[Bug] Low-Frequency Bug in PayPal REST API: Missing `BILLING.SUBSCRIPTION.CANCELLED` Events

If this is not the correct repository to submit this issue, could you please direct me to the appropriate one as I couldn't find any repository specifically for the REST API (where issues can be posted).

Issue Overview:

My client is encountering a bug with the PayPal REST API, specifically with the subscriptions v1 API. While most functionality works as expected, there is an intermittent issue where the BILLING.SUBSCRIPTION.CANCELLED webhook event is not sent by PayPal, resulting in mismatched subscription statuses between PayPal's records and my client’s database.

Details of the Issue:

Users subscribe to the product, and payments are processed correctly at the defined frequency (weekly, monthly or yearly).
Client's server processes the webhook events received from PayPal (BILLING.SUBSCRIPTION.ACTIVATED, PAYMENT.SALE.COMPLETED, ...) and updates the customers' account accordingly.
Once in a while, a user cancels the subscription which triggers the BILLING.SUBSCRIPTION.CANCELLED webhook event. However, in some cases (12 instances out of 145 cancellations, ~8%), the BILLING.SUBSCRIPTION.CANCELLED event is not received.

Steps to Investigate:

Validated Subscription Status on PayPal:
- In the PayPal dashboard, all affected subscriptions are correctly marked as CANCELLED.

Checked Subscription Details via REST API:

Used the Show subscription details endpoint to verify the status of subscriptions where the BILLING.SUBSCRIPTION.CANCELLED event was not received.
The API response confirms the status as CANCELLED for all affected subscriptions.

Example Request:

https://api-m.sandbox.paypal.com/v1/billing/subscriptions/I-JW7M7AP4HKFH
Host: api-m.sandbox.paypal.com
Authorization: Bearer [token]
Content-Type: application/json

Example Response:

{
   "status": "CANCELLED",
   "status_update_time": "2024-11-18T08:08:50Z",
   "id": "I-JW7M7AP4HKFN",
   "plan_id": "P-4L131709LX524681RM4N25HQ",
   "start_time": "2024-10-24T10:41:52Z",
   "quantity": "1",
   ...
}

Check for events delivery using the list event notifications Endpoint:

Queried webhook events using the Webhooks management list event notifications endpoint for all BILLING.SUBSCRIPTION.CANCELLED events in the past 30 days.

Example Request:

https://api-m.paypal.com/v1/notifications/webhooks-events?page_size=100&event_type=BILLING.SUBSCRIPTION.CANCELLED&start_time=2024-10-19T08%3A04%3A54%2B00%3A00&end_time=2024-11-18T08%3A04%3A54%2B00%3A00  
Host: api-m.paypal.com  
Authorization: Bearer [token]  
Content-Type: application/json

The returned list contained only the BILLING.SUBSCRIPTION.CANCELLED events that were successfully processed by the client but excluded the missing events.

Example Response (Truncated):

{
"events": [
    {
        "id": "WH-5RDE1600CA522045T-4R890706YE384651K",
        "create_time": "2024-11-18T00:05:12.826Z",
        "resource_type": "subscription",
        "event_type": "BILLING.SUBSCRIPTION.CANCELLED",
        "summary": "Subscription cancelled",
        "resource": {
            ...
        },
        "links": [
            ...
        ],
        "event_version": "1.0",
        "resource_version": "2.0"
    },
    {
        ...
    }
],
"count": 2,
"links": [
    {
        "href": "https:\/\/api.paypal.com\/v1\/notifications\/webhooks-events\/?start_time=2024-10-19T11:46:01Z&end_time=2024-11-18T11:46:01Z&page_size=2&move_to=next&offset=0&prev_offset=0&index_id=1",
        "rel": "next",
        "method": "GET"
    }
]
}

Conclusion:
Based on the above, it appears that the BILLING.SUBSCRIPTION.CANCELLED events for the affected subscriptions were not generated / sent by PayPal. This suggests a low-frequency bug in the PayPal REST API.

Let me know if you’d like additional details or further testing from our side. Thank you for looking into this issue!

paypal / paypal-js

[Bug] Low-Frequency Bug in PayPal REST API: Missing `BILLING.SUBSCRIPTION.CANCELLED` Events #578