RBCommons: User Roles and Billing Updates

We’ve just gone live on a major update to the billing capabilities in RBCommons.

Try RBCommons without a credit card

With all the fraud and stolen credit card numbers out there, it’s no surprise that a lot of people wanted to try RBCommons to see if it was the right fit but weren’t comfortable providing their credit card information right away.

We’ve changed our trial so that you can sign up with only your name and e-mail address, and if you decide to keep using RBCommons, you can add your billing information later.

Separate administration and billing user roles

Many companies have a dedicated person for dealing with billing administration for services. Until now RBCommons has only had a single team administrator role, which provided access to both the billing information as well as everything else for the team. We’ve split up these responsibilities into new user roles:

  • A Technical Administrator can make changes to users, repositories, and other settings, but cannot change or see billing information.
  • A Billing Contact can see invoices and make changes to the billing information, as well as change which plan the team is on. They’ll also receive e-mails whenever we charge the attached card.
  • The Team Owner has access to all administration and billing capabilities. This is equivalent to the old team administrator role.

All team administrators have been updated to become Team Owners. To change a user’s roles, visit your Team Administration → Users page and click the pencil icon beside a user.

Improved invoices

Many countries require invoices to contain certain information, such as an official business name and address, or a tax ID. RBCommons now allows you to add this information in Team Admin → Account and Billing, and it will show up on your invoices.

If you’re a business located in the EU, you can put in your VAT ID and we’ll make sure that the generated invoices contain everything you need for your VAT filings.

If your country has invoice requirements that we haven’t met, please contact us.

Add billing e-mail recipients

You can now add additional e-mail addresses where you’d like any and all billing e-mails sent to. This is really useful if you have a purchasing department or some users who need to track receipts but don’t need access to RBCommons.

You can set these over in Team Admin → Account and Billing → Billing E-mails.

Update to the Privacy Policy

As part of this, we’ve made a small update to our Privacy Policy to list Quaderno as a third-party service used in our billing process. This is a good time to review your privacy choices under My Account → My Privacy Rights.

Feedback?

This has been in the works for a long time, and we’ll be iterating on it based on your feedback. So how’s it working for you? Let us know through the Need Help? button in the bottom-right of any page (opt in to Intercom in My Account → My Privacy Rights) or send us an e-mail at support@beanbaginc.com.

Read More

ChangeLog: December 19, 2019 — Wrapping Up for the Holidays

Hi everyone! Welcome to our final ChangeLog of the year.

We skipped last week, preparing for the big upcoming billing feature launch for RBCommons, which we discussed in November. That’s coming very soon, and once it’s done we’ll be getting back to our regular work on Review Board.

Since that’s the big project we’ve been working on, let’s talk about it some more. Buckle up. This is going to be a long one.

Software Companies, Credit Cards, and Tax Requirements

We have four main goals for our RBCommons billing update:

  1. Give teams better invoices and more control over who can manage billing
  2. Better support credit card safety measures like Strong Customer Authentication and 3D Secure
  3. Be able to better meet invoicing and tax standards in more countries
  4. Making RBCommons team sign-up easier for everyone

We talked about the first one before. So let’s focus on 2 and 3. We’ll be discussing these in simplistic terms — the reality is more complex.

Strong Customer Authentication

Strong Customer Authentication, or SCA for short, is a regulation in the EU designed to reduce credit card fraud. It went into effect in September 14, 2019, and effectively adds a step to credit card charges where the purchaser must authenticate/verify the charge, typically using a verification method called 3D Secure.

This impacts you if you do any business with the EU.

Now, there are exemptions to this. Recurring charges may be exempt. Charges from the US or other countries may be exempt (likely temporarily — the world just isn’t ready to fully comply yet). Other transactions considered low-risk are also likely to be exempt. This all depends, though, on the credit card company and the reputation of the seller.

Enter Stripe, Our Billing Provider

We use Stripe, which takes care of most of this. It’s pretty great. However, we weren’t quite in shape to really leverage their support, for a couple reasons:

  1. We were sending our own receipt and failed charge e-mails to customers, and they weren’t accounting for any SCA-related requirements
  2. While our e-mails went out to all team administrators, Stripe will only send their own e-mails to a single e-mail address, which may not even be current (if the team has been around a while and people have moved on), meaning they may not ever get a chance to verify charges

We knew we wanted to rip out all our e-mails, but Stripe’s one-address limitation was causing us headaches.

Now technically Stripe can send to multiple e-mail addresses, but this can only be configured manually through their Stripe Dashboard UI. The API doesn’t support this yet. So we were stuck.

Enter MailGun Routes

We use MailGun as our e-mail provider, and it has a handful of really nice features. One of them, Routes, allows for setting up rules to match incoming e-mails and do something with them, such as forwarding them on to other addresses or to a WebHook.

We found that we can dynamically create routes that match an incoming e-mail address unique to the team and forward it along to all team users responsible for billing. We can then assign that unique e-mail address to Stripe. They look something like this:

match_recipient('.*@mydomain')
forward('user1@example.com, user2@example.com, user3@example.com')

We can create these when new teams are created, update them whenever the list of billing contacts change, and delete them when the team is deleted. Problem solved!

(But seriously, Stripe, add multiple e-mail address support to your API.)

Invoices and Taxes

So this is the big challenge. Complying with international taxes is hard. There just isn’t really a lot of infrastructure out there to help deal with this, and every country has different requirements. I’m not going to give any advice here, but I’m going to point you all to some useful things we’ve found.

