This series of articles provides best practices for managing access rights to your service through ProAbono.
Introduction
The Problem
When a customer subscribes to an offer, you simultaneously grant them access rights to your service. These access rights are largely determined by the chosen offer and can vary in complexity based on its different characteristics.
For example, if you have an offer that allows customers to add up to 5 collaborators, whenever the number of collaborators changes, you need to ensure that it matches the defined number.
Managing these access rights may seem simple, but it can be challenging. Here’s why:
- With each new offer or modification of an existing offer, you need to review and adjust the access rights accordingly.
- You also need to consider that when an offer is updated, the subscriptions associated with the current offer are not automatically updated. As a result, you have to manage different rights for each “version” of your offer.
- These rights also depend on other factors, such as outstanding debts. In most cases, you want to suspend access to your service for customers who haven’t paid their bills, and so on.
All these cases can occur at any time, and it’s crucial to handle them reliably to avoid overwhelming your support team or allowing unauthorized usage of your service.
The Solution
Retrieve the information from ProAbono. The lifecycle and usage of a subscription, as well as payment information, are managed by ProAbono. You can request the complete rights of a customer at any time through the API.
This information is returned by the Usage resource of the Live API. The name of this resource comes from “usage-based billing” because it allows you to manage not only rights but also variable billing. Usages represent the values of each characteristic for a given subscription.
Implementation
There are several ways to synchronize this information based on your architecture.
Real-Time
- Query the user’s rights for each access to a feature.
- Recommended for proof of concept (POC) to validate rights synchronization.
- Advantage: quick to implement.
- Disadvantage: even though the ProAbono API is fast, this additional call can affect the user experience if your service requires high responsiveness.
With Caching
- Retrieve the user’s complete rights when they log in and store them in a cache or session.
- Recommended for most connected applications.
- Advantage: no impact on user experience. Avoids issues if your server experiences occasional connection problems with APIs.
- Disadvantage: requires setting up webhooks/redirections to trigger synchronization in case of changes in rights.
With Sliding Cache
- Similar to caching, but the data has an expiration period, after which the rights need to be refreshed by querying them again.
- Recommended if you have concerns about synchronization or haven’t implemented webhooks.
- Advantage: no impact on user experience. Avoids issues if your server experiences occasional connection problems with APIs.
- Disadvantage: for real-time synchronization, it’s preferable to set up webhooks/redirections in case of changes in rights.
Database/LDAP
- If you already have a rights system in place, you only need to code a function to synchronize the rights returned by ProAbono with the rights in your application.
- Not recommended: having two repositories for rights can cause problems.
- Advantage: no need to modify your existing application.
- Disadvantage: two repositories for rights require periodic verifications, a more complex synchronization process, and the need to handle arbitration.
- Similar to caching, you need to set up webhooks/redirections to trigger synchronization in case of changes in rights.
Webhooks
A user’s rights can change even when they are not logged in, for example, if their subscription is interrupted. Webhooks are there to notify your server at any time.
Here’s a list of webhooks that can trigger a modification of rights:
- Client – Suspended
- Client – Activated
- Subscription – Started
- Subscription – Suspended by an agent
- Subscription – Restarted
- Subscription – Interrupted (no payment information)
- Subscription – Interrupted (payment failure)
- Subscription – Canceled
- Subscription – Terminated
- Subscription – Characteristics modified
- Subscription – Started as an upgrade
- Subscription – Due date modified
We strongly recommend configuring all these webhooks to the same endpoint and triggering a single global synchronization function for that customer.
The translation: Retrieve the rights from ProAbono and simply replace all the rights in your application. Why? Because if you start managing each case individually, it will take a considerable amount of time, you will forget some rare cases, and your implementation will break when your business model evolves. Consider yourself warned.
Redirections
Yes, but… ProAbono webhooks are asynchronous. They are sent with a delay that can reach a few minutes.
This is not an issue for 95% of the events that interest us, but it can affect the user experience if they don’t immediately gain access to the service after payment.
For such cases, you need to trigger synchronization on URL redirections. Fortunately, the parameters returned after a redirection are precisely used to retrieve the user’s rights!
The redirections to set up to ensure synchronization are:
- Validation without payment
- Free subscription
- Additional subscription
- Offer change
- Modified options
- Payment
- Success
- In progress
Other redirections are not related to the current modification of user rights.
We strongly recommend setting up all these cases without hesitation. You may not have a free offer or deferred payment (e.g., SEPA direct debit) yet, but when your manager decides to implement it, you’ll be pleasantly surprised to find that your integration already works!
Next chapter: How to manage access rights to your service? (1/3)>
Reg