How do I create a Stripe Customer Portal session in Node.js?

Use stripe.billingPortal.sessions.create({ customer: customerId, return_url: 'https://yourapp.com/account' }). This returns a session URL you redirect the customer to — never store or reuse it, sessions expire after a short window.

Can I prevent customers from cancelling via the Stripe billing portal?

Yes — in the portal configuration you can disable the cancellation feature entirely, require a cancellation reason, or only allow pausing. Disabling self-serve cancellation reduces impulse cancellations but requires you to handle cancellation requests manually.

What Stripe webhook events does the billing portal fire?

Portal actions fire the same events as API actions: customer.subscription.updated (plan change), customer.subscription.deleted (cancellation), payment_method.attached (card update). Listen for these to update your app state and trigger retention flows.

Stripe Billing Portal: Setup, Customization, and the Gotchas

The Stripe Customer Portal lets subscribers manage their own plans, payment methods, and cancellations. Here's how to configure it correctly and avoid the common traps.

Creating a Portal Session Server-Side

The core of enabling the Stripe Customer Portal lies in creating a session server-side and redirecting your subscribers to it. This ensures proper tracking and integration with your application logic. You’ll need to use the `POST /v1/accounts/{account}/subscription_portal/sessions` endpoint.


// Example Node.js snippet using the Stripe library
const stripe = require('stripe')('YOUR_STRIPE_SECRET_KEY');

async function createPortalSession(subscription) {
  try {
    const session = await stripe.session.create({
      customer: subscription.customer,
      product: subscription.plan.id, // Use product ID (recommended) or plan name
      success_url: 'https://yourdomain.com/stripe-success',
      cancel_url: 'https://yourdomain.com/stripe-cancel',
      return_url: 'https://customer.stripe.com/?session_id=' + subscription.subscriptionId, // Crucial!
    });

    // Redirect the user to the Stripe portal session URL
    console.log("Portal Session URL:", session.url);
    return session.url;
  } catch (error) {
    console.error('Error creating portal session:', error);
    throw error;
  }
}

// Example usage:
// createPortalSession(subscription)
//   .then(url => res.redirect(302, url))
//   .catch(err => handleErrors(err));

Note the `return_url`. This is the URL Stripe redirects to after the customer completes their actions in the portal – whether it's updating a payment method or canceling their subscription. It’s critical this is correct and points back to your application for reconciliation.

Enabling/Disabling Features: Cancellation Flows & Plan Switching

By default, the Customer Portal enables cancellation flows and plan switching. Carefully consider which features are appropriate for your business model. Disabling cancellation flows can lead to unexpected churn, so only do this if you have a robust win-back strategy in place (detailed below).

To manage these settings, use the `POST /v1/accounts/{account}/subscription_portal` endpoint with the following parameters: `cancel_flows` (true/false) and `plan_changes` (true/false). Understanding your decline codes here is vital to deciding on these settings.

Cancellation Reason Collection - Triggering Win-Back Flows

When a user cancels their subscription, Stripe captures the cancellation reason. This data is invaluable for triggering win-back flows – proactively reaching out to customers who are likely to return. You can use this information to segment your audience and personalize offers.

To implement this, listen for `customer.subscription.updated` webhook events. These events include the `reason` property populated with the cancellation reason from the customer’s input. Use this data to activate targeted emails or offer discounts—a key component of a successful subscription model, as highlighted in our failed payment recovery guides.

The `return_url` Gotcha

As previously mentioned, the `return_url` is absolutely critical for tracking customer actions within the portal and triggering appropriate responses in your application. If this URL is incorrect or fails to redirect properly, you'll lose valuable data about subscription updates and cancellations.

A common error is accidentally using a hardcoded session ID instead of the correct URL structure. Ensure your integration accurately constructs and utilizes the `return_url` parameter.

Restricting Portal Access to Active Subscribers Only

To ensure security and prevent unauthorized access, restrict portal access to active subscribers only. Stripe automatically handles this based on subscription status, but double-check your setup. Inactive subscriptions will *not* have a portal session created. This eliminates any possibility of rogue users accessing customer data.

Webhook Events: `customer.subscription.updated` and Others

The Customer Portal generates several webhook events that you should listen for to keep your system synchronized with the latest subscription status. Key events include:

customer.subscription.created
customer.subscription.updated (plan changes, payment method updates)
customer.subscription.deleted

Implement robust webhook handling to update your database records and trigger appropriate actions in your application—this is essential for accurate reporting and reconciliation. Regularly review the Stripe documentation for a complete list of events here.

Is your cancellation flow leaking customers it could save?

The free calculator estimates your monthly leak in 60 seconds. The $19 audit maps it to your real decline-code data.

Run the free calculator →