Cancel subscription
curl --request DELETE \
--url https://utilsio.dev/api/v1/subscription \
--header 'Content-Type: application/json' \
--header 'X-utilsio-Signature: <api-key>' \
--header 'X-utilsio-Timestamp: <x-utilsio-timestamp>' \
--data '
{
"userId": "user_123",
"deviceId": "device_abc",
"appId": "app_xyz",
"subscriptionIds": [
"sub_abc123",
"sub_def456"
]
}
'import requests
url = "https://utilsio.dev/api/v1/subscription"
payload = {
"userId": "user_123",
"deviceId": "device_abc",
"appId": "app_xyz",
"subscriptionIds": ["sub_abc123", "sub_def456"]
}
headers = {
"X-utilsio-Signature": "<api-key>",
"X-utilsio-Timestamp": "<x-utilsio-timestamp>",
"Content-Type": "application/json"
}
response = requests.delete(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'DELETE',
headers: {
'X-utilsio-Signature': '<api-key>',
'X-utilsio-Timestamp': '<x-utilsio-timestamp>',
'Content-Type': 'application/json'
},
body: JSON.stringify({
userId: 'user_123',
deviceId: 'device_abc',
appId: 'app_xyz',
subscriptionIds: ['sub_abc123', 'sub_def456']
})
};
fetch('https://utilsio.dev/api/v1/subscription', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://utilsio.dev/api/v1/subscription",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "DELETE",
CURLOPT_POSTFIELDS => json_encode([
'userId' => 'user_123',
'deviceId' => 'device_abc',
'appId' => 'app_xyz',
'subscriptionIds' => [
'sub_abc123',
'sub_def456'
]
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"X-utilsio-Signature: <api-key>",
"X-utilsio-Timestamp: <x-utilsio-timestamp>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://utilsio.dev/api/v1/subscription"
payload := strings.NewReader("{\n \"userId\": \"user_123\",\n \"deviceId\": \"device_abc\",\n \"appId\": \"app_xyz\",\n \"subscriptionIds\": [\n \"sub_abc123\",\n \"sub_def456\"\n ]\n}")
req, _ := http.NewRequest("DELETE", url, payload)
req.Header.Add("X-utilsio-Signature", "<api-key>")
req.Header.Add("X-utilsio-Timestamp", "<x-utilsio-timestamp>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.delete("https://utilsio.dev/api/v1/subscription")
.header("X-utilsio-Signature", "<api-key>")
.header("X-utilsio-Timestamp", "<x-utilsio-timestamp>")
.header("Content-Type", "application/json")
.body("{\n \"userId\": \"user_123\",\n \"deviceId\": \"device_abc\",\n \"appId\": \"app_xyz\",\n \"subscriptionIds\": [\n \"sub_abc123\",\n \"sub_def456\"\n ]\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://utilsio.dev/api/v1/subscription")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Delete.new(url)
request["X-utilsio-Signature"] = '<api-key>'
request["X-utilsio-Timestamp"] = '<x-utilsio-timestamp>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"userId\": \"user_123\",\n \"deviceId\": \"device_abc\",\n \"appId\": \"app_xyz\",\n \"subscriptionIds\": [\n \"sub_abc123\",\n \"sub_def456\"\n ]\n}"
response = http.request(request)
puts response.read_body{
"success": true
}
Subscriptions
Cancel Subscription
Cancels one or more active subscriptions. Only subscriptions owned by the requesting user and belonging to the specified app can be cancelled.
