[Components] paddle #10926

[lcaresia]

WHY

Summary by CodeRabbit

• New Features
  • Added actions to list, create, and update Paddle customers.
  • Support entering email, name, custom data, and status when creating/updating customers.
  • Customer selection now includes a dynamic dropdown populated from Paddle.
  • Summaries now show the number of customers retrieved or the ID of the created/updated customer.
• Chores
  • Updated package version to 0.1.0.
  • Added dependency on @pipedream/platform.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
pipedream-docs	Ignored			Sep 30, 2025 7:14pm
pipedream-docs-redirect-do-not-edit	Ignored			Sep 30, 2025 7:14pm

[coderabbitai]

Walkthrough

Adds Paddle customer management: new actions to get, create, and update customers; introduces shared status constants; enhances the Paddle app with prop definitions, auth-backed HTTP request helpers, and customer API methods; updates package version and adds a platform dependency.

Changes

Cohort / File(s)	Summary of Changes
Paddle Actions — Customers components/paddle/actions/get-customers/get-customers.mjs, components/paddle/actions/create-customer/create-customer.mjs, components/paddle/actions/update-customer/update-customer.mjs	New action modules to list, create, and update customers. Define metadata, props via app propDefinitions, and run handlers that call app methods, set summaries, and return API responses.
Paddle App Core components/paddle/paddle.app.mjs	Adds propDefinitions (email, name, customData, status, customerId with async options). Implements request layer: _baseUrl, _makeRequest, and API helpers getCustomers, createCustomer, updateCustomer. Targets Paddle sandbox API with Authorization from auth_code.
Common Constants components/paddle/common/constants.mjs	New export providing STATUS_OPTIONS: ["active", "archived"].
Package Config components/paddle/package.json	Bumps version to 0.1.0 and adds dependency @pipedream/platform@^3.1.0.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant Action as Paddle Action (Get/Create/Update)
  participant App as Paddle App
  participant API as Paddle Sandbox API

  rect rgba(200,230,255,0.25)
  Note over User,API: Customer management flow
  User->>Action: Trigger action (get/create/update)
  Action->>App: Call app method<br/>(getCustomers / createCustomer / updateCustomer)
  App->>App: Build URL, headers (Authorization)
  App->>API: HTTP request (GET/POST/PATCH)
  API-->>App: Response (data/status)
  App-->>Action: Return response
  Action-->>User: Summary + full response
  end

  alt Create
    note right of Action: Maps props to { email, name, custom_data }
  else Update
    note right of Action: Uses customerId and optional fields<br/>status from STATUS_OPTIONS
  else Get
    note right of Action: Summarizes by count of customers
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

I thump my paws on sandy ground,
New burrows dug, where customers are found.
With tidy forms and headers tight,
I hop through PATCH and POST by night.
Two statuses, a gentle guide—
Active trails, archived beside.
Version bumped—ears up with pride! 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title Check	⚠️ Warning	The title “[Components] paddle #10926” is too generic and does not summarize the main changes introduced in the pull request, as it merely references the component and issue number without conveying that new Paddle customer management actions are being added.	Please update the title to clearly describe the primary change, for example “Add Paddle Create, Get, and Update Customer actions” so that reviewers can immediately understand the new functionality.
Description Check	⚠️ Warning	The pull request description only contains the placeholder “## WHY” section with no completed content, leaving the motivation and context for the changes unspecified.	Please fill out the “WHY” section by explaining the motivation, context, and intended use cases for adding the new Paddle action modules so that reviewers understand the purpose and impact of the changes.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch issue-10926

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (5)

components/paddle/actions/create-customer/create-customer.mjs (1)

30-41: Consider using template literals for string formatting.

The run method correctly maps customData to custom_data for the API request. However, line 39 uses string concatenation which is less modern than template literals.

Apply this diff to use template literals:

-    $.export("$summary", "Successfully created a new customer with the ID: " + response.data.id);
+    $.export("$summary", `Successfully created a new customer with the ID: ${response.data.id}`);

components/paddle/actions/get-customers/get-customers.mjs (1)

3-19: Consider template literals and validate response structure.

