improvement(promos): promo codes should be only stripe codes (#3591)

* improvement(promos): promo codes should be only stripe codes * address comments
2026-04-06 03:00:16 -04:00 · 2026-03-14 16:28:18 -07:00
parent 952915abfc
commit 75bdf46e6b
19 changed files with 13705 additions and 988 deletions
--- a/apps/sim/app/api/attribution/route.ts
+++ b/apps/sim/app/api/attribution/route.ts
@@ -1,187 +0,0 @@
-/**
- * POST /api/attribution
- *
- * Automatic UTM-based referral attribution.
- *
- * Reads the `sim_utm` cookie (set by proxy on auth pages), matches a campaign
- * by UTM specificity, and atomically inserts an attribution record + applies
- * bonus credits.
- *
- * Idempotent — the unique constraint on `userId` prevents double-attribution.
- */
-
-import { db } from '@sim/db'
-import { referralAttribution, referralCampaigns, userStats } from '@sim/db/schema'
-import { createLogger } from '@sim/logger'
-import { eq } from 'drizzle-orm'
-import { nanoid } from 'nanoid'
-import { cookies } from 'next/headers'
-import { NextResponse } from 'next/server'
-import { z } from 'zod'
-import { getSession } from '@/lib/auth'
-import { applyBonusCredits } from '@/lib/billing/credits/bonus'
-
-const logger = createLogger('AttributionAPI')
-
-const COOKIE_NAME = 'sim_utm'
-
-const UtmCookieSchema = z.object({
-  utm_source: z.string().optional(),
-  utm_medium: z.string().optional(),
-  utm_campaign: z.string().optional(),
-  utm_content: z.string().optional(),
-  referrer_url: z.string().optional(),
-  landing_page: z.string().optional(),
-  created_at: z.string().optional(),
-})
-
-/**
- * Finds the most specific active campaign matching the given UTM params.
- * Null fields on a campaign act as wildcards. Ties broken by newest campaign.
- */
-async function findMatchingCampaign(utmData: z.infer<typeof UtmCookieSchema>) {
-  const campaigns = await db
-    .select()
-    .from(referralCampaigns)
-    .where(eq(referralCampaigns.isActive, true))
-
-  let bestMatch: (typeof campaigns)[number] | null = null
-  let bestScore = -1
-
-  for (const campaign of campaigns) {
-    let score = 0
-    let mismatch = false
-
-    const fields = [
-      { campaignVal: campaign.utmSource, utmVal: utmData.utm_source },
-      { campaignVal: campaign.utmMedium, utmVal: utmData.utm_medium },
-      { campaignVal: campaign.utmCampaign, utmVal: utmData.utm_campaign },
-      { campaignVal: campaign.utmContent, utmVal: utmData.utm_content },
-    ] as const
-
-    for (const { campaignVal, utmVal } of fields) {
-      if (campaignVal === null) continue
-      if (campaignVal === utmVal) {
-        score++
-      } else {
-        mismatch = true
-        break
-      }
-    }
-
-    if (!mismatch && score > 0) {
-      if (
-        score > bestScore ||
-        (score === bestScore &&
-          bestMatch &&
-          campaign.createdAt.getTime() > bestMatch.createdAt.getTime())
-      ) {
-        bestScore = score
-        bestMatch = campaign
-      }
-    }
-  }
-
-  return bestMatch
-}
-
-export async function POST() {
-  try {
-    const session = await getSession()
-    if (!session?.user?.id) {
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
-    const cookieStore = await cookies()
-    const utmCookie = cookieStore.get(COOKIE_NAME)
-    if (!utmCookie?.value) {
-      return NextResponse.json({ attributed: false, reason: 'no_utm_cookie' })
-    }
-
-    let utmData: z.infer<typeof UtmCookieSchema>
-    try {
-      let decoded: string
-      try {
-        decoded = decodeURIComponent(utmCookie.value)
-      } catch {
-        decoded = utmCookie.value
-      }
-      utmData = UtmCookieSchema.parse(JSON.parse(decoded))
-    } catch {
-      logger.warn('Failed to parse UTM cookie', { userId: session.user.id })
-      cookieStore.delete(COOKIE_NAME)
-      return NextResponse.json({ attributed: false, reason: 'invalid_cookie' })
-    }
-
-    const matchedCampaign = await findMatchingCampaign(utmData)
-    if (!matchedCampaign) {
-      cookieStore.delete(COOKIE_NAME)
-      return NextResponse.json({ attributed: false, reason: 'no_matching_campaign' })
-    }
-
-    const bonusAmount = Number(matchedCampaign.bonusCreditAmount)
-
-    let attributed = false
-    await db.transaction(async (tx) => {
-      const [existingStats] = await tx
-        .select({ id: userStats.id })
-        .from(userStats)
-        .where(eq(userStats.userId, session.user.id))
-        .limit(1)
-
-      if (!existingStats) {
-        await tx.insert(userStats).values({
-          id: nanoid(),
-          userId: session.user.id,
-        })
-      }
-
-      const result = await tx
-        .insert(referralAttribution)
-        .values({
-          id: nanoid(),
-          userId: session.user.id,
-          campaignId: matchedCampaign.id,
-          utmSource: utmData.utm_source || null,
-          utmMedium: utmData.utm_medium || null,
-          utmCampaign: utmData.utm_campaign || null,
-          utmContent: utmData.utm_content || null,
-          referrerUrl: utmData.referrer_url || null,
-          landingPage: utmData.landing_page || null,
-          bonusCreditAmount: bonusAmount.toString(),
-        })
-        .onConflictDoNothing({ target: referralAttribution.userId })
-        .returning({ id: referralAttribution.id })
-
-      if (result.length > 0) {
-        await applyBonusCredits(session.user.id, bonusAmount, tx)
-        attributed = true
-      }
-    })
-
-    if (attributed) {
-      logger.info('Referral attribution created and bonus credits applied', {
-        userId: session.user.id,
-        campaignId: matchedCampaign.id,
-        campaignName: matchedCampaign.name,
-        utmSource: utmData.utm_source,
-        utmCampaign: utmData.utm_campaign,
-        utmContent: utmData.utm_content,
-        bonusAmount,
-      })
-    } else {
-      logger.info('User already attributed, skipping', { userId: session.user.id })
-    }
-
-    cookieStore.delete(COOKIE_NAME)
-
-    return NextResponse.json({
-      attributed,
-      bonusAmount: attributed ? bonusAmount : undefined,
-      reason: attributed ? undefined : 'already_attributed',
-    })
-  } catch (error) {
-    logger.error('Attribution error', { error })
-    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
-  }
-}
