@deiondz/better-auth-razorpay 2.0.1 → 2.0.3

package/README.md

@@ -84,6 +84,7 @@ export const auth = betterAuth({
     razorpayPlugin({
       razorpayClient,
       razorpayWebhookSecret: process.env.RAZORPAY_WEBHOOK_SECRET,
+      razorpayKeySecret: process.env.RAZORPAY_KEY_SECRET, // optional: enables verify-payment endpoint
       createCustomerOnSignUp: true, // optional
       subscription: {
         enabled: true,
@@ -111,7 +112,9 @@ export const auth = betterAuth({
 })
 ```
 
-3. **Add Client Plugin**
+3. **Add Client Plugin (required to avoid 404s)**
+
+Add the Razorpay client plugin so requests use the correct paths. **Without it, calls like `authClient.api.get('/razorpay/get-plans')` can hit wrong URLs (e.g. `POST /api/auth/api/get` 404).** The plugin exposes `authClient.razorpay.*` methods that use the plugin’s route map.
 
 ```typescript
 // src/lib/auth-client.ts
@@ -141,6 +144,7 @@ BETTER_AUTH_URL=https://yourdomain.com
 RAZORPAY_KEY_ID=rzp_test_xxxxxxxxxxxx
 RAZORPAY_KEY_SECRET=your_secret_key
 RAZORPAY_WEBHOOK_SECRET=your_webhook_secret
+# Pass RAZORPAY_KEY_SECRET as razorpayKeySecret in plugin options to enable the verify-payment endpoint (same as client key, not webhook secret).
 ```
 
 5. **Run Database Migration**
@@ -163,6 +167,7 @@ npx @better-auth/cli@latest generate
 interface RazorpayPluginOptions {
   razorpayClient: Razorpay         // Required: Initialized Razorpay instance (key_id, key_secret)
   razorpayWebhookSecret?: string  // Optional: Webhook secret for signature verification
+  razorpayKeySecret?: string      // Optional: API key secret for payment signature verification; when set, enables POST /razorpay/verify-payment (same secret as Razorpay client, not webhook secret)
   createCustomerOnSignUp?: boolean // Optional: Create Razorpay customer on user sign-up (default: false)
   onCustomerCreate?: (args) => Promise<void>
   getCustomerCreateParams?: (args) => Promise<{ params?: Record<string, unknown> }>
@@ -197,6 +202,7 @@ Example: using callbacks in your config:
 razorpayPlugin({
   razorpayClient,
   razorpayWebhookSecret: process.env.RAZORPAY_WEBHOOK_SECRET,
+  razorpayKeySecret: process.env.RAZORPAY_KEY_SECRET, // optional: enables verify-payment endpoint
   createCustomerOnSignUp: true,
   onCustomerCreate: async ({ user, razorpayCustomer }) => {
     console.log(`Razorpay customer created for user ${user.id}: ${razorpayCustomer.id}`)
@@ -429,7 +435,7 @@ if (response.success && response.data) {
 
 ### 4. Verify Payment
 
-Verify payment signature after Razorpay checkout completion.
+Verify payment signature after Razorpay checkout completion. This endpoint is **only registered when `razorpayKeySecret`** is set in plugin options. Use the same API key secret as your Razorpay client (not the webhook secret).
 
 **Endpoint:** `POST /api/auth/razorpay/verify-payment`
 
@@ -484,6 +490,7 @@ const handlePaymentSuccess = async (razorpayResponse: {
 - `SIGNATURE_VERIFICATION_FAILED` - Invalid payment signature
 - `UNAUTHORIZED` - User not authenticated
 - `SUBSCRIPTION_NOT_FOUND` - Subscription record not found
+- `FORBIDDEN` - Subscription does not belong to authenticated user
 
 ---
 
@@ -663,23 +670,42 @@ Handle Razorpay webhook events (automatically called by Razorpay).
