe gateway | | `platform` | String | Yes | A String value to represent payment platform which is used to make the payment. It is stripe as default. It will be used to distinguesh the payment gateways in the future. | | `companyId` | ID | Yes | An ID value to represent the tenant id of the company | * Required properties are mandatory for creating objects and must be provided in the request body if no default value is set. * Properties marked `Type[] (array)` MUST be sent as a JSON array (e.g. `["a","b"]`), even when only one value is present (`["a"]`). Sending a bare scalar fails validation. ### Default Values Default values are automatically assigned to properties when a new object is created, if no value is provided in the request body. Since default values are applied on db level, they should be literal values, not expressions.If you want to use expressions, you can use transposed parameters in any business API to set default values dynamically. - **customerId**: 'default' - **platform**: stripe - **companyId**: 00000000-0000-0000-0000-000000000000 ### Constant Properties `customerId` `platform` `companyId` Constant properties are defined to be immutable after creation, meaning they cannot be updated or changed once set. They are typically used for properties that should remain constant throughout the object's lifecycle. A property is set to be constant if the `Allow Update` option is set to `false`. ### Auto Update Properties `userId` `customerId` `platform` An update crud API created with the option `Auto Params` enabled will automatically update these properties with the provided values in the request body. If you want to update any property in your own business logic not by user input, you can set the `Allow Auto Update` option to false. These properties will be added to the update API's body parameters and can be updated by the user if any value is provided in the request body. ### Elastic Search Indexing `userId` `customerId` `platform` `companyId` Properties that are indexed in Elastic Search will be searchable via the Elastic Search API. While all properties are stored in the elastic search index of the data object, only those marked for Elastic Search indexing will be available for search queries. ### Database Indexing `userId` `customerId` `platform` `companyId` Properties that are indexed in the database will be optimized for query performance, allowing for faster data retrieval. Make a property indexed in the database if you want to use it frequently in query filters or sorting. ### Unique Properties `userId` `customerId` Unique properties are enforced to have distinct values across all instances of the data object, preventing duplicate entries. Note that a unique property is automatically indexed in the database so you will not need to set the `Indexed in DB` option. ### Secondary Key Properties `userId` `customerId` `companyId` Secondary key properties are used to create an additional indexed identifiers for the data object, allowing for alternative access patterns. Different than normal indexed properties, secondary keys will act as primary keys and Mindbricks will provide automatic secondary key db utility functions to access the data object by the secondary key. ### Session-sourced Properties `userId` These properties have `source: 'session'` — their values are read from the authenticated session at create/update time and cannot be supplied in the request body. - **userId**: ID property will be mapped to the session parameter `userId`. This property is the data object's ownership field, used by ownership-based access control. ### Filter Properties `userId` `customerId` `platform` `companyId` Filter properties are used to define parameters that can be used in query filters, allowing for dynamic data retrieval based on user input or predefined criteria. These properties are automatically mapped as API parameters in the listing API's that have "Auto Params" enabled. - **userId**: ID has a filter named `userId` - **customerId**: String has a filter named `customerId` - **platform**: String has a filter named `platform` - **companyId**: ID has a filter named `companyId` ## sys_paymentMethod Data Object ### Object Overview **Description:** A payment storage object to store the payment methods of the platform customers This object represents a core data structure within the service and acts as the blueprint for database interaction, API generation, and business logic enforcement. It is defined using the `ObjectSettings` pattern, which governs its behavior, access