--- a/apps/sim/app/api/referral-code/redeem/route.ts
+++ b/apps/sim/app/api/referral-code/redeem/route.ts
@@ -1,171 +0,0 @@
-/**
- * POST /api/referral-code/redeem
- *
- * Redeem a referral/promo code to receive bonus credits.
- *
- * Body:
- *   - code: string — The referral code to redeem
- *
- * Response: { redeemed: boolean, bonusAmount?: number, error?: string }
- *
- * Constraints:
- *   - Enterprise users cannot redeem codes
- *   - One redemption per user, ever (unique constraint on userId)
- *   - One redemption per organization for team users (partial unique on organizationId)
- */
-
-import { db } from '@sim/db'
-import { referralAttribution, referralCampaigns, userStats } from '@sim/db/schema'
-import { createLogger } from '@sim/logger'
-import { and, eq } from 'drizzle-orm'
-import { nanoid } from 'nanoid'
-import { NextResponse } from 'next/server'
-import { z } from 'zod'
-import { getSession } from '@/lib/auth'
-import { getHighestPrioritySubscription } from '@/lib/billing/core/subscription'
-import { applyBonusCredits } from '@/lib/billing/credits/bonus'
-import { isEnterprise, isTeam } from '@/lib/billing/plan-helpers'
-
-const logger = createLogger('ReferralCodeRedemption')
-
-const RedeemCodeSchema = z.object({
-  code: z.string().min(1, 'Code is required'),
-})
-
-export async function POST(request: Request) {
-  try {
-    const session = await getSession()
-    if (!session?.user?.id) {
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
-    }
-
-    const body = await request.json()
-    const { code } = RedeemCodeSchema.parse(body)
-
-    const subscription = await getHighestPrioritySubscription(session.user.id)
-
-    if (isEnterprise(subscription?.plan)) {
-      return NextResponse.json({
-        redeemed: false,
-        error: 'Enterprise accounts cannot redeem referral codes',
-      })
-    }
-
-    const isTeamSub = isTeam(subscription?.plan)
-    const orgId = isTeamSub ? subscription!.referenceId : null
-
-    const normalizedCode = code.trim().toUpperCase()
-
-    const [campaign] = await db
-      .select()
-      .from(referralCampaigns)
-      .where(and(eq(referralCampaigns.code, normalizedCode), eq(referralCampaigns.isActive, true)))
-      .limit(1)
-
-    if (!campaign) {
-      logger.info('Invalid code redemption attempt', {
-        userId: session.user.id,
-        code: normalizedCode,
-      })
-      return NextResponse.json({ error: 'Invalid or expired code' }, { status: 404 })
-    }
-
-    const [existingUserAttribution] = await db
-      .select({ id: referralAttribution.id })
-      .from(referralAttribution)
-      .where(eq(referralAttribution.userId, session.user.id))
-      .limit(1)
-
-    if (existingUserAttribution) {
-      return NextResponse.json({
-        redeemed: false,
-        error: 'You have already redeemed a code',
-      })
-    }
-
-    if (orgId) {
-      const [existingOrgAttribution] = await db
-        .select({ id: referralAttribution.id })
-        .from(referralAttribution)
-        .where(eq(referralAttribution.organizationId, orgId))
-        .limit(1)
-
-      if (existingOrgAttribution) {
-        return NextResponse.json({
-          redeemed: false,
-          error: 'A code has already been redeemed for your organization',
-        })
-      }
-    }
-
-    const bonusAmount = Number(campaign.bonusCreditAmount)
-
-    let redeemed = false
-    await db.transaction(async (tx) => {
-      const [existingStats] = await tx
-        .select({ id: userStats.id })
-        .from(userStats)
-        .where(eq(userStats.userId, session.user.id))
-        .limit(1)
-
-      if (!existingStats) {
-        await tx.insert(userStats).values({
-          id: nanoid(),
-          userId: session.user.id,
-        })
-      }
-
-      const result = await tx
-        .insert(referralAttribution)
-        .values({
-          id: nanoid(),
-          userId: session.user.id,
-          organizationId: orgId,
-          campaignId: campaign.id,
-          utmSource: null,
-          utmMedium: null,
-          utmCampaign: null,
-          utmContent: null,
-          referrerUrl: null,
-          landingPage: null,
-          bonusCreditAmount: bonusAmount.toString(),
-        })
-        .onConflictDoNothing()
-        .returning({ id: referralAttribution.id })
-
-      if (result.length > 0) {
-        await applyBonusCredits(session.user.id, bonusAmount, tx)
-        redeemed = true
-      }
-    })
-
-    if (redeemed) {
-      logger.info('Referral code redeemed', {
-        userId: session.user.id,
-        organizationId: orgId,
-        code: normalizedCode,
-        campaignId: campaign.id,
-        campaignName: campaign.name,
-        bonusAmount,
-      })
-    }
-
-    if (!redeemed) {
-      return NextResponse.json({
-        redeemed: false,
-        error: 'You have already redeemed a code',
-      })
-    }
-
-    return NextResponse.json({
-      redeemed: true,
-      bonusAmount,
-    })
-  } catch (error) {
-    if (error instanceof z.ZodError) {
-      return NextResponse.json({ error: error.errors[0].message }, { status: 400 })
-    }
-    logger.error('Referral code redemption error', { error })
-    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
-  }
-}
--- a/apps/sim/app/api/v1/admin/index.ts
+++ b/apps/sim/app/api/v1/admin/index.ts
@@ -103,7 +103,6 @@ export type {
  AdminOrganization,
  AdminOrganizationBillingSummary,
  AdminOrganizationDetail,
-  AdminReferralCampaign,
  AdminSeatAnalytics,
  AdminSingleResponse,
  AdminSubscription,
@@ -118,7 +117,6 @@ export type {
  AdminWorkspaceMember,
  DbMember,
  DbOrganization,
-  DbReferralCampaign,
  DbSubscription,
  DbUser,
  DbUserStats,
@@ -147,7 +145,6 @@ export {
  parseWorkflowVariables,
  toAdminFolder,
  toAdminOrganization,
-  toAdminReferralCampaign,
  toAdminSubscription,
  toAdminUser,
  toAdminWorkflow,
--- a/apps/sim/app/api/v1/admin/referral-campaigns/[id]/route.ts
+++ b/apps/sim/app/api/v1/admin/referral-campaigns/[id]/route.ts
@@ -1,142 +0,0 @@
-/**
- * GET   /api/v1/admin/referral-campaigns/:id
- *
- * Get a single referral campaign by ID.
- *
- * PATCH /api/v1/admin/referral-campaigns/:id
- *
- * Update campaign fields. All fields are optional.
- *
- * Body:
- *   - name: string (non-empty) - Campaign name
- *   - bonusCreditAmount: number (> 0) - Bonus credits in dollars
