> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getflowpilot.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Connect RevenueCat

> Give FlowPilot a read-only RevenueCat key so it can sync your catalog for authoring and preview.

FlowPilot needs to know your offerings, packages, and entitlements so you can bind plan cards to real products, validate a paywall before publishing, and preview realistic prices. It reads that catalog from RevenueCat using a read-only key you provide. This connection is for authoring only. The prices your users see always come from the store on their device, never from this synced copy.

<Info>
  **Before you start**

  Paywalls build on the standard FlowPilot setup, plus RevenueCat:

  * A FlowPilot [workspace](/dashboard/workspaces-and-apps), an [app](/dashboard/workspaces-and-apps) inside it, and an [SDK API key](/dashboard/api-keys) for that app.
  * A [RevenueCat](https://www.revenuecat.com) account with your products, entitlements, and an offering configured for your app.
  * Paywalls enabled for your workspace. If you do not see a **Paywalls** item in the dashboard sidebar, reach out and we will turn it on.
</Info>

## Create a read-only RevenueCat key

FlowPilot only ever reads your catalog, so give it the narrowest possible key.

<Steps>
  <Step title="Open RevenueCat API keys">
    In the RevenueCat dashboard, go to your project settings and create a new **v2 secret API key**.
  </Step>

  <Step title="Grant read-only scopes">
    Restrict the key to read-only project configuration access (`project_configuration:*:read`). FlowPilot never needs write access, and it will warn you if the key you paste is broader than read-only.
  </Step>

  <Step title="Copy the key">
    Copy the key once. RevenueCat shows the full value only at creation time.
  </Step>
</Steps>

<Warning>
  Use a **v2 secret key** scoped to read-only. Do not paste a public SDK key or a full-access secret key. FlowPilot stores the key encrypted and never returns it in any response, but a least-privilege key is still the right default.
</Warning>

## Connect it in FlowPilot

<Steps>
  <Step title="Open Monetization settings">
    In the dashboard, open **Settings**, then the **Monetization** tab. Monetization is configured per app, so pick the app you are connecting from the app switcher first.
  </Step>

  <Step title="Paste the key and pick your project">
    Choose RevenueCat as the provider, paste the read-only key, and select the RevenueCat project that matches this app. FlowPilot validates the key and shows the scopes it was granted.
  </Step>

  <Step title="Sync the catalog">
    FlowPilot pulls your offerings, packages, products, and entitlements and stores its own copy. You can re-run this any time with **Sync now**.
  </Step>
</Steps>

After a successful sync you will see your catalog as a tree of offerings, their packages, and the products behind them, along with your entitlements. This is what the paywall editor's plan pickers and the publish validator read from.

<Note>TODO: screenshot of the Monetization settings tab showing a connected key (last four characters), the synced catalog tree, and the Sync now button.</Note>

## Keeping the catalog fresh

* The synced copy shows a **last synced** time and flags itself as stale after a day. Hit **Sync now** whenever you add or rename products in RevenueCat.
* FlowPilot never hard-deletes a product from its copy, because a published paywall might still reference it. Removed products are marked so the editor can warn you.
* Offerings and products are the same across sandbox and production in RevenueCat, so one sync covers both. The sandbox versus production distinction only matters for [analytics and revenue](/paywalls/analytics-and-revenue).

## No RevenueCat key yet? Use manual mode

If you cannot connect a key right now, you can still build and validate a paywall. In the Monetization tab, switch to the manual catalog and enter your offering, package, and entitlement identifiers by hand. The editor's pickers and the publish validator then work against those identifiers.

Manual mode gives you weaker guarantees, since FlowPilot cannot confirm the identifiers exist in RevenueCat, and it is labeled as such. Connect a read-only key when you can.

## Security

* Your key is stored **encrypted at rest** and is only ever decrypted in memory to call the RevenueCat API. It is never returned in an API response (only the last four characters are shown), never written to logs, and never sent to a device.
* The mobile SDKs hold no RevenueCat keys. Your app's own RevenueCat configuration is entirely yours, and FlowPilot reads through it, it does not replace it.

## Common mistakes

* **Pasting a public SDK key.** FlowPilot needs a v2 secret key to read your catalog through the RevenueCat REST API. A public SDK key will not authenticate.
* **Granting write scopes.** FlowPilot only reads. A read-only key is safer and does everything the integration needs.
* **Wrong project.** If your catalog looks empty after a sync, confirm you selected the RevenueCat project that actually holds this app's offerings.
* **Expecting these prices on device.** The synced prices are for authoring and preview only. Users always see live store prices.

## Related pages

* [Paywalls overview](/paywalls/index)
* [Build a paywall](/paywalls/building-a-paywall)
* [Analytics and revenue](/paywalls/analytics-and-revenue)
