RevenueCat API v1 | In-App Subscriptions Made Easy – RevenueCat

<div class="theme-admonition theme-admonition-info alert alert--info"> <div class="heading">New to RevenueCat?</div> <div>Welcome! If you're adding subscriptions or other in-app purchases to your app, the RevenueCat SDK will handle most of the heavy-lifting without the need to interact with this API directly. See our <a href="/docs/getting-started/quickstart">Quickstart</a> for more information on getting started with RevenueCat.</div> </div> # About RevenueCat’s REST API RevenueCat provides a REST API for developers to perform customer and transaction related actions from their own server. Most of this API is geared toward client usage via RevenueCat’s SDK, but there are various endpoints that can be used for refunding purchases, granting promotional entitlements, and other sensitive actions that can only be done via a Secret API key from your server. ## Should I use this REST API or the RevenueCat SDK? If you’re adding subscriptions or other in-app purchases to your app for the first time or if you don’t have a backend that stores your Customers' receipts, you’re probably looking to implement the [RevenueCat SDK](/getting-started/installation). If you want to start migrating your existing users to RevenueCat and you have your Customers' receipts stored on your own server, or you want to check subscription status of your users from your own server, the REST API is a great solution. # Authentication Authentication for the RevenueCat REST API is achieved by setting the `Authorization` header with a valid API key. You'll find two types of API keys in your RevenueCat dashboard: _public_ and _secret_. Certain endpoints require secret keys, which should be kept out of any publicly accessible areas such as GitHub, client-side code, and so forth. See our [Authentication guide](/docs/welcome/authentication/) for more information. ```text title="Authorization Header" Authorization: Bearer YOUR_REVENUECAT_API_KEY ``` # Making requests ## Request Payload The body of the `POST` requests should be encoded in JSON and have the 'Content-Type' header set to 'application/json'. ```text title="Content-Type Header" Content-Type: application/json ``` ```json title="Sample Body" { "app_user_id": "user-1456", "fetch_token": "MQABC...EFH1234=" } ``` # URL parameters For URL params, such as the `app_user_id`, make sure you URL encode them before using them.