Third-party payment gateways

For white-label apps, AURA does not process payments. You take payment through your own third-party gateway (Payfast, NetCash, SagePay, Stripe, Safaricom…), then activate the customer’s subscription through the Panic API. Payment configuration, pricing, card storage, gateway choice, and recurring collections stay entirely on your side — so you can switch gateways or change pricing without depending on AURA.

Who does what

AURA	You (the integrator)
Embeds the Panic API in your branded app	Build and host the signup handler
Manages subscriptions (create / query / update / cancel)	Process payment via your chosen gateway
Provides emergency response while a subscription is active	Store card details and run recurring billing

The flow

In the app, a customer without a subscription chooses Online subscription.
The app opens an in-app webview to your signup handler, passing three query parameters:
- token — the customer’s AURA OAuth access token (a JWT whose claims include customerId and sub). Decode it to read the customerId; you don’t verify its signature — AURA verifies the token server-side whenever you use it as a bearer credential.
- redirectUrl — where to send the customer when you’re done.
- userid — the token’s sub claim, for convenience.
e.g. https://my.paymentgateway.com?token=xxxxx&redirectUrl=...&userid=...
Your signup handler takes payment through your gateway.
On success, activate a subscription via the Panic API, then redirect back to redirectUrl with success=true (or success=false on failure), preserving the original parameters. The app watches the webview URL for the success parameter to decide which screen to show.
AURA’s payment handler verifies the subscription and returns the customer to the app, which shows a success or failure screen.

Activating the subscription

After payment succeeds, in your signup handler:

Find the subscription type — GET /panic-api/v2/subscriptions/subscriptionTypes and pick the entry whose value is WEB_SIGNUP_SINGLE (or WEB_SIGNUP_FAMILY for family plans). Store its id.
Decode the JWT token to get the customerId, and store it linked to your own customer record.
Create the subscription — POST /panic-api/v2/subscriptions:

1 {
2   "customerId": 178921,
3   "subscriptionTypeId": 12,
4   "validFrom": "2024-11-06T00:00:00.000Z",
5   "validTo": "2024-12-11T00:00:00.000Z"
6 }

Subscription lifecycle

Once-off — set validTo far in the future (the guide uses ~100 years).
Monthly renewal — set validTo to ~35 days out (allow a few days’ grace for retries), then renew each cycle with PUT /panic-api/v2/subscriptions/{subscriptionId}.
Cancel early — DELETE /panic-api/v2/subscriptions/{subscriptionId}; access is lost immediately.
Re-subscribe — lapsed or deleted subscriptions can’t be recovered; create a new one with POST /panic-api/v2/subscriptions.
Family — use WEB_SIGNUP_FAMILY; dependants are linked to the main member’s subscription and lose access if it lapses.

All dates use ISO 8601 in UTC (e.g. 2020-05-12T13:05:25.961Z). Convert from your local timezone so subscriptions activate when intended.