DELETE
/
subscription
Cancel subscription
curl --request DELETE \
--url https://utilsio.dev/api/v1/subscription \
--header 'Content-Type: application/json' \
--header 'X-utilsio-Signature: <api-key>' \
--header 'X-utilsio-Timestamp: <x-utilsio-timestamp>' \
--data '
{
"userId": "user_123",
"deviceId": "device_abc",
"appId": "app_xyz",
"subscriptionIds": [
"sub_abc123",
"sub_def456"
]
}
'import requests
url = "https://utilsio.dev/api/v1/subscription"
payload = {
"userId": "user_123",
"deviceId": "device_abc",
"appId": "app_xyz",
"subscriptionIds": ["sub_abc123", "sub_def456"]
}
headers = {
"X-utilsio-Signature": "<api-key>",
"X-utilsio-Timestamp": "<x-utilsio-timestamp>",
"Content-Type": "application/json"
}
response = requests.delete(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'DELETE',
headers: {
'X-utilsio-Signature': '<api-key>',
'X-utilsio-Timestamp': '<x-utilsio-timestamp>',
'Content-Type': 'application/json'
},
body: JSON.stringify({
userId: 'user_123',
deviceId: 'device_abc',
appId: 'app_xyz',
subscriptionIds: ['sub_abc123', 'sub_def456']
})
};
fetch('https://utilsio.dev/api/v1/subscription', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://utilsio.dev/api/v1/subscription",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "DELETE",
CURLOPT_POSTFIELDS => json_encode([
'userId' => 'user_123',
'deviceId' => 'device_abc',
'appId' => 'app_xyz',
'subscriptionIds' => [
'sub_abc123',
'sub_def456'
]
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"X-utilsio-Signature: <api-key>",
"X-utilsio-Timestamp: <x-utilsio-timestamp>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://utilsio.dev/api/v1/subscription"
payload := strings.NewReader("{\n \"userId\": \"user_123\",\n \"deviceId\": \"device_abc\",\n \"appId\": \"app_xyz\",\n \"subscriptionIds\": [\n \"sub_abc123\",\n \"sub_def456\"\n ]\n}")
req, _ := http.NewRequest("DELETE", url, payload)
req.Header.Add("X-utilsio-Signature", "<api-key>")
req.Header.Add("X-utilsio-Timestamp", "<x-utilsio-timestamp>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.delete("https://utilsio.dev/api/v1/subscription")
.header("X-utilsio-Signature", "<api-key>")
.header("X-utilsio-Timestamp", "<x-utilsio-timestamp>")
.header("Content-Type", "application/json")
.body("{\n \"userId\": \"user_123\",\n \"deviceId\": \"device_abc\",\n \"appId\": \"app_xyz\",\n \"subscriptionIds\": [\n \"sub_abc123\",\n \"sub_def456\"\n ]\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://utilsio.dev/api/v1/subscription")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Delete.new(url)
request["X-utilsio-Signature"] = '<api-key>'
request["X-utilsio-Timestamp"] = '<x-utilsio-timestamp>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"userId\": \"user_123\",\n \"deviceId\": \"device_abc\",\n \"appId\": \"app_xyz\",\n \"subscriptionIds\": [\n \"sub_abc123\",\n \"sub_def456\"\n ]\n}"
response = http.request(request)
puts response.read_body{
"success": true
}
Overview
The DELETE/subscription endpoint cancels one or more active subscriptions for a user. The cancellation is processed on-chain via the smart contract wallet system.
How It Works
- Signature Verification: Request must include valid HMAC-SHA256 signature proving it comes from your authorized app
- Ownership Check: Only subscriptions owned by the requesting user can be cancelled
- On-Chain Execution: Subscription streams are closed via smart contract interaction
- Gas Fee Handling: Gas fees are automatically estimated and added (with 10% safety markup)
Request Parameters
Headers
| Header | Required | Description |
|---|---|---|
X-utilsio-Signature | Conditional | HMAC-SHA256 signature. Required unless using Safari fallback flow (see below) |
X-utilsio-Timestamp | Conditional | Unix timestamp in seconds. Required unless using Safari fallback flow |
Body
| Field | Type | Required | Description |
|---|---|---|---|
userId | string | Yes | User ID who owns the subscription |
deviceId | string | Conditional | Device ID. Optional if using Safari fallback - will be read from cookies |
appId | string | Yes | Your application ID |
subscriptionIds | string[] | Yes | Array of subscription IDs to cancel |
signatureCallbackUrl | string | Conditional | Required for Safari fallback when signature headers are not provided. URL to your /api/signature-callback endpoint |
