payment-kit 1.24.4 → 1.25.1

package/api/src/routes/subscriptions.ts

@@ -7,7 +7,7 @@ import pick from 'lodash/pick';
 import uniq from 'lodash/uniq';
 
 import { literal, Op, OrderItem } from 'sequelize';
-import { BN } from '@ocap/util';
+import { BN, fromTokenToUnit } from '@ocap/util';
 import { createEvent } from '../libs/audit';
 import { ensureStripeCustomer, ensureStripePrice, ensureStripeSubscription } from '../integrations/stripe/resource';
 import { createListParamSchema, getOrder, getWhereFromKvQuery, getWhereFromQuery, MetadataSchema } from '../libs/api';
@@ -15,7 +15,15 @@ import dayjs from '../libs/dayjs';
 import logger from '../libs/logger';
 import { isDelegationSufficientForPayment } from '../libs/payment';
 import { authenticate } from '../libs/security';
-import { expandLineItems, getFastCheckoutAmount, getSubscriptionCreateSetup, isLineItemAligned } from '../libs/session';
+import {
+  expandLineItems,
+  getFastCheckoutAmount,
+  getSubscriptionCreateSetup,
+  isLineItemAligned,
+  SlippageOptions,
+} from '../libs/session';
+import { getExchangeRateService } from '../libs/exchange-rate/service';
+import { getExchangeRateSymbol } from '../libs/exchange-rate/token-address-mapping';
 import {
   checkRemainingStake,
   createProration,
@@ -30,6 +38,7 @@ import {
   isSubscriptionOverdraftProtectionEnabled,
 } from '../libs/subscription';
 import { MAX_SUBSCRIPTION_ITEM_COUNT, formatMetadata } from '../libs/util';
+import { trimDecimals, limitTokenPrecision } from '../libs/math-utils';
 import { invoiceQueue } from '../queues/invoice';
 import {
   addSubscriptionJob,
@@ -39,7 +48,7 @@ import {
   slashStakeQueue,
   subscriptionQueue,
 } from '../queues/subscription';
-import type { TLineItemExpanded } from '../store/models';
+import type { TLineItemExpanded, ChainType } from '../store/models';
 import { Customer } from '../store/models/customer';
 import { Invoice } from '../store/models/invoice';
 import { InvoiceItem } from '../store/models/invoice-item';
@@ -48,6 +57,7 @@ import { PaymentCurrency } from '../store/models/payment-currency';
 import { PaymentIntent } from '../store/models/payment-intent';
 import { PaymentMethod } from '../store/models/payment-method';
 import { Price } from '../store/models/price';
+import { PriceQuote } from '../store/models/price-quote';
 import { PricingTable } from '../store/models/pricing-table';
 import { Product } from '../store/models/product';
 import { SetupIntent } from '../store/models/setup-intent';
@@ -70,6 +80,7 @@ import { getSubscriptionDiscountStats } from '../libs/discount/redemption';
 const router = Router();
 const auth = authenticate<Subscription>({ component: true, roles: ['owner', 'admin'] });
 const authMine = authenticate<Subscription>({ component: true, roles: ['owner', 'admin'], mine: true });
+const exchangeRateService = getExchangeRateService();
 const authPortal = authenticate<Subscription>({
   component: true,
   embed: true,
@@ -98,6 +109,7 @@ const schema = createListParamSchema<{
   activeFirst?: boolean;
   price_id?: string;
   showTotalCount?: boolean;
+  include_latest_invoice_quote?: boolean;
 }>({
   status: Joi.string().empty(''),
   customer_id: Joi.string().empty(''),
@@ -105,8 +117,121 @@ const schema = createListParamSchema<{
   activeFirst: Joi.boolean().optional(),
   price_id: Joi.string().empty(''),
   showTotalCount: Joi.boolean().optional(),
+  include_latest_invoice_quote: Joi.boolean().optional(),
 });
 
