From 16ba17895939232303fe84306adbde5578a6b823 Mon Sep 17 00:00:00 2001
From: Bilal Godil <bg2002@gmail.com>
Date: Mon, 16 Feb 2026 11:53:19 -0800
Subject: [PATCH] inline product cancelling

---
 .../[customer_id]/[product_id]/route.ts       |  97 +++++++++------
 .../[customer_type]/[customer_id]/route.ts    |   1 +
 apps/backend/src/lib/payments.tsx             |   4 +-
 .../api/v1/payments/products.test.ts          | 112 +++++++++++++++++-
 .../src/interface/client-interface.ts         |   9 +-
 .../src/interface/crud/products.ts            |   1 +
 .../payments/payments-panel.tsx               |  22 ++--
 .../apps/implementations/client-app-impl.ts   |   4 +-
 .../stack-app/apps/interfaces/client-app.ts   |   2 +-
 .../src/lib/stack-app/customers/index.ts      |   1 +
 10 files changed, 198 insertions(+), 55 deletions(-)

diff --git a/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/[product_id]/route.ts b/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/[product_id]/route.ts
index 635d23ca5c..31a1b33c41 100644
--- a/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/[product_id]/route.ts
+++ b/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/[product_id]/route.ts
@@ -25,6 +25,9 @@ export const DELETE = createSmartRouteHandler({
       customer_id: yupString().defined(),
       product_id: yupString().defined(),
     }).defined(),
+    query: yupObject({
+      subscription_id: yupString().optional(),
+    }).default(() => ({})).defined(),
   }),
   response: yupObject({
     statusCode: yupNumber().oneOf([200]).defined(),
@@ -33,7 +36,7 @@ export const DELETE = createSmartRouteHandler({
       success: yupBoolean().oneOf([true]).defined(),
     }).defined(),
   }),
-  handler: async ({ auth, params }, fullReq) => {
+  handler: async ({ auth, params, query }, fullReq) => {
     if (auth.type === "client") {
       const currentUser = fullReq.auth?.user;
       if (!currentUser) {
@@ -59,49 +62,67 @@ export const DELETE = createSmartRouteHandler({
     }
 
     const prisma = await getPrismaClientForTenancy(auth.tenancy);
-    const product = await ensureProductIdOrInlineProduct(auth.tenancy, auth.type, params.product_id, undefined);
-    if (params.customer_type !== product.customerType) {
-      throw new KnownErrors.ProductCustomerTypeDoesNotMatch(
-        params.product_id,
-        params.customer_id,
-        product.customerType,
-        params.customer_type,
-      );
-    }
 
-    const ownedProducts = await getOwnedProductsForCustomer({
-      prisma,
-      tenancy: auth.tenancy,
-      customerType: params.customer_type,
-      customerId: params.customer_id,
-    });
-    const ownedProductsForProduct = ownedProducts.filter((p) => p.id === params.product_id);
-    if (ownedProductsForProduct.length === 0) {
-      throw new StatusError(400, "Customer does not have this product.");
-    }
-    if (ownedProductsForProduct.some((product) => product.type === "one_time")) {
-      throw new StatusError(400, "This product is a one time purchase and cannot be canceled.");
-    }
+    let subscriptions;
+    if (query.subscription_id) {
+      // Cancel by subscription DB ID (used for inline products that have no product_id)
+      subscriptions = await prisma.subscription.findMany({
+        where: {
+          tenancyId: auth.tenancy.id,
+          id: query.subscription_id,
+          customerType: typedToUppercase(params.customer_type),
+          customerId: params.customer_id,
+          status: { in: [SubscriptionStatus.active, SubscriptionStatus.trialing] },
+        },
+      });
+      if (subscriptions.length === 0) {
+        throw new StatusError(400, "No active subscription found with this ID for the given customer.");
+      }
+    } else {
+      const product = await ensureProductIdOrInlineProduct(auth.tenancy, auth.type, params.product_id, undefined);
+      if (params.customer_type !== product.customerType) {
+        throw new KnownErrors.ProductCustomerTypeDoesNotMatch(
+          params.product_id,
+          params.customer_id,
+          product.customerType,
+          params.customer_type,
+        );
+      }
 
