Before you startPaywalls build on the standard FlowPilot setup, plus RevenueCat:
- A FlowPilot workspace, an app inside it, and an SDK API key for that app.
- A RevenueCat account with your products, entitlements, and an offering configured for your app.
- Paywalls enabled for your workspace. If you do not see a Paywalls item in the dashboard sidebar, reach out and we will turn it on.
Create a read-only RevenueCat key
FlowPilot only ever reads your catalog, so give it the narrowest possible key.Open RevenueCat API keys
In the RevenueCat dashboard, go to your project settings and create a new v2 secret API key.
Grant read-only scopes
Restrict the key to read-only project configuration access (
project_configuration:*:read). FlowPilot never needs write access, and it will warn you if the key you paste is broader than read-only.Connect it in FlowPilot
Open Monetization settings
In the dashboard, open Settings, then the Monetization tab. Monetization is configured per app, so pick the app you are connecting from the app switcher first.
Paste the key and pick your project
Choose RevenueCat as the provider, paste the read-only key, and select the RevenueCat project that matches this app. FlowPilot validates the key and shows the scopes it was granted.
TODO: screenshot of the Monetization settings tab showing a connected key (last four characters), the synced catalog tree, and the Sync now button.
Keeping the catalog fresh
- The synced copy shows a last synced time and flags itself as stale after a day. Hit Sync now whenever you add or rename products in RevenueCat.
- FlowPilot never hard-deletes a product from its copy, because a published paywall might still reference it. Removed products are marked so the editor can warn you.
- Offerings and products are the same across sandbox and production in RevenueCat, so one sync covers both. The sandbox versus production distinction only matters for analytics and revenue.
No RevenueCat key yet? Use manual mode
If you cannot connect a key right now, you can still build and validate a paywall. In the Monetization tab, switch to the manual catalog and enter your offering, package, and entitlement identifiers by hand. The editor’s pickers and the publish validator then work against those identifiers. Manual mode gives you weaker guarantees, since FlowPilot cannot confirm the identifiers exist in RevenueCat, and it is labeled as such. Connect a read-only key when you can.Security
- Your key is stored encrypted at rest and is only ever decrypted in memory to call the RevenueCat API. It is never returned in an API response (only the last four characters are shown), never written to logs, and never sent to a device.
- The mobile SDKs hold no RevenueCat keys. Your app’s own RevenueCat configuration is entirely yours, and FlowPilot reads through it, it does not replace it.
Common mistakes
- Pasting a public SDK key. FlowPilot needs a v2 secret key to read your catalog through the RevenueCat REST API. A public SDK key will not authenticate.
- Granting write scopes. FlowPilot only reads. A read-only key is safer and does everything the integration needs.
- Wrong project. If your catalog looks empty after a sync, confirm you selected the RevenueCat project that actually holds this app’s offerings.
- Expecting these prices on device. The synced prices are for authoring and preview only. Users always see live store prices.