We have a Node server that uses axios to communicate with revenuecat’s REST api. We are hitting the ‘Get or Create Subscriber’ endpoint, using our private key, and no X-Platform header from within our server. For example
Our Express Server has an endpoint
‘/billing’
When a user hit this endpoint, our server hits revenuecat’s https://api.revenuecat.com/v1/subscribers/app_user_id endpoint to get the user’s info and returns it.
Everything works great when /billing endpoint is hit from Postman. When /billing is hit from mobile, we get a 429 too many requests error. We can log the request right before axios sends it with axios interceptors, and the requests from postman and mobile are the exact same. There is only one request being created, so the 429 error makes no sense. Everything about the request is exactly the same as our server is the one performing the request, it is just initiated through our REST endpoint from mobile instead of Postman, which axios and revenue cat should have no idea about.
Whats even weirder, is if we call the /billing endpoint from mobile, but do not asynchronously wait for it (returning test data right away), the axios request goes through successfully. Its as if Revenue cat is explicitly blocking all requests to https://api.revenuecat.com/v1/subscribers/app_user_id that originate from mobile. How they would be able to do this I do not know, since its our server performing the request.
My question is, does RevenueCat block requests originating from mobile to https://api.revenuecat.com/v1/subscribers/app_user_id? The /billing → revenue cat’s api action works from every way we’ve tested except for when it originates in mobile.