Self-serve subscription cancel
Give your customers a "Cancel my subscription" button without exposing your secret key or building a custom auth flow.
Customers should be able to cancel their subscription themselves. It's the friendliest thing to do, and it cuts down support volume. Strimz doesn't ship a hosted "Cancel my subscription" page because cancellation almost always involves business logic that's specific to your product. But the API call is one line; building the surrounding UI is straightforward.
Here's the pattern that works.
The shape
The customer is already authenticated in your app. They have a session cookie, a JWT, whatever you use. From their billing page, they click "Cancel subscription." Your server makes the Strimz API call. The Strimz secret key never reaches the browser.
The Strimz API key stays on your server. The customer's auth happens however you already auth them. You don't need a separate Strimz-specific login.
Setup
You need the customer's Strimz subscription id. This was given to you in the subscription.created webhook when they signed up; you stored it on their account row.
When subscription.created fires:
Now your server can look up the subscription id from the authenticated user.
The cancel route
The button
The page that uses it:
That's the whole flow.
When the cancellation lands
Your webhook handler will see subscription.cancelled shortly after the API call. The handler updates your local state with the cancellation details. You already have them from the API call's response, so the webhook is mostly redundant here. But it's the source of truth, so don't skip it.
For at-period-end cancellations, you'll also see subscription.lapsed later when the period actually ends. At that point you revoke access:
For immediate cancellations, you handle this in the cancel route. Set accessUntil: new Date() right there. No waiting for the webhook.
Why this pattern
The Strimz API key never touches the browser. The customer's auth uses your existing system; you don't need to give them a Strimz-specific login. The cancellation is one API call from your server; your server controls the policy (do they need to confirm? do they get a refund? do they see a "are you sure?" page?).
We don't ship a Strimz-hosted cancel page because the right cancellation policy varies. Some products refund unused time; some don't. Some run a win-back flow; some let customers leave immediately. Building one cancel UX into Strimz would be wrong for most merchants. The primitive is what you need; the policy is yours to compose.