+const buildQuoteMetadata = (quote: PriceQuote) => {
+  const slippagePercent = quote.slippage_percent ?? (quote.metadata as any)?.slippage?.percent ?? null;
+  const minAcceptableRate = quote.min_acceptable_rate ?? (quote.metadata as any)?.slippage?.min_acceptable_rate ?? null;
+  const maxPayableToken = quote.max_payable_token ?? (quote.metadata as any)?.slippage?.max_payable_token ?? null;
+  const derivedAtMs = quote.slippage_derived_at_ms ?? (quote.metadata as any)?.slippage?.derived_at_ms ?? null;
+  const degraded = (quote.metadata as any)?.risk?.degraded ?? null;
+  const degradedReason = (quote.metadata as any)?.risk?.degraded_reason ?? null;
+
+  return {
+    id: quote.id,
+    base_currency: quote.base_currency,
+    base_amount: quote.base_amount,
+    quoted_amount: quote.quoted_amount,
+    target_currency_id: quote.target_currency_id,
+    rate_currency_symbol: quote.rate_currency_symbol,
+    exchange_rate: quote.exchange_rate,
+    rate_provider_name: quote.rate_provider_name,
+    rate_provider_id: quote.rate_provider_id,
+    rate_timestamp_ms: quote.rate_timestamp_ms,
+    consensus_method: (quote.metadata as any)?.rate?.consensus_method || null,
+    providers: (quote.metadata as any)?.rate?.providers || [],
+    degraded,
+    degraded_reason: degradedReason,
+    slippage_percent: slippagePercent,
+    min_acceptable_rate: minAcceptableRate,
+    max_payable_token: maxPayableToken,
+    derived_at_ms: derivedAtMs,
+    status: quote.status,
+  };
+};
+
+const attachQuoteMetadataToLines = (lines: any[] | undefined, quotesById: Map<string, PriceQuote>) => {
+  if (!lines?.length) {
+    return;
+  }
+  lines.forEach((line) => {
+    const quoteId = line?.metadata?.quote_id;
+    if (!quoteId) {
+      return;
+    }
+    const quote = quotesById.get(quoteId);
+    if (!quote) {
+      return;
+    }
+    line.metadata = {
+      ...(line.metadata || {}),
+      quote: {
+        ...(line.metadata?.quote || {}),
+        ...buildQuoteMetadata(quote),
+      },
+    };
+  });
+};
+
+const attachLatestInvoiceQuotes = async (subscriptions: any[]) => {
+  if (!subscriptions?.length) {
+    return;
+  }
+
+  const invoiceIds = uniq(subscriptions.map((sub) => sub.latest_invoice_id).filter(Boolean));
+  if (invoiceIds.length === 0) {
+    return;
+  }
+
+  const invoices = await Invoice.findAll({
+    where: { id: invoiceIds },
+    include: [
+      {
+        model: InvoiceItem,
+        as: 'lines',
+        attributes: ['id', 'metadata', 'amount', 'quantity', 'price_id'],
+      },
+    ],
+  });
+
+  if (!invoices.length) {
+    return;
+  }
+
+  const invoiceDocs = invoices.map((invoice) => invoice.toJSON()) as any[];
+  const quoteIds = new Set<string>();
+  invoiceDocs.forEach((invoice) => {
+    invoice.lines?.forEach((line: any) => {
+      const quoteId = line?.metadata?.quote_id;
+      if (typeof quoteId === 'string' && quoteId.length > 0) {
+        quoteIds.add(quoteId);
+      }
+    });
+  });
+
+  if (quoteIds.size > 0) {
+    const quotes = await PriceQuote.findAll({ where: { id: Array.from(quoteIds) } });
+    const quotesById = new Map(quotes.map((quote) => [quote.id, quote]));
+    invoiceDocs.forEach((invoice) => {
+      attachQuoteMetadataToLines(invoice.lines, quotesById);
+    });
+  }
+
+  const invoiceById = new Map(invoiceDocs.map((invoice) => [invoice.id, invoice]));
+  subscriptions.forEach((subscription) => {
+    const invoiceId = subscription.latest_invoice_id;
+    if (!invoiceId) {
+      return;
+    }
+    const invoice = invoiceById.get(invoiceId);
+    if (!invoice) {
+      return;
+    }
+    subscription.latest_invoice = pick(invoice, ['id', 'status', 'created_at', 'lines']);
+  });
+};
+
 // Create subscription directly (for SDK use)
 const createSchema = Joi.object({
   customer_id: Joi.string().required(),
@@ -325,10 +450,18 @@ router.post('/', auth, async (req, res) => {
 });
 
