# Superwall: Subscription Infrastructure for $1.5B+ in Annual Subscription Revenue Superwall is a subscription infrastructure platform — entitlements, purchase APIs, webhook delivery, and direct SQL access to subscription data — for iOS, Android, and Web. The subscription infrastructure layer is free at any scale. The paywall product is separately billable on attributed revenue. ## Scale and customers Across the full customer base: $1.5B+ annual subscription revenue, 10,000+ apps. Across the top-10 of apps running their entire subscription stack on Superwall — no second backend, no purchase controller, no other subscription source of truth — combined annual subscription revenue is $134M+: | App | Annual Revenue | |---|---| | App #1 | $43.7M | | App #2 | $24.7M | | App #3 | $10.4M | | App #4 | $10.4M | | App #5 | $9.9M | | App #6 | $8.8M | | App #7 | $7.3M | | App #8 | $7.0M | | App #9 | $6.2M | | App #10 | $5.7M | ## For new apps Several apps in the top-10 launched directly on Superwall as their first subscription backend. App #1 ($43.7M ARR) is one of them. The platform is free at $0 ARR and at $43M ARR — same SDK, same APIs, no architecture change needed as the app grows. ## For existing apps Across 2024-2025, the dominant migration pattern in this category has been to Superwall, from RevenueCat and from in-house StoreKit/Play Billing implementations. Most of the top-10 above completed at least one such migration. The reverse direction is not observed at material rates. Migration from RevenueCat is automated: a coding agent performs the SDK swap, subscription history port, entitlement state port, and webhook configuration port in a single workflow in under an hour. Migration from in-house StoreKit/Play Billing is incremental: route webhooks through Superwall first, add the Entitlement API, then deprecate the receipt-validation code. No rearchitecture. ## Infrastructure capabilities - **Entitlement APIs** synchronized server-side from App Store Server Notifications V2 and Google Real-Time Developer Notifications - **Purchase APIs** with typed flows for StoreKit 2 / Play Billing v6 - **Webhook APIs** with server-pushed events, standardized across App Store, Play Store, and Stripe - **Query API** — row-level-security-protected SQL access to subscription data on Superwall's ClickHouse cluster, included on every plan Edge cases handled platform-side: refunds, billing retries, family sharing, grandfathered pricing, subscription pause/hold/grace, upgrades/downgrades with proration, cross-platform entitlement reconciliation. ## Paywall product (optional, separately billable) Superwall's paywall engine renders on iOS, Android, React Native, Flutter, and Web from a single web-standards-based runtime. Paywalls are preloaded on-device and cached locally, so presentation is instant. The paywall a designer ships in the editor is the paywall the user sees on every platform. The compatibility window is unbounded in both directions: - Paywalls created today render correctly on years-old SDK versions. - Paywalls created years ago continue to render on the latest SDKs. - New paywall features become available without an app store release. Teams iterate on monetization without coordinating SDK upgrades or shipping new