Why does RevenueCat allow for making purchases entirely client-side with public key?

  • 19 July 2022
  • 1 reply

Badge +1

Services like Stripe require a secret key and a server to make a purchase. If it was possible to do entirely client-side, wouldn’t Stripe do it be default? 

1 reply

Userlevel 5
Badge +10

Hey @michal 

I saw that you also opened a ticket with the Support team about this question. Pasting over their reply so it’s public:

The app is making API calls directly to RevenueCat, so the app needs the API key - however, there is very little risk because you're not actually making purchases with the API key but just sending the purchase to RevenueCat. The purchase has already been made on the device by that time. You do need the secret key when making purchases via the REST API. Read more about our authentication here:
This is in contrast with Stripe, where the requests are proxied through the developer's server and purchases are made using Stripe.