control, caching strategy, and integration points with other systems such as Stripe and Redis. ### Core Configuration - **Soft Delete:** Enabled — Determines whether records are marked inactive (`isActive = false`) instead of being physically deleted. - **Public Access:** accessPrivate — If enabled, anonymous users may access this object’s data depending on API-level rules. - **Tenant-Level Scope:** Yes — Enables data isolation per tenant by attaching a tenant ID field. ### Properties Schema | Property | Type | Required | Description | |----------|------|----------|-------------| | `paymentMethodId` | String | Yes | A string value to represent the id of the payment method on the payment platform. | | `userId` | ID | Yes | An ID value to represent the user who owns the payment method | | `customerId` | String | Yes | A string value to represent the customer id which is generated on the payment gateway. | | `cardHolderName` | String | No | A string value to represent the name of the card holder. It can be different than the registered customer. | | `cardHolderZip` | String | No | A string value to represent the zip code of the card holder. It is used for address verification in specific countries. | | `platform` | String | Yes | A String value to represent payment platform which teh paymentMethod belongs. It is stripe as default. It will be used to distinguesh the payment gateways in the future. | | `cardInfo` | Object | Yes | A Json value to store the card details of the payment method. | | `companyId` | ID | Yes | An ID value to represent the tenant id of the company | * Required properties are mandatory for creating objects and must be provided in the request body if no default value is set. * Properties marked `Type[] (array)` MUST be sent as a JSON array (e.g. `["a","b"]`), even when only one value is present (`["a"]`). Sending a bare scalar fails validation. ### Default Values Default values are automatically assigned to properties when a new object is created, if no value is provided in the request body. Since default values are applied on db level, they should be literal values, not expressions.If you want to use expressions, you can use transposed parameters in any business API to set default values dynamically. - **paymentMethodId**: 'default' - **userId**: '00000000-0000-0000-0000-000000000000' - **customerId**: 'default' - **platform**: stripe - **cardInfo**: {} - **companyId**: 00000000-0000-0000-0000-000000000000 ### Constant Properties `paymentMethodId` `userId` `customerId` `cardHolderName` `cardHolderZip` `platform` `companyId` Constant properties are defined to be immutable after creation, meaning they cannot be updated or changed once set. They are typically used for properties that should remain constant throughout the object's lifecycle. A property is set to be constant if the `Allow Update` option is set to `false`. ### Auto Update Properties `paymentMethodId` `userId` `customerId` `cardHolderName` `cardHolderZip` `platform` `cardInfo` An update crud API created with the option `Auto Params` enabled will automatically update these properties with the provided values in the request body. If you want to update any property in your own business logic not by user input, you can set the `Allow Auto Update` option to false. These properties will be added to the update API's body parameters and can be updated by the user if any value is provided in the request body. ### Elastic Search Indexing `paymentMethodId` `userId` `customerId` `cardHolderName` `cardHolderZip` `platform` `cardInfo` `companyId` Properties that are indexed in Elastic Search will be searchable via the Elastic Search API. While all properties are stored in the elastic search index of the data object, only those marked for Elastic Search indexing will be available for search queries. ### Database Indexing `paymentMethodId` `userId` `customerId` `platform` `cardInfo` `companyId` Properties that are indexed in the database will be optimized for query performance, allowing for faster data retrieval. Make a property indexed in the database if you want to use it frequently in query filters or sorting. ### Unique Properties `paymentMethodId` Unique properties are enforced to have distinct values across all instances of the data object, preventing duplicate entries. Note that a unique property is automatically indexed in the database so you will not need to set the `Indexed in DB` option. ### Secondary Key Properties `paymentMethodId` `userId` `customerId` `companyId` Secondary key properties are used to create