- *   - isActive: boolean - Enable/disable the campaign
- *   - code: string | null (min 6 chars, auto-uppercased, null to remove) - Redeemable code
- *   - utmSource: string | null - UTM source match (null = wildcard)
- *   - utmMedium: string | null - UTM medium match (null = wildcard)
- *   - utmCampaign: string | null - UTM campaign match (null = wildcard)
- *   - utmContent: string | null - UTM content match (null = wildcard)
- */
-
-import { db } from '@sim/db'
-import { referralCampaigns } from '@sim/db/schema'
-import { createLogger } from '@sim/logger'
-import { eq } from 'drizzle-orm'
-import { getBaseUrl } from '@/lib/core/utils/urls'
-import { withAdminAuthParams } from '@/app/api/v1/admin/middleware'
-import {
-  badRequestResponse,
-  internalErrorResponse,
-  notFoundResponse,
-  singleResponse,
-} from '@/app/api/v1/admin/responses'
-import { toAdminReferralCampaign } from '@/app/api/v1/admin/types'
-
-const logger = createLogger('AdminReferralCampaignDetailAPI')
-
-interface RouteParams {
-  id: string
-}
-
-export const GET = withAdminAuthParams<RouteParams>(async (_, context) => {
-  try {
-    const { id: campaignId } = await context.params
-
-    const [campaign] = await db
-      .select()
-      .from(referralCampaigns)
-      .where(eq(referralCampaigns.id, campaignId))
-      .limit(1)
-
-    if (!campaign) {
-      return notFoundResponse('Campaign')
-    }
-
-    logger.info(`Admin API: Retrieved referral campaign ${campaignId}`)
-
-    return singleResponse(toAdminReferralCampaign(campaign, getBaseUrl()))
-  } catch (error) {
-    logger.error('Admin API: Failed to get referral campaign', { error })
-    return internalErrorResponse('Failed to get referral campaign')
-  }
-})
-
-export const PATCH = withAdminAuthParams<RouteParams>(async (request, context) => {
-  try {
-    const { id: campaignId } = await context.params
-    const body = await request.json()
-
-    const [existing] = await db
-      .select()
-      .from(referralCampaigns)
-      .where(eq(referralCampaigns.id, campaignId))
-      .limit(1)
-
-    if (!existing) {
-      return notFoundResponse('Campaign')
-    }
-
-    const updateData: Record<string, unknown> = { updatedAt: new Date() }
-
-    if (body.name !== undefined) {
-      if (typeof body.name !== 'string' || body.name.trim().length === 0) {
-        return badRequestResponse('name must be a non-empty string')
-      }
-      updateData.name = body.name.trim()
-    }
-
-    if (body.bonusCreditAmount !== undefined) {
-      if (
-        typeof body.bonusCreditAmount !== 'number' ||
-        !Number.isFinite(body.bonusCreditAmount) ||
-        body.bonusCreditAmount <= 0
-      ) {
-        return badRequestResponse('bonusCreditAmount must be a positive number')
-      }
-      updateData.bonusCreditAmount = body.bonusCreditAmount.toString()
-    }
-
-    if (body.isActive !== undefined) {
-      if (typeof body.isActive !== 'boolean') {
-        return badRequestResponse('isActive must be a boolean')
-      }
-      updateData.isActive = body.isActive
-    }
-
-    if (body.code !== undefined) {
-      if (body.code !== null) {
-        if (typeof body.code !== 'string') {
-          return badRequestResponse('code must be a string or null')
-        }
-        if (body.code.trim().length < 6) {
-          return badRequestResponse('code must be at least 6 characters')
-        }
-      }
-      updateData.code = body.code ? body.code.trim().toUpperCase() : null
-    }
-
-    for (const field of ['utmSource', 'utmMedium', 'utmCampaign', 'utmContent'] as const) {
-      if (body[field] !== undefined) {
-        if (body[field] !== null && typeof body[field] !== 'string') {
-          return badRequestResponse(`${field} must be a string or null`)
-        }
-        updateData[field] = body[field] || null
-      }
-    }
-
-    const [updated] = await db
-      .update(referralCampaigns)
-      .set(updateData)
-      .where(eq(referralCampaigns.id, campaignId))
-      .returning()
-
-    logger.info(`Admin API: Updated referral campaign ${campaignId}`, {
-      fields: Object.keys(updateData).filter((k) => k !== 'updatedAt'),
-    })
-
-    return singleResponse(toAdminReferralCampaign(updated, getBaseUrl()))
-  } catch (error) {
-    logger.error('Admin API: Failed to update referral campaign', { error })
-    return internalErrorResponse('Failed to update referral campaign')
-  }
-})
--- a/apps/sim/app/api/v1/admin/referral-campaigns/route.ts
+++ b/apps/sim/app/api/v1/admin/referral-campaigns/route.ts
@@ -1,104 +1,160 @@
 /**
 * GET  /api/v1/admin/referral-campaigns
 *
- * List referral campaigns with optional filtering and pagination.
+ * List Stripe promotion codes with cursor-based pagination.
 *
 * Query Parameters:
- *   - active: string (optional) - Filter by active status ('true' or 'false')
- *   - limit: number (default: 50, max: 250)
- *   - offset: number (default: 0)
+ *   - limit: number (default: 50, max: 100)
+ *   - starting_after: string (cursor — Stripe promotion code ID)
+ *   - active: 'true' | 'false' (optional filter)
 *
 * POST /api/v1/admin/referral-campaigns
 *
- * Create a new referral campaign.
+ * Create a Stripe coupon and an associated promotion code.
 *
 * Body:
- *   - name: string (required) - Campaign name
- *   - bonusCreditAmount: number (required, > 0) - Bonus credits in dollars
- *   - code: string | null (optional, min 6 chars, auto-uppercased) - Redeemable code
- *   - utmSource: string | null (optional) - UTM source match (null = wildcard)
- *   - utmMedium: string | null (optional) - UTM medium match (null = wildcard)
- *   - utmCampaign: string | null (optional) - UTM campaign match (null = wildcard)
- *   - utmContent: string | null (optional) - UTM content match (null = wildcard)
+ *   - name: string (required) — Display name for the coupon
+ *   - percentOff: number (required, 1–100) — Percentage discount
+ *   - code: string | null (optional, min 6 chars, auto-uppercased) — Desired code
+ *   - duration: 'once' | 'repeating' | 'forever' (default: 'once')
+ *   - durationInMonths: number (required when duration is 'repeating')
+ *   - maxRedemptions: number (optional) — Total redemption cap
+ *   - expiresAt: ISO 8601 string (optional) — Promotion code expiry
 */

