Customer Portal

A hosted page where your end-users manage their subscription — upgrade, downgrade, view payment history, or cancel. You redirect them there; Astapa handles the rest.

How it works

  1. Create a portal session from your backend (server-to-server)
  2. Redirect the user to the returned portal_url
  3. User manages their plan — Astapa handles payment, plan assignment, and UI
  4. User clicks "Back to app" and returns to your redirect_uri

Create a portal session

Call this from your backend. Never expose your client_secret to the browser.

POST /api/platform/portal/sessions
Content-Type: application/json

{
  "client_id": "your_client_id",
  "client_secret": "your_client_secret",
  "end_user_id": "user_abc123"
}

Response:

{
  "session_token": "a1b2c3...",
  "portal_url": "https://astapa.com/portal?session=a1b2c3...",
  "expires_in": 300
}

Redirect the user

Send the user to the portal_url. Optionally append a redirect_uri so they can return to your app.

// Node.js / Express example
app.get("/billing", async (req, res) => {
  const response = await fetch("https://api.astapa.com/api/platform/portal/sessions", {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({
      client_id: process.env.ASTAPA_CLIENT_ID,
      client_secret: process.env.ASTAPA_CLIENT_SECRET,
      end_user_id: req.user.id,
    }),
  });
  const { portal_url } = await response.json();
  res.redirect(portal_url + "&redirect_uri=https://myapp.com/dashboard");
});

Security

  • Session tokens are single-use and expire in 5 minutes
  • After exchange, auth is handled via a httpOnly cookie (30 min, scoped to /portal)
  • No JWT or sensitive tokens are ever exposed in URLs or client-side JavaScript
  • All plan changes go through Midtrans for paid upgrades

What your users see

  • Their current plan with pricing
  • Available plans with upgrade/downgrade buttons
  • Payment history with status badges
  • Cancel subscription option
  • Your project's branding (same theme as your hosted login page)

Theming

The portal uses the same theme_config as your hosted login page. Configure colors, fonts, and border radius in your project settings — it applies to both.

API Playground
Click "Try it" on any endpoint to get started.
Astapa — Auth, Payments & Plans in One API