an additional indexed identifiers for the data object, allowing for alternative access patterns. Different than normal indexed properties, secondary keys will act as primary keys and Mindbricks will provide automatic secondary key db utility functions to access the data object by the secondary key. ### Session-sourced Properties `userId` These properties have `source: 'session'` — their values are read from the authenticated session at create/update time and cannot be supplied in the request body. - **userId**: ID property will be mapped to the session parameter `userId`. This property is the data object's ownership field, used by ownership-based access control. ### Filter Properties `paymentMethodId` `userId` `customerId` `cardHolderName` `cardHolderZip` `platform` `cardInfo` `companyId` Filter properties are used to define parameters that can be used in query filters, allowing for dynamic data retrieval based on user input or predefined criteria. These properties are automatically mapped as API parameters in the listing API's that have "Auto Params" enabled. - **paymentMethodId**: String has a filter named `paymentMethodId` - **userId**: ID has a filter named `userId` - **customerId**: String has a filter named `customerId` - **cardHolderName**: String has a filter named `cardHolderName` - **cardHolderZip**: String has a filter named `cardHolderZip` - **platform**: String has a filter named `platform` - **cardInfo**: Object has a filter named `cardInfo` - **companyId**: ID has a filter named `companyId` ## Business Logic subscriptionManagement has got 19 Business APIs to manage its internal and crud logic. For the details of each business API refer to its chapter. * [Create Companysubscription](/businessLogic/createcompanysubscription) * [Update Companysubscription](/businessLogic/updatecompanysubscription) * [Get Companysubscription](/businessLogic/getcompanysubscription) * [List Companysubscriptions](/businessLogic/listcompanysubscriptions) * [Delete Companysubscription](/businessLogic/deletecompanysubscription) * [Cancel Companysubscription](/businessLogic/cancelcompanysubscription) * [Get Companysubscriptionpayment](/businessLogic/getcompanysubscriptionpayment) * [List Companysubscriptionpayments](/businessLogic/listcompanysubscriptionpayments) * [Create Companysubscriptionpayment](/businessLogic/createcompanysubscriptionpayment) * [Update Companysubscriptionpayment](/businessLogic/updatecompanysubscriptionpayment) * [Delete Companysubscriptionpayment](/businessLogic/deletecompanysubscriptionpayment) * [Get Companysubscriptionpaymentbyorderid](/businessLogic/getcompanysubscriptionpaymentbyorderid) * [Get Companysubscriptionpaymentbypaymentid](/businessLogic/getcompanysubscriptionpaymentbypaymentid) * [Start Companysubscriptionpayment](/businessLogic/startcompanysubscriptionpayment) * [Refresh Companysubscriptionpayment](/businessLogic/refreshcompanysubscriptionpayment) * [Callback Companysubscriptionpayment](/businessLogic/callbackcompanysubscriptionpayment) * [Get Paymentcustomerbyuserid](/businessLogic/getpaymentcustomerbyuserid) * [List Paymentcustomers](/businessLogic/listpaymentcustomers) * [List Paymentcustomermethods](/businessLogic/listpaymentcustomermethods) ## Edge Controllers ### handlePaymentSuccess **Configuration:** - **Function Name**: `handlePaymentSuccess` - **Login Required**: No **REST Settings:** - **Path**: `` - **Method**: --- ### deletePaymentMethod **Configuration:** - **Function Name**: `deletePaymentMethod` - **Login Required**: Yes **REST Settings:** - **Path**: `/payment-methods/delete/:paymentMethodId` - **Method**: --- ### onSubscriptionPaymentDone **Configuration:** - **Function Name**: `onSubscriptionPaymentDone` - **Login Required**: No **REST Settings:** - **Path**: `` - **Method**: --- ## Service Library ### Functions #### subscriptionCheckNoActive.js ```js const db = require("dbLayer"); module.exports = async function subscriptionCheckNoActive(companyId) { if (!companyId) throw new Error("companyId is required"); // Check if company already has an active or pending (awaiting payment) subscription const existing = await db.getCompanySubscriptionListByMQuery({ companyId, status: { $in: ['active', 'pending'] }, isActive: true }); if (existing && existing.length > 0) { throw new Error('An active or pending subscription already exists for this company. Cancel the existing one first.'); } return true; }; ``` #### subscriptionValidateUpdate.js ```js // DEPRECATED: No longer used. Subscription updates are now restricted to superAdmin/saasAdmin