-    const subscriptions = await prisma.subscription.findMany({
-      where: {
-        tenancyId: auth.tenancy.id,
-        customerType: typedToUppercase(params.customer_type),
+      const ownedProducts = await getOwnedProductsForCustomer({
+        prisma,
+        tenancy: auth.tenancy,
+        customerType: params.customer_type,
         customerId: params.customer_id,
-        productId: params.product_id,
-        status: { in: [SubscriptionStatus.active, SubscriptionStatus.trialing] },
-      },
-    });
-    if (subscriptions.length === 0) {
-      captureError("cancel-subscription-missing", new StackAssertionError(
-        "Owned subscription product missing active/trialing subscription record.",
-        {
-          customerType: params.customer_type,
+      });
+      const ownedProductsForProduct = ownedProducts.filter((p) => p.id === params.product_id);
+      if (ownedProductsForProduct.length === 0) {
+        throw new StatusError(400, "Customer does not have this product.");
+      }
+      if (ownedProductsForProduct.some((product) => product.type === "one_time")) {
+        throw new StatusError(400, "This product is a one time purchase and cannot be canceled.");
+      }
+
+      subscriptions = await prisma.subscription.findMany({
+        where: {
+          tenancyId: auth.tenancy.id,
+          customerType: typedToUppercase(params.customer_type),
           customerId: params.customer_id,
           productId: params.product_id,
+          status: { in: [SubscriptionStatus.active, SubscriptionStatus.trialing] },
         },
-      ));
-      throw new StatusError(400, "This subscription cannot be canceled.");
+      });
+      if (subscriptions.length === 0) {
+        captureError("cancel-subscription-missing", new StackAssertionError(
+          "Owned subscription product missing active/trialing subscription record.",
+          {
+            customerType: params.customer_type,
+            customerId: params.customer_id,
+            productId: params.product_id,
+          },
+        ));
+        throw new StatusError(400, "This subscription cannot be canceled.");
+      }
     }
 
     const hasStripeSubscription = subscriptions.some((subscription) => subscription.stripeSubscriptionId);
diff --git a/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/route.ts b/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/route.ts
index bb9fb4a0b9..438c6e425b 100644
--- a/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/route.ts
+++ b/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/route.ts
@@ -96,6 +96,7 @@ export const GET = createSmartRouteHandler({
             product: productToInlineProduct(product.product),
             type: product.type,
             subscription: product.subscription ? {
+              subscription_id: product.subscription.subscriptionId,
               current_period_end: product.subscription.currentPeriodEnd ? product.subscription.currentPeriodEnd.toISOString() : null,
               cancel_at_period_end: product.subscription.cancelAtPeriodEnd,
               is_cancelable: product.subscription.isCancelable,
diff --git a/apps/backend/src/lib/payments.tsx b/apps/backend/src/lib/payments.tsx
index f9445ec4fe..4d14b9e23a 100644
--- a/apps/backend/src/lib/payments.tsx
+++ b/apps/backend/src/lib/payments.tsx
@@ -810,6 +810,7 @@ export type OwnedProduct = {
   createdAt: Date,
   sourceId: string,
   subscription: null | {
+    subscriptionId: string | null,
     currentPeriodEnd: Date | null,
     cancelAtPeriodEnd: boolean,
     isCancelable: boolean,
@@ -862,9 +863,10 @@ export async function getOwnedProductsForCustomer(options: {
       createdAt: subscription.createdAt,
       sourceId,
       subscription: {
+        subscriptionId: subscription.id,
         currentPeriodEnd: subscription.currentPeriodEnd,
         cancelAtPeriodEnd: subscription.cancelAtPeriodEnd,
-        isCancelable: subscription.id !== null && subscription.productId !== null,
+        isCancelable: subscription.id !== null,
       },
     });
   }
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/payments/products.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/payments/products.test.ts
index 76af5a6e93..142a38121c 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/payments/products.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/payments/products.test.ts
@@ -132,6 +132,7 @@ it("should grant configured subscription product and expose it via listing", asy
               "cancel_at_period_end": false,
               "current_period_end": <stripped field 'current_period_end'>,
               "is_cancelable": true,
+              "subscription_id": "<stripped UUID>",
             },
             "type": "subscription",
           },
@@ -533,6 +534,7 @@ it("should hide server-only products from clients while exposing them to servers
               "cancel_at_period_end": false,
               "current_period_end": <stripped field 'current_period_end'>,
               "is_cancelable": true,
+              "subscription_id": "<stripped UUID>",
             },
             "type": "subscription",
           },
@@ -670,6 +672,7 @@ it("should allow granting stackable product with custom quantity", async ({ expe
               "cancel_at_period_end": false,
               "current_period_end": <stripped field 'current_period_end'>,
               "is_cancelable": true,
+              "subscription_id": "<stripped UUID>",
             },
             "type": "subscription",
           },
@@ -747,7 +750,8 @@ it("should grant inline product without needing configuration", async ({ expect
             "subscription": {
               "cancel_at_period_end": false,
               "current_period_end": <stripped field 'current_period_end'>,
-              "is_cancelable": false,
+              "is_cancelable": true,
+              "subscription_id": "<stripped UUID>",
             },
             "type": "subscription",
           },
@@ -759,6 +763,110 @@ it("should grant inline product without needing configuration", async ({ expect
   `);
 });
 
