How I Implemented Subscription-Based Access Control and Expiry Handling in Zoho Creator

How I Implemented Subscription-Based Access Control and Expiry Handling in Zoho Creator

I recently worked on a use case where users come into the application to request a service, but they should only be able to continue the process after completing a subscription. The challenge was not just controlling access, but also making sure that if a user’s subscription expires, it does not break anything they have already started.

The flow begins with the main form where users initiate their request. This is the starting point of the entire process. However, they cannot move forward unless they complete the subscription. For that, they are redirected to a separate form which is used only for handling subscription and payment.

Once the payment is successful, I update the subscription status to Active, set the start date to the current date, and calculate the end date based on the plan duration. At the same time, the user is given the required portal permission so they can continue the process. From this point, the user is treated as an active user and can move across different stages of the application.

To manage expiry, I used a scheduled function that runs daily. It checks all active subscriptions and compares the current date with the subscription end date. When the subscription expires, I handle two different scenarios.

If the user has not started any process in the main form, the subscription is simply marked as expired, the current portal permission is stored, and the user is moved to an inactive profile. This automatically restricts access and the user is required to go back and renew the subscription before doing anything further.

If the user has already started a process before the subscription expiry, I do not block them immediately. Instead, I update the status to indicate that the subscription has expired but the process is already in progress. This allows the user to complete what they started without interruption. At the same time, they cannot initiate any new process unless they renew.

Another important part of the implementation is permission handling. Whenever the subscription expires, I store the user’s current portal permission before assigning them to an inactive profile. When they renew the subscription, I restore that previous permission so they can continue from exactly where they left off.

This approach helped me maintain proper access control while also ensuring that user experience is not affected. Users are guided to renew when needed, but ongoing processes are never broken