"Subscription-based Wazuh Dashboard Access Control with Razorpay Integration

[Sumit Kumawat]

Hi Community,

I am looking to integrate the Wazuh dashboard with a subscription-based model where customer access to the dashboard will be controlled based on payments processed through the Razorpay Payment Gateway.

The goal is to automatically enable or disable customer access to the Wazuh dashboard based on the status of their subscription. More specifically:

1. Enable Dashboard Access: When a customer successfully makes a payment through Razorpay, their access to the Wazuh dashboard should be automatically enabled.

2. Disable Dashboard Access: If the customer’s subscription payment fails, is canceled, or expires, their access to the Wazuh dashboard should be automatically disabled.

I am looking for advice on how best to:

• Integrate Razorpay’s Payment Gateway with Wazuh, possibly using APIs.

• Automate the enable/disable access logic for the dashboard based on payment status or subscription lifecycle.

• Handle scenarios like expired subscriptions, refunds, and reactivations.

If anyone has experience implementing a similar setup or can provide insights on the most effective approach, I’d greatly appreciate your input.

Thanks in advance!

[Pedro De Castro]

hey Kumawat, how are you?

Looks like to me that you are asking essentially how to build a Wazuh SaaS platform (Wazuh Cloud) just like the existing Wazuh Cloud works (console.cloud.wazuh.com).
Honestly, it is a super wide-open-enormous question to address in just one answer, we are talking about a huge development to make this work completely, but, let me give you a few ideas and something to start with:

Customers will access to Wazuh Dashboards, so you don't need to expose the Wazuh manager API, meaning, that you don't need to enable/disable those, instead, just booting/shutting down the Indexer piece will be enough.
The indexer has ways using its API (https://docs.opensearch.org/latest/api-reference/) to enable/disable the whole cluster, and since it's natively multi-tenant, and has a great RBAC in place, you can book a reserved user (root/admin) to run those commands to disable other tenants environments.
Moreover, if you integrate everything within a major cloud provider (like GCP, AWS or Azure) you can trigger infra teardown to bring down the whole service at a different layer(like powering off an instance or namespace/pod...) as well.

Regarding how to detect Razorpay payment/subscription status, I am not familiar with their API, so I can't help, but typically you can pull status (request API) or just get push notifications (streaming/push) to your "listening server".


I think a good starting point will be to get a working PoC of:

1. User signs into  the platform
2. Send notification to create a new sub in Razorpay
3. Create a new user (tenant) within Wazuh indexer
4. Link/correlate the Razorpay sub with the Wazuh indexer tenant
5. Send the credentials back to the new user



Now, try to use Razorpay API to monitor for expired subs and trigger a tenant deletion.



I hope it helps, again, it's a super open question, but I am sure many people will be interested in this since it's a great challenge.