 router.get('/', authMine, async (req, res) => {
-  const { page, pageSize, status, livemode, ...query } = await schema.validateAsync(req.query, {
+  const {
+    page,
+    pageSize,
+    status,
+    livemode,
+    include_latest_invoice_quote: includeLatestInvoiceQuoteParam = false,
+    ...query
+  } = await schema.validateAsync(req.query, {
     stripUnknown: false,
     allowUnknown: true,
   });
+  const includeLatestInvoiceQuote = includeLatestInvoiceQuoteParam === true;
   const where = getWhereFromKvQuery(query.q);
 
   if (status) {
@@ -395,6 +528,9 @@ router.get('/', authMine, async (req, res) => {
     const docs = list.map((x) => x.toJSON());
     // @ts-ignore
     docs.forEach((x) => expandLineItems(x.items, products, prices));
+    if (includeLatestInvoiceQuote) {
+      await attachLatestInvoiceQuotes(docs);
+    }
 
     if (query.showTotalCount) {
       const totalCount = await Subscription.count({
@@ -417,14 +553,25 @@ router.get('/', authMine, async (req, res) => {
 // search subscriptions
 const searchSchema = createListParamSchema<{
   query: string;
+  include_latest_invoice_quote?: boolean;
 }>({
   query: Joi.string(),
+  include_latest_invoice_quote: Joi.boolean().optional(),
 });
 router.get('/search', auth, async (req, res) => {
-  const { page, pageSize, query, livemode, q, o } = await searchSchema.validateAsync(req.query, {
+  const {
+    page,
+    pageSize,
+    query,
+    livemode,
+    q,
+    o,
+    include_latest_invoice_quote: includeLatestInvoiceQuoteParam = false,
+  } = await searchSchema.validateAsync(req.query, {
     stripUnknown: false,
     allowUnknown: true,
   });
+  const includeLatestInvoiceQuote = includeLatestInvoiceQuoteParam === true;
 
   const where = q != null ? getWhereFromKvQuery(q) : getWhereFromQuery(query);
   if (typeof livemode === 'boolean') {
@@ -450,6 +597,9 @@ router.get('/search', auth, async (req, res) => {
   const docs = list.map((x) => x.toJSON());
   // @ts-ignore
   docs.forEach((x) => expandLineItems(x.items, products, prices));
+  if (includeLatestInvoiceQuote) {
+    await attachLatestInvoiceQuotes(docs);
+  }
   res.json({ count, list: docs, paging: { page, pageSize } });
 });
 