The action implementation is straightforward and functional. Two minor suggestions:

1. Line 16 uses string concatenation instead of template literals
2. The code assumes response.data is an array with a .length property without validation

Apply this diff for template literals:

-    $.export("$summary", "Successfully retrieved " + response.data.length + " customers");
+    $.export("$summary", `Successfully retrieved ${response.data.length} customers`);

Note: If the Paddle API could return response.data as something other than an array, consider adding validation.

components/paddle/actions/update-customer/update-customer.mjs (1)

42-55: Consider template literals for consistency.

The run method correctly implements the update logic with proper data mapping. For consistency with modern JavaScript practices, consider using template literals.

Apply this diff:

-    $.export("$summary", "Successfully updated the customer with ID: " + this.customerId);
+    $.export("$summary", `Successfully updated the customer with ID: ${this.customerId}`);

components/paddle/paddle.app.mjs (2)

8-12: Add email format validation.

The email prop lacks format validation. Consider adding a pattern or using Pipedream's built-in email validation if available.

 email: {
   type: "string",
   label: "Email",
   description: "Customer's email address",
+  // Consider adding format validation, e.g., pattern: /^[^\s@]+@[^\s@]+\.[^\s@]+$/
 },

---

18-23: Consider adding a schema for customData.

The customData prop accepts any object structure without validation. If Paddle's API has specific requirements or common patterns for custom data, consider documenting them or adding validation.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 61d0151 and 79de956.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (6)

• components/paddle/actions/create-customer/create-customer.mjs (1 hunks)
• components/paddle/actions/get-customers/get-customers.mjs (1 hunks)
• components/paddle/actions/update-customer/update-customer.mjs (1 hunks)
• components/paddle/common/constants.mjs (1 hunks)
• components/paddle/package.json (2 hunks)
• components/paddle/paddle.app.mjs (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (4)

components/paddle/actions/get-customers/get-customers.mjs (2)

components/paddle/actions/create-customer/create-customer.mjs (1)

• response (31-38)

components/paddle/actions/update-customer/update-customer.mjs (1)

• response (43-52)

components/paddle/actions/create-customer/create-customer.mjs (2)

components/paddle/actions/get-customers/get-customers.mjs (1)

• response (13-15)

components/paddle/actions/update-customer/update-customer.mjs (1)

• response (43-52)

components/paddle/actions/update-customer/update-customer.mjs (3)

components/paddle/actions/create-customer/create-customer.mjs (1)

• response (31-38)

components/paddle/actions/get-customers/get-customers.mjs (1)

• response (13-15)

components/paddle/paddle.app.mjs (1)

• response (35-35)

components/paddle/paddle.app.mjs (3)

components/paddle/actions/create-customer/create-customer.mjs (1)

• response (31-38)

components/paddle/actions/get-customers/get-customers.mjs (1)

• response (13-15)

components/paddle/actions/update-customer/update-customer.mjs (1)

• response (43-52)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Lint Code Base
• GitHub Check: pnpm publish
• GitHub Check: Verify TypeScript components
• GitHub Check: Publish TypeScript components

🔇 Additional comments (9)

components/paddle/package.json (1)

3-3: LGTM! Appropriate version bump and dependency addition.

The version bump from 0.0.1 to 0.1.0 correctly reflects the addition of new features (customer management actions), and the @pipedream/platform dependency aligns with the new functionality being introduced.

Also applies to: 15-16

components/paddle/actions/create-customer/create-customer.mjs (2)

3-8: LGTM! Action metadata is well-defined.

The action key, name, description with documentation link, and version are all appropriately configured for a new Paddle customer creation action.

---

9-29: No action needed: propDefinitions and methods confirmed
The paddle.app.mjs file exports propDefinitions for email, name, and customData, and includes the getCustomers, createCustomer, and updateCustomer methods as referenced.

components/paddle/actions/update-customer/update-customer.mjs (1)

9-41: LGTM! Props structure is consistent.

The props definition follows the same pattern as create-customer.mjs and appropriately includes the additional customerId and status fields needed for updates. The propDefinitions delegation to the app module maintains consistency across actions.

components/paddle/common/constants.mjs (1)

1-6: Status values match Paddle API documentation. No changes required.

components/paddle/paddle.app.mjs (4)

1-2: LGTM!

