paddle-subscription-cancel
Cancel a Paddle subscription from a Next.js Server Action — auth, ownership check, safe `effectiveFrom` default, revalidation, and the `canceled` vs `scheduledChange` distinction.
How do I install this agent skill?
npx skills add https://developer.paddle.com --skill paddle-subscription-cancelIs this agent skill safe to install?
No partner audit is available yet. Read the source before installing.
What does this agent skill do?
Cancel a Paddle subscription from Next.js
When to use this skill
Use this skill when building the "Cancel subscription" button (or equivalent) on the authenticated user's billing or account page. It covers a Next.js 15 (App Router) Server Action that calls paddle.subscriptions.cancel() with the right options, the security checks every cancel action needs, what to do after the cancel succeeds, and the relationship between Paddle's canceled status and a scheduledChange block.
This is the initiating side of subscription cancellation. Pair it with:
subscription-syncfor the receiving side — your webhook handler will get asubscription.updatedevent reflecting the schedule change, then asubscription.canceledevent when the period actually ends.webhooksif you haven't set up the webhook endpoint yet.
Prerequisites
- A working Paddle account with at least one active subscription (sandbox is fine).
- Server-side
PADDLE_API_KEYavailable — this action runs in a Server Action, never in the browser. - A
customerstable and asubscriptionstable mirrored from webhooks (seesubscription-sync). You need to know which Paddle customer the authenticated user is, and which subscription they're trying to cancel. - An auth system. The examples use Supabase, but any session-based auth works.
NEXT_PUBLIC_PADDLE_ENV=sandbox # or "production"
PADDLE_API_KEY=pdl_sdbx_apikey_...
NEXT_PUBLIC_SUPABASE_URL=...
NEXT_PUBLIC_SUPABASE_ANON_KEY=...
SUPABASE_SERVICE_ROLE_KEY=... # or SUPABASE_SECRET_KEY (new opaque sb_secret_*)
How paddle.subscriptions.cancel works
const subscription = await paddle.subscriptions.cancel(subscriptionId, {
effectiveFrom: "next_billing_period", // or "immediately"
});
effectiveFrom controls when the cancellation takes effect:
| Value | Meaning | When to use |
|---|---|---|
next_billing_period | Cancellation is scheduled for the end of the current billing period. The status stays active until then; scheduledChange is set on the subscription. | Default for a generic "Cancel subscription" button — the user paid for the period, let them keep it. |
immediately | Cancellation takes effect right now. Paddle prorates a refund for the unused portion. | A different, much rarer flow ("Cancel and refund"). Surprises users if used as the default. |
If you only want the user to be able to cancel at the end of the period (the typical UX), pass 'next_billing_period' and don't expose 'immediately' at all.
The full Server Action
// src/actions/subscription.ts
"use server";
import { revalidatePath } from "next/cache";
import { getPaddleInstance } from "@/utils/paddle/get-paddle-instance";
import { createServerInternalClient } from "@/utils/supabase/server-internal";
import { createServerClient } from "@/utils/supabase/server";
export async function cancelSubscription(subscriptionId: string) {
// 1. Authenticate. Reject anonymous requests before any DB query or SDK call.
const supabase = await createServerClient();
const {
data: { user },
} = await supabase.auth.getUser();
if (!user || !user.email) {
return { error: "Not authenticated" };
}
// 2. Verify the authenticated user owns this subscriptionId. The check
// bridges through the customers table (matched on the user's email)
// and the subscriptions table (matched on customer_id).
const internal = createServerInternalClient();
const { data: customerRow } = await internal
.from("customers")
.select("customer_id")
.eq("email", user.email)
.single();
if (!customerRow) return { error: "No Paddle customer" };
const { data: subRow } = await internal
.from("subscriptions")
.select("customer_id")
.eq("subscription_id", subscriptionId)
.single();
if (!subRow || subRow.customer_id !== customerRow.customer_id) {
return { error: "Forbidden" };
}
// 3. Cancel via the Paddle Node SDK. Schedule for end-of-period (the safe
// default for a generic Cancel button — the user keeps service through
// what they've already paid for).
