Verify Payment and Activate Subscription
Subscriptions
Verify Payment and Activate Subscription
Verify Razorpay payment signature and activate user subscription
POST
Verify Payment and Activate Subscription
This endpoint verifies the Razorpay payment signature using HMAC-SHA256, creates a project, and activates the user’s subscription with automated expiry notifications.
Implementation details in
See implementation in
See
Authentication
Requires JWT authentication via theverifyJWT middleware.
Request Body
The payment ID returned by Razorpay after successful payment
The order ID created in the init endpoint
The signature generated by Razorpay to verify payment authenticity
Signature Verification
The endpoint verifies payment authenticity using HMAC-SHA256:verify.controller.js:20.
Subscription Duration
The subscription end date is calculated based on the environment:Production Environment
- Start Date: Current timestamp
- End Date: Current timestamp + (months × 30 days)
- Expiry Warning: 5 days before end date (months × 25 days)
Development/Test Environment
- Start Date: Current timestamp
- End Date: Current timestamp + 60 minutes
- Expiry Warning: 2 minutes before end
verify.controller.js:54.
Response
Indicates successful payment verification
User’s subscription status (if available)
The ID of the newly created project
Success message:
"Payment verified successfully!"Activation Flow
On successful verification, the endpoint performs the following operations:1. Verify Pending Order
- Fetches
PendingOrdermatching user ID and order ID - Validates order exists and status is not already
"completed" - Prevents duplicate processing
2. Create Completed Order
Creates aCompletedOrder record with:
userid: User IDorderid: Razorpay order IDmonths: Subscription durationamount: Payment amount in paiseplan: Subscription plan (“pro”)status:"completed"projectid: Reference to created project
3. Create Project
Creates a newProject with:
paymentId: Reference to CompletedOrderplan: Subscription plan (“pro”)startDate: Current timestampendDate: Calculated expiry dateowner: Authenticated user ID
4. Schedule Background Jobs
Three Bull queue jobs are scheduled:Expiry Warning Notification
Subscription Start Notification
Subscription Expiry Handler
verify.controller.js:87.
5. Update Order Status
MarksPendingOrder status as "completed" to prevent reprocessing.
Request Example
Response Examples
Success Response
Missing Parameters
User Not Found
Order Not Found
Already Processed
Invalid Signature
Server Error
Security Considerations
- Signature Verification: Uses HMAC-SHA256 with your Razorpay secret key
- Duplicate Prevention: Checks if order is already processed
- User Authentication: Requires valid JWT token
- Order Ownership: Verifies order belongs to authenticated user
- Expiry Protection: Pending orders auto-delete after 2 hours
Database Schema
CompletedOrder
Project Updates
Integration Example
Error Handling
The endpoint handles several error scenarios:- Missing payment details (400): Returns error if any required field is missing
- Invalid user (400): User must be authenticated
- Order not found (400): Order must exist in PendingOrders
- Already processed (400): Prevents duplicate subscription activation
- Signature mismatch (400): Payment verification failed
- Server errors (500): Database or Razorpay API errors
Best Practices
- Idempotency: The endpoint checks for already-processed orders
- Atomic Operations: Uses database transactions where possible
- Background Jobs: Email notifications are queued, not blocking
- Error Logging: Errors are logged to console for debugging
- Webhook Integration: Consider adding Razorpay webhooks for redundancy