-import { db } from '@sim/db'
-import { referralCampaigns } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { count, eq, type SQL } from 'drizzle-orm'
-import { nanoid } from 'nanoid'
-import { getBaseUrl } from '@/lib/core/utils/urls'
+import { NextResponse } from 'next/server'
+import type Stripe from 'stripe'
+import { requireStripeClient } from '@/lib/billing/stripe-client'
 import { withAdminAuth } from '@/app/api/v1/admin/middleware'
 import {
  badRequestResponse,
  internalErrorResponse,
-  listResponse,
  singleResponse,
 } from '@/app/api/v1/admin/responses'
-import {
-  type AdminReferralCampaign,
-  createPaginationMeta,
-  parsePaginationParams,
-  toAdminReferralCampaign,
-} from '@/app/api/v1/admin/types'

-const logger = createLogger('AdminReferralCampaignsAPI')
+const logger = createLogger('AdminPromoCodes')
+
+const VALID_DURATIONS = ['once', 'repeating', 'forever'] as const
+type Duration = (typeof VALID_DURATIONS)[number]
+
+interface PromoCodeResponse {
+  id: string
+  code: string
+  couponId: string
+  name: string
+  percentOff: number
+  duration: string
+  durationInMonths: number | null
+  maxRedemptions: number | null
+  expiresAt: string | null
+  active: boolean
+  timesRedeemed: number
+  createdAt: string
+}
+
+function formatPromoCode(promo: {
+  id: string
+  code: string
+  coupon: {
+    id: string
+    name: string | null
+    percent_off: number | null
+    duration: string
+    duration_in_months: number | null
+  }
+  max_redemptions: number | null
+  expires_at: number | null
+  active: boolean
+  times_redeemed: number
+  created: number
+}): PromoCodeResponse {
+  return {
+    id: promo.id,
+    code: promo.code,
+    couponId: promo.coupon.id,
+    name: promo.coupon.name ?? '',
+    percentOff: promo.coupon.percent_off ?? 0,
+    duration: promo.coupon.duration,
+    durationInMonths: promo.coupon.duration_in_months,
+    maxRedemptions: promo.max_redemptions,
+    expiresAt: promo.expires_at ? new Date(promo.expires_at * 1000).toISOString() : null,
+    active: promo.active,
+    timesRedeemed: promo.times_redeemed,
+    createdAt: new Date(promo.created * 1000).toISOString(),
+  }
+}

 export const GET = withAdminAuth(async (request) => {
-  const url = new URL(request.url)
-  const { limit, offset } = parsePaginationParams(url)
-  const activeFilter = url.searchParams.get('active')
-
  try {
-    const conditions: SQL<unknown>[] = []
-    if (activeFilter === 'true') {
-      conditions.push(eq(referralCampaigns.isActive, true))
-    } else if (activeFilter === 'false') {
-      conditions.push(eq(referralCampaigns.isActive, false))
-    }
+    const stripe = requireStripeClient()
+    const url = new URL(request.url)

-    const whereClause = conditions.length > 0 ? conditions[0] : undefined
-    const baseUrl = getBaseUrl()
+    const limitParam = url.searchParams.get('limit')
+    let limit = limitParam ? Number.parseInt(limitParam, 10) : 50
+    if (Number.isNaN(limit) || limit < 1) limit = 50
+    if (limit > 100) limit = 100

-    const [countResult, campaigns] = await Promise.all([
-      db.select({ total: count() }).from(referralCampaigns).where(whereClause),
-      db
-        .select()
-        .from(referralCampaigns)
-        .where(whereClause)
-        .orderBy(referralCampaigns.createdAt)
-        .limit(limit)
-        .offset(offset),
-    ])
+    const startingAfter = url.searchParams.get('starting_after') || undefined
+    const activeFilter = url.searchParams.get('active')

-    const total = countResult[0].total
-    const data: AdminReferralCampaign[] = campaigns.map((c) => toAdminReferralCampaign(c, baseUrl))
-    const pagination = createPaginationMeta(total, limit, offset)
+    const listParams: Record<string, unknown> = { limit }
+    if (startingAfter) listParams.starting_after = startingAfter
+    if (activeFilter === 'true') listParams.active = true
+    else if (activeFilter === 'false') listParams.active = false

-    logger.info(`Admin API: Listed ${data.length} referral campaigns (total: ${total})`)
+    const promoCodes = await stripe.promotionCodes.list(listParams)

-    return listResponse(data, pagination)
+    const data = promoCodes.data.map(formatPromoCode)
+
+    logger.info(`Admin API: Listed ${data.length} Stripe promotion codes`)
+
+    return NextResponse.json({
+      data,
+      hasMore: promoCodes.has_more,
+      ...(data.length > 0 ? { nextCursor: data[data.length - 1].id } : {}),
+    })
  } catch (error) {
-    logger.error('Admin API: Failed to list referral campaigns', { error })
-    return internalErrorResponse('Failed to list referral campaigns')
+    logger.error('Admin API: Failed to list promotion codes', { error })
+    return internalErrorResponse('Failed to list promotion codes')
  }
 })

 export const POST = withAdminAuth(async (request) => {
  try {
+    const stripe = requireStripeClient()
    const body = await request.json()
-    const { name, code, utmSource, utmMedium, utmCampaign, utmContent, bonusCreditAmount } = body