@@ -1250,7 +1400,64 @@ router.put('/:id', authPortal, async (req, res) => {
       } else {
         // update subscription period settings
         // HINT: if we are adding new items, we need to reset the anchor to now
-        const setup = getSubscriptionCreateSetup(newItems, paymentCurrency.id, 0);
+        // For change-plan (proration), we need exact amounts, not authorization amounts with slippage buffer.
+        // So we don't pass minAcceptableRate or slippage percent here.
+        // The custom_amount we set below will be used as-is.
+        const slippageOptions: SlippageOptions = {
+          percent: 0, // No slippage multiplier for actual payment
+          // Don't include minAcceptableRate - it would override custom_amount calculation
+          currencyDecimal: paymentCurrency.decimal,
+        };
+
+        // For dynamic pricing items, calculate custom_amount using current exchange rate
+        // This ensures the total is calculated with current rate, not the stale unit_amount
+        const hasDynamicPricing = newItems.some((x) => (x.upsell_price || x.price).pricing_type === 'dynamic');
+        if (hasDynamicPricing) {
+          const currencyPaymentMethod =
+            (paymentCurrency as any).payment_method ||
+            (await PaymentMethod.findByPk(paymentCurrency.payment_method_id));
+          const rateSymbol = getExchangeRateSymbol(paymentCurrency.symbol, currencyPaymentMethod?.type as ChainType);
+          try {
+            const rateResult = await exchangeRateService.getRate(rateSymbol);
+            if (rateResult?.rate) {
+              const USD_DECIMALS = 8;
+              const currentRate = rateResult.rate;
+              // Set custom_amount for each dynamic pricing item
+              newItems.forEach((item: any) => {
+                const price = item.upsell_price || item.price;
+                if (price.pricing_type === 'dynamic' && price.base_amount) {
+                  // Calculate: base_amount / rate * 10^decimal
+                  // Use trimDecimals to avoid "too many decimal places" error
+                  const baseAmountBN = fromTokenToUnit(trimDecimals(price.base_amount, USD_DECIMALS), USD_DECIMALS);
+                  const rateBN = fromTokenToUnit(trimDecimals(currentRate, USD_DECIMALS), USD_DECIMALS);
+                  if (rateBN.gt(new BN(0))) {
+                    const amountBN = baseAmountBN
+                      .mul(new BN(10).pow(new BN(paymentCurrency.decimal)))
+                      .add(rateBN.sub(new BN(1))) // Round up
+                      .div(rateBN);
+                    // Apply same precision limiting as quote service (10 significant decimal places)
+                    const totalAmountBN = amountBN.mul(new BN(item.quantity));
+                    item.custom_amount = limitTokenPrecision(totalAmountBN, paymentCurrency.decimal, 10).toString();
+                    logger.info('Set custom_amount for dynamic pricing item in subscription update', {
+                      subscriptionId: subscription.id,
+                      priceId: price.id,
+                      baseAmount: price.base_amount,
+                      currentRate,
+                      customAmount: item.custom_amount,
+                    });
+                  }
+                }
+              });
+            }
+          } catch (err) {
+            logger.warn('Failed to fetch exchange rate for subscription update, using unit_amount', {
+              subscriptionId: subscription.id,
+              error: err,
+            });
+          }
+        }
+
+        const setup = getSubscriptionCreateSetup(newItems, paymentCurrency.id, 0, 0, slippageOptions);
         // Check if the subscription is currently in trial
         const isInTrial =
           subscription.status === 'trialing' && subscription.trial_end && subscription.trial_end > dayjs().unix();
@@ -1354,17 +1561,49 @@ router.put('/:id', authPortal, async (req, res) => {
 
           // 5. check do we need to connect
           let hasNext = true;
-          if (due === '0') {
+          let needsNewStake = false;
+
+          // Check if stake is required and if we need a new one
+          const requiresStake = paymentMethod.type === 'arcblock' && !subscription.billing_thresholds?.no_stake;
+          if (requiresStake) {
+            const existingStakeAddress = subscription.payment_details?.arcblock?.staking?.address;
+            if (existingStakeAddress) {
+              const stakeCheck = await checkRemainingStake(paymentMethod, paymentCurrency, existingStakeAddress, '1');
+              needsNewStake = !stakeCheck.enough;
+              logger.info('Change plan: checking existing stake in API', {
+                subscriptionId: subscription.id,
+                existingStakeAddress,
+                hasValidStake: stakeCheck.enough,
+                needsNewStake,
+              });
+            } else {
+              needsNewStake = true;
+            }
+          }
+
+          if (due === '0' && !needsNewStake) {
             hasNext = false;
           } else {
             const payer = getSubscriptionPaymentAddress(subscription, paymentMethod.type);
+            // For change-plan, we should check if delegation is sufficient for the due amount,
+            // not the full new plan price. The due amount is what user actually needs to pay.
             const delegation = await isDelegationSufficientForPayment({
               paymentMethod,
               paymentCurrency,
               userDid: payer,
-              amount: setup.amount.setup,
+              amount: due || '0',
+            });
+            logger.info('delegation sufficient for payment', {
+              subscription: subscription.id,
+              paymentMethod: paymentMethod.type,
+              paymentCurrency: paymentCurrency.id,
+              userDid: payer,
+              amount: due,
+              delegation,
+              needsNewStake,
             });
-            if (delegation.sufficient) {
+            if (delegation.sufficient && !needsNewStake) {
+              // Both delegation is sufficient and no new stake needed
               hasNext = false;
             } else if (['NO_DID_WALLET'].includes(delegation.reason as string)) {
               throw new Error('Subscription update can only be done when you do have connected DID Wallet');
@@ -1645,6 +1884,8 @@ router.post('/:id/change-plan', authPortal, async (req, res) => {
     const { newItems } = await validateSubscriptionUpdateRequest(subscription, req.body.items);
 