 
 ## Client Usage
 
-### Better Auth Client Methods
+### Preferred: authClient.razorpay.* (method-based API)
 
-The plugin integrates with Better Auth's client API. Use `authClient.api` for all endpoint calls:
+When you add `razorpayClientPlugin()` to `createAuthClient({ plugins: [...] })`, the client gets `authClient.razorpay` with explicit methods. **Use these so requests hit the correct paths** (avoids 404s like `POST /api/auth/api/get`):
 
 ```typescript
 import { authClient } from '@/lib/auth-client'
 
-// GET request
-const plans = await authClient.api.get('/razorpay/get-plans')
+// GET plans
+const plansRes = await authClient.razorpay.getPlans()
+if (plansRes.success) console.log(plansRes.data)
+
+// List subscriptions
+const listRes = await authClient.razorpay.listSubscriptions({ referenceId: 'optional' })
 
-// POST request (create or update subscription)
-const result = await authClient.api.post('/razorpay/subscription/create-or-update', {
-  body: { plan: 'Starter', annual: false, seats: 1 },
+// Create or update subscription (returns checkoutUrl for Razorpay payment page)
+const result = await authClient.razorpay.createOrUpdateSubscription({
+  plan: 'Starter',
+  annual: false,
+  seats: 1,
+})
+if (result.success) window.location.href = result.data.checkoutUrl
+
+// Cancel, restore, verify payment
+await authClient.razorpay.cancelSubscription({ subscriptionId: 'sub_xxx', immediately: false })
+await authClient.razorpay.restoreSubscription({ subscriptionId: 'sub_xxx' })
+await authClient.razorpay.verifyPayment({
+  razorpay_payment_id: 'pay_xxx',
+  razorpay_subscription_id: 'sub_xxx',
+  razorpay_signature: '...',
 })
-// result.data.checkoutUrl -> redirect user to Razorpay payment page
 ```
 
+### Fallback: authClient.api (only if client plugin is not used)
+
+If you do not add the client plugin, you can use `authClient.api.get/post` with the Razorpay paths. **This can lead to 404s** (e.g. `POST /api/auth/api/get`) depending on how your auth client resolves paths. Prefer adding the client plugin and using `authClient.razorpay.*` instead.
+
 ### Type Safety
 
 Infer types from your auth configuration:
@@ -699,7 +725,7 @@ type User = typeof authClient.$Infer.Session.user
 
 ## TanStack Query Hooks
 
-The plugin works with **TanStack Query**: you can use it with `useQuery`/`useMutation` and `authClient.api` in any way you like. We provide optional pre-built hooks below; if you prefer a different setup, build your own hooks around the same endpoints (e.g. `authClient.api.get('/razorpay/get-plans')`, `authClient.api.post('/razorpay/subscription/create-or-update', { body })`, etc.).
+The plugin works with **TanStack Query**. We provide optional pre-built hooks that accept your auth client; when you use `razorpayClientPlugin()`, the hooks call `authClient.razorpay.*` so requests hit the correct paths. If you prefer a different setup, use `authClient.razorpay.getPlans()`, `authClient.razorpay.createOrUpdateSubscription(...)`, etc., or build your own hooks around those methods.
 
 To use our pre-built hooks, install peer dependencies:
 
@@ -1352,38 +1378,43 @@ async function initializeRazorpayCheckout(subscriptionId: string) {
 
 ### Common Issues
 
-**1. "Plan not found in configured plans"**
+**1. "POST /api/auth/api/get 404" or Razorpay requests returning 404**
+- Add the **client plugin** to your auth client: `createAuthClient({ plugins: [razorpayClientPlugin(), ...] })`
+- Use **method-based API** instead of `authClient.api.get/post`: call `authClient.razorpay.getPlans()`, `authClient.razorpay.createOrUpdateSubscription(...)`, etc., so requests use the plugin’s route map and hit the correct paths
+- The TanStack hooks (`usePlans`, `useSubscriptions`, etc.) use `authClient.razorpay` when present, so they work correctly once the client plugin is added
+
+**2. "Plan not found in configured plans"**
 - Ensure the plan ID exists in Razorpay dashboard
 - Add the plan ID to the `plans` array in plugin configuration
 - Re-run Better Auth CLI after updating plans
 
-**2. "Webhook signature verification failed"**
+**3. "Webhook signature verification failed"**
 - Verify webhook secret matches Razorpay dashboard