-    if (!name || typeof name !== 'string') {
-      return badRequestResponse('name is required and must be a string')
+    const { name, percentOff, code, duration, durationInMonths, maxRedemptions, expiresAt } = body
+
+    if (!name || typeof name !== 'string' || name.trim().length === 0) {
+      return badRequestResponse('name is required and must be a non-empty string')
    }

    if (
-      typeof bonusCreditAmount !== 'number' ||
-      !Number.isFinite(bonusCreditAmount) ||
-      bonusCreditAmount <= 0
+      typeof percentOff !== 'number' ||
+      !Number.isFinite(percentOff) ||
+      percentOff < 1 ||
+      percentOff > 100
    ) {
-      return badRequestResponse('bonusCreditAmount must be a positive number')
+      return badRequestResponse('percentOff must be a number between 1 and 100')
+    }
+
+    const effectiveDuration: Duration = duration ?? 'once'
+    if (!VALID_DURATIONS.includes(effectiveDuration)) {
+      return badRequestResponse(`duration must be one of: ${VALID_DURATIONS.join(', ')}`)
+    }
+
+    if (effectiveDuration === 'repeating') {
+      if (
+        typeof durationInMonths !== 'number' ||
+        !Number.isInteger(durationInMonths) ||
+        durationInMonths < 1
+      ) {
+        return badRequestResponse(
+          'durationInMonths is required and must be a positive integer when duration is "repeating"'
+        )
+      }
    }

    if (code !== undefined && code !== null) {
@@ -110,31 +166,77 @@ export const POST = withAdminAuth(async (request) => {
      }
    }

-    const id = nanoid()
+    if (maxRedemptions !== undefined && maxRedemptions !== null) {
+      if (
+        typeof maxRedemptions !== 'number' ||
+        !Number.isInteger(maxRedemptions) ||
+        maxRedemptions < 1
+      ) {
+        return badRequestResponse('maxRedemptions must be a positive integer')
+      }
+    }

-    const [campaign] = await db
-      .insert(referralCampaigns)
-      .values({
-        id,
-        name,
-        code: code ? code.trim().toUpperCase() : null,
-        utmSource: utmSource || null,
-        utmMedium: utmMedium || null,
-        utmCampaign: utmCampaign || null,
-        utmContent: utmContent || null,
-        bonusCreditAmount: bonusCreditAmount.toString(),
-      })
-      .returning()
+    if (expiresAt !== undefined && expiresAt !== null) {
+      const parsed = new Date(expiresAt)
+      if (Number.isNaN(parsed.getTime())) {
+        return badRequestResponse('expiresAt must be a valid ISO 8601 date string')
+      }
+      if (parsed.getTime() <= Date.now()) {
+        return badRequestResponse('expiresAt must be in the future')
+      }
+    }

-    logger.info(`Admin API: Created referral campaign ${id}`, {
-      name,
-      code: campaign.code,
-      bonusCreditAmount,
+    const coupon = await stripe.coupons.create({
+      name: name.trim(),
+      percent_off: percentOff,
+      duration: effectiveDuration,
+      ...(effectiveDuration === 'repeating' ? { duration_in_months: durationInMonths } : {}),
    })

-    return singleResponse(toAdminReferralCampaign(campaign, getBaseUrl()))
+    let promoCode
+    try {
+      const promoParams: Stripe.PromotionCodeCreateParams = {
+        coupon: coupon.id,
+        ...(code ? { code: code.trim().toUpperCase() } : {}),
+        ...(maxRedemptions ? { max_redemptions: maxRedemptions } : {}),
+        ...(expiresAt ? { expires_at: Math.floor(new Date(expiresAt).getTime() / 1000) } : {}),
+      }
+
+      promoCode = await stripe.promotionCodes.create(promoParams)
+    } catch (promoError) {
+      try {
+        await stripe.coupons.del(coupon.id)
+      } catch (cleanupError) {
+        logger.error(
+          'Admin API: Failed to clean up orphaned coupon after promo code creation failed',
+          {
+            couponId: coupon.id,
+            cleanupError,
+          }
+        )
+      }
+      throw promoError
+    }
+
+    logger.info('Admin API: Created Stripe promotion code', {
+      promoCodeId: promoCode.id,
+      code: promoCode.code,
+      couponId: coupon.id,
+      percentOff,
+      duration: effectiveDuration,
+    })
+
+    return singleResponse(formatPromoCode(promoCode))
  } catch (error) {
-    logger.error('Admin API: Failed to create referral campaign', { error })
-    return internalErrorResponse('Failed to create referral campaign')
+    if (
+      error instanceof Error &&
+      'type' in error &&
+      (error as { type: string }).type === 'StripeInvalidRequestError'
+    ) {
+      logger.warn('Admin API: Stripe rejected promotion code request', { error: error.message })
+      return badRequestResponse(error.message)
+    }
+    logger.error('Admin API: Failed to create promotion code', { error })
+    return internalErrorResponse('Failed to create promotion code')
  }
 })
--- a/apps/sim/app/api/v1/admin/types.ts
+++ b/apps/sim/app/api/v1/admin/types.ts
@@ -9,7 +9,6 @@ import type {
  auditLog,
  member,
  organization,
-  referralCampaigns,
  subscription,
  user,
  userStats,
@@ -33,7 +32,6 @@ export type DbOrganization = InferSelectModel<typeof organization>
 export type DbSubscription = InferSelectModel<typeof subscription>
 export type DbMember = InferSelectModel<typeof member>
 export type DbUserStats = InferSelectModel<typeof userStats>
-export type DbReferralCampaign = InferSelectModel<typeof referralCampaigns>

 // =============================================================================
 // Pagination
@@ -650,52 +648,6 @@ export interface AdminUndeployResult {
  isDeployed: boolean
 }

