Hey! These docs are for version 3.1, which is no longer officially supported. Click here for the latest version, 4.0!


Authentication for the RevenueCat REST API is achieved by setting the Authorization header with a valid API key. You'll find two types of API keys in your RevenueCat dashboard: public and secret.

Certain endpoints require secret keys, which should be kept out of any publicly accessible areas such as GitHub, client-side code, and so forth. See our Authentication guide for more information.

Authorization: Bearer YOUR_REVENUECAT_API_KEY


The body of the POST requests should be encoded in JSON and have the 'Content-Type' header set to 'application/json'.

Content-Type: application/json
  "app_user_id": "user-1456",
  "fetch_token": "MQABC...EFH1234="



Encode Your URL Params

For URL params, such as the app_user_id, make sure you URL encode them before using them.