Skip to main content
Solved

track anonymous user ids through public DB

  • 29 August 2024
  • 5 replies
  • 35 views

Hello!

 

So I'm making an alarm app and since the users are anonymous I'm facing an issue with cancelling and refunds.

 

I can't do authentication but I thought that maybe I could write to Firestore through webhooks the anonymous Ids along with the state of the subscription for the user as read only data, then each user can listen to the corresponding document.

 

Is there any security risks from the point of view of Revenuecat to expose these information public ally? 

 

I'll add app check of course, but still want to make sure it's safe to do this.

 

Thank you.

5 replies

Badge +1

Anyone has an idea about this, pls?

Userlevel 2
Badge +5

Hi @Silfalion-164ca8,

Can you detail a bit more which is the issue you are facing with the cancellation/refunds? If everything happens on device, you can always check if the user has an active subscription on the client.

You are safe to store the ids in your db, it is a way to track your users on the server side. Bear in mind that when a user deletes the app and reinstalls it will have a different id.

Let me know if this helps!

Badge +1

Hi @joan-cardona

 

Thank for the details! 

 

To explain some more, my issue is that when cancelling or refunding the change is not immediate in the app, the listener doesn't get triggered, so I have to wait the 5 minutes the cache needs to refresh for the state of the app to be updated.

 

So my idea was to store them in the DB and listen to that in addition to Revenuecat user change.

 

Glad to know I can store them in the DB. Just to confirm, it's ok even if the data is publically accessible, right? I'm relying on anonymous Ids so there is no auth in place to secure the information, save for App check.

Badge +1

Also, I plan to call sync purchases when I receive an event from firebase when listening to those changes. Since I'm using anonymous users anyway, that should be alright regarding aliasing, right?

Userlevel 2
Badge +5

Hi @Silfalion-164ca8,

Do you have Platform Server Notifications set up? With that enabled we can get the refund notification faster. It’s okay to call sync purchases when you get the event, I don’t know what transfer behavior you want/expect but as long as you select your desired one, you should be okay with it.

Reply