Skip to content

[Components] paddle #10926 #18510

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Components] paddle #10926 #18510

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 42 additions & 0 deletions components/paddle/actions/create-customer/create-customer.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
import app from "../../paddle.app.mjs";

export default {
key: "paddle-create-customer",
name: "Create Customer",
description: "Create a new customer in Paddle. [See the documentation](https://developer.paddle.com/api-reference/customers/create-customer)",
version: "0.0.1",
type: "action",
props: {
app,
email: {
propDefinition: [
app,
"email",
],
},
name: {
propDefinition: [
app,
"name",
],
},
customData: {
propDefinition: [
app,
"customData",
],
},
},
async run({ $ }) {
const response = await this.app.createCustomer({
$,
data: {
email: this.email,
name: this.name,
custom_data: this.customData,
},
});
$.export("$summary", "Successfully created a new customer with the ID: " + response.data.id);
return response;
},
};
19 changes: 19 additions & 0 deletions components/paddle/actions/get-customers/get-customers.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
import app from "../../paddle.app.mjs";

export default {
key: "paddle-get-customers",
name: "Get Customers",
description: "Get a list of customers registered in Paddle. [See the documentation](https://developer.paddle.com/api-reference/customers/list-customers)",
version: "0.0.1",
type: "action",
props: {
app,
},
async run({ $ }) {
const response = await this.app.getCustomers({
$,
});
$.export("$summary", "Successfully retrieved " + response.data.length + " customers");
return response;
},
};
56 changes: 56 additions & 0 deletions components/paddle/actions/update-customer/update-customer.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
import app from "../../paddle.app.mjs";

export default {
key: "paddle-update-customer",
name: "Update Customer",
description: "Update the customer with the specified ID. [See the documentation](https://developer.paddle.com/api-reference/customers/update-customer)",
version: "0.0.1",
type: "action",
props: {
app,
customerId: {
propDefinition: [
app,
"customerId",
],
},
email: {
propDefinition: [
app,
"email",
],
},
name: {
propDefinition: [
app,
"name",
],
},
customData: {
propDefinition: [
app,
"customData",
],
},
status: {
propDefinition: [
app,
"status",
],
},
},
async run({ $ }) {
const response = await this.app.updateCustomer({
$,
customerId: this.customerId,
data: {
email: this.email,
name: this.name,
custom_data: this.customData,
status: this.status,
},
});
$.export("$summary", "Successfully updated the customer with ID: " + this.customerId);
return response;
},
};
6 changes: 6 additions & 0 deletions components/paddle/common/constants.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
export default {
STATUS_OPTIONS: [
"active",
"archived",
],
};
5 changes: 4 additions & 1 deletion components/paddle/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@pipedream/paddle",
"version": "0.0.1",
"version": "0.1.0",
"description": "Pipedream Paddle Components",
"main": "paddle.app.mjs",
"keywords": [
Expand All @@ -11,5 +11,8 @@
"author": "Pipedream <support@pipedream.com> (https://pipedream.com/)",
"publishConfig": {
"access": "public"
},
"dependencies": {
"@pipedream/platform": "^3.1.0"
}
}
91 changes: 86 additions & 5 deletions components/paddle/paddle.app.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,92 @@
import { axios } from "@pipedream/platform";
import constants from "./common/constants.mjs";

export default {
type: "app",
app: "paddle",
propDefinitions: {},
propDefinitions: {
email: {
type: "string",
label: "Email",
description: "Customer's email address",
},
name: {
type: "string",
label: "Name",
description: "Customer's full name",
},
customData: {
type: "object",
label: "Custom Data",
description: "Your own structured key-value data",
optional: true,
},
status: {
type: "string",
label: "Status",
description: "Customer's status",
options: constants.STATUS_OPTIONS,
},
customerId: {
type: "string",
label: "Customer ID",
description: "Unique identifier of the customer",
async options() {
const response = await this.getCustomers();
const data = response.data;
return data.map(({
id, name,
}) => ({
value: id,
label: name,
}));
},
},
},
methods: {
// this.$auth contains connected account data
authKeys() {
console.log(Object.keys(this.$auth));
_baseUrl() {
return "https://sandbox-api.paddle.com";
},
Comment on lines +47 to +49
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

CRITICAL: Hardcoded sandbox API URL blocks production usage.