 - Ensure webhook URL is correct: `https://yourdomain.com/api/auth/razorpay/webhook`
 - Check that request body is not modified
 - Verify `x-razorpay-signature` header is present
 
-**3. "Subscription already exists"**
+**4. "Subscription already exists"**
 - User already has an active subscription
 - Cancel or pause existing subscription first
 - Check subscription status before creating new one
 
-**4. "User not authenticated"**
+**5. "User not authenticated"**
 - Ensure user is logged in via Better Auth
 - Check session middleware is properly configured
 - Verify `sessionMiddleware` is used in endpoint configuration
 
-**5. "Subscription not found"**
+**6. "Subscription not found"**
 - Subscription may have been deleted
 - Check subscription ID is correct
 - Verify subscription belongs to the user
 
-**6. Database Schema Issues**
+**7. Database Schema Issues**
 - Run `npx @better-auth/cli@latest migrate` after adding plugin
 - For Prisma/Drizzle: Run `npx @better-auth/cli@latest generate`
 - Check that user additional fields are properly configured
 
-**7. Type Errors**
+**8. Type Errors**
 - Ensure you're using `createAuthClient<typeof auth>()` for type inference
 - Import types from `@deiondz/better-auth-razorpay`
 - Check that plugin is properly exported

package/api/index.ts

@@ -3,4 +3,5 @@ export { createOrUpdateSubscription } from './create-or-update-subscription'
 export { getPlans } from './get-plans'
 export { listSubscriptions } from './list-subscriptions'
 export { restoreSubscription } from './restore-subscription'
+export { verifyPayment } from './verify-payment'
 export { webhook } from './webhook'

package/api/verify-payment.ts

@@ -0,0 +1,87 @@
+import { createHmac } from 'node:crypto'
+import { createAuthEndpoint, sessionMiddleware } from 'better-auth/api'
+import {
+  handleRazorpayError,
+  verifyPaymentSchema,
+  type SubscriptionRecord,
+} from '../lib'
+
+/**
+ * POST /api/auth/razorpay/verify-payment
+ * Verifies payment signature after Razorpay subscription checkout completion.
+ * Requires razorpayKeySecret to be set in plugin options.
+ */
+export const verifyPayment = (keySecret: string) =>
+  createAuthEndpoint(
+    '/razorpay/verify-payment',
+    { method: 'POST', use: [sessionMiddleware] },
+    async (ctx) => {
+      try {
+        const body = verifyPaymentSchema.parse(ctx.body)
+        const { razorpay_payment_id, razorpay_subscription_id, razorpay_signature } = body
+
+        const generatedSignature = createHmac('sha256', keySecret)
+          .update(`${razorpay_payment_id}|${razorpay_subscription_id}`)
+          .digest('hex')
+
+        if (generatedSignature !== razorpay_signature) {
+          return {
+            success: false,
+            error: {
+              code: 'SIGNATURE_VERIFICATION_FAILED',
+              description: 'Payment signature verification failed',
+            },
+          }
+        }
+
+        const userId = ctx.context.session?.user?.id
+        if (!userId) {
+          return {
+            success: false,
+            error: { code: 'UNAUTHORIZED', description: 'User not authenticated' },
+          }
+        }
+
+        const record = (await ctx.context.adapter.findOne({
+          model: 'subscription',
+          where: [{ field: 'razorpaySubscriptionId', value: razorpay_subscription_id }],
+        })) as SubscriptionRecord | null
+
+        if (!record) {
+          return {
+            success: false,
+            error: { code: 'SUBSCRIPTION_NOT_FOUND', description: 'Subscription not found' },
+          }
+        }
+
+        if (record.referenceId !== userId) {
+          return {
+            success: false,
+            error: { code: 'FORBIDDEN', description: 'Subscription does not belong to you' },
+          }
+        }
+
+        await ctx.context.adapter.update({
+          model: 'subscription',
+          where: [{ field: 'razorpaySubscriptionId', value: razorpay_subscription_id }],
+          update: {
+            data: {
+              status: 'pending',
+              updatedAt: new Date(),
+            },
+          },
+        })
+
+        return {
+          success: true,
+          data: {
+            message: 'Payment verified successfully',
