feat(subscriptions): Add client secret auth support in subscriptions APIs

[Sarthak1799]

Type of Change

• Bugfix
• New feature
• Enhancement
• Refactoring
• Dependency updates
• Documentation
• CI/CD

Description

This pull request introduces several enhancements and refactors to the subscription API, focusing on improving authentication, response structure, and data handling. The main changes include adding payment and invoice details to subscription responses, updating authentication logic to support client secrets in queries, and refactoring handler methods for better error handling and extensibility.

Subscription Response Improvements

• Added payment and invoice fields to the SubscriptionResponse struct to provide more detailed information about payments and invoices associated with a subscription.
• Updated the PaymentResponseData struct to use a Secret<String> for the client_secret field, improving security and consistency.

Authentication and Query Handling

• Introduced a new GetSubscriptionQuery struct to allow passing a client secret when fetching subscription details, and implemented ClientSecretFetch for relevant subscription request/query types. [1] [2]
• Refactored authentication logic in subscription route handlers (get_subscription, get_subscription_plans, and confirm_subscription) to extract and validate client secrets from query payloads, improving security and flexibility. [1] [2] [3] [4]

Handler and Response Refactoring

• Refactored the to_subscription_response method in SubscriptionWithHandler to accept optional payment and invoice parameters, and handle invoice conversion with error reporting for invalid currency values. [1] [2]
• Updated core subscription logic to use the new response structure and refactored method signatures for consistency, including changes to how responses are generated and returned. [1] [2] [3] [4]

These changes collectively improve the robustness and extensibility of the subscription API, making it easier to integrate payment and invoice details while strengthening authentication mechanisms.

Additional Changes

• This PR modifies the API contract
• This PR modifies the database schema
• This PR modifies application configuration/environment variables

Motivation and Context

How did you test it?

1. Subscription create

curl --location 'http://localhost:8080/subscriptions/create' \
--header 'Content-Type: application/json' \
--header 'X-Profile-Id: pro_CohRshEanxkKSMHgyu6a' \
--header 'api-key: dev_tV0O30052zhBCqdrhGMfQxMN0DerXwnMkNHX6ndCbs0BovewetTaXznBQOCLGAi2' \
--data '{
    "customer_id": "cus_d64F9yomaDMqbTDlxw3g",
    "amount": 14100,
    "currency": "USD",
    "payment_details": {
        "authentication_type": "no_three_ds",
        "setup_future_usage": "off_session",
        "capture_method": "automatic",
        "return_url": "https://google.com"
    }
}'

Response -

{"id":"sub_8zxmAZAfS0eTL8zRJRk7","merchant_reference_id":null,"status":"created","plan_id":null,"profile_id":"pro_CohRshEanxkKSMHgyu6a","client_secret":"sub_8zxmAZAfS0eTL8zRJRk7_secret_IGg9yCNzrzoziV3odFLt","merchant_id":"merchant_1759849271","coupon_code":null,"customer_id":"cus_d64F9yomaDMqbTDlxw3g","payment":{"payment_id":"pay_pPn6Tz2m3WrOIzANMF2g","status":"requires_payment_method","amount":14100,"currency":"USD","connector":null,"payment_method_id":null,"payment_experience":null,"error_code":null,"error_message":null,"payment_method_type":null,"client_secret":"pay_pPn6Tz2m3WrOIzANMF2g_secret_Wxi6r52cBxz0ujhcWpAh"},"invoice":{"id":"invoice_nEqu7GMVqNMRzBorC9BS","subscription_id":"sub_8zxmAZAfS0eTL8zRJRk7","merchant_id":"merchant_1759849271","profile_id":"pro_CohRshEanxkKSMHgyu6a","merchant_connector_id":"mca_S0OzkqOOhMZs2jJQPSZo","payment_intent_id":"pay_pPn6Tz2m3WrOIzANMF2g","payment_method_id":null,"customer_id":"cus_d64F9yomaDMqbTDlxw3g","amount":14100,"currency":"USD","status":"invoice_created"}}

2. Get plans

curl --location 'http://localhost:8080/subscriptions/plans?limit=2&offset=0&client_secret=sub_8zxmAZAfS0eTL8zRJRk7_secret_IGg9yCNzrzoziV3odFLt' \
--header 'Content-Type: application/json' \
--header 'api-key: pk_dev_febeb0fab3be43c79024efaf99764d63' \
--header 'X-Profile-Id: pro_CohRshEanxkKSMHgyu6a'

Response -

[{"plan_id":"cbdemo_enterprise-suite","name":"Enterprise Suite","description":"High-end customer support suite with enterprise-grade solutions.","price_id":[{"price_id":"cbdemo_enterprise-suite-monthly","plan_id":"cbdemo_enterprise-suite","amount":14100,"currency":"INR","interval":"Month","interval_count":1,"trial_period":null,"trial_period_unit":null},{"price_id":"cbdemo_enterprise-suite-annual","plan_id":"cbdemo_enterprise-suite","amount":169000,"currency":"INR","interval":"Year","interval_count":1,"trial_period":null,"trial_period_unit":null}]},{"plan_id":"cbdemo_business-suite","name":"Business Suite","description":"Advanced customer support plan with premium features.","price_id":[{"price_id":"cbdemo_business-suite-monthly","plan_id":"cbdemo_business-suite","amount":9600,"currency":"INR","interval":"Month","interval_count":1,"trial_period":null,"trial_period_unit":null},{"price_id":"cbdemo_business-suite-annual","plan_id":"cbdemo_business-suite","amount":115000,"currency":"INR","interval":"Year","interval_count":1,"trial_period":null,"trial_period_unit":null}]}]