     // do the simulation
+    // Note: For dynamic pricing, the actual amount is calculated by frontend using current exchange rate
+    // Backend only provides the base structure, frontend handles display with real-time rates
     const setup = getSubscriptionCreateSetup(newItems, subscription.currency_id, 0);
     const result = await createProration(subscription, setup, dayjs().unix());
 
@@ -1756,6 +1997,260 @@ router.get('/:id/change-payment', authPortal, async (req, res) => {
   return res.json({ subscription, setupIntent });
 });
 
+router.get('/:id/exchange-rate', authPortal, async (req, res) => {
+  try {
+    const subscription = await Subscription.findByPk(req.params.id);
+    if (!subscription) {
+      return res.status(404).json({ error: 'Subscription not found' });
+    }
+
+    const currencyId = (req.query.currency_id as string) || subscription.currency_id;
+    const paymentCurrency = (await PaymentCurrency.findByPk(currencyId, {
+      include: [
+        {
+          model: PaymentMethod,
+          as: 'payment_method',
+        },
+      ],
+    })) as PaymentCurrency & { payment_method: PaymentMethod };
+
+    if (!paymentCurrency) {
+      return res.status(400).json({ error: 'Currency not found' });
+    }
+
+    const paymentMethod =
+      paymentCurrency.payment_method || (await PaymentMethod.findByPk(paymentCurrency.payment_method_id));
+    if (!paymentMethod) {
+      return res.status(400).json({ error: 'Payment method not found' });
+    }
+
+    if (paymentMethod.type === 'stripe') {
+      return res.status(400).json({ error: 'Stripe currency does not require exchange rate.' });
+    }
+
+    const rateSymbol = getExchangeRateSymbol(paymentCurrency.symbol, paymentMethod.type as any);
+    const rateResult = await exchangeRateService.getRate(rateSymbol);
+    const serverNow = Date.now();
+
+    return res.json({
+      server_now: serverNow,
+      rate: rateResult.rate,
+      timestamp_ms: rateResult.timestamp_ms,
+      fetched_at: rateResult.fetched_at,
+      provider_id: rateResult.provider_id,
+      provider_name: rateResult.provider_name,
+      providers: rateResult.providers,
+      consensus_method: rateResult.consensus_method,
+      degraded: rateResult.degraded,
+      degraded_reason: rateResult.degraded_reason,
+      currency: paymentCurrency.symbol,
+      base_currency: 'USD',
+    });
+  } catch (err: any) {
+    logger.error('Failed to fetch exchange rate for subscription change payment', {
+      subscriptionId: req.params.id,
+      error: err.message,
+    });
+    return res.status(400).json({ error: err.message });
+  }
+});
+
+router.put('/:id/slippage', authPortal, async (req, res) => {
+  try {
+    const subscription = await Subscription.findByPk(req.params.id);
+    if (!subscription) {
+      return res.status(404).json({ error: 'Subscription not found' });
+    }
+
+    const { slippage_percent: slippagePercent } = req.body;
+    const rawConfig = req.body?.slippage_config || req.body?.slippage || null;
+    const normalizePercent = (value: any) => {
+      const normalized = typeof value === 'string' ? Number(value) : value;
+      // Only validate that it's a non-negative finite number, no upper limit
+      if (!Number.isFinite(normalized) || normalized < 0) {
+        return null;
+      }
+      return normalized;
+    };
+
+    // Helper: get current exchange rate for subscription currency
+    const getCurrentRate = async (): Promise<{ rate: string; baseCurrency: string } | null> => {
+      const currency = (await PaymentCurrency.findByPk(subscription.currency_id, {
+        include: [{ model: PaymentMethod, as: 'payment_method' }],
+      })) as PaymentCurrency & { payment_method: PaymentMethod };
+      if (!currency || currency.payment_method?.type === 'stripe') {
+        return null;
+      }
+      const rateService = getExchangeRateService();
+      const rateSymbol = getExchangeRateSymbol(currency.symbol, currency.payment_method?.type as ChainType);
+      const rateResult = await rateService.getRate(rateSymbol);
+      return { rate: rateResult.rate, baseCurrency: 'USD' };
+    };
+
+    // Helper: calculate min_acceptable_rate from percent
