VSCO
Photo Filter App
“The RevenueCat and Braze integration allowed us to implement fast winback and upgrade messaging that ultimately resulted in a Membership churn reduction of almost 5%.”
Paywalls load. Purchases go through. Every time.
All Systems Operational
You can’t afford downtime. Get 99.99% uptime with a five-layer defense that keeps revenue flowing.
A five-layer defense, running 24/7
It's 2am. A cloud provider has a service disruption. Your users are opening your app, viewing your paywall, and trying to subscribe. Here's what happens.
- 1
The SDK
The App Store is unreachable, so the SDK uses cached paywall and product data on the device. If that paywall can't render, a default branded fallback appears with a purchase CTA. The user still has a way to buy.
Local caching of paywall specs and product data
Paywall layout, offerings, and product data can be stored on-device after SDK initialization, so the app can render a paywall without a live network call.
Default fallback paywall with purchase CTA
If the cached paywall isn't available or can't render, the SDK can show a RevenueCat fallback paywall that still gives the user a purchase option.
Offline purchase handling: durable queue + temporary entitlements
Purchases made while connectivity is degraded can be queued and retried, while temporary entitlements keep access moving until the transaction syncs.
Telemetry for every fallback path
Paywall render attempts, queued purchases, and replayed purchases are tracked, so teams can see what happened during the outage.
- 2
The Edge & CDN
The purchase leaves the device. If the primary path is slow, blocked, or under load, RevenueCat uses multiple CDNs and global points of presence to route traffic to reachable API servers.
Multiple CDNs with global points of presence
Users connect through nearby edge locations, helping requests reach RevenueCat quickly from different regions and networks.
Low-latency API routing
Pre-established connections and fast round trips help keep paywall and purchase requests responsive.
Dedicated, monitored network paths
API traffic flows through monitored infrastructure with capacity planned for critical purchase flows.
Alternate CDN coverage for constrained networks
RevenueCat can use alternative CDN configurations where censorship, firewalls, or local network conditions affect the primary path.
- 3
Static fallback CDNs
If the SDK has no useful local cache, like after a fresh install, it still needs product and offering data. Static fallback CDNs can serve the minimum data needed to show products and keep the purchase flow alive.
Static offerings and product data
The SDK can retrieve a minimal, static copy of the data it needs to show products and start a purchase flow.
Separate infrastructure path
Fallback static assets can be served from an alternate CDN path that doesn't depend on the same primary systems.
Built for simplicity
Static files keep this fallback layer small, predictable, and easier to operate during incidents.
Recovery for fresh installs and empty caches
If the app has no local paywall cache yet, static fallback data gives the SDK another way to keep going.
- 4
Fortress
RevenueCat's primary backend is unavailable. Fortress accepts the purchase event, grants a temporary entitlement, and stores the transaction for reconciliation. The user gets access, and the purchase is preserved.
Backup backend separate from primary services
Fortress runs independently from the primary backend, so core service failures don't take the purchase fallback path down with them.
Accepts purchases during primary backend failure
Transactions can still be accepted and stored while RevenueCat's main backend is unreachable.
Grants temporary entitlements
Users can keep access while the purchase waits for final validation and reconciliation.
Sends fallback entitlement webhooks
Fortress can notify your backend that a temporary entitlement was granted, so your systems can also unlock access while RevenueCat's main service is unavailable.
- 5
The Core Backend
The outage ends. RevenueCat validates receipts with the app stores, reconciles temporary grants from the SDK and Fortress, deduplicates replayed events, and restores the verified source of truth.
Multi-region, autoscaled APIs as the source of truth
Once service is restored, the core backend resumes responsibility for verified entitlement state.
Receipt validation against app stores
Every transaction is checked directly with the App Store or Google Play before it becomes a final entitlement record.
Reconciliation of temporary grants and replayed events
Temporary entitlements and queued SDK events are matched against confirmed purchase records.
Deduplication of replayed purchase events
Replayed events are deduplicated so no purchase is counted or granted twice.
Reliability is never done
Every incident, edge case, and new feature teaches us something. RevenueCat keeps investing in the people, systems, and fallback paths that protect purchases before, during, and after an outage.
Reliability from product inception
New features are designed with failure modes, fallback behavior, and recovery paths in mind before they ship.
Dedicated engineering and SRE expertise
A highly skilled team owns the systems, playbooks, monitoring, and escalation paths that keep critical purchase flows available.
Continuous hardening after every incident
Incidents, alerts, and edge cases turn into follow-up work, so the platform gets more resilient over time.
Reliability across the full purchase path
We invest across the SDK, CDNs, backend services, app store integrations, and reconciliation systems.
Driving results for the world’s most downloaded apps
Photoroom
Studio Photo Editor
“RevenueCat is at the center of our stack for subscriptions. It enables us to have one single source of truth for subscriptions and revenue data and then allows us to spread that reliable data across all of the great integrations RevenueCat has with the rest of our marketing and analytics stack.”
ChatGPT
AI-Powered Conversational Assistant
“With RevenueCat, we never had to slow down. They made it easy to keep our focus on building the best product while ensuring our mission of accessible, safe AI for everyone.”
CardPointers
Credit Card Optimization
“In just a year from shipping with RevenueCat, I was able to quit my day job to focus 100% on CardPointers. I’ve continued to grow and expand, all thanks to RevenueCat.”
The Tapping Solution
Emotional Freedom Techniques
““RevenueCat really solved a lot of problems for us and I’d [migrate to RevenueCat] again in a heartbeat. If I ever work on launching another app, I will include RevenueCat from the beginning.””
Pixery Labs
Next generation mobile apps for content creators
“We realized that implementing and maintaining in-app purchases ourselves had taken too much time and resources. You need dedicated people and when they leave it's difficult to replace and transition that knowledge.”
When the system needs a human, one is ready
Fortress handles failures automatically. But when an incident needs human judgment, our SRE team is already on it, with a defined playbook.
24/7 on-call SRE coverage
A dedicated on-call engineer is always available. Every alert is triaged immediately.
Defined SEV triggers
Incidents are classified by severity the moment they're detected. SEV1 triggers immediate escalation with a dedicated incident commander and customer communication within minutes.
Post-incident improvements
Every incident ends with a post-mortem. Findings are tracked and shipped as hardening improvements.
Synthetic monitoring
Automated checks run continuously across multiple regions, simulating real user flows. Issues are detected before your users notice them.
Frequently asked questions
Ready to grow?
Our entire suite of features comes standard and it's free to get started.