const paddle = getPaddleInstance();
const subscription = await paddle.subscriptions.cancel(subscriptionId, {
effectiveFrom: "next_billing_period",
});
// 4. Refresh any cached UI that depends on subscription state.
revalidatePath("/dashboard/subscriptions");
// 5. Return a slim DTO. Don't return the raw Subscription object —
// it's large and leaks Paddle internal fields.
return {
success: true,
status: subscription.status,
scheduledChange: subscription.scheduledChange?.effectiveAt ?? null,
};
}
What the user sees vs what the database stores
A successful cancel does not flip the subscription's status to canceled immediately. Two events fire over time:
- Right now (synchronous): the SDK call returns. Paddle stores
status: 'active'withscheduledChange.action: 'cancel'andscheduledChange.effectiveAt: '<period-end-date>'. - Right now (asynchronous): Paddle fires a
subscription.updatedwebhook with the same payload. Yoursubscription-synchandler upserts the row. The mirrored row now hassubscription_status: 'active'andscheduled_change: <date>. - At the end of the period: Paddle fires a second
subscription.updated(orsubscription.canceled) webhook. The mirrored row'ssubscription_statusbecomes'canceled'andscheduled_changeclears.
Your access-gating logic should read from the mirrored row, not from anything you compute optimistically in this action. The user keeps access until step 3 actually happens.
Common pitfalls
- No ownership check. Trusting the
subscriptionIdfrom the action input lets any authenticated user cancel any subscription whose ID they can guess or scrape. The check has to compare the authenticated user'scustomer_idagainst the subscription'scustomer_id. - No auth check. Even worse than the previous one — anyone (including unauthenticated requests) could cancel any subscription. Server Actions can be invoked from anywhere; never assume "no UI = no access."
- Defaulting to
effectiveFrom: 'immediately'. The user pressed "Cancel," not "Cancel right now." Immediate cancellation removes their access right away. Use'next_billing_period'unless your UX explicitly asks the user "do you want to cancel immediately?" - Treating the SDK's return as the new permanent state. The cancel call returns the current subscription with the schedule attached. The status is still
active. If your UI shows "Subscription status: {return.status}" it'll sayactive, which is correct — but if you optimistically show "Canceled," the user will see contradictory information when the page refreshes from the mirror. - Missing
revalidatePath. Server Components reading from your DB mirror won't re-fetch on their own. After the cancel succeeds, callrevalidatePath(orrevalidateTag) for the affected route(s). Without it, the user clicks Cancel and the UI keeps showing "active" until they hit refresh. - Returning the raw
Subscription. The SDK'sSubscriptioninstance is ~30 fields including internal Paddle metadata. The client only needs to know "did it work" and maybe "when does it actually end." Slim it to a DTO. - Confusing
canceledandscheduledChange.action: 'cancel'.canceledis the terminal state, set after the period ends.scheduledChange.action: 'cancel'is the "user pressed cancel, ending soon" state. Access-gating should only revoke on the former, not the latter. - No customer record yet. If a brand-new user (no checkout completed) somehow triggers the cancel action, there's no
customer_idto look up. Handle thecustomerRow == nullcase explicitly — return an error rather than lettingnullflow into the comparison.
Verify the integration
- Sign in to your dev app and complete a sandbox checkout so you have a real subscription.
- Wait for the
subscription.createdwebhook to populate yoursubscriptionstable. - Click Cancel in your UI. The server action should:
- Return
{ success: true, status: 'active', scheduledChange: '<some date>' }. - Trigger a
revalidatePathso the UI refreshes.
- Return
- In the Paddle dashboard, confirm the subscription shows "Scheduled to cancel" with the expected date.
- Try the action while logged out (or with a forged
subscriptionIdbelonging to a different customer). Confirm you get an error andpaddle.subscriptions.cancelwas NOT called. - Once the period ends, confirm the second
subscription.updatedevent flips your mirrored row tosubscription_status: 'canceled'.
Related docs
- Cancel a subscription
- Cancel a subscription - API
- Reference implementation: paddle-nextjs-starter-kit — see
src/app/dashboard/subscriptions/actions.ts.
How can the creator link this skill?
Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.
<a href="https://skillzs.dev/skills/developer.paddle.com/paddle-subscription-cancel">View paddle-subscription-cancel on skillZs</a>