+    const calcMinRateFromPercent = (percent: number, currentRate: string): string => {
+      const rateNum = Number(currentRate);
+      if (!Number.isFinite(rateNum) || rateNum <= 0) {
+        return '0';
+      }
+      // min_acceptable_rate = current_rate / (1 + percent/100)
+      const minRate = rateNum / (1 + percent / 100);
+      return minRate.toFixed(8);
+    };
+
+    let config: any = null;
+    if (rawConfig && typeof rawConfig === 'object') {
+      const mode = rawConfig.mode === 'rate' ? 'rate' : 'percent';
+      const minRate = rawConfig.min_acceptable_rate ?? rawConfig.minAcceptableRate;
+
+      // For rate mode, min_acceptable_rate is required; percent is derived
+      if (mode === 'rate') {
+        if (minRate === undefined || minRate === null || minRate === '') {
+          return res.status(400).json({ error: 'min_acceptable_rate is required for rate mode' });
+        }
+        // Accept any non-negative percent value for rate mode (calculated from rate)
+        const percent = normalizePercent(rawConfig.percent);
+        const baseCurrency = rawConfig.base_currency ?? rawConfig.baseCurrency ?? 'USD';
+        const rateInfo = await getCurrentRate();
+        config = {
+          mode,
+          percent: percent ?? 0,
+          min_acceptable_rate: String(minRate),
+          base_currency: String(baseCurrency),
+          ...(rateInfo ? { rate_at_config_time: rateInfo.rate } : {}),
+          updated_at_ms: Date.now(),
+        };
+      } else {
+        // Percent mode: validate percent
+        const percent = normalizePercent(rawConfig.percent);
+        if (percent === null) {
+          return res.status(400).json({ error: 'slippage_percent must be a non-negative number' });
+        }
+        const baseCurrency = rawConfig.base_currency ?? rawConfig.baseCurrency ?? 'USD';
+        // Use min_acceptable_rate from frontend if provided, otherwise calculate it
+        const frontendMinRate = rawConfig.min_acceptable_rate ?? rawConfig.minAcceptableRate;
+        let minAcceptableRate: string | undefined;
+        let rateAtConfigTime: string | undefined;
+        if (frontendMinRate) {
+          // Frontend already calculated it - use directly
+          minAcceptableRate = String(frontendMinRate);
+        } else {
+          // Frontend didn't provide - calculate using same algorithm
+          const rateInfo = await getCurrentRate();
+          if (rateInfo) {
+            minAcceptableRate = calcMinRateFromPercent(percent, rateInfo.rate);
+            rateAtConfigTime = rateInfo.rate;
+          }
+        }
+        config = {
+          mode,
+          percent,
+          base_currency: String(baseCurrency),
+          ...(minAcceptableRate ? { min_acceptable_rate: minAcceptableRate } : {}),
+          ...(rateAtConfigTime ? { rate_at_config_time: rateAtConfigTime } : {}),
+          updated_at_ms: Date.now(),
+        };
+      }
+    } else if (slippagePercent !== undefined && slippagePercent !== null) {
+      const value = normalizePercent(slippagePercent);
+      if (value === null) {
+        return res.status(400).json({ error: 'slippage_percent must be a non-negative number' });
+      }
+      const rateInfo = await getCurrentRate();
+      const minAcceptableRate = rateInfo ? calcMinRateFromPercent(value, rateInfo.rate) : undefined;
+      config = {
+        mode: 'percent',
+        percent: value,
+        base_currency: 'USD',
+        ...(minAcceptableRate ? { min_acceptable_rate: minAcceptableRate } : {}),
+        ...(rateInfo ? { rate_at_config_time: rateInfo.rate } : {}),
+        updated_at_ms: Date.now(),
+      };
+    } else {
+      return res.status(400).json({ error: 'slippage config is required' });
+    }
+
+    await subscription.update({ slippage_config: config });
+    logger.info('Subscription slippage updated', {
+      subscriptionId: subscription.id,
+      slippageConfig: config,
+    });
+
+    // Check if authorization is sufficient with the new slippage config
+    let delegationWarning: {
+      sufficient: boolean;
+      reason?: string;
+      required_amount?: string;
+      current_allowance?: string;
+    } | null = null;
+
+    try {
+      const paymentCurrency = (await PaymentCurrency.findByPk(subscription.currency_id, {