only. module.exports = async function subscriptionValidateUpdate() { return true; }; ``` ### Edge Functions #### onSubscriptionPaymentDone.js ```js const db = require("dbLayer"); module.exports = async (request) => { // This edge function is triggered by Stripe after successful payment. // The request contains the companySubscription order data. const subscription = request.companySubscription; console.log('onSubscriptionPaymentDone: Called with subscription:', JSON.stringify(subscription, null, 2)); if (!subscription || !subscription.id) { console.error('onSubscriptionPaymentDone: No subscription data in request'); return; } // Check payment status - check both paymentStatus and paymentConfirmation fields const paymentStatus = subscription.paymentStatus || subscription.paymentConfirmation; console.log('onSubscriptionPaymentDone: Payment status found:', paymentStatus); if (paymentStatus !== 'paid') { console.log('onSubscriptionPaymentDone: Payment status is not paid, skipping activation. Status:', paymentStatus); return; } const now = new Date(); const expiryDate = new Date(now.getTime() + 30 * 24 * 60 * 60 * 1000); // 30 days from now try { console.log('onSubscriptionPaymentDone: Activating subscription', subscription.id); const updateData = { status: 'active', activationDate: now, expiryDate: expiryDate, subscribedFeatures: ['aiInsights', 'aiWorkforceAnalytics'] }; console.log('onSubscriptionPaymentDone: Update data:', JSON.stringify(updateData, null, 2)); const result = await db.updateCompanySubscriptionById(subscription.id, updateData); console.log('onSubscriptionPaymentDone: Subscription activated successfully. Result:', JSON.stringify(result, null, 2)); console.log('onSubscriptionPaymentDone: Subscription activated for company', subscription.companyId, 'until', expiryDate); } catch (err) { console.error('onSubscriptionPaymentDone: Failed to activate subscription', err); console.error('onSubscriptionPaymentDone: Error stack:', err.stack); } }; ``` #### handlePaymentSuccess.js ```js module.exports = async (eventPayload) => { const { paymentData, companySubscription } = eventPayload; console.log('[handlePaymentSuccess] Received payment success event:', JSON.stringify({ subscriptionId: companySubscription?.id, paymentStatus: paymentData?.status, paymentId: paymentData?.paymentId })); if (!companySubscription || !companySubscription.id) { console.error('[handlePaymentSuccess] No subscription ID in event payload'); return { success: false, error: 'No subscription ID' }; } try { // Update subscription status to active using M2M API const db = require('dbLayer'); const updateResult = await db.updateCompanySubscriptionById( companySubscription.id, { status: 'active', paymentStatus: 'paid', paymentConfirmation: 'paid', paymentStatusUpdatedAt: new Date() } ); console.log('[handlePaymentSuccess] Subscription updated successfully:', { subscriptionId: companySubscription.id, updateResult }); return { success: true, message: 'Subscription activated', subscriptionId: companySubscription.id }; } catch (error) { console.error('[handlePaymentSuccess] Error updating subscription:', error.message); return { success: false, error: error.message }; } }; ``` #### deletePaymentMethod.js ```js const db = require("dbLayer"); const { getIntegrationClient } = require("integrations"); module.exports = async (context) => { const { paymentMethodId } = context.params; const userId = context.session.userId; const companyId = context.session.companyId; try { // Find the payment method in local DB by LOCAL ID (UUID) const paymentMethod = await db.getSys_paymentMethodById(paymentMethodId); if (!paymentMethod) { const error = new Error("Payment method not found"); error.status = 404; throw error; } // Verify ownership if ( paymentMethod.userId !== userId || paymentMethod.companyId !== companyId ) { const error = new Error("Payment method not owned by user"); error.status = 403; throw error; } // Get Stripe client from integrations const stripe = await getIntegrationClient("stripe"); // Detach from Stripe using the Stripe paymentMethodId await stripe.paymentMethods.detach(paymentMethod.paymentMethodId); // Delete from local DB await db.deleteSys_paymentMethodById(paymentMethodId); return { result: "OK", message: "Payment method deleted successfully", deletedPaymentMethodId: paymentMethodId, }; } catch (error) { console.error("Error deleting payment method:", error); throw error; } }; ``` --- *This document was generated from the service architecture definition and should be kept in sync with implementation changes.*