Subscriptions

Subscription and Email Verification

A critical component of the platform’s security and onboarding process is the subscription and email verification flow, ensuring that only verified users can access the platform’s features. This process involves email validation through OTP (One-Time Password) codes, securely linking customers to either a professional license or an organization they manage based on their role. This robust mechanism guarantees that sensitive information and features are only available to authorized and validated users.

Subscription Process Overview

  1. User Subscription: When a user subscribes to the platform, they initiate the process by providing an email address. The platform automatically checks for email uniqueness, ensuring that no duplicate subscriptions exist for the same email.

  2. Email Verification with OTP: Upon submission, the platform generates an OTP (One-Time Password), which is sent to the user’s email. This OTP is a temporary and time-limited code that the user must enter to validate their email address. This verification is crucial to ensure that the email belongs to the user and is functional.

    • Security with JWT: Along with the OTP, the platform uses JWT (JSON Web Token) technology to manage the validation process. The email is embedded as a claim within the JWT, allowing the system to track and manage the user’s subscription securely and statelessly.

    • Failed Attempts Handling: If the user fails to input the OTP correctly after multiple attempts, the system may temporarily lock the process to protect against brute-force attacks or unauthorized access.

  3. Subscription Record Creation: Once the email is confirmed, a subscription record is created in the platform. This record contains key information such as the user's email, subscription type, payment status, and whether the email is confirmed. At this stage, the subscription is marked as inactive until further action is completed.

  4. Customer Account Linking: After successful email verification, the system either creates or links the user to a default customer account, which is identified uniquely by their email. This account is critical as it associates the user with their respective roles, such as User, Admin, License Owner, or Organization Owner, depending on the user's intended role within the platform.

  5. Confirmation and Role Assignment: A confirmation link is sent to the user’s verified email address, allowing them to access the platform and complete additional required fields for account registration. Users can now fill out the remaining data, such as their name, password, and any role-specific information.

    • The account is finalized, and depending on the role assigned (e.g., License Owner or Admin), users are granted role-based access to different parts of the platform.

  6. Subscription Activation: After completing all registration steps, the subscription status is updated from INACTIVE to ACTIVE, allowing the user to fully utilize the platform. The subscription system supports various states such as PENDING, ACTIVE, SUSPENDED, and EXPIRED, and is tightly integrated with the platform’s billing cycle to ensure timely renewals and upgrades.

PreviousAccount ManagementNextProfessional License

Last updated