+it("should allow canceling an inline product subscription via subscription_id", async ({ expect }) => {
+  await Project.createAndSwitch({ config: { magic_link_enabled: true } });
+  await Payments.setup();
+  const { userId, accessToken, refreshToken } = await Auth.fastSignUp();
+
+  const grantResponse = await niceBackendFetch(`/api/v1/payments/products/user/${userId}`, {
+    method: "POST",
+    accessType: "server",
+    body: {
+      product_inline: {
+        display_name: "Inline Sub",
+        customer_type: "user",
+        server_only: false,
+        prices: {
+          monthly: {
+            USD: "500",
+            interval: [1, "month"],
+          },
+        },
+        included_items: {},
+      },
+    },
+  });
+  expect(grantResponse.status).toBe(200);
+
+  const listResponse = await niceBackendFetch(`/api/v1/payments/products/user/${userId}`, {
+    accessType: "client",
+    userAuth: { accessToken, refreshToken },
+  });
+  expect(listResponse).toMatchInlineSnapshot(`
+    NiceResponse {
+      "status": 200,
+      "body": {
+        "is_paginated": true,
+        "items": [
+          {
+            "id": null,
+            "product": {
+              "client_metadata": null,
+              "client_read_only_metadata": null,
+              "customer_type": "user",
+              "display_name": "Inline Sub",
+              "included_items": {},
+              "prices": {
+                "monthly": {
+                  "USD": "500",
+                  "interval": [
+                    1,
+                    "month",
+                  ],
+                },
+              },
+              "server_metadata": null,
+              "server_only": false,
+              "stackable": false,
+            },
+            "quantity": 1,
+            "subscription": {
+              "cancel_at_period_end": false,
+              "current_period_end": <stripped field 'current_period_end'>,
+              "is_cancelable": true,
+              "subscription_id": "<stripped UUID>",
+            },
+            "type": "subscription",
+          },
+        ],
+        "pagination": { "next_cursor": null },
+      },
+      "headers": Headers { <some fields may have been hidden> },
+    }
+  `);
+  const items = listResponse.body.items;
+
+  const subscriptionId = items[0].subscription.subscription_id;
+  const cancelResponse = await niceBackendFetch(`/api/v1/payments/products/user/${userId}/_inline?subscription_id=${encodeURIComponent(subscriptionId)}`, {
+    method: "DELETE",
+    accessType: "client",
+    userAuth: { accessToken, refreshToken },
+  });
+  expect(cancelResponse).toMatchInlineSnapshot(`
+    NiceResponse {
+      "status": 200,
+      "body": { "success": true },
+      "headers": Headers { <some fields may have been hidden> },
+    }
+  `);
+
+  const afterCancelList = await niceBackendFetch(`/api/v1/payments/products/user/${userId}`, {
+    accessType: "client",
+    userAuth: { accessToken, refreshToken },
+  });
+  expect(afterCancelList).toMatchInlineSnapshot(`
+    NiceResponse {
+      "status": 200,
+      "body": {
+        "is_paginated": true,
+        "items": [],
+        "pagination": { "next_cursor": null },
+      },
+      "headers": Headers { <some fields may have been hidden> },
+    }
+  `);
+});
+
 it("should reject requests missing product details", async ({ expect }) => {
   await Project.createAndSwitch();
   await Payments.setup();
@@ -1055,6 +1163,7 @@ it("listing products should list both subscription and one-time products", async
               "cancel_at_period_end": false,
               "current_period_end": <stripped field 'current_period_end'>,
               "is_cancelable": true,
+              "subscription_id": "<stripped UUID>",
             },
             "type": "subscription",
           },
@@ -1199,6 +1308,7 @@ it("listing products should support cursor pagination", async ({ expect }) => {
               "cancel_at_period_end": false,
               "current_period_end": <stripped field 'current_period_end'>,
               "is_cancelable": true,
+              "subscription_id": "<stripped UUID>",
             },
             "type": "subscription",
           },
diff --git a/packages/stack-shared/src/interface/client-interface.ts b/packages/stack-shared/src/interface/client-interface.ts
index eb21d585eb..b4ab176845 100644
--- a/packages/stack-shared/src/interface/client-interface.ts
+++ b/packages/stack-shared/src/interface/client-interface.ts
@@ -1890,11 +1890,16 @@ export class StackClientInterface {
       customer_type: "user" | "team" | "custom",
       customer_id: string,
       product_id: string,
+      subscription_id?: string,
     },
     session: InternalSession | null,
   ): Promise<void> {
+    const queryParams = new URLSearchParams(filterUndefined({
+      subscription_id: options.subscription_id,
+    }));
+    const path = urlString`/payments/products/${options.customer_type}/${options.customer_id}/${options.product_id}`;
     await this.sendClientRequest(
-      urlString`/payments/products/${options.customer_type}/${options.customer_id}/${options.product_id}`,
+      `${path}${queryParams.toString() ? `?${queryParams.toString()}` : ''}`,
       {
         method: "DELETE",
       },
@@ -1941,7 +1946,7 @@ export class StackClientInterface {
   ): Promise<string> {
     const productBody = typeof productIdOrInline === "string" ?
       { product_id: productIdOrInline } :
-      { inline_product: productIdOrInline };
+      { product_inline: productIdOrInline };
     const sendRequest = (requestType === "client" ? this.sendClientRequest : (this as any).sendServerRequest as never).bind(this);
     const response = await sendRequest(
       "/payments/purchases/create-purchase-url",
diff --git a/packages/stack-shared/src/interface/crud/products.ts b/packages/stack-shared/src/interface/crud/products.ts
index 6d055f9949..4c44438dc1 100644
--- a/packages/stack-shared/src/interface/crud/products.ts
+++ b/packages/stack-shared/src/interface/crud/products.ts
@@ -12,6 +12,7 @@ export const customerProductReadSchema = yupObject({
   product: inlineProductSchema.defined(),
   type: yupString().oneOf(["one_time", "subscription"]).defined(),
   subscription: yupObject({
+    subscription_id: yupString().nullable().defined(),
     current_period_end: yupString().nullable().defined(),
     cancel_at_period_end: yupBoolean().defined(),
     is_cancelable: yupBoolean().defined(),
diff --git a/packages/template/src/components-page/account-settings/payments/payments-panel.tsx b/packages/template/src/components-page/account-settings/payments/payments-panel.tsx
index bd6197ea07..7050ed4ac8 100644
--- a/packages/template/src/components-page/account-settings/payments/payments-panel.tsx
+++ b/packages/template/src/components-page/account-settings/payments/payments-panel.tsx
@@ -96,6 +96,7 @@ type CustomerLike = {
       prices: Record<string, { interval?: [number, "day" | "week" | "month" | "year"] }>,
     }>,
     subscription: null | {
+      subscriptionId: string | null,
       currentPeriodEnd: Date | null,
       cancelAtPeriodEnd: boolean,
       isCancelable: boolean,
@@ -237,7 +238,7 @@ function RealPaymentsPanel(props: { title?: string, customer: CustomerLike, cust
   const [paymentDialogOpen, setPaymentDialogOpen] = useState(false);
   const [setupIntentClientSecret, setSetupIntentClientSecret] = useState<string | null>(null);
   const [setupIntentStripeAccountId, setSetupIntentStripeAccountId] = useState<string | null>(null);
-  const [cancelProductId, setCancelProductId] = useState<string | null>(null);
+  const [cancelTarget, setCancelTarget] = useState<{ productId: string, subscriptionId?: string } | null>(null);
   const [switchFromProductId, setSwitchFromProductId] = useState<string | null>(null);
   const [switchToProductId, setSwitchToProductId] = useState<string | null>(null);
 
