Hi,
I am currently using RevenueCat to manage user subscriptions in my Flutter app.
For now, I am using entitlements, but I want to improve this process because I have created a backend. Each user is connected to an account linked to this backend, and I want only the backend to handle users' subscription statuses.
To achieve this, I want to use RevenueCat webhooks so that the backend is always aware of each user's subscription status. With this setup, my backend can control access and allow or deny certain actions accordingly. The information from webhooks will be very sensitive because it will determine each user's subscription status.
My first question is: Is this the right approach to achieve this with RevenueCat?
And my second question is: I want the webhook endpoint to be very secure for the reasons mentioned above, so I created an x-api-key value to use it. Is there a way to add this to the RevenueCat webhook? I saw there is an Authorization header, where I tried to add x-api-key {value}, but it doesn’t work.
If it’s not currently possible, could you consider adding this feature?
Thanks for your help! :)