The imports are appropriate for the new HTTP request functionality and status constants.

---

74-80: LGTM!

The createCustomer method correctly uses POST and delegates data formatting to the caller.

---

34-43: Add error handling in options() and verify pagination support

• Wrap the this.getCustomers() call in a try/catch, defaulting to an empty array on error and falling back to id if name is missing
• Confirm whether Paddle’s /customers endpoint accepts pagination parameters (e.g. page, page_size) and, if so, implement a loop to fetch and concatenate all pages into the options list

---

50-65: Add timeout configuration and verify auth credential name.

• Add a timeout (e.g., 30000 ms) in _makeRequest to prevent requests from hanging indefinitely:

  async _makeRequest(opts = {}) {
    const {
      $ = this,
      path,
      headers,
      ...otherOpts
    } = opts;
    return axios($, {
      ...otherOpts,
      url: this._baseUrl() + path,
  +   timeout: 30000, // 30s timeout
      headers: {
        Authorization: `Bearer ${this.$auth.auth_code}`,
        ...headers,
      },
    });
  }

• Confirm that your app’s auth configuration actually exposes this.$auth.auth_code; if the field name differs (for example, access_token or api_key), update the code or the auth definition accordingly.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

CRITICAL: Hardcoded sandbox API URL blocks production usage.

The base URL is hardcoded to Paddle's sandbox environment. This makes the integration unusable in production. The URL should be configurable or determined by the authentication configuration.

Apply this diff to make the environment configurable:

 _baseUrl() {
-  return "https://sandbox-api.paddle.com";
+  // Use production by default; allow sandbox via auth config
+  return this.$auth.environment === "sandbox" 
+    ? "https://sandbox-api.paddle.com"
+    : "https://api.paddle.com";
 },

Alternatively, if the auth configuration doesn't include an environment field, you may need to add a separate prop or configuration option.

---

🌐 Web query:

What is the production API URL for Paddle API and how do Paddle integrations typically handle sandbox vs production environments?

💡 Result:

• Production (live) API base URL: https://api.paddle.com. [1]

• Sandbox API base URL: https://sandbox-api.paddle.com. [1]

How integrations typically handle sandbox vs production

• Use different base URLs for each environment (sandbox vs live). [1][3]
• Use separate credentials: sandbox API keys/client tokens are created in the sandbox account and live keys in the live account (they do not cross‑work). Sandbox keys often include an identifiable prefix (e.g. sdbx or test for client tokens). [2][1]
• Switch environments via environment variables or SDK config (Paddle SDKs/Paddle.js let you set environment to sandbox or production). [1][4]
• Best practice: keep sandbox credentials and URLs in dev/staging, and swap to live credentials + https://api.paddle.com when going to production; mismatched key+URL returns a 403. [1][2][3]

Sources: Paddle developer docs (sandbox & base URLs, API keys, SDK environment, go‑live checklist). [1][2][3][4]

---

CRITICAL — hardcoded sandbox API URL; make base URL environment-configurable

File: components/paddle/paddle.app.mjs (lines 47–49) — _baseUrl() currently returns "https://sandbox-api.paddle.com". Production base URL is "https://api.paddle.com" and sandbox/live credentials are not interchangeable (mismatched key+URL returns 403). Replace with environment/config-driven selection (default to production). Example:

 _baseUrl() {
-  return "https://sandbox-api.paddle.com";
+  if (process.env.PADDLE_BASE_URL) return process.env.PADDLE_BASE_URL;
+  const env = (this.$auth && this.$auth.environment) || process.env.PADDLE_ENV || 'production';
+  return env === 'sandbox' ? 'https://sandbox-api.paddle.com' : 'https://api.paddle.com';
 },

Document PADDLE_ENV/PADDLE_BASE_URL and ensure sandbox vs live credentials are switched together.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	_baseUrl() {
	return "https://sandbox-api.paddle.com";
	},
	_baseUrl() {
	if (process.env.PADDLE_BASE_URL) {
	return process.env.PADDLE_BASE_URL;
	}
	const env =
	(this.$auth && this.$auth.environment) ||
	process.env.PADDLE_ENV ||
	'production';
	return env === 'sandbox'
	? 'https://sandbox-api.paddle.com'
	: 'https://api.paddle.com';
	},

