[Components] paddle #10926

[lcaresia]

WHY

Summary by CodeRabbit

• New Features
  • Added actions to list, create, and update Paddle customers.
  • Support entering email, name, custom data, and status when creating/updating customers.
  • Customer selection now includes a dynamic dropdown populated from Paddle.
  • Summaries now show the number of customers retrieved or the ID of the created/updated customer.
• Chores
  • Updated package version to 0.1.0.
  • Added dependency on @pipedream/platform.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
pipedream-docs	Ignored			Sep 30, 2025 7:14pm
pipedream-docs-redirect-do-not-edit	Ignored			Sep 30, 2025 7:14pm

[coderabbitai]

Walkthrough

Adds Paddle customer management: new actions to get, create, and update customers; introduces shared status constants; enhances the Paddle app with prop definitions, auth-backed HTTP request helpers, and customer API methods; updates package version and adds a platform dependency.

Changes

Cohort / File(s)	Summary of Changes
Paddle Actions — Customers components/paddle/actions/get-customers/get-customers.mjs, components/paddle/actions/create-customer/create-customer.mjs, components/paddle/actions/update-customer/update-customer.mjs	New action modules to list, create, and update customers. Define metadata, props via app propDefinitions, and run handlers that call app methods, set summaries, and return API responses.
Paddle App Core components/paddle/paddle.app.mjs	Adds propDefinitions (email, name, customData, status, customerId with async options). Implements request layer: _baseUrl, _makeRequest, and API helpers getCustomers, createCustomer, updateCustomer. Targets Paddle sandbox API with Authorization from auth_code.
Common Constants components/paddle/common/constants.mjs	New export providing STATUS_OPTIONS: ["active", "archived"].
Package Config components/paddle/package.json	Bumps version to 0.1.0 and adds dependency @pipedream/platform@^3.1.0.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant Action as Paddle Action (Get/Create/Update)
  participant App as Paddle App
  participant API as Paddle Sandbox API

  rect rgba(200,230,255,0.25)
  Note over User,API: Customer management flow
  User->>Action: Trigger action (get/create/update)
  Action->>App: Call app method<br/>(getCustomers / createCustomer / updateCustomer)
  App->>App: Build URL, headers (Authorization)
  App->>API: HTTP request (GET/POST/PATCH)
  API-->>App: Response (data/status)
  App-->>Action: Return response
  Action-->>User: Summary + full response
  end

  alt Create
    note right of Action: Maps props to { email, name, custom_data }
  else Update
    note right of Action: Uses customerId and optional fields<br/>status from STATUS_OPTIONS
  else Get
    note right of Action: Summarizes by count of customers
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

I thump my paws on sandy ground,
New burrows dug, where customers are found.
With tidy forms and headers tight,
I hop through PATCH and POST by night.
Two statuses, a gentle guide—
Active trails, archived beside.
Version bumped—ears up with pride! 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title Check	⚠️ Warning	The title “[Components] paddle #10926” is too generic and does not summarize the main changes introduced in the pull request, as it merely references the component and issue number without conveying that new Paddle customer management actions are being added.	Please update the title to clearly describe the primary change, for example “Add Paddle Create, Get, and Update Customer actions” so that reviewers can immediately understand the new functionality.
Description Check	⚠️ Warning	The pull request description only contains the placeholder “## WHY” section with no completed content, leaving the motivation and context for the changes unspecified.	Please fill out the “WHY” section by explaining the motivation, context, and intended use cases for adding the new Paddle action modules so that reviewers understand the purpose and impact of the changes.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch issue-10926

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (5)

components/paddle/actions/create-customer/create-customer.mjs (1)

30-41: Consider using template literals for string formatting.

The run method correctly maps customData to custom_data for the API request. However, line 39 uses string concatenation which is less modern than template literals.

Apply this diff to use template literals:

-    $.export("$summary", "Successfully created a new customer with the ID: " + response.data.id);
+    $.export("$summary", `Successfully created a new customer with the ID: ${response.data.id}`);

components/paddle/actions/get-customers/get-customers.mjs (1)

3-19: Consider template literals and validate response structure.

The action implementation is straightforward and functional. Two minor suggestions:

1. Line 16 uses string concatenation instead of template literals
2. The code assumes response.data is an array with a .length property without validation

Apply this diff for template literals:

-    $.export("$summary", "Successfully retrieved " + response.data.length + " customers");
+    $.export("$summary", `Successfully retrieved ${response.data.length} customers`);

Note: If the Paddle API could return response.data as something other than an array, consider adding validation.

components/paddle/actions/update-customer/update-customer.mjs (1)

42-55: Consider template literals for consistency.

The run method correctly implements the update logic with proper data mapping. For consistency with modern JavaScript practices, consider using template literals.

Apply this diff:

-    $.export("$summary", "Successfully updated the customer with ID: " + this.customerId);
+    $.export("$summary", `Successfully updated the customer with ID: ${this.customerId}`);

components/paddle/paddle.app.mjs (2)

8-12: Add email format validation.