+            payment_id: razorpay_payment_id,
+            subscription_id: razorpay_subscription_id,
+          },
+        }
+      } catch (error) {
+        return handleRazorpayError(error)
+      }
+    }
+  )

package/client/hooks.ts

@@ -17,11 +17,13 @@ import type {
   CancelSubscriptionInput,
   RestoreSubscriptionInput,
   ListSubscriptionsInput,
+  VerifyPaymentInput,
   GetPlansResponse,
   ListSubscriptionsResponse,
   CreateOrUpdateSubscriptionResponse,
   CancelSubscriptionResponse,
   RestoreSubscriptionResponse,
+  VerifyPaymentResponse,
   RazorpayApiError,
 } from './types'
 
@@ -44,65 +46,90 @@ function assertSuccess<T>(res: unknown): asserts res is { success: true; data: T
   throw new Error('Invalid response')
 }
 
-/** Fetch plans (GET /razorpay/get-plans). */
+/** Fetch plans (GET /razorpay/get-plans). Prefers client.razorpay when available to avoid 404s. */
 async function fetchPlans(client: RazorpayAuthClient): Promise<PlanSummary[]> {
-  const res = await client.api.get(`${BASE}/get-plans`)
+  const res = client.razorpay
+    ? await client.razorpay.getPlans()
+    : await client.api.get(`${BASE}/get-plans`)
   assertSuccess<PlanSummary[]>(res)
   return res.data
 }
 
-/** Fetch subscriptions list (GET /razorpay/subscription/list). */
+/** Fetch subscriptions list (GET /razorpay/subscription/list). Prefers client.razorpay when available. */
 async function fetchSubscriptions(
   client: RazorpayAuthClient,
   input?: ListSubscriptionsInput
 ): Promise<ListSubscriptionsResponse['data']> {
-  const query: Record<string, string> = {}
-  if (input?.referenceId) query.referenceId = input.referenceId
-  const path = `${BASE}/subscription/list`
-  const res =
-    Object.keys(query).length > 0
-      ? await client.api.get(path, { query })
-      : await client.api.get(path)
+  const res = client.razorpay
+    ? await client.razorpay.listSubscriptions(input)
+    : (() => {
+        const query: Record<string, string> = {}
+        if (input?.referenceId) query.referenceId = input.referenceId
+        const path = `${BASE}/subscription/list`
+        return Object.keys(query).length > 0
+          ? client.api.get(path, { query })
+          : client.api.get(path)
+      })()
   assertSuccess<ListSubscriptionsResponse['data']>(res)
   return res.data
 }
 
-/** Create or update subscription (POST /razorpay/subscription/create-or-update). */
+/** Create or update subscription (POST /razorpay/subscription/create-or-update). Prefers client.razorpay when available. */
 async function createOrUpdateSubscription(
   client: RazorpayAuthClient,
   input: CreateOrUpdateSubscriptionInput
 ): Promise<CreateOrUpdateSubscriptionResponse['data']> {
-  const res = await client.api.post(`${BASE}/subscription/create-or-update`, {
-    body: input as unknown as Record<string, unknown>,
-  })
+  const res = client.razorpay
+    ? await client.razorpay.createOrUpdateSubscription(input)
+    : await client.api.post(`${BASE}/subscription/create-or-update`, {
+        body: input as unknown as Record<string, unknown>,
+      })
   assertSuccess<CreateOrUpdateSubscriptionResponse['data']>(res)
   return res.data
 }
 
-/** Cancel subscription (POST /razorpay/subscription/cancel). */
+/** Cancel subscription (POST /razorpay/subscription/cancel). Prefers client.razorpay when available. */
 async function cancelSubscription(
   client: RazorpayAuthClient,
   input: CancelSubscriptionInput
 ): Promise<CancelSubscriptionResponse['data']> {
-  const res = await client.api.post(`${BASE}/subscription/cancel`, {
-    body: input as unknown as Record<string, unknown>,
-  })
+  const res = client.razorpay
+    ? await client.razorpay.cancelSubscription(input)
+    : await client.api.post(`${BASE}/subscription/cancel`, {
+        body: input as unknown as Record<string, unknown>,
+      })
   assertSuccess<CancelSubscriptionResponse['data']>(res)
   return res.data
 }
 
-/** Restore subscription (POST /razorpay/subscription/restore). */
+/** Restore subscription (POST /razorpay/subscription/restore). Prefers client.razorpay when available. */
 async function restoreSubscription(
   client: RazorpayAuthClient,
   input: RestoreSubscriptionInput
