f815525f81
The top subscription tier is Sovereign, not Founder. This has been corrected multiple times across sessions — fixing at source. FILES UPDATED: - docs/core/tasks.md - docs/core/project-scope.md - docs/tasks/rank-system-deployment/rank-structure.md - docs/tasks/paymenter-pterodactyl-integration/README.md - docs/archive/2026-02-09-consolidation/luckperms-structure.md - docs/planning/subscription-tiers.md - docs/planning/awakened-gateway.md - docs/guides/subscription-automation-guide.md - docs/guides/holly-discord-roles-setup.md - docs/guides/holly-wanderer-permissions-setup.md - docs/systems/arbiter-discord-role-mappings.md - docs/branding/trinity-leadership-artwork.md NOTE: References to 'founders' meaning Michael/Meg/Holly as company founders were intentionally preserved. Only tier name updated. Signed-off-by: claude@firefrostgaming.com
Task #83: Paymenter → Pterodactyl Auto-Provisioning Integration
Created: March 26, 2026
Status: 🔴 BLOCKING SOFT LAUNCH
Priority: CRITICAL - Must complete before accepting first subscriber
Time Estimate: 4-6 hours
Assigned To: Next Chronicler + Michael
🚨 WHY THIS IS CRITICAL
Without this integration:
- ❌ Every new subscriber requires manual Pterodactyl account creation
- ❌ Every payment failure requires manual suspension
- ❌ Every tier change requires manual permission updates
- ❌ Every cancellation requires manual cleanup
- ❌ This does not scale beyond 5-10 subscribers
With this integration:
- ✅ Subscriber pays → server access granted automatically (30 seconds)
- ✅ Payment fails → server suspended after grace period (automated)
- ✅ Subscriber upgrades tier → permissions updated (instant)
- ✅ Subscriber cancels → access removed cleanly (automated)
- ✅ Scales to hundreds of subscribers with zero manual work
📊 CURRENT STATE vs DESIRED STATE
Current State (NOT SUSTAINABLE)
Customer subscribes via Paymenter
↓
Michael gets email notification
↓
Michael manually logs into Pterodactyl Panel
↓
Michael manually creates user account
↓
Michael manually assigns permissions
↓
Michael manually emails customer credentials
↓
(Repeat for every subscriber, every tier change, every cancellation)
Desired State (REQUIRED FOR LAUNCH)
Customer subscribes via Paymenter (Stripe payment)
↓
Stripe webhook → Paymenter
↓
Paymenter webhook → Integration Bridge
↓
Pterodactyl API: Create/update user automatically
↓
Email sent to customer automatically (Pterodactyl)
↓
Customer has access in 30 seconds
↓
(Zero manual intervention)
🔧 INTEGRATION ARCHITECTURE
Components Required
1. Paymenter Side:
- Stripe webhooks (already configured ✅)
- Paymenter product configuration (10 tiers created ✅)
- Webhook URL endpoint (needs configuration ❌)
2. Bridge/Middleware:
- Option A: Paymenter extension (if available)
- Option B: Custom webhook receiver + API bridge
- Option C: n8n workflow (already have n8n on TX1)
- Option D: Pterodactyl Paymenter module (check Blueprint marketplace)
3. Pterodactyl Side:
- API access enabled
- API key created
- User role templates defined
- Server group permissions configured
📋 IMPLEMENTATION OPTIONS
Option A: Paymenter Pterodactyl Extension (RECOMMENDED IF EXISTS)
Check if Paymenter has native Pterodactyl integration:
- Paymenter docs: https://paymenter.org/docs/
- Extensions marketplace
- GitHub: paymenter/paymenter
Pros:
- ✅ Native integration (officially supported)
- ✅ Likely handles edge cases
- ✅ Maintained by Paymenter team
Cons:
- ❓ May not exist yet (Paymenter is newer)
- ❓ May not support all tier features
Option B: Pterodactyl Blueprint Extension
Check Blueprint marketplace for Paymenter integration:
- Pterodactyl Panel → Extensions (Blueprint installed ✅)
- Search for "Paymenter", "billing", "provisioning"
Pros:
- ✅ Installed via Blueprint (easy)
- ✅ Lives in Pterodactyl (central management)
Cons:
- ❓ May not exist
- ❓ Quality varies
Option C: Custom n8n Workflow
Build webhook bridge using existing n8n instance:
- n8n already deployed on TX1 ✅
- Paymenter webhook → n8n → Pterodactyl API
Pros:
- ✅ Full control over logic
- ✅ Already have n8n infrastructure
- ✅ Can handle complex tier mapping
Cons:
- ❌ Requires custom workflow development
- ❌ Must maintain ourselves
- ❌ More moving parts
Option D: Direct Webhook Script
Simple PHP/Python script on Billing VPS:
- Receives Paymenter webhooks
- Calls Pterodactyl API directly
Pros:
- ✅ Simplest architecture
- ✅ Minimal dependencies
Cons:
- ❌ Must write from scratch
- ❌ Harder to debug
- ❌ Security concerns (webhook validation)
🎯 RECOMMENDED APPROACH
Priority order to investigate:
- Check Paymenter documentation for native Pterodactyl integration
- Check Blueprint marketplace for Paymenter extension
- Fall back to n8n workflow if no native option exists
📝 PREREQUISITE INFORMATION NEEDED
Paymenter Configuration
- ✅ Base URL: https://billing.firefrostgaming.com
- ✅ Admin access: Available
- ❓ Webhook secret key: (generate if needed)
- ❓ Webhook URL format: (depends on integration method)