The email prop lacks format validation. Consider adding a pattern or using Pipedream's built-in email validation if available.

 email: {
   type: "string",
   label: "Email",
   description: "Customer's email address",
+  // Consider adding format validation, e.g., pattern: /^[^\s@]+@[^\s@]+\.[^\s@]+$/
 },

---

18-23: Consider adding a schema for customData.

The customData prop accepts any object structure without validation. If Paddle's API has specific requirements or common patterns for custom data, consider documenting them or adding validation.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 61d0151 and 79de956.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (6)

• components/paddle/actions/create-customer/create-customer.mjs (1 hunks)
• components/paddle/actions/get-customers/get-customers.mjs (1 hunks)
• components/paddle/actions/update-customer/update-customer.mjs (1 hunks)
• components/paddle/common/constants.mjs (1 hunks)
• components/paddle/package.json (2 hunks)
• components/paddle/paddle.app.mjs (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (4)

components/paddle/actions/get-customers/get-customers.mjs (2)

components/paddle/actions/create-customer/create-customer.mjs (1)

• response (31-38)

components/paddle/actions/update-customer/update-customer.mjs (1)

• response (43-52)

components/paddle/actions/create-customer/create-customer.mjs (2)

components/paddle/actions/get-customers/get-customers.mjs (1)

• response (13-15)

components/paddle/actions/update-customer/update-customer.mjs (1)

• response (43-52)

components/paddle/actions/update-customer/update-customer.mjs (3)

components/paddle/actions/create-customer/create-customer.mjs (1)

• response (31-38)

components/paddle/actions/get-customers/get-customers.mjs (1)

• response (13-15)

components/paddle/paddle.app.mjs (1)

• response (35-35)

components/paddle/paddle.app.mjs (3)

components/paddle/actions/create-customer/create-customer.mjs (1)

• response (31-38)

components/paddle/actions/get-customers/get-customers.mjs (1)

• response (13-15)

components/paddle/actions/update-customer/update-customer.mjs (1)

• response (43-52)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Lint Code Base
• GitHub Check: pnpm publish
• GitHub Check: Verify TypeScript components
• GitHub Check: Publish TypeScript components

🔇 Additional comments (9)

components/paddle/package.json (1)

3-3: LGTM! Appropriate version bump and dependency addition.

The version bump from 0.0.1 to 0.1.0 correctly reflects the addition of new features (customer management actions), and the @pipedream/platform dependency aligns with the new functionality being introduced.

Also applies to: 15-16

components/paddle/actions/create-customer/create-customer.mjs (2)

3-8: LGTM! Action metadata is well-defined.

The action key, name, description with documentation link, and version are all appropriately configured for a new Paddle customer creation action.

---

9-29: No action needed: propDefinitions and methods confirmed
The paddle.app.mjs file exports propDefinitions for email, name, and customData, and includes the getCustomers, createCustomer, and updateCustomer methods as referenced.

components/paddle/actions/update-customer/update-customer.mjs (1)

9-41: LGTM! Props structure is consistent.

The props definition follows the same pattern as create-customer.mjs and appropriately includes the additional customerId and status fields needed for updates. The propDefinitions delegation to the app module maintains consistency across actions.

components/paddle/common/constants.mjs (1)

1-6: Status values match Paddle API documentation. No changes required.

components/paddle/paddle.app.mjs (4)

1-2: LGTM!

The imports are appropriate for the new HTTP request functionality and status constants.

---

74-80: LGTM!

The createCustomer method correctly uses POST and delegates data formatting to the caller.

---

34-43: Add error handling in options() and verify pagination support

• Wrap the this.getCustomers() call in a try/catch, defaulting to an empty array on error and falling back to id if name is missing
• Confirm whether Paddle’s /customers endpoint accepts pagination parameters (e.g. page, page_size) and, if so, implement a loop to fetch and concatenate all pages into the options list

---

50-65: Add timeout configuration and verify auth credential name.

• Add a timeout (e.g., 30000 ms) in _makeRequest to prevent requests from hanging indefinitely:

  async _makeRequest(opts = {}) {
    const {
      $ = this,
      path,
      headers,
      ...otherOpts
    } = opts;
    return axios($, {
      ...otherOpts,
      url: this._baseUrl() + path,
  +   timeout: 30000, // 30s timeout
      headers: {
        Authorization: `Bearer ${this.$auth.auth_code}`,
        ...headers,
      },
    });
  }

• Confirm that your app’s auth configuration actually exposes this.$auth.auth_code; if the field name differs (for example, access_token or api_key), update the code or the auth definition accordingly.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

CRITICAL: Hardcoded sandbox API URL blocks production usage.

The base URL is hardcoded to Paddle's sandbox environment. This makes the integration unusable in production. The URL should be configurable or determined by the authentication configuration.

Apply this diff to make the environment configurable:

 _baseUrl() {
-  return "https://sandbox-api.paddle.com";
+  // Use production by default; allow sandbox via auth config
+  return this.$auth.environment === "sandbox" 
+    ? "https://sandbox-api.paddle.com"
+    : "https://api.paddle.com";
 },

Alternatively, if the auth configuration doesn't include an environment field, you may need to add a separate prop or configuration option.

