You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/customers/trusted-entitlements.mdx
+26-5Lines changed: 26 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,22 +7,35 @@ hidden: false
7
7
8
8
RevenueCat uses strong SSL to secure communications against interception. But the user is in control of the client device, and, while not an easy process, they can configure it to allow and execute [MiTM](https://en.wikipedia.org/wiki/Man-in-the-middle_attack) attacks to grant themselves entitlements without actually paying you.
9
9
10
-
To prevent this, in addition to SSL for secure communications, our native (iOS/Android) SDKs, together with our backend, will verify responses integrity by checking a cryptographic signature.
10
+
**Trusted Entitlements** helps you detect and respond to such attacks. When enabled, our native (iOS/Android) SDKs work together with our backend to verify response integrity by checking a cryptographic signature on entitlement data. This verification result is then provided to your app, allowing _you_ to decide how to handle potentially compromised entitlements.
11
11
12
12
:::info
13
13
Trusted Entitlements is supported in iOS SDK version 4.25.0 and up, and Android SDK version 6.6.0 and up.
14
14
:::
15
15
16
16
## Setup
17
17
18
-
### Configuration
18
+
### Default Behavior
19
19
20
-
Trusted Entitlements is enabled by default and it doesn't have any impact on performance or behavior by default. You can disable it by doing the following:
Trusted Entitlements are disabled by default for versions under 5.15.0 in iOS and 8.11.0 in Android.
22
+
- Trusted Entitlements is **enabled by default** - the SDK will provide verification data
23
+
-**However, verification results are informational only** - your app must check the verification result and decide how to handle unverified entitlements
24
+
- No automatic blocking or rejection of unverified entitlements occurs
- Trusted Entitlements is **disabled by default** - no verification data is provided
29
+
- You must explicitly enable it to get verification information
30
+
31
+
:::warning Important
32
+
**Enabling Trusted Entitlements does not automatically protect your app.** The SDK provides verification data, but it's your responsibility to check the verification result in your code and decide whether to grant access based on unverified entitlements.
24
33
:::
25
34
35
+
### Configuration
36
+
37
+
**To disable Trusted Entitlements** (when it's enabled by default):
@@ -64,6 +77,14 @@ import content7 from "@site/code_blocks/customers/trusted-entitlements.cs?raw";
64
77
]}
65
78
/>
66
79
80
+
**To enable Trusted Entitlements** (for older SDK versions where it's disabled by default):
81
+
82
+
Use the same configuration as above, but set the mode to `EntitlementVerificationMode.informational` instead of `EntitlementVerificationMode.disabled`.
83
+
84
+
:::info
85
+
Trusted Entitlements has no impact on performance or behavior when enabled.
86
+
:::
87
+
67
88
### Verification
68
89
69
90
When Trusted Entitlements are enabled, `EntitlementInfo` contains the verification result:
Copy file name to clipboardExpand all lines: docs/getting-started/entitlements.mdx
+3Lines changed: 3 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,8 @@
1
1
---
2
2
title: Entitlements
3
+
description: Use Entitlements to manage access to content in your app
4
+
sidebar_label: Overview
5
+
hidden: false
3
6
---
4
7
5
8
{/* I'm including this, because this doc historically had a lot of information on product configuration, and not just entitlements. this is to keep some kind of continuity for legacy links to this page */}
Copy file name to clipboardExpand all lines: docs/offerings/virtual-currency.mdx
+6-1Lines changed: 6 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,10 +2,15 @@
2
2
title: Virtual Currency
3
3
sidebar_label: Virtual Currency
4
4
slug: virtual-currency
5
+
description: Enable transactions for virtual items in your app
5
6
hidden: false
6
7
---
7
8
8
-
Virtual currencies are digital assets used within your app to facilitate transactions, unlock premium features, or enhance customer engagement. These currencies are typically acquired through in-app purchases, rewards, or gameplay achievements and do not have intrinsic real-world value outside the application. They can be used for purchasing virtual goods, upgrading characters, or accessing exclusive content. Common examples include tokens, coins, credits, or other units that can be replenished through purchases. You can leverage virtual currencies to monetize apps, encourage customer retention, and create a more immersive experience.
9
+
Virtual currencies are digital assets used within your app to facilitate transactions, unlock premium features, or enhance customer engagement.
10
+
11
+
These currencies are typically acquired through in-app purchases, rewards, or gameplay achievements and do not have intrinsic real-world value outside the application. They can be used for purchasing virtual goods, upgrading characters, or accessing exclusive content. Common examples include tokens, coins, credits, or other units that can be replenished through purchases.
12
+
13
+
You can leverage virtual currencies to monetize apps, encourage customer retention, and create a more immersive experience.
9
14
10
15
:::info
11
16
This feature is in an early stage and under active development. While what's available today is stable and ready to use, we're continuing to expand its capabilities.
0 commit comments