Enter Quaderno, The Tax Guide

First, Quaderno. This service provides a number of tools for helping with tax compliance:

  • You can use it for all invoices and charges if you like, or pair it with something like Stripe
  • It can let you know if you’re missing any customer information necessary to validate them for tax purposes
  • It will show you a breakdown of what countries you currently owe taxes to, and give you the necessary information needed to file those taxes
  • It can even provide a sort of store front, if your needs aren’t too complex

We found Quaderno helpful not just for the tools it provides, but the information. They have an extensive knowledge base on how to comply with tax laws in multiple countries, including tax requirements, invoicing requirements, tax rates and categories, and how to apply for a tax ID in the country.

Just search for “Quaderno <region>” and you’ll find a wealth of information. For instance, here’s their Guide to EU VAT.

Collect Billing and Tax Details

A lot of services aim to collect as few details as possible from customers. This seems like a good approach, especially when you think of the privacy enhancement bills like the GDPR and the California Consumer Privacy Act, but you’ll need to collect a bit more to be tax-compliant:

  1. A full and proper billing address for the company, including country
  2. A tax ID for the business that matches that country

You’ll need to validate these to make sure you’re not accidentally enabling fraud. Most countries make this your problem. Quaderno and other services can help with this.

This information also needs to be on the invoices, and in fact you may need additional details including your own tax ID in that country. Both Stripe and Quaderno can help with this (Quaderno is better geared toward flexible, compliant invoices, but Stripe is better integrated with the rest of the billing process).

So a big part of what we’ve been putting together includes:

  • New settings for collecting company addresses and tax IDs, and validating them
  • Switching to Stripe e-mails and invoices for better compliance
  • Connecting our stuff up with Quaderno to better track tax requirements
  • Augmenting Stripe invoices with information required to meet the requirements in some countries, based on the customer’s billing location
  • In-house processes for managing all this complexity

One More Thing: Credit Card-Free RBCommons Trials

RBCommons currently requires a credit card to sign up for the trial. We’ve had it this way for a long time, since it’s easier to seamlessly turn a trial into a paid plan without interruption, and a lot of our early customers were already familiar with us and had trust in our service. As we’ve grown, though, our customer base has widened, and we’ve wanted to remove this step to help make it as easy as possible to get started.

As part of our big billing update, we’re removing the credit card requirement during setup, and instead guiding people to provide it before their trial expires. We hope this will make more people feel comfortable giving RBCommons a try, and experiencing the type of code and document review we offer.

This will all be launching Very Soon Now (TM).

That’s It for 2019!

This is our last ChangeLog for the year, but we’ll be back early 2020. Keep following us on our blog, Reddit, Twitter, Facebook, and YouTube.

We hope everyone has a wonderful and relaxing holiday season! We’ll be taking some time off to spend with our loved ones (but don’t worry support contract customers — David and I are still on call if you need us).

Read More

ChangeLog: December 5, 2019 — Student Projects, Repository Config

Welcome back, everyone! We’re here with another ChangeLog, this time focusing on a couple things that just wrapped up: This semester’s student projects, and a series of behind-the-scenes repository configuration improvements.

End of a Semester

Last month, we talked a bit about the CANOSP student program run out of the University of Alberta, and showed off some of the work our CANOSP students have done on Review Board.

They’ve all been hard at work improving our Review UI support (custom review UIs for different types of file attachments), building up both the underlying capabilities of a Review UI and creating prototypes of new UIs for new types of files.

They’ve just wrapped up their semester and completed their final demo videos. We’d like to show off their hard work.

Nicole Hagerman

Nicole’s focus has been the underlying Review UI support, allowing Review UIs to be more dynamic and to not be limited to a single URL. This work has been a backbone of other student projects this semester, so we’re covering it first.

On top of this, she’s built a new Review UI for more easily viewing JSON files, both in their source form and in a structured tree-based form.

Adil Malik

Adil built a series of new Review UIs designed for reviewing:

  • XML files, with options similar to the JSON file Review UI built by Nicole
  • Jupyter Notebooks, a popular tool in the Python world
  • Audio files, complete with waveforms and histograms, offering both diffing and commenting

These have come along really nicely, and show the power of our Review UI support (and the work done by Nicole Hagerman).

Ceegan Hale

Ceegan split his time between some improvements to our diff viewer and to our Review UIs as well:

  • Improved the diff viewer’s display of minified files (e.g., .min.js files)
  • Iterated on our in-progress support for showing Review UIs in the diff viewer
  • Built a prototype Review UI for viewing archive file attachments (e.g., .zip, .rar, etc.).

Repository Configuration Improvements

A good chunk of my own time these past few weeks has been to rework the code behind the repository configuration page. Along with an assortment of bug fixes, we’re working to make it easier to configure plain (non-GitHub/Bitbucket/etc.) repositories.

Historically, plain repositories all shared the same set of configuration fields. You had your “Path” field, “Mirror Path,” “Username,” “Password”. A few had special fields like Perforce’s “Use ticket-based authentication,” but they were baked into the repository form and dealt with specially. Third-party repository support couldn’t add their own fields, and administrators had to translate concepts like a Git Clone URL into our concept of a “Path.”

As of the upcoming Review Board 3.0.16, each type of repository will be able to provide its own configuration form. For instance, down the road, Git repositories will have a dropdown for selecting CGit, GitWeb, etc. as the repository content access method, instead of forcing people to type in a cryptic URL.

Here’s a mockup:

Bottom line: It’s going to be easier to configure repositories in upcoming releases.

There’s a lot of under-the-hood work that’s been done to enable this, and that work is also going to lead to some future improvements we’re looking forward to building in the Review Board 5.0 timeframe. Can’t wait to write about it.

Wrapping Up

That’s another week done. We’ll be back next week!

So what do you think so far? Are the ChangeLogs interesting? Boring? Is there something else you want to hear about? Please let us know on the community forum so we can improve these going forward.

We’re also on Reddit (/r/reviewboard), Twitter, Facebook, and YouTube if you want other ways to keep up-to-date.

Read More