+        include: [{ model: PaymentMethod, as: 'payment_method' }],
+      })) as PaymentCurrency & { payment_method: PaymentMethod };
+
+      // Only check delegation for non-Stripe payment methods
+      if (paymentCurrency && paymentCurrency.payment_method?.type !== 'stripe') {
+        const paymentMethod = paymentCurrency.payment_method;
+        const payer = getSubscriptionPaymentAddress(subscription, paymentMethod.type);
+
+        // Get subscription items and expand them
+        const subscriptionItems = await SubscriptionItem.findAll({
+          where: { subscription_id: subscription.id },
+        });
+        const lineItems = await Price.expand(subscriptionItems.map((x) => x.toJSON()));
+
+        // Calculate the required amount with the new slippage
+        const requiredAmount = await getFastCheckoutAmount({
+          items: lineItems,
+          mode: 'subscription',
+          currencyId: paymentCurrency.id,
+          trialing: subscription.status === 'trialing',
+        });
+
+        // Check if delegation is sufficient
+        const delegation = await isDelegationSufficientForPayment({
+          paymentMethod,
+          paymentCurrency,
+          userDid: payer,
+          amount: requiredAmount,
+        });
+
+        if (!delegation.sufficient) {
+          delegationWarning = {
+            sufficient: false,
+            reason: delegation.reason || 'INSUFFICIENT_AUTHORIZATION',
+            required_amount: requiredAmount,
+          };
+          logger.info('Slippage update may require re-authorization', {
+            subscriptionId: subscription.id,
+            newSlippagePercent: config.percent,
+            requiredAmount,
+            delegationReason: delegation.reason,
+          });
+        }
+      }
+    } catch (delegationError: any) {
+      // Don't fail the slippage update if delegation check fails
+      logger.warn('Failed to check delegation after slippage update', {
+        subscriptionId: subscription.id,
+        error: delegationError.message,
+      });
+    }
+
+    return res.json({
+      ...subscription.toJSON(),
+      ...(delegationWarning ? { delegation_warning: delegationWarning } : {}),
+    });
+  } catch (err: any) {
+    logger.error('Failed to update subscription slippage', {
+      subscriptionId: req.params.id,
+      error: err.message,
+    });
+    return res.status(500).json({ error: err.message });
+  }
+});
+
 // Prepare setupIntent for payment change
 router.post('/:id/change-payment', authPortal, async (req, res) => {
   try {
@@ -1964,16 +2459,32 @@ router.post('/:id/change-payment', authPortal, async (req, res) => {
     } else {
       // changing from crypto to crypto: just update the subscription
       const payer = getSubscriptionPaymentAddress(subscription, paymentMethod.type);
-      delegation = await isDelegationSufficientForPayment({
-        paymentMethod,
-        paymentCurrency,
-        userDid: payer,
-        amount: await getFastCheckoutAmount({
+
+      // Calculate required amount considering slippage_config for dynamic pricing
+      const slippageConfig = subscription?.slippage_config;
+      let requiredAmount: string;
+      if (slippageConfig?.min_acceptable_rate) {
+        const slippageOptions: SlippageOptions = {
+          percent: slippageConfig.percent ?? 0.5,
+          minAcceptableRate: slippageConfig.min_acceptable_rate,
+          currencyDecimal: paymentCurrency.decimal,
+        };
+        const setup = getSubscriptionCreateSetup(lineItems, paymentCurrency.id, 0, 0, slippageOptions);
+        requiredAmount = setup.amount.setup;
+      } else {
+        requiredAmount = await getFastCheckoutAmount({
           items: lineItems,
           mode: 'subscription',
           currencyId: paymentCurrency.id,
           trialing: false,
-        }),
+        });
+      }
+
+      delegation = await isDelegationSufficientForPayment({
+        paymentMethod,
+        paymentCurrency,
+        userDid: payer,
+        amount: requiredAmount,
       });
       const noStake = subscription.billing_thresholds?.no_stake;
       if (paymentMethod.type === 'arcblock' && delegation.sufficient && !noStake) {