Signature Generation
Normal Flow (Client-Side)
WhendeviceId is available (Chrome, Firefox, etc.), generate the signature client-side:
import { deriveAppHashHex, signRequest, nowUnixSeconds } from '@utilsio/react/server';
// Derive key (do this once at startup)
const appHashHex = deriveAppHashHex({
appSecret: process.env.UTILSIO_APP_SECRET!,
salt: process.env.UTILSIO_APP_SALT!,
});
// Sign the request
const timestamp = nowUnixSeconds();
const additionalData = subscriptionIds.sort().join(','); // Include subscription IDs in signature
const signature = signRequest({
appHashHex,
deviceId,
appId: process.env.NEXT_PUBLIC_UTILSIO_APP_ID!,
timestamp,
additionalData, // IMPORTANT: Include this for DELETE requests
});
Safari Fallback Flow (Server-Side)
In Safari, third-party cookies are blocked sodeviceId is not available client-side. Instead:
- Client makes DELETE request without
deviceIdor signature headers - Include
signatureCallbackUrlin request body - Server reads
deviceIdfrom first-party cookies - Server makes callback to your
/api/signature-callbackendpoint - Your endpoint generates and returns signature
- Server verifies signature and processes deletion
/api/signature-callback):
export async function POST(req: NextRequest) {
const { deviceId, appId, additionalData, timestamp } = await req.json();
const signature = signRequest({
appHashHex,
deviceId,
appId,
timestamp,
additionalData, // subscriptionIds sorted and joined
});
return NextResponse.json({ signature, timestamp });
}
Security: For DELETE requests, you MUST include sorted
subscriptionIds (comma-separated) as additionalData in the signature to prevent tampering.Example Request
curl -X DELETE 'https://utilsio.dev/api/v1/subscription' \
-H 'Content-Type: application/json' \
-H 'X-utilsio-Signature: abc123...' \
-H 'X-utilsio-Timestamp: 1705334400' \
-d '{
"userId": "user_123",
"deviceId": "device_abc",
"appId": "app_xyz",
"subscriptionIds": ["sub_abc123"]
}'
Response
Success (200)
{
"success": true
}
Error Responses
| Status | Error | Cause |
|---|---|---|
| 400 | userId, appId, and subscriptionIds are required | Missing required fields |
| 400 | Device ID not found. Please ensure cookies are enabled. | Safari flow failed to read deviceId from cookies |
| 400 | signatureCallbackUrl is required when signature is not provided | Safari flow missing callback URL |
| 400 | User wallet not configured | User hasn’t set up their wallet |
| 401 | Invalid signature | Signature verification failed |
| 403 | Some subscriptions not found or unauthorized | User doesn’t own all specified subscriptions |
| 404 | No valid subscriptions found to delete | None of the provided IDs exist |
| 500 | Failed to obtain signature from app | Safari flow: callback to app failed |
| 500 | Failed to delete subscription stream | On-chain transaction failed |
Gas Fees
Gas fees are automatically handled:- Estimated based on current network conditions
- 10% safety markup added to prevent failures
- Deducted from user’s wallet balance
- No manual gas fee calculation required
Using the SDK
The React SDK handles all complexity for you:'use client';
import { useUtilsio } from '@utilsio/react/client';
export default function ManageSubscription() {
const { user, deviceId, currentSubscription, cancelSubscription } = useUtilsio();
const handleCancel = async () => {
if (!currentSubscription) return;
if (!confirm('Are you sure you want to cancel your subscription?')) return;
try {
await cancelSubscription([currentSubscription.id]);
// refresh() is called automatically, component re-renders
} catch (err) {
console.error('Cancellation failed:', err);
}
};
return currentSubscription ? (
<button onClick={handleCancel}>
Cancel Subscription
</button>
) : null;
}
Notes
- Cancellations are immediate and irreversible
- Users can re-subscribe at any time
- On-chain confirmation may take a few seconds
- Consider showing a loading state during cancellation
- The SDK’s
cancelSubscription()automatically refreshes subscription state after success
Authorizations
Headers
HMAC signature for request authentication
Unix timestamp for request signing
Body
application/json
Last modified on February 6, 2026
Was this page helpful?
⌘I