3. Confirm subscription -

curl --location 'http://localhost:8080/subscriptions/sub_8zxmAZAfS0eTL8zRJRk7/confirm' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'X-Profile-Id: pro_CohRshEanxkKSMHgyu6a' \
--header 'api-key: pk_dev_febeb0fab3be43c79024efaf99764d63' \
--data '{
    "item_price_id": "cbdemo_enterprise-suite-monthly",
    "description": "Hello this is description",
    "client_secret": "sub_8zxmAZAfS0eTL8zRJRk7_secret_IGg9yCNzrzoziV3odFLt",
    "shipping": {
        "address": {
            "state": "zsaasdas",
            "city": "Banglore",
            "country": "US",
            "line1": "sdsdfsdf",
            "line2": "hsgdbhd",
            "line3": "alsksoe",
            "zip": "571201",
            "first_name": "joseph",
            "last_name": "doe"
        },
        "phone": {
            "number": "123456789",
            "country_code": "+1"
        }
    },
    "billing": {
        "address": {
            "line1": "1467",
            "line2": "Harrison Street",
            "line3": "Harrison Street",
            "city": "San Fransico",
            "state": "California",
            "zip": "94122",
            "country": "US",
            "first_name": "joseph",
            "last_name": "Doe"
        },
        "phone": {
            "number": "123456789",
            "country_code": "+1"
        }
    },
    "payment_details": {
        "payment_method": "card",
        "payment_method_type": "credit",
        "payment_method_data": {
            "card": {
                "card_number": "4111111111111111",
                "card_exp_month": "03",
                "card_exp_year": "2030",
                "card_holder_name": "CLBRW dffdg",
                "card_cvc": "737"
            }
        },
        "customer_acceptance": {
            "acceptance_type": "online",
            "accepted_at": "1963-05-03T04:07:52.723Z",
            "online": {
                "ip_address": "127.0.0.1",
                "user_agent": "amet irure esse"
            }
        }
    }
}'

Response -

{"id":"sub_8zxmAZAfS0eTL8zRJRk7","merchant_reference_id":null,"status":"active","plan_id":null,"price_id":null,"coupon":null,"profile_id":"pro_CohRshEanxkKSMHgyu6a","payment":{"payment_id":"pay_pPn6Tz2m3WrOIzANMF2g","status":"succeeded","amount":14100,"currency":"USD","connector":"stripe","payment_method_id":"pm_ZAtcND5u4SoRq6DnTQET","payment_experience":null,"error_code":null,"error_message":null,"payment_method_type":"credit","client_secret":"pay_pPn6Tz2m3WrOIzANMF2g_secret_Wxi6r52cBxz0ujhcWpAh"},"customer_id":"cus_d64F9yomaDMqbTDlxw3g","invoice":{"id":"invoice_nEqu7GMVqNMRzBorC9BS","subscription_id":"sub_8zxmAZAfS0eTL8zRJRk7","merchant_id":"merchant_1759849271","profile_id":"pro_CohRshEanxkKSMHgyu6a","merchant_connector_id":"mca_S0OzkqOOhMZs2jJQPSZo","payment_intent_id":"pay_pPn6Tz2m3WrOIzANMF2g","payment_method_id":"pm_ZAtcND5u4SoRq6DnTQET","customer_id":"cus_d64F9yomaDMqbTDlxw3g","amount":14100,"currency":"USD","status":"payment_pending"},"billing_processor_subscription_id":"sub_8zxmAZAfS0eTL8zRJRk7"}

invoice -

Checklist

• I formatted the code cargo +nightly fmt --all
• I addressed lints thrown by cargo clippy
• I reviewed the submitted code
• I added unit tests for my changes where possible

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
crates/router/src/routes/subscription.rs	43% smaller
crates/router/src/core/subscription.rs	43% smaller
crates/api_models/src/subscription.rs	39% smaller
crates/router/src/core/subscription/subscription_handler.rs	14% smaller
crates/diesel_models/src/invoice.rs	0% smaller
crates/diesel_models/src/schema.rs	0% smaller
crates/diesel_models/src/schema_v2.rs	0% smaller
crates/router/src/core/subscription/invoice_handler.rs	0% smaller
crates/router/src/core/webhooks/incoming.rs	0% smaller
crates/router/src/services/authentication.rs	0% smaller
crates/router/src/workflows/invoice_sync.rs	0% smaller
migrations/2025-10-07-130304_add_connector_invoice_id/down.sql	Unsupported file format
migrations/2025-10-07-130304_add_connector_invoice_id/up.sql	Unsupported file format

[jagan-jaya]

Suggested change

	ALTER TABLE invoice ADD COLUMN IF NOT EXISTS connector_invoice_id VARCHAR(255);
	ALTER TABLE invoice ADD COLUMN IF NOT EXISTS connector_invoice_id VARCHAR(64);

[jarnura]

Get-subscription shouldn't be a client call, basically if a merchant wants to update their state with a response of hyperswitch then they shouldn't depend on the client to send data, instead they should depend on server to server communication which is safer and scalable with features

[Sarthak1799]

Currently it works with both S2S as well as client. Should we remove the client auth support of this? @jarnura

[Sarthak1799]

have removed client secret support

[apoorvdixit88]

Looks fine for dashboard changes.