---

🌐 Web query:

What is the production API URL for Paddle API and how do Paddle integrations typically handle sandbox vs production environments?

💡 Result:

• Production (live) API base URL: https://api.paddle.com. [1]

• Sandbox API base URL: https://sandbox-api.paddle.com. [1]

How integrations typically handle sandbox vs production

• Use different base URLs for each environment (sandbox vs live). [1][3]
• Use separate credentials: sandbox API keys/client tokens are created in the sandbox account and live keys in the live account (they do not cross‑work). Sandbox keys often include an identifiable prefix (e.g. sdbx or test for client tokens). [2][1]
• Switch environments via environment variables or SDK config (Paddle SDKs/Paddle.js let you set environment to sandbox or production). [1][4]
• Best practice: keep sandbox credentials and URLs in dev/staging, and swap to live credentials + https://api.paddle.com when going to production; mismatched key+URL returns a 403. [1][2][3]

Sources: Paddle developer docs (sandbox & base URLs, API keys, SDK environment, go‑live checklist). [1][2][3][4]

---

CRITICAL — hardcoded sandbox API URL; make base URL environment-configurable

File: components/paddle/paddle.app.mjs (lines 47–49) — _baseUrl() currently returns "https://sandbox-api.paddle.com". Production base URL is "https://api.paddle.com" and sandbox/live credentials are not interchangeable (mismatched key+URL returns 403). Replace with environment/config-driven selection (default to production). Example:

 _baseUrl() {
-  return "https://sandbox-api.paddle.com";
+  if (process.env.PADDLE_BASE_URL) return process.env.PADDLE_BASE_URL;
+  const env = (this.$auth && this.$auth.environment) || process.env.PADDLE_ENV || 'production';
+  return env === 'sandbox' ? 'https://sandbox-api.paddle.com' : 'https://api.paddle.com';
 },

Document PADDLE_ENV/PADDLE_BASE_URL and ensure sandbox vs live credentials are switched together.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	_baseUrl() {
	return "https://sandbox-api.paddle.com";
	},
	_baseUrl() {
	if (process.env.PADDLE_BASE_URL) {
	return process.env.PADDLE_BASE_URL;
	}
	const env =
	(this.$auth && this.$auth.environment) ||
	process.env.PADDLE_ENV ||
	'production';
	return env === 'sandbox'
	? 'https://sandbox-api.paddle.com'
	: 'https://api.paddle.com';
	},

🤖 Prompt for AI Agents

In components/paddle/paddle.app.mjs around lines 47–49, _baseUrl() currently
returns the hardcoded sandbox URL; change it to read an environment-configurable
value (e.g., process.env.PADDLE_BASE_URL or derive from process.env.PADDLE_ENV
with default "production") so the default is the production URL
"https://api.paddle.com" and sandbox uses "https://sandbox-api.paddle.com" only
when explicitly selected; update code to fallback to production if env not set,
and add/mention documentation to require switching credentials together
(PADDLE_ENV or PADDLE_BASE_URL plus matching API keys) to avoid 403s from
mismatched key+URL.

[GTFalcao]

This doesn't seem right - please check if the base URL is intended to be sandbox-api

[coderabbitai]

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash

# Check for any README or documentation in the paddle component directory
echo "=== Checking for README/docs in paddle directory ==="
fd -t f -e md -e txt . components/paddle/ -x cat {}

echo -e "\n=== Checking paddle auth configuration ==="
fd -t f "\.app\.mjs$" components/paddle/ -x cat {}

echo -e "\n=== Looking for similar app patterns in codebase ==="
# Find other app.mjs files that might have _baseUrl implementations
rg -n -A5 "_baseUrl\(\)" --type=js -g "*.app.mjs" | head -50

echo -e "\n=== Checking for environment or config references in paddle ==="
rg -n "sandbox|production|environment|PADDLE" components/paddle/ --type=js

echo -e "\n=== Checking the PR description/comments for context ==="
gh pr view 18510 --json body,comments --jq '.body, .comments[].body'

Length of output: 24040

---

@GTFalcao You're absolutely right to flag this! 🎯

After examining the codebase, this is indeed incorrect. The base URL should be the production API (https://api.paddle.com), not the sandbox URL.

Evidence:

1. All other app integrations in this repository use production URLs by default:

   • big_data_cloud: https://api-bdc.net/data
   • change_photos: https://www.change.photos/api
   • code_climate: https://api.codeclimate.com/v1
   • cutt_ly: https://cutt.ly/api

2. Paddle's API documentation confirms:

   • Production: https://api.paddle.com
   • Sandbox: https://sandbox-api.paddle.com (for testing only)

3. Using sandbox by default would make this integration unusable in production without modifying the code.

Recommendation:

_baseUrl() {
  return "https://api.paddle.com";
}

If sandbox support is needed for development/testing, consider making it configurable through an environment variable or auth configuration, but production should always be the default.

[GTFalcao]

Just one comment that needs to be checked

[GTFalcao]

This doesn't seem right - please check if the base URL is intended to be sandbox-api