 ): Promise<RestoreSubscriptionResponse['data']> {
-  const res = await client.api.post(`${BASE}/subscription/restore`, {
-    body: input as unknown as Record<string, unknown>,
-  })
+  const res = client.razorpay
+    ? await client.razorpay.restoreSubscription(input)
+    : await client.api.post(`${BASE}/subscription/restore`, {
+        body: input as unknown as Record<string, unknown>,
+      })
   assertSuccess<RestoreSubscriptionResponse['data']>(res)
   return res.data
 }
 
+/** Verify payment (POST /razorpay/verify-payment). Prefers client.razorpay when available. */
+async function verifyPayment(
+  client: RazorpayAuthClient,
+  input: VerifyPaymentInput
+): Promise<VerifyPaymentResponse['data']> {
+  const res = client.razorpay
+    ? await client.razorpay.verifyPayment(input)
+    : await client.api.post(`${BASE}/verify-payment`, {
+        body: input as unknown as Record<string, unknown>,
+      })
+  assertSuccess<VerifyPaymentResponse['data']>(res)
+  return res.data
+}
+
 export type UsePlansOptions = Omit<
   UseQueryOptions<PlanSummary[], Error, PlanSummary[], readonly string[]>,
   'queryKey' | 'queryFn'
@@ -214,16 +241,19 @@ export type UseRestoreSubscriptionOptions = UseMutationOptions<
 // Re-export client types for convenience when importing from this entry
 export type {
   RazorpayAuthClient,
+  RazorpayClientActions,
   PlanSummary,
   CreateOrUpdateSubscriptionInput,
   CancelSubscriptionInput,
   RestoreSubscriptionInput,
   ListSubscriptionsInput,
+  VerifyPaymentInput,
   GetPlansResponse,
   ListSubscriptionsResponse,
   CreateOrUpdateSubscriptionResponse,
   CancelSubscriptionResponse,
   RestoreSubscriptionResponse,
+  VerifyPaymentResponse,
   RazorpayApiError,
   RazorpayApiResult,
 } from './types'
@@ -246,3 +276,30 @@ export function useRestoreSubscription(
     },
   })
 }
+
+export type UseVerifyPaymentOptions = UseMutationOptions<
+  VerifyPaymentResponse['data'],
+  Error,
+  VerifyPaymentInput,
+  unknown
+>
+
+/**
+ * Verify payment signature after Razorpay checkout success.
+ * Call with the payload from the Razorpay success handler (razorpay_payment_id, razorpay_subscription_id, razorpay_signature).
+ * Invalidates subscriptions list on success.
+ */
+export function useVerifyPayment(
+  client: RazorpayAuthClient | null | undefined,
+  options?: UseVerifyPaymentOptions
+) {
+  const queryClient = useQueryClient()
+  return useMutation({
+    mutationFn: (input: VerifyPaymentInput) => verifyPayment(client!, input),
+    ...options,
+    onSuccess: (data, variables, onMutateResult, context) => {
+      queryClient.invalidateQueries({ queryKey: razorpayQueryKeys.subscriptions() })
+      options?.onSuccess?.(data, variables, onMutateResult, context)
+    },
+  })
+}

package/client/types.ts

@@ -64,9 +64,34 @@ export type RazorpayApiResult<T = unknown> =
   | { success: true; data: T }
   | RazorpayApiError
 
+/** Razorpay API actions from the client plugin (authClient.razorpay). Use these so requests hit the correct paths. */
+export interface RazorpayClientActions {
+  getPlans: (fetchOptions?: { query?: Record<string, string> }) => Promise<RazorpayApiResult<PlanSummary[]>>
+  listSubscriptions: (
+    input?: ListSubscriptionsInput,
+    fetchOptions?: { query?: Record<string, string> }
+  ) => Promise<RazorpayApiResult<ListSubscriptionsResponse['data']>>
+  createOrUpdateSubscription: (
+    input: CreateOrUpdateSubscriptionInput,
+    fetchOptions?: { body?: Record<string, unknown> }
+  ) => Promise<RazorpayApiResult<CreateOrUpdateSubscriptionResponse['data']>>
+  cancelSubscription: (
+    input: CancelSubscriptionInput,
+    fetchOptions?: { body?: Record<string, unknown> }
+  ) => Promise<RazorpayApiResult<CancelSubscriptionResponse['data']>>
+  restoreSubscription: (
+    input: RestoreSubscriptionInput,
+    fetchOptions?: { body?: Record<string, unknown> }
+  ) => Promise<RazorpayApiResult<RestoreSubscriptionResponse['data']>>
+  verifyPayment: (
+    input: VerifyPaymentInput,
+    fetchOptions?: { body?: Record<string, unknown> }
+  ) => Promise<RazorpayApiResult<VerifyPaymentResponse['data']>>
+}
+
 /**
  * Minimal auth client interface for Razorpay hooks.
