dwindown/dewemoji
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a90525635377d22da20a12dbcc89f85b02b2370b
dewemoji/app/dewemoji-billing-integration-plan.md
Dwindi Ramadhana a905256353 Update pricing UX, billing flows, and API rules
2026-02-12 00:52:40 +07:00

4.9 KiB
Raw Blame History

Dewemoji Billing Integration Plan (QRIS + PayPal)

This document outlines a proper, production-grade billing flow for Dewemoji using QRIS (Pakasir) and PayPal Subscriptions, including webhooks, retries, and license activation.

1) Goals

  • Replace primitive payment links with real provider integrations.
  • Support subscription billing (monthly/annual) and one-time lifetime.
  • Activate or revoke licenses based on webhook-confirmed payments.
  • Log all webhook events and payment activity for audit.

2) Data Model

orders (new)

Acts as the primary record of what the user is buying. Payments link back to orders.

  • id
  • user_id
  • plan_code
  • type (one_time, subscription)
  • currency (IDR, USD)
  • amount
  • status (pending, paid, failed, expired, refunded)
  • provider (qris, paypal)
  • provider_ref
  • created_at, updated_at

payments (new)

  • id
  • user_id
  • order_id
  • provider (qris, paypal)
  • type (one_time, subscription)
  • plan_code (personal_monthly, personal_annual, personal_lifetime)
  • currency (IDR, USD)
  • amount
  • status (pending, paid, failed, expired, refunded)
  • provider_ref (invoice_id / order_id / subscription_id)
  • raw_payload (json)
  • created_at, updated_at

subscriptions (existing)

Extend with:

  • provider
  • provider_ref
  • status (active, pending, canceled, expired)
  • started_at, expires_at, canceled_at
  • next_renewal_at (optional)

webhook_events (existing)

Continue to log inbound payloads and processing status:

  • provider, event_type, status, payload, received_at, processed_at, error_message

3) Payment Flow (User Journey)

Pricing Page (Frontend)

Each plan shows:

  • Primary currency (based on geo + user toggle)
  • Two payment buttons (real provider flow):
    • QRIS (IDR) → subscription or one-time
    • PayPal (USD) → subscription or one-time

Backend Endpoints

QRIS (Pakasir)

  • POST /billing/qris/create
    • Creates invoice via Pakasir API
    • Stores payments with pending
    • Returns QR payment URL or QR code data
  • GET /billing/qris/return (optional)
    • Shows “pending / processing” state

PayPal Subscriptions

  • POST /billing/paypal/create
    • Creates PayPal subscription
    • Stores payments with pending
    • Returns approval URL
  • GET /billing/paypal/return
    • Shows “pending / processing” state

4) Webhook Processing (Critical)

Webhook endpoint:

POST /webhooks/{provider}

Store inbound payloads in webhook_events, then process async (queue).

PayPal Events

  • BILLING.SUBSCRIPTION.ACTIVATED → mark subscription active, set users.tier = personal
  • BILLING.SUBSCRIPTION.CANCELLED → mark subscription canceled
  • PAYMENT.SALE.COMPLETED → mark payment paid
  • PAYMENT.SALE.DENIED → mark payment failed

Pakasir / QRIS Events

  • payment.paid → mark payment paid, grant access
  • payment.expired → mark payment failed/expired

5) License Activation Rules

When a payment or subscription is confirmed:

  • Create or update a subscriptions record
  • Set users.tier = personal
  • Store provider refs (provider_ref)
  • Log admin audit record

When revoked/expired:

  • Update subscriptions.status
  • Downgrade user if no active subscription remains

Renewal Logic (QRIS manual renew)

  • If still active: extend from current expires_at
    • expires_at = expires_at + duration
  • If expired: start from now
    • expires_at = now + duration

6) Admin Dashboard Enhancements

Add or extend:

  • Payments list (new screen)
    • filter by provider/status/currency
    • show raw provider ref
  • Subscriptions list (already exists)
    • show provider + status
  • Webhook events (already exists)
    • replay capability

7) Security & Reliability

  • Validate webhook signatures (PayPal + Pakasir)
  • Reject duplicate events (idempotency)
  • Use queues for webhook processing
  • Log all webhook failures

8) Required Inputs (From Owner)

Before implementation:

  1. Pakasir API docs (create invoice, webhook payload format)
  2. PayPal API credentials (client_id, secret, webhook signing key)
  3. Confirm plans & pricing:
    • Monthly
    • Annual
    • Lifetime

9) Implementation Phases

Phase 1 — Schema + Core Models

  • Add orders table
  • Add payments table (link to orders)
  • Extend subscriptions
  • Update webhook model if needed

Phase 2 — Provider APIs

  • Pakasir invoice create
  • PayPal subscription create

Phase 3 — Webhooks

  • Save raw events
  • Process via queue + idempotency

Phase 4 — UI

  • Pricing page buttons → real flows
  • Admin payment + subscription tools

10) Notes

  • This plan assumes proper subscription lifecycle with webhooks.
  • PayPal.me / static links are not sufficient for subscriptions.
  • All access control must be tied to confirmed payment status.
Reference in New Issue View Git Blame Copy Permalink