The base URL is hardcoded to Paddle's sandbox environment. This makes the integration unusable in production. The URL should be configurable or determined by the authentication configuration.

Apply this diff to make the environment configurable:

 _baseUrl() {
-  return "https://sandbox-api.paddle.com";
+  // Use production by default; allow sandbox via auth config
+  return this.$auth.environment === "sandbox" 
+    ? "https://sandbox-api.paddle.com"
+    : "https://api.paddle.com";
 },

Alternatively, if the auth configuration doesn't include an environment field, you may need to add a separate prop or configuration option.

🌐 Web query:

What is the production API URL for Paddle API and how do Paddle integrations typically handle sandbox vs production environments?

💡 Result:

How integrations typically handle sandbox vs production

  • Use different base URLs for each environment (sandbox vs live). [1][3]
  • Use separate credentials: sandbox API keys/client tokens are created in the sandbox account and live keys in the live account (they do not cross‑work). Sandbox keys often include an identifiable prefix (e.g. sdbx or test for client tokens). [2][1]
  • Switch environments via environment variables or SDK config (Paddle SDKs/Paddle.js let you set environment to sandbox or production). [1][4]
  • Best practice: keep sandbox credentials and URLs in dev/staging, and swap to live credentials + https://api.paddle.com when going to production; mismatched key+URL returns a 403. [1][2][3]

Sources: Paddle developer docs (sandbox & base URLs, API keys, SDK environment, go‑live checklist). [1][2][3][4]

CRITICAL — hardcoded sandbox API URL; make base URL environment-configurable

File: components/paddle/paddle.app.mjs (lines 47–49) — _baseUrl() currently returns "https://sandbox-api.paddle.com". Production base URL is "https://api.paddle.com" and sandbox/live credentials are not interchangeable (mismatched key+URL returns 403). Replace with environment/config-driven selection (default to production). Example:

 _baseUrl() {
-  return "https://sandbox-api.paddle.com";
+  if (process.env.PADDLE_BASE_URL) return process.env.PADDLE_BASE_URL;
+  const env = (this.$auth && this.$auth.environment) || process.env.PADDLE_ENV || 'production';
+  return env === 'sandbox' ? 'https://sandbox-api.paddle.com' : 'https://api.paddle.com';
 },

Document PADDLE_ENV/PADDLE_BASE_URL and ensure sandbox vs live credentials are switched together.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
_baseUrl() {
return "https://sandbox-api.paddle.com";
},
_baseUrl() {
if (process.env.PADDLE_BASE_URL) {
return process.env.PADDLE_BASE_URL;
}
const env =
(this.$auth && this.$auth.environment) ||
process.env.PADDLE_ENV ||
'production';
return env === 'sandbox'
? 'https://sandbox-api.paddle.com'
: 'https://api.paddle.com';
},
🤖 Prompt for AI Agents 
In components/paddle/paddle.app.mjs around lines 47–49, _baseUrl() currently
returns the hardcoded sandbox URL; change it to read an environment-configurable
value (e.g., process.env.PADDLE_BASE_URL or derive from process.env.PADDLE_ENV
with default "production") so the default is the production URL
"https://api.paddle.com" and sandbox uses "https://sandbox-api.paddle.com" only
when explicitly selected; update code to fallback to production if env not set,
and add/mention documentation to require switching credentials together
(PADDLE_ENV or PADDLE_BASE_URL plus matching API keys) to avoid 403s from
mismatched key+URL.

async _makeRequest(opts = {}) {
const {
$ = this,
path,
headers,
...otherOpts
} = opts;
return axios($, {
...otherOpts,
url: this._baseUrl() + path,
headers: {
Authorization: `Bearer ${this.$auth.auth_code}`,
...headers,
},
});
},

async getCustomers(args = {}) {
return this._makeRequest({
path: "/customers",
...args,
});
},
Comment on lines +67 to +72
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

🧩 Analysis chain

Add pagination and filtering support.