- * Compatible with Better Auth's createAuthClient() return type.
+ * When using the client plugin (razorpayClientPlugin()), authClient.razorpay is set and hooks use it so requests hit the correct paths (avoids 404s from api.get/post).
  */
 export interface RazorpayAuthClient {
   api: {
@@ -79,6 +104,8 @@ export interface RazorpayAuthClient {
       options?: { body?: Record<string, unknown> }
     ) => Promise<RazorpayApiResult<unknown>>
   }
+  /** Set when razorpayClientPlugin() is used in createAuthClient({ plugins: [razorpayClientPlugin()] }). Prefer these methods over api.get/post. */
+  razorpay?: RazorpayClientActions
 }
 
 /** Input for create-or-update subscription. */
@@ -106,3 +133,20 @@ export interface RestoreSubscriptionInput {
 export interface ListSubscriptionsInput {
   referenceId?: string
 }
+
+/** Input for verify-payment (Razorpay checkout success callback payload). */
+export interface VerifyPaymentInput {
+  razorpay_payment_id: string
+  razorpay_subscription_id: string
+  razorpay_signature: string
+}
+
+/** Response shape for verify-payment (success). */
+export interface VerifyPaymentResponse {
+  success: true
+  data: {
+    message: string
+    payment_id: string
+    subscription_id: string
+  }
+}

package/client.ts

@@ -1,8 +1,105 @@
 import type { BetterAuthClientPlugin } from 'better-auth/client'
 import type { razorpayPlugin } from './index'
+import type {
+  PlanSummary,
+  CreateOrUpdateSubscriptionInput,
+  CancelSubscriptionInput,
+  RestoreSubscriptionInput,
+  ListSubscriptionsInput,
+  VerifyPaymentInput,
+  ListSubscriptionsResponse,
+  CreateOrUpdateSubscriptionResponse,
+  CancelSubscriptionResponse,
+  RestoreSubscriptionResponse,
+  VerifyPaymentResponse,
+  RazorpayApiResult,
+} from './client/types'
 
+type FetchFn = (
+  path: string,
+  options?: {
+    method?: string
+    body?: Record<string, unknown>
+    query?: Record<string, string>
+  }
+) => Promise<RazorpayApiResult<unknown>>
+
+const PATHS = {
+  getPlans: '/razorpay/get-plans',
+  listSubscriptions: '/razorpay/subscription/list',
+  createOrUpdateSubscription: '/razorpay/subscription/create-or-update',
+  cancelSubscription: '/razorpay/subscription/cancel',
+  restoreSubscription: '/razorpay/subscription/restore',
+  verifyPayment: '/razorpay/verify-payment',
+} as const
+
+/**
+ * Razorpay client plugin for Better Auth.
+ * Exposes authClient.razorpay.* so requests use the correct paths and avoid 404s from api.get/post.
