Comment by ayushrodrigues
1 day ago
Yes you're right -- payments can definitely be done without webhooks, but it is typically all controlled server-side. Especially things like upgrade and downgrade flows, as they involve automatically charging a user's card.
What we were exploring is whether there's a way to do this securely from the frontend (eg on a pricing page) without needing to open up backend routes.
You're also correct that our niche is trying to control feature permissions, so that we can decouple pricing logic from an application (which makes it easier to handle pricing changes, custom plans etc). We are moving more towards a solution that just uses the JWTs to handle this instead of a customer_id.
I've made solutions before that a product can have many permissions, a product can have many prices, and a product can also be a bundle of products. The products service does the heavy lifting by having systems to determine things like addons (If have Product1 that gives Permission1, you can purchase Product43 as an Addon to give Permission2).
This will not give you clean easy to understand reporting if you make bundles willy-nilly (N product line makes $ dollars, if bundled products exist), but to me, it gives accurate data that matches up with the pricing complexity that the business is designing.
The browser allows JavaScript to be modified. Therefore, you can never trust the client side. You can’t put “trust” there.