← Blog

Billing and Email Reliability Hardening

VibeNest Team· May 18, 2026

This release was about trust. Billing and account confirmation are not areas where users tolerate ambiguity, so we spent the week testing the full production path and fixing the places where success looked unclear or failures were hidden.

Paddle Checkout Works for Returning Customers

Paddle checkout now handles returning customers correctly. The checkout overlay was failing when VibeNest sent both a Paddle customer ID and an email address; Paddle v2 expects one or the other.

The fix applies to subscriptions and repeat credit-pack purchases. If VibeNest already knows the Paddle customer ID, checkout now sends only that ID.

Subscription Webhooks Are Safer

New Paddle subscriptions can emit subscription.created and subscription.activated close together. The webhook handler now handles that concurrency idempotently instead of racing to create the same subscription twice.

Plan changes also update monthly price data correctly, which keeps subscription reporting and MRR calculations aligned with what the customer actually selected.

Customer Portal Sessions Open Correctly

The Paddle customer portal path is fixed. Paddle returned a successful response, but one URL field was an object rather than the string the previous DTO expected. That made the portal look broken even though the API call had succeeded.

The parser now matches Paddle's response shape, so customers can manage their subscription from the portal.

Hardware Inventory Cleanup Is More Accurate

Deleting a project with an already-canceled subscription no longer leaves a dead hardware row in the dashboard.

VibeNest now splits cleanup behavior by subscription state: active subscriptions go back to inventory as before; inactive subscriptions are removed instead of becoming ghost capacity.

Email confirmation links now work again with short redirects. A previous encoding step turned &code= into &code= before the short-link redirect. Browsers do not decode HTML entities in redirect targets, so the confirmation code could be lost.

The link contract is now clearer: services pass raw URLs, and HTML encoding happens only when rendering the email body. The confirmation page also shows a real error when required parameters are missing instead of silently sending the user to the home page.

Safer Confirmation Email Resends

Users can request another confirmation email from the registration confirmation screen, and admins can resend confirmation from the user detail page.

The public resend path now has flood protection by IP and by recipient. Admin-triggered sends bypass the recipient cooldown, which keeps support useful without exposing the public endpoint to abuse.

What This Enables

The billing and account paths are now more observable and more deterministic. Customers can buy, manage, and cancel hardware plans with fewer hidden edge cases, while new users get a clearer path when email confirmation fails or needs to be resent.

Reconnecting to the server...

Reconnecting in sec.

Failed to reconnect.
The page will reload automatically.

Session paused by the server.

Failed to resume the session.
Reloading the page...