How to handle the GitHub marketplace_purchase.cancel event correctly

Hi All,

I’m creating a GitHub app that shall be listed in the GitHub marketplace. I now try to implement the marketplace_purchase.canceled event.

When a customer cancels a plan, then according to Billing customers in GitHub Marketplace  my app has to “Automatically downgrade them to the free plan, if it exists”. Furthermore, “When a customer cancels a GitHub Marketplace subscription, GitHub does not automatically uninstall the app, so the customer can expect that free features will continue to function”. But according to Cancelling plans , my app has to 

1. Deactivate the account of the customer who canceled their plan

2. Revoke the OAuth token your app received for the customer

  1. …, remove all webhooks your app created for repositories 

4. Remove all customer data within 30 days of receiving the canceled event

To me, this sounds contradictory. One says I have to completely cancel and delete anything while the other says I have to make sure that the customer is still on the free plan. And what shall happen in the latter case, when the customer cancels a free plan? (Who will remove the app installations from the repositories?)

Regards, Stephan

Hi @sarensw,

Thank you for being here! There is definitely some opportunity here for improving the docs related to cancellation. We have an open doc issue to fix. In the meantime, see the following and let us know if it answers your questions.

The “Billing Customers in GitHub Marketplace” page ( accurately (but not completely) describes what your service should do when it receives a ‘cancelled’ event. GitHub fires this when your service is expected to stop providing whatever capabilities were associated with the cancelled plan. However, the app is installed in the account, so there is an expectation that it provides similar capabilities to what the customer would get on your “free” plan, but this is up to you.

The “Cancelling plans” page ( accurately (but not very clearly) describes what your service should do with the user token acquired during the purchase/setup of the plan. This token, which is associated with the user that setup the plan, is described in “Handling new purchases”

( Since it was acquired during the “plan setup” flow it should be discarded when the plan is cancelled. Any other data associated with the plan should also be removed within 30 days.

Also related to customer data, because cancelling the plan doesn’t uninstall the app, non-plan related data doesn’t need to be deleted until the app is actually uninstalled (see

Hope this helps