-// =============================================================================
-// Referral Campaign Types
-// =============================================================================
-
-export interface AdminReferralCampaign {
-  id: string
-  name: string
-  code: string | null
-  utmSource: string | null
-  utmMedium: string | null
-  utmCampaign: string | null
-  utmContent: string | null
-  bonusCreditAmount: string
-  isActive: boolean
-  signupUrl: string | null
-  createdAt: string
-  updatedAt: string
-}
-
-export function toAdminReferralCampaign(
-  dbCampaign: DbReferralCampaign,
-  baseUrl: string
-): AdminReferralCampaign {
-  const utmParams = new URLSearchParams()
-  if (dbCampaign.utmSource) utmParams.set('utm_source', dbCampaign.utmSource)
-  if (dbCampaign.utmMedium) utmParams.set('utm_medium', dbCampaign.utmMedium)
-  if (dbCampaign.utmCampaign) utmParams.set('utm_campaign', dbCampaign.utmCampaign)
-  if (dbCampaign.utmContent) utmParams.set('utm_content', dbCampaign.utmContent)
-  const query = utmParams.toString()
-
-  return {
-    id: dbCampaign.id,
-    name: dbCampaign.name,
-    code: dbCampaign.code,
-    utmSource: dbCampaign.utmSource,
-    utmMedium: dbCampaign.utmMedium,
-    utmCampaign: dbCampaign.utmCampaign,
-    utmContent: dbCampaign.utmContent,
-    bonusCreditAmount: dbCampaign.bonusCreditAmount,
-    isActive: dbCampaign.isActive,
-    signupUrl: query ? `${baseUrl}/signup?${query}` : null,
-    createdAt: dbCampaign.createdAt.toISOString(),
-    updatedAt: dbCampaign.updatedAt.toISOString(),
-  }
-}
-
 // =============================================================================
 // Audit Log Types
 // =============================================================================
--- a/apps/sim/app/workspace/[workspaceId]/settings/components/subscription/components/index.ts
+++ b/apps/sim/app/workspace/[workspaceId]/settings/components/subscription/components/index.ts
@@ -1,3 +1,2 @@
 export { CreditBalance } from './credit-balance'
 export { PlanCard, type PlanCardProps, type PlanFeature } from './plan-card'
-export { ReferralCode } from './referral-code'
--- a/apps/sim/app/workspace/[workspaceId]/settings/components/subscription/components/referral-code/index.ts
+++ b/apps/sim/app/workspace/[workspaceId]/settings/components/subscription/components/referral-code/index.ts
@@ -1 +0,0 @@
-export { ReferralCode } from './referral-code'
--- a/apps/sim/app/workspace/[workspaceId]/settings/components/subscription/components/referral-code/referral-code.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/settings/components/subscription/components/referral-code/referral-code.tsx
@@ -1,82 +0,0 @@
-'use client'
-
-import { useState } from 'react'
-import { Button, Input, Label } from '@/components/emcn'
-import { dollarsToCredits } from '@/lib/billing/credits/conversion'
-import { useRedeemReferralCode } from '@/hooks/queries/subscription'
-
-interface ReferralCodeProps {
-  onRedeemComplete?: () => void
-}
-
-/**
- * Inline referral/promo code entry field with redeem button.
- * One-time use per account — shows success or "already redeemed" state.
- */
-export function ReferralCode({ onRedeemComplete }: ReferralCodeProps) {
-  const [code, setCode] = useState('')
-  const redeemCode = useRedeemReferralCode()
-
-  const handleRedeem = () => {
-    const trimmed = code.trim()
-    if (!trimmed || redeemCode.isPending) return
-
-    redeemCode.mutate(
-      { code: trimmed },
-      {
-        onSuccess: () => {
-          setCode('')
-          onRedeemComplete?.()
-        },
-      }
-    )
-  }
-
-  if (redeemCode.isSuccess) {
-    return (
-      <div className='flex items-center justify-between'>
-        <Label>Referral Code</Label>
-        <span className='text-[13px] text-[var(--text-secondary)]'>
-          +{dollarsToCredits(redeemCode.data.bonusAmount ?? 0).toLocaleString()} credits applied
-        </span>
-      </div>
-    )
-  }
-
-  return (
-    <div className='flex flex-col gap-[4px]'>
-      <div className='flex items-center justify-between gap-[12px]'>
-        <Label className='shrink-0'>Referral Code</Label>
-        <div className='flex items-center gap-[8px]'>
-          <Input
-            type='text'
-            value={code}
-            onChange={(e) => {
-              setCode(e.target.value)
-              redeemCode.reset()
-            }}
-            onKeyDown={(e) => {
-              if (e.key === 'Enter') handleRedeem()
-            }}
-            placeholder='Enter code'
-            className='h-[32px] w-[140px] bg-[var(--surface-4)] text-[13px]'
-            disabled={redeemCode.isPending}
-          />
-          <Button
-            variant='default'
-            className='h-[32px] shrink-0 text-[13px]'
-            onClick={handleRedeem}
-            disabled={redeemCode.isPending || !code.trim()}
-          >
-            {redeemCode.isPending ? 'Redeeming...' : 'Redeem'}
-          </Button>
-        </div>
-      </div>
-      {redeemCode.error && (
-        <span className='text-right text-[11px] text-[var(--text-error)]'>
-          {redeemCode.error.message}
-        </span>
-      )}
-    </div>
-  )
-}
--- a/apps/sim/app/workspace/[workspaceId]/settings/components/subscription/subscription.tsx
+++ b/apps/sim/app/workspace/[workspaceId]/settings/components/subscription/subscription.tsx
@@ -47,7 +47,6 @@ import { useUserPermissionsContext } from '@/app/workspace/[workspaceId]/provide
 import {
  CreditBalance,
  PlanCard,
-  ReferralCode,
 } from '@/app/workspace/[workspaceId]/settings/components/subscription/components'
 import {
  ENTERPRISE_PLAN_FEATURES,
@@ -1000,11 +999,6 @@ export function Subscription() {
          inlineButton
        />
      )}
-
-      {/* Referral Code */}
-      {!subscription.isEnterprise && (
-        <ReferralCode onRedeemComplete={() => refetchSubscription()} />
-      )}
    </div>
  )
 }
--- a/apps/sim/app/workspace/page.tsx
+++ b/apps/sim/app/workspace/page.tsx
@@ -4,14 +4,12 @@ import { useEffect } from 'react'
 import { createLogger } from '@sim/logger'
 import { useRouter } from 'next/navigation'
 import { useSession } from '@/lib/auth/auth-client'
-import { useReferralAttribution } from '@/hooks/use-referral-attribution'

 const logger = createLogger('WorkspacePage')

 export default function WorkspacePage() {
  const router = useRouter()
  const { data: session, isPending } = useSession()
-  useReferralAttribution()

  useEffect(() => {
    const redirectToFirstWorkspace = async () => {
--- a/apps/sim/hooks/queries/subscription.ts
+++ b/apps/sim/hooks/queries/subscription.ts
@@ -297,49 +297,6 @@ export function useUpgradeSubscription() {
  })
 }

