+1The webhook notification will provide the transaction id. I could somehow fetch its details from a RevenueCat’s receipt end-point and match it against the webhook’s claims (since the request can be from anyone).
Or it is an over-kill, and the shared Auth header should be sufficient?
Best answer by Ryan Glanz
We don’t surface the transaction id in our api, actually. So you can rely on the Auth header, but another strategy some developers use is to query this customer endpoint each time they get a webhook. That way you can verify the subscription in the webhook/customer matches (not by transaction id, but by identifier), and you can get the full customer details (in the case that the webhook omits some) to update your db with (if you want)
+8We don’t surface the transaction id in our api, actually. So you can rely on the Auth header, but another strategy some developers use is to query this customer endpoint each time they get a webhook. That way you can verify the subscription in the webhook/customer matches (not by transaction id, but by identifier), and you can get the full customer details (in the case that the webhook omits some) to update your db with (if you want)
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.