+ * Add to createAuthClient: plugins: [razorpayClientPlugin()]
+ */
 export const razorpayClientPlugin = () =>
   ({
     id: 'razorpay-plugin',
     $InferServerPlugin: {} as ReturnType<typeof razorpayPlugin>,
+    getActions: ($fetch: FetchFn) => ({
+      razorpay: {
+        getPlans: (fetchOptions?: Parameters<FetchFn>[1]) =>
+          $fetch(PATHS.getPlans, { method: 'GET', ...fetchOptions }) as Promise<
+            RazorpayApiResult<PlanSummary[]>
+          >,
+
+        listSubscriptions: (
+          input?: ListSubscriptionsInput,
+          fetchOptions?: Parameters<FetchFn>[1]
+        ) =>
+          $fetch(PATHS.listSubscriptions, {
+            method: 'GET',
+            query: input?.referenceId ? { referenceId: input.referenceId } : undefined,
+            ...fetchOptions,
+          }) as Promise<RazorpayApiResult<ListSubscriptionsResponse['data']>>,
+
+        createOrUpdateSubscription: (
+          input: CreateOrUpdateSubscriptionInput,
+          fetchOptions?: Parameters<FetchFn>[1]
+        ) =>
+          $fetch(PATHS.createOrUpdateSubscription, {
+            method: 'POST',
+            body: input as unknown as Record<string, unknown>,
+            ...fetchOptions,
+          }) as Promise<
+            RazorpayApiResult<CreateOrUpdateSubscriptionResponse['data']>
+          >,
+
+        cancelSubscription: (
+          input: CancelSubscriptionInput,
+          fetchOptions?: Parameters<FetchFn>[1]
+        ) =>
+          $fetch(PATHS.cancelSubscription, {
+            method: 'POST',
+            body: input as unknown as Record<string, unknown>,
+            ...fetchOptions,
+          }) as Promise<RazorpayApiResult<CancelSubscriptionResponse['data']>>,
+
+        restoreSubscription: (
+          input: RestoreSubscriptionInput,
+          fetchOptions?: Parameters<FetchFn>[1]
+        ) =>
+          $fetch(PATHS.restoreSubscription, {
+            method: 'POST',
+            body: input as unknown as Record<string, unknown>,
+            ...fetchOptions,
+          }) as Promise<RazorpayApiResult<RestoreSubscriptionResponse['data']>>,
+
+        verifyPayment: (
+          input: VerifyPaymentInput,
+          fetchOptions?: Parameters<FetchFn>[1]
+        ) =>
+          $fetch(PATHS.verifyPayment, {
+            method: 'POST',
+            body: input as unknown as Record<string, unknown>,
+            ...fetchOptions,
+          }) as Promise<RazorpayApiResult<VerifyPaymentResponse['data']>>,
+      },
+    }),
   }) satisfies BetterAuthClientPlugin

package/index.ts

@@ -5,6 +5,7 @@ import {
   getPlans,
   listSubscriptions,
   restoreSubscription,
+  verifyPayment,
   webhook,
 } from './api'
 import type { RazorpayPluginOptions, RazorpayUserRecord } from './lib'
@@ -21,6 +22,7 @@ import type { RazorpayPluginOptions, RazorpayUserRecord } from './lib'
  * @param options - Plugin configuration
  * @param options.razorpayClient - Initialized Razorpay instance (key_id, key_secret)
  * @param options.razorpayWebhookSecret - Webhook secret for signature verification
+ * @param options.razorpayKeySecret - API key secret for payment signature verification (optional; when set, enables POST /razorpay/verify-payment)
  * @param options.createCustomerOnSignUp - Create Razorpay customer when user signs up (default: false)
  * @param options.onCustomerCreate - Callback after customer is created
  * @param options.getCustomerCreateParams - Custom params when creating customer
@@ -31,6 +33,7 @@ export const razorpayPlugin = (options: RazorpayPluginOptions) => {
   const {
     razorpayClient,
     razorpayWebhookSecret,
+    razorpayKeySecret,
     createCustomerOnSignUp = false,
     onCustomerCreate,
     getCustomerCreateParams,
@@ -83,6 +86,9 @@ export const razorpayPlugin = (options: RazorpayPluginOptions) => {
       'subscription/restore': restoreSubscription(razorpay),
       'subscription/list': listSubscriptions({ subscription: subOpts }),
       'get-plans': getPlans({ subscription: subOpts }),
+      ...(razorpayKeySecret
+        ? { 'verify-payment': verifyPayment(razorpayKeySecret) }
+        : {}),
       webhook: webhook(razorpayWebhookSecret, options.onWebhookEvent ?? undefined, {
         subscription: subOpts,
         onEvent,

package/lib/types.ts

@@ -169,6 +169,8 @@ export interface RazorpayPluginOptions {
   razorpayClient: import('razorpay')
   /** Webhook secret for signature verification. */
   razorpayWebhookSecret?: string
+  /** API key secret for payment signature verification. When set, enables POST /razorpay/verify-payment (same secret as Razorpay client, not webhook secret). */
+  razorpayKeySecret?: string
   /** Create Razorpay customer when user signs up. Default: false. */
   createCustomerOnSignUp?: boolean
   /** Called after a Razorpay customer is created. */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@deiondz/better-auth-razorpay",
-  "version": "2.0.1",
+  "version": "2.0.3",
   "description": "Better Auth plugin for Razorpay subscriptions and payments",
   "type": "module",
   "main": "./index.ts",