🤖 Prompt for AI Agents

In components/paddle/paddle.app.mjs around lines 47–49, _baseUrl() currently
returns the hardcoded sandbox URL; change it to read an environment-configurable
value (e.g., process.env.PADDLE_BASE_URL or derive from process.env.PADDLE_ENV
with default "production") so the default is the production URL
"https://api.paddle.com" and sandbox uses "https://sandbox-api.paddle.com" only
when explicitly selected; update code to fallback to production if env not set,
and add/mention documentation to require switching credentials together
(PADDLE_ENV or PADDLE_BASE_URL plus matching API keys) to avoid 403s from
mismatched key+URL.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

🧩 Analysis chain

Add pagination and filtering support.

The getCustomers method lacks pagination and filtering capabilities. Paddle's API likely supports query parameters for pagination, filtering, and sorting. Consider adding support for these parameters.

-async getCustomers(args = {}) {
+async getCustomers({
+  params, ...args
+} = {}) {
   return this._makeRequest({
     path: "/customers",
+    params, // Allow passing query parameters like after, per_page, status, etc.
     ...args,
   });
 },

---

🌐 Web query:

What query parameters does the Paddle API customers endpoint support for pagination and filtering?

💡 Result:

The /customers list endpoint supports these query parameters:

• Pagination / ordering:

  • per_page — results per page (default 50, max 200). [1][2]
  • after — cursor (Paddle ID) to return entities after. [1][2]
  • order_by — sort field and direction (e.g. id[ASC] or id[DESC]). [1][2]

• Filtering / search:

  • id — comma-separated list of customer IDs to return. [1]
  • email — comma-separated list of exact-match email addresses. [1][3]
  • status — comma-separated list of customer statuses (e.g. active/archived). [1]
  • search — free-text search (matches id, name, email). [1][7]

(See Paddle docs: List customers and Pagination/Filter pages.) [1][2][3]

---

Support pagination and filtering in getCustomers

The Paddle API’s /customers endpoint supports these query parameters: per_page, after, order_by, id, email, status, and search. Update getCustomers to accept a params option and forward it to _makeRequest.

 async getCustomers({ params, ...args } = {}) {
   return this._makeRequest({
     path: "/customers",
-    // …
+    params, // per_page, after, order_by, id, email, status, search
     ...args,
   });
 }

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In components/paddle/paddle.app.mjs around lines 67 to 72, getCustomers
currently ignores query options; change its signature to accept a params option
(e.g., getCustomers(args = {}, params = {}) or merge into args.params) and pass
that params object through to this._makeRequest so the query parameters
(per_page, after, order_by, id, email, status, search, etc.) are included in the
request; ensure existing args spread remains and that params is forwarded as
part of the object passed to _makeRequest (do not modify other call semantics).

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Add validation for customerId parameter.

The updateCustomer method doesn't validate that customerId is provided and doesn't encode it for URL safety. While Paddle customer IDs are likely safe strings, defensive coding is recommended.

 async updateCustomer({
   customerId, ...args
 }) {
+  if (!customerId) {
+    throw new Error("customerId is required");
+  }
   return this._makeRequest({
-    path: `/customers/${customerId}`,
+    path: `/customers/${encodeURIComponent(customerId)}`,
     method: "patch",
     ...args,
   });
 },

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	async updateCustomer({
	customerId, ...args
	}) {
	return this._makeRequest({
	path: `/customers/${customerId}`,
	method: "patch",
	...args,
	});
	},
	async updateCustomer({
	customerId, ...args
	}) {
	if (!customerId) {
	throw new Error("customerId is required");
	}
	return this._makeRequest({
	path: `/customers/${encodeURIComponent(customerId)}`,
	method: "patch",
	...args,
	});
	},

🤖 Prompt for AI Agents

In components/paddle/paddle.app.mjs around lines 82 to 90, update updateCustomer
to defensively validate and encode the customerId: first check that customerId
is provided and is a non-empty string or number (throw a TypeError or return a
rejected Promise if not), coerce numbers to strings, apply encodeURIComponent to
the customerId when constructing the `/customers/${customerId}` path to ensure
URL safety, and keep the rest of the args unchanged before calling
this._makeRequest.