Pterodactyl Configuration
- ✅ Panel URL: https://panel.firefrostgaming.com (Panel VPS 45.94.168.138)
- ❓ API key: (needs creation)
- ❓ API permissions: (needs definition)
- ❓ User role templates: (needs creation)
Subscription Tier Mapping
Tier 1: The Awakened ($1 one-time)
- Pterodactyl role:
subscriber_awakened - Server access: All public Frost Path servers
- Permissions: Basic (view, connect)
Tier 2: Fire Elemental / Frost Elemental ($5/mo)
- Pterodactyl role:
subscriber_elemental - Server access: All Frost Path servers
- Permissions: Basic + home teleport
Tier 3: Fire Knight / Frost Knight ($10/mo)
- Pterodactyl role:
subscriber_knight - Server access: All Frost Path servers
- Permissions: Elemental + extra homes
Tier 4: Fire Master / Frost Master ($15/mo)
- Pterodactyl role:
subscriber_master - Server access: All Frost Path + priority slots
- Permissions: Knight + creative plot access
Tier 5: Fire Legend / Frost Legend ($20/mo)
- Pterodactyl role:
subscriber_legend - Server access: All servers + beta access
- Permissions: Master + special perks
Tier 6: Sovereign ($50 one-time)
- Pterodactyl role:
subscriber_sovereign - Server access: ALL servers including future ones
- Permissions: Everything non-staff
🔑 PTERODACTYL API SETUP
Step 1: Create API Key
On Panel VPS (45.94.168.138):
- SSH to Panel VPS
- Login to Pterodactyl admin panel
- Account → API Credentials
- Create new Application API Key
- Name: "Paymenter Auto-Provisioning"
- Permissions needed:
user.read- Read user datauser.create- Create new usersuser.update- Update user permissionsuser.delete- Remove users (on cancellation)
- Copy API key to Vaultwarden
Step 2: Test API Access
curl -H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
https://panel.firefrostgaming.com/api/application/users
Should return list of users.
🔗 WEBHOOK CONFIGURATION
Paymenter Webhooks
Paymenter should send webhooks for:
subscription.created- New subscribersubscription.updated- Tier changesubscription.cancelled- Cancellationpayment.failed- Failed payment (trigger grace period)payment.succeeded- Successful payment (restore access)
Webhook payload example:
{
"event": "subscription.created",
"subscription_id": "12345",
"customer_email": "user@example.com",
"product_id": "fire-elemental",
"tier": "elemental",
"status": "active"
}
Webhook Security
Validate webhooks with:
- Webhook signature verification
- IP whitelist (Billing VPS only)
- HTTPS only
- Secret key validation
✅ SUCCESS CRITERIA
Phase 1: Basic Provisioning
- Paymenter → Pterodactyl integration method chosen
- Pterodactyl API key created and tested
- Test user created via API successfully
- Test user can login to Pterodactyl Panel
Phase 2: Webhook Automation
- Webhook endpoint configured and receiving events
- New subscription creates Pterodactyl user automatically
- Email sent to customer with login details
- Customer can access servers within 60 seconds of payment
Phase 3: Full Lifecycle
- Tier upgrades update permissions automatically
- Payment failures trigger grace period (7 days)
- Suspension after grace period works
- Cancellations remove access cleanly
- Reactivation restores access
Phase 4: Production Ready
- Tested with 5+ dummy subscriptions (full lifecycle)
- Error handling works (failed API calls, network issues)
- Logging configured (can debug issues)
- Rollback plan documented
- Manual override procedure documented (for edge cases)
🚨 BEFORE SOFT LAUNCH
This integration MUST be:
- ✅ Fully tested end-to-end
- ✅ Handling all subscription lifecycle events
- ✅ Logging errors for debugging
- ✅ Backed by manual override procedure
DO NOT accept real subscribers until this works.
Manual provisioning for 1-2 test subscribers is fine.
Manual provisioning for 10+ subscribers is not sustainable.
📚 RESOURCES
Paymenter Documentation:
Pterodactyl API Documentation:
- https://dashflo.net/docs/api/pterodactyl/v1/
- Panel → Account → API (in-panel docs)
Similar Integrations:
- WHMCS → Pterodactyl modules (for reference)
- Blesta → Pterodactyl modules (for reference)
🔄 RELATED TASKS
Depends on:
- None (all prerequisites complete)
Blocks:
- Soft launch acceptance of real subscribers
- Task #2 (LuckPerms deployment - Phase 3 Discord sync)
Related:
- Task #33 (Paymenter Citadel theme - cosmetic only)
- Task #71 (Paymenter tier preview tool - planning only)
📝 NEXT STEPS
- Research integration options (Paymenter docs, Blueprint marketplace)
- Choose integration method (native extension vs custom bridge)
- Create Pterodactyl API key with correct permissions
- Configure webhook endpoint (depends on chosen method)
- Test with dummy subscription (create → access → cancel)
- Document deployment in this task directory
- Deploy to production after successful testing
- Monitor first 10 real subscriptions manually
Standard: This task follows FFG-STD-002 (Task Documentation Standard)
Created by: The Verifier (Chronicler #41)
Date: March 26, 2026, 2:15 AM CST