The webhook notification will provide the transaction id. I could somehow fetch its details from a RevenueCat’s receipt end-point and match it against the webhook’s claims (since the request can be from anyone).
Or it is an over-kill, and the shared Auth header should be sufficient?
Best answer by Ryan Glanz
We don’t surface the transaction id in our api, actually. So you can rely on the Auth header, but another strategy some developers use is to query this customer endpoint each time they get a webhook. That way you can verify the subscription in the webhook/customer matches (not by transaction id, but by identifier), and you can get the full customer details (in the case that the webhook omits some) to update your db with (if you want)
We don’t surface the transaction id in our api, actually. So you can rely on the Auth header, but another strategy some developers use is to query this customer endpoint each time they get a webhook. That way you can verify the subscription in the webhook/customer matches (not by transaction id, but by identifier), and you can get the full customer details (in the case that the webhook omits some) to update your db with (if you want)
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.