Authentication
Authentication for the RevenueCat REST API is achieved by setting the Authorization header with a valid API key. You'll find two types of API keys in your RevenueCat dashboard: public and secret.
Certain endpoints require secret keys, which should be kept out of any publicly accessible areas such as GitHub, client-side code, and so forth. See our Authentication guide for more information.
Authorization: Bearer YOUR_REVENUECAT_API_KEY
Payload
The body of the POST requests should be encoded in JSON and have the 'Content-Type' header set to 'application/json'.
Content-Type: application/json
{
"app_user_id": "user-1456",
"fetch_token": "MQABC...EFH1234="
}
Params
Encode Your URL Params
For URL params, such as the app_user_id, make sure you URL encode them before using them.