-/**
- * Redeem referral/promo code mutation
- */
-interface RedeemReferralCodeParams {
-  code: string
-}
-
-interface RedeemReferralCodeResponse {
-  redeemed: boolean
-  bonusAmount?: number
-  error?: string
-}
-
-export function useRedeemReferralCode() {
-  const queryClient = useQueryClient()
-
-  return useMutation({
-    mutationFn: async ({ code }: RedeemReferralCodeParams): Promise<RedeemReferralCodeResponse> => {
-      const response = await fetch('/api/referral-code/redeem', {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ code }),
-      })
-
-      const data = await response.json()
-
-      if (!response.ok) {
-        throw new Error(data.error || 'Failed to redeem code')
-      }
-
-      if (!data.redeemed) {
-        throw new Error(data.error || 'Code could not be redeemed')
-      }
-
-      return data
-    },
-    onSuccess: () => {
-      queryClient.invalidateQueries({ queryKey: subscriptionKeys.users() })
-      queryClient.invalidateQueries({ queryKey: subscriptionKeys.usage() })
-    },
-  })
-}
-
 /**
 * Purchase credits mutation
 */
--- a/apps/sim/hooks/use-referral-attribution.ts
+++ b/apps/sim/hooks/use-referral-attribution.ts
@@ -1,66 +0,0 @@
-'use client'
-
-import { useEffect, useRef } from 'react'
-import { createLogger } from '@sim/logger'
-import { useMutation } from '@tanstack/react-query'
-
-const logger = createLogger('ReferralAttribution')
-
-const COOKIE_NAME = 'sim_utm'
-
-const TERMINAL_REASONS = new Set([
-  'invalid_cookie',
-  'no_utm_cookie',
-  'no_matching_campaign',
-  'already_attributed',
-])
-
-async function postAttribution(): Promise<{
-  attributed?: boolean
-  bonusAmount?: number
-  reason?: string
-  error?: string
-}> {
-  const response = await fetch('/api/attribution', { method: 'POST' })
-  if (!response.ok) {
-    throw new Error(`Attribution request failed: ${response.status}`)
-  }
-  return response.json()
-}
-
-/**
- * Fires a one-shot `POST /api/attribution` when a `sim_utm` cookie is present.
- * Retries on transient failures; stops on terminal outcomes.
- */
-export function useReferralAttribution() {
-  const calledRef = useRef(false)
-
-  const { mutate } = useMutation({
-    mutationFn: postAttribution,
-    retry: (failureCount, error) => {
-      if (failureCount >= 3) return false
-      logger.warn('Referral attribution failed, will retry', { error })
-      return true
-    },
-    onSuccess: (data) => {
-      if (data.attributed) {
-        logger.info('Referral attribution successful', { bonusAmount: data.bonusAmount })
-      } else if (data.error || TERMINAL_REASONS.has(data.reason ?? '')) {
-        logger.info('Referral attribution skipped', { reason: data.reason || data.error })
-      } else {
-        calledRef.current = false
-      }
-    },
-    onError: () => {
-      calledRef.current = false
-    },
-  })
-
-  useEffect(() => {
-    if (calledRef.current) return
-    if (!document.cookie.includes(COOKIE_NAME)) return
-
-    calledRef.current = true
-    mutate()
-  }, [mutate])
-}
--- a/apps/sim/lib/billing/credits/bonus.ts
+++ b/apps/sim/lib/billing/credits/bonus.ts
@@ -1,65 +0,0 @@
-import { db } from '@sim/db'
-import { organization, userStats } from '@sim/db/schema'
-import { createLogger } from '@sim/logger'
-import { eq, sql } from 'drizzle-orm'
-import { getHighestPrioritySubscription } from '@/lib/billing/core/subscription'
-import { isOrgPlan } from '@/lib/billing/plan-helpers'
-import type { DbOrTx } from '@/lib/db/types'
-
-const logger = createLogger('BonusCredits')
-
-/**
- * Apply bonus credits to a user (e.g. referral bonuses, promotional codes).
- *
- * Detects the user's current plan and routes credits accordingly:
- * - Free/Pro: adds to `userStats.creditBalance` and increments `currentUsageLimit`
- * - Team/Enterprise: adds to `organization.creditBalance` and increments `orgUsageLimit`
- *
- * Uses direct increment (not recalculation) so it works correctly for free-tier
- * users where `setUsageLimitForCredits` would compute planBase=0 and skip the update.
- *
- * @param tx - Optional Drizzle transaction context. When provided, all DB writes
- *             participate in the caller's transaction for atomicity.
- */
-export async function applyBonusCredits(
-  userId: string,
-  amount: number,
-  tx?: DbOrTx
-): Promise<void> {
-  const dbCtx = tx ?? db
-  const subscription = await getHighestPrioritySubscription(userId)
-  const isTeamOrEnterprise = isOrgPlan(subscription?.plan)
-
-  if (isTeamOrEnterprise && subscription?.referenceId) {
-    const orgId = subscription.referenceId
-
-    await dbCtx
-      .update(organization)
-      .set({
-        creditBalance: sql`${organization.creditBalance} + ${amount}`,
-        orgUsageLimit: sql`COALESCE(${organization.orgUsageLimit}, '0')::decimal + ${amount}`,
-      })
-      .where(eq(organization.id, orgId))
-
-    logger.info('Applied bonus credits to organization', {
-      userId,
-      organizationId: orgId,
-      plan: subscription.plan,
-      amount,
-    })
-  } else {
-    await dbCtx
-      .update(userStats)
-      .set({
-        creditBalance: sql`${userStats.creditBalance} + ${amount}`,
-        currentUsageLimit: sql`COALESCE(${userStats.currentUsageLimit}, '0')::decimal + ${amount}`,
-      })
-      .where(eq(userStats.userId, userId))
-
-    logger.info('Applied bonus credits to user', {
-      userId,
-      plan: subscription?.plan || 'free',
-      amount,
-    })
-  }
-}
--- a/apps/sim/proxy.ts
+++ b/apps/sim/proxy.ts
@@ -137,36 +137,6 @@ function handleSecurityFiltering(request: NextRequest): NextResponse | null {
  return null
 }

