Remove unused payment method API

Josianne Hysonrequested to merge
jh/clean_up_payment_method into master

What does this MR do and why?

Part of issue: https://gitlab.com/gitlab-org/gitlab/-/issues/472721+

Remove unused payment method API, and the internal methods that it calls.

This API was used to display CC details for new users in the purchase flows, after they completed the "add payment method" step. The purchase flows have since been migrated to CustomersDot, so there shouldn't be any legitimate usage of this endpoint any more.

This MR:

  1. Removes the payment_method endpoint from the GitlabSubscriptions::SubscriptionsController
  2. Removes the client code that called CustomersDot for this information

References

  1. Originally added for the paid sign up flow (a purchase flow on GitLab): API endpoints for payment method component for ... (!21641 - merged).
  2. GitLab purchase flows removed in: https://gitlab.com/groups/gitlab-org/-/epics/9569+.
  3. Kibana requests to this endpoint: https://log.gprd.gitlab.net/app/r/s/5zPdk (one request, which investigating further, failed when it reached CustomersDot, so does not appear to be legitimate).

Screenshots or screen recordings

This is removing unused code -- we don't have any flows that lead to this endpoint any more. We can regression test the paid sign up flow on CustomersDot to be safe:

Regression testing screenshots
Step Screenshot
Follow purchase link CleanShot_2025-07-31_at_13.42.36_2x
Complete sign up CleanShot_2025-07-31_at_13.43.23_2x
Create group in purchase flow CleanShot_2025-07-31_at_13.43.37_2x
Complete CDot SSO CleanShot_2025-07-31_at_13.43.43_2x
Complete CDot registration CleanShot_2025-07-31_at_13.44.05_2x
Complete purchase flow CleanShot_2025-07-31_at_13.44.16_2x
View created subscription CleanShot_2025-07-31_at_13.44.45_2x
View provisioned namespace CleanShot_2025-07-31_at_13.46.02_2x

How to set up and validate locally

This is removing part of a purchase flow that is no longer used, so there isn't really a specific testing flow here. We can smoke-test the flow that replaced this one is still working correctly:

  1. Ensure you have CustomersDot running, and the GDK running in SaaS mode
  2. Sign out of GitLab
  3. Follow this purchase URL: http://localhost:3000/-/subscriptions/new?plan_id=2c92a00d76f0d5060176f2fb0a5029ff
  4. Create a new user
  5. Complete the purchase flow, creating a new group

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Josianne Hyson

Merge request reports