The getCustomers method lacks pagination and filtering capabilities. Paddle's API likely supports query parameters for pagination, filtering, and sorting. Consider adding support for these parameters.

-async getCustomers(args = {}) {
+async getCustomers({
+  params, ...args
+} = {}) {
   return this._makeRequest({
     path: "/customers",
+    params, // Allow passing query parameters like after, per_page, status, etc.
     ...args,
   });
 },

🌐 Web query:

What query parameters does the Paddle API customers endpoint support for pagination and filtering?

💡 Result:

The /customers list endpoint supports these query parameters:

  • Pagination / ordering:

    • per_page — results per page (default 50, max 200). [1][2]
    • after — cursor (Paddle ID) to return entities after. [1][2]
    • order_by — sort field and direction (e.g. id[ASC] or id[DESC]). [1][2]

  • Filtering / search:

    • id — comma-separated list of customer IDs to return. [1]
    • email — comma-separated list of exact-match email addresses. [1][3]
    • status — comma-separated list of customer statuses (e.g. active/archived). [1]
    • search — free-text search (matches id, name, email). [1][7]

(See Paddle docs: List customers and Pagination/Filter pages.) [1][2][3]

Support pagination and filtering in getCustomers

The Paddle API’s /customers endpoint supports these query parameters: per_page, after, order_by, id, email, status, and search. Update getCustomers to accept a params option and forward it to _makeRequest.

 async getCustomers({ params, ...args } = {}) {
   return this._makeRequest({
     path: "/customers",
-    // …
+    params, // per_page, after, order_by, id, email, status, search
     ...args,
   });
 }

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
In components/paddle/paddle.app.mjs around lines 67 to 72, getCustomers
currently ignores query options; change its signature to accept a params option
(e.g., getCustomers(args = {}, params = {}) or merge into args.params) and pass
that params object through to this._makeRequest so the query parameters
(per_page, after, order_by, id, email, status, search, etc.) are included in the
request; ensure existing args spread remains and that params is forwarded as
part of the object passed to _makeRequest (do not modify other call semantics).


async createCustomer(args = {}) {
return this._makeRequest({
path: "/customers",
method: "post",
...args,
});
},

async updateCustomer({
customerId, ...args
}) {
return this._makeRequest({
path: `/customers/${customerId}`,
method: "patch",
...args,
});
},
Comment on lines +82 to 90
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

Add validation for customerId parameter.

The updateCustomer method doesn't validate that customerId is provided and doesn't encode it for URL safety. While Paddle customer IDs are likely safe strings, defensive coding is recommended.

 async updateCustomer({
   customerId, ...args
 }) {
+  if (!customerId) {
+    throw new Error("customerId is required");
+  }
   return this._makeRequest({
-    path: `/customers/${customerId}`,
+    path: `/customers/${encodeURIComponent(customerId)}`,
     method: "patch",
     ...args,
   });
 },
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
async updateCustomer({
customerId, ...args
}) {
return this._makeRequest({
path: `/customers/${customerId}`,
method: "patch",
...args,
});
},
async updateCustomer({
customerId, ...args
}) {
if (!customerId) {
throw new Error("customerId is required");
}
return this._makeRequest({
path: `/customers/${encodeURIComponent(customerId)}`,
method: "patch",
...args,
});
},
🤖 Prompt for AI Agents 
In components/paddle/paddle.app.mjs around lines 82 to 90, update updateCustomer
to defensively validate and encode the customerId: first check that customerId
is provided and is a non-empty string or number (throw a TypeError or return a
rejected Promise if not), coerce numbers to strings, apply encodeURIComponent to
the customerId when constructing the `/customers/${customerId}` path to ensure
URL safety, and keep the rest of the args unchanged before calling
this._makeRequest.

},
};
};
20 changes: 11 additions & 9 deletions pnpm-lock.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading