I have a desktop app which has a login page. Upon login I call my Wix’s site API to check if the user has a paid his membership. The problem is that I cannot I find a way to query the user’s paid plans. I have went through the API documentation where I found the ’ wix-members-backend ’ module which has ’ currentMember.getMember(options) ’ but I receive a Forbidden error when I call it in my API endpoint. Is there a way this can be achieved ? Thanks in advance !
Hello!
Can you take a look at the wix-paid-plans API docs perhaps what you need is there?
Also, to help you problem solve why you are receiving a forbidden response, can you show a little bit of your code and tell anyone looking where you are calling your functions from (backend/FE) and how you are testing the functionality
Greetings, thank you for your quick response. Here is the code I wrote. It’s an POST http endpoint which is called from my desktop app upon login. I am currently trying to query more information about the user after I have logged him in, but I am unable to do so as I receive the following error after the contacts query:
{
“details” : {
“applicationError” : {
“description” : “Forbidden” ,
“code” : “FORBIDDEN” ,
“data” : {}
}
}
}
export function post_authenticate(request) {
return request.body.text()
.then( (body) => {
const {email, password} = JSON.parse(body);
return authentication.login(email, password)
.then( (sessionToken) => {
let response = {
"headers":{
"Content-Type":"application/json"
},
"body":{
}
};
return contacts
.queryContacts()
.find()
.then((results) =>{
console.log(results);
return ok(response);
})
})
.catch((error) => {
let response = {
"headers":{
"Content-Type":"application/json"
},
"body": {
}
};
response.body = error;
return forbidden(response);
})
})
}
Any help would be highly appreciated.
Okay so I was able to suppress the error by adding options to the find() method. I am currently able to query information for that user, but I am not sure which of the fields indicates that the user is subscribed, whether the subscription is paid or is still in trial or when said subscription expires. Here is some of the JSON I receive from the query. Also side question - is there a way to prevent people from making an endless amount of accounts to abuse the free trial ?
{
"_items": [
{
"_createdDate": "2022-02-05T10:39:18.736Z",
"_id": "2acd256f-f2c2-1999-8ec8-7bbb37c1a106",
"info": {
"emails": [
{
"tag": "UNTAGGED",
"email": "my-email@domain .com",
"primary": true
}
],
"extendedFields": {
"contacts.displayByLastName": "my-email@domain .com",
"emailSubscriptions.deliverabilityStatus": "VALID",
"members.membershipStatus": "APPROVED",
"emailSubscriptions.subscriptionStatus": "NOT_SET",
"emailSubscriptions.effectiveEmail": "my-email@domain .com",
"contacts.displayByFirstName": "my-email@domain .com"
},
"labelKeys": [
"pricingPlans.test",
"pricingPlans.basic"
],
"picture": {}
}
}
]}
Hello again. Glad you got the query working. As for your other questions, I am not very familiar with the API your are using. I know more about the Velo APIs and I think you are using this API so my first suggestion is to look at the field definitions in the docs to see what they are telling you.
As far as abuse, this could be difficult and I assume will depend on what data you are collecting. I can make new email accounts to get free trials and you would have no way of knowing it was the same person again if the check is through email.
Sorry I do not know more, but perhaps someone in the community here has used the App APIs more.
Hey again, the API I am using is this which I believe is a Velo API. I managed to get some data from the query, however I resorted to creating a webhook which listens for a purchase or cancellation of a plan after which I add that data to my own custom table. This way I have more detailed information on the subscription.
Regarding the abuse I know that even Netflix cannot handle this issue, although I was wondering if there is a restriction which can applied to IP addresses so you limit the number of accounts which can be created from a single IP. Do you think this is possible to be implemented ?
Ah! How did I miss that. Low brain day…and a webhook sounds like a great solution
Regarding checking by IP, this is definitely an interesting idea. I honestly have never attempted to implement a system like this, but I know there are some solutions out in the wild - likely paid services/would have to make sure they can connect here with Velo. FingerprintJS is one, for example.
I would say you are already light years ahead of my brain thinking on this, but I’m really curious about your solution if you do find anything. I will also ask around and let you know if I hear any other ideas!
@amandam
Hey again, if anyone ever stumbles across this post I found the following answer:
www.wix .com/velo/forum/coding-with-velo/acount-sharing
You can get the IP of the user who is making the request, therefore you can intercept if there is an account made from the same IP and limit them to a certain amount e.g. 3. This however won’t resolve the issue if the users start using a VPN with a dynamic IP but will still prevent most of them from abusing free trials. Hope this helps someone, cheers !
@d-grozev99 Wonderful! And yes searching the forum is always a good idea as there is almost always another dev who tried the same at one time. It definitely isn’t full proof but I think for your average abuser it will do the job.
You can loop through your subscriptions and see if the order.buyer.id matches the member ._id and is active
import { currentMember } from "wix-members-frontend";
import wixPricingPlans from 'wix-pricing-plans-frontend';
$w.onReady(() => {
wixPricingPlans.orders.listCurrentMemberOrders().then((orders) => {
getMemberInfo(orders);
}).catch((error) => {
console.error('Error Getting All Orders')
console.error(error);
});
});
function getMemberInfo(orders) {
currentMember
.getMember()
.then((member) => {
checkForMemberShip(member, orders);
})
.catch((error) => {
console.error('Error Getting Member Info')
console.error(error);
});
}
let hasActivePlan = false;
function checkForMemberShip(member, orders) {
console.log(member._id, orders);
for (let i = 0; i < orders.length; i++) {
if (orders[i].buyer.memberId === member._id && orders[i].status === "Active") {
hasActivePlan === true;
console.log(hasActivePlan);
break;
}
}
}