@@ -349,10 +350,9 @@ function RealPaymentsPanel(props: { title?: string, customer: CustomerLike, cust
             {productsForCustomerType.map((product, index) => {
               const quantitySuffix = product.quantity !== 1 ? ` ×${product.quantity}` : "";
               const isSubscription = product.type === "subscription";
-              const isCancelable = isSubscription && !!product.id && !!product.subscription?.isCancelable;
+              const isCancelable = isSubscription && !!product.subscription?.isCancelable;
               const canSwitchPlans = isSubscription && defaultPaymentMethod && !!product.id && (product.switchOptions?.length ?? 0) > 0;
               const renewsAt = isSubscription ? (product.subscription?.currentPeriodEnd ?? null) : null;
-
               const subtitle =
                 product.type === "one_time"
                   ? t("One-time purchase")
@@ -381,7 +381,7 @@ function RealPaymentsPanel(props: { title?: string, customer: CustomerLike, cust
                       <Button
                         variant="secondary"
                         color="neutral"
-                        onClick={() => setCancelProductId(product.id)}
+                        onClick={() => setCancelTarget({ productId: product.id ?? "_inline", subscriptionId: product.subscription?.subscriptionId ?? undefined })}
                       >
                         {t("Cancel subscription")}
                       </Button>
@@ -393,9 +393,9 @@ function RealPaymentsPanel(props: { title?: string, customer: CustomerLike, cust
           </div>
 
           <ActionDialog
-            open={cancelProductId !== null}
+            open={cancelTarget !== null}
             onOpenChange={(open) => {
-              if (!open) setCancelProductId(null);
+              if (!open) setCancelTarget(null);
             }}
             title={t("Cancel subscription")}
             description={t("Canceling will stop future renewals for this subscription.")}
@@ -404,14 +404,14 @@ function RealPaymentsPanel(props: { title?: string, customer: CustomerLike, cust
             okButton={{
               label: t("Cancel subscription"),
               onClick: async () => {
-                const productId = cancelProductId;
-                if (!productId) return;
+                if (!cancelTarget) return;
+                const { productId, subscriptionId } = cancelTarget;
                 if (props.customerType === "team") {
-                  await stackApp.cancelSubscription({ teamId: props.customer.id, productId });
+                  await stackApp.cancelSubscription({ teamId: props.customer.id, productId, subscriptionId });
                 } else {
-                  await stackApp.cancelSubscription({ productId });
+                  await stackApp.cancelSubscription({ productId, subscriptionId });
                 }
-                setCancelProductId(null);
+                setCancelTarget(null);
               },
             }}
           />
diff --git a/packages/template/src/lib/stack-app/apps/implementations/client-app-impl.ts b/packages/template/src/lib/stack-app/apps/implementations/client-app-impl.ts
index cf6e703cff..fd65503c3c 100644
--- a/packages/template/src/lib/stack-app/apps/implementations/client-app-impl.ts
+++ b/packages/template/src/lib/stack-app/apps/implementations/client-app-impl.ts
@@ -1195,6 +1195,7 @@ export class _StackClientAppImplIncomplete<HasTokenStore extends boolean, Projec
       stackable: item.product.stackable,
       type: item.type,
       subscription: item.subscription ? {
+        subscriptionId: item.subscription.subscription_id,
         currentPeriodEnd: item.subscription.current_period_end ? new Date(item.subscription.current_period_end) : null,
         cancelAtPeriodEnd: item.subscription.cancel_at_period_end,
         isCancelable: item.subscription.is_cancelable,
@@ -1785,7 +1786,7 @@ export class _StackClientAppImplIncomplete<HasTokenStore extends boolean, Projec
     return this._customerInvoicesFromResponse(response);
   }
 
-  async cancelSubscription(options: { productId: string } | { productId: string, teamId: string }): Promise<void> {
+  async cancelSubscription(options: { productId: string, subscriptionId?: string } | { productId: string, subscriptionId?: string, teamId: string }): Promise<void> {
     const session = await this._getSession();
     const user = await this.getUser();
     if (!user) {
@@ -1797,6 +1798,7 @@ export class _StackClientAppImplIncomplete<HasTokenStore extends boolean, Projec
       customer_type: customerType,
       customer_id: customerId,
       product_id: options.productId,
+      subscription_id: options.subscriptionId,
     }, session);
     if (customerType === "user") {
       await this._userProductsCache.invalidateWhere(([cachedSession, userId]) => cachedSession === session && userId === customerId);
diff --git a/packages/template/src/lib/stack-app/apps/interfaces/client-app.ts b/packages/template/src/lib/stack-app/apps/interfaces/client-app.ts
index 4f89ae2004..c7b3b4f187 100644
--- a/packages/template/src/lib/stack-app/apps/interfaces/client-app.ts
+++ b/packages/template/src/lib/stack-app/apps/interfaces/client-app.ts
@@ -76,7 +76,7 @@ export type StackClientApp<HasTokenStore extends boolean = boolean, ProjectId ex
     getUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'anonymous' }): Promise<ProjectCurrentUser<ProjectId>>,
     getUser(options?: GetCurrentUserOptions<HasTokenStore>): Promise<ProjectCurrentUser<ProjectId> | null>,
 
-    cancelSubscription(options: { productId: string } | { productId: string, teamId: string }): Promise<void>,
+    cancelSubscription(options: { productId: string, subscriptionId?: string } | { productId: string, subscriptionId?: string, teamId: string }): Promise<void>,
 
     // note: we don't special-case 'anonymous' here to return non-null, see GetPartialUserOptions for more details
     getPartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & { from: 'token' }): Promise<TokenPartialUser | null>,
diff --git a/packages/template/src/lib/stack-app/customers/index.ts b/packages/template/src/lib/stack-app/customers/index.ts
index e9bac1e167..1fe1d8124a 100644
--- a/packages/template/src/lib/stack-app/customers/index.ts
+++ b/packages/template/src/lib/stack-app/customers/index.ts
@@ -41,6 +41,7 @@ export type CustomerProduct = {
   stackable: boolean,
   type: "one_time" | "subscription",
   subscription: null | {
+    subscriptionId: string | null,
     currentPeriodEnd: Date | null,
     cancelAtPeriodEnd: boolean,
     isCancelable: boolean,