-const UTM_KEYS = ['utm_source', 'utm_medium', 'utm_campaign', 'utm_content'] as const
-const UTM_COOKIE_NAME = 'sim_utm'
-const UTM_COOKIE_MAX_AGE = 3600
-
-/**
- * Sets a `sim_utm` cookie when UTM params are present on auth pages.
- * Captures UTM values, the HTTP Referer, landing page, and a timestamp.
- */
-function setUtmCookie(request: NextRequest, response: NextResponse): void {
-  const { searchParams, pathname } = request.nextUrl
-  const hasUtm = UTM_KEYS.some((key) => searchParams.get(key))
-  if (!hasUtm) return
-
-  const utmData: Record<string, string> = {}
-  for (const key of UTM_KEYS) {
-    const value = searchParams.get(key)
-    if (value) utmData[key] = value
-  }
-  utmData.referrer_url = request.headers.get('referer') || ''
-  utmData.landing_page = pathname
-  utmData.created_at = Date.now().toString()
-
-  response.cookies.set(UTM_COOKIE_NAME, JSON.stringify(utmData), {
-    path: '/',
-    maxAge: UTM_COOKIE_MAX_AGE,
-    sameSite: 'lax',
-    httpOnly: false, // Client-side hook needs to detect cookie presence
-  })
-}
-
 export async function proxy(request: NextRequest) {
  const url = request.nextUrl

@@ -178,13 +148,10 @@ export async function proxy(request: NextRequest) {

  if (url.pathname === '/login' || url.pathname === '/signup') {
    if (hasActiveSession) {
-      const redirect = NextResponse.redirect(new URL('/workspace', request.url))
-      setUtmCookie(request, redirect)
-      return redirect
+      return NextResponse.redirect(new URL('/workspace', request.url))
    }
    const response = NextResponse.next()
    response.headers.set('Content-Security-Policy', generateRuntimeCSP())
-    setUtmCookie(request, response)
    return response
  }

--- a/packages/db/migrations/0174_whole_lyja.sql
+++ b/packages/db/migrations/0174_whole_lyja.sql
@@ -0,0 +1,2 @@
+DROP TABLE "referral_attribution" CASCADE;--> statement-breakpoint
+DROP TABLE "referral_campaigns" CASCADE;
--- a/packages/db/migrations/meta/0174_snapshot.json
+++ b/packages/db/migrations/meta/0174_snapshot.json
--- a/packages/db/migrations/meta/_journal.json
+++ b/packages/db/migrations/meta/_journal.json
@@ -1212,6 +1212,13 @@
      "when": 1773395340207,
      "tag": "0173_bored_zeigeist",
      "breakpoints": true
+    },
+    {
+      "idx": 174,
+      "version": "7",
+      "when": 1773529490946,
+      "tag": "0174_whole_lyja",
+      "breakpoints": true
    }
  ]
 }
--- a/packages/db/schema.ts
+++ b/packages/db/schema.ts
@@ -777,61 +777,6 @@ export const userStats = pgTable('user_stats', {
  billingBlockedReason: billingBlockedReasonEnum('billing_blocked_reason'),
 })

-export const referralCampaigns = pgTable(
-  'referral_campaigns',
-  {
-    id: text('id').primaryKey(),
-    name: text('name').notNull(),
-    code: text('code').unique(),
-    utmSource: text('utm_source'),
-    utmMedium: text('utm_medium'),
-    utmCampaign: text('utm_campaign'),
-    utmContent: text('utm_content'),
-    bonusCreditAmount: decimal('bonus_credit_amount').notNull(),
-    isActive: boolean('is_active').notNull().default(true),
-    createdAt: timestamp('created_at').notNull().defaultNow(),
-    updatedAt: timestamp('updated_at').notNull().defaultNow(),
-  },
-  (table) => ({
-    activeIdx: index('referral_campaigns_active_idx').on(table.isActive),
-  })
-)
-
-export const referralAttribution = pgTable(
-  'referral_attribution',
-  {
-    id: text('id').primaryKey(),
-    userId: text('user_id')
-      .notNull()
-      .references(() => user.id, { onDelete: 'cascade' })
-      .unique(),
-    organizationId: text('organization_id').references(() => organization.id, {
-      onDelete: 'set null',
-    }),
-    campaignId: text('campaign_id').references(() => referralCampaigns.id, {
-      onDelete: 'set null',
-    }),
-    utmSource: text('utm_source'),
-    utmMedium: text('utm_medium'),
-    utmCampaign: text('utm_campaign'),
-    utmContent: text('utm_content'),
-    referrerUrl: text('referrer_url'),
-    landingPage: text('landing_page'),
-    bonusCreditAmount: decimal('bonus_credit_amount').notNull().default('0'),
-    createdAt: timestamp('created_at').notNull().defaultNow(),
-  },
-  (table) => ({
-    userIdIdx: index('referral_attribution_user_id_idx').on(table.userId),
-    orgUniqueIdx: uniqueIndex('referral_attribution_org_unique_idx')
-      .on(table.organizationId)
-      .where(sql`${table.organizationId} IS NOT NULL`),
-    campaignIdIdx: index('referral_attribution_campaign_id_idx').on(table.campaignId),
-    utmCampaignIdx: index('referral_attribution_utm_campaign_idx').on(table.utmCampaign),
-    utmContentIdx: index('referral_attribution_utm_content_idx').on(table.utmContent),
-    createdAtIdx: index('referral_attribution_created_at_idx').on(table.createdAt),
-  })
-)
-
 export const customTools = pgTable(
  'custom_tools',
  {
				`@@ -1 +0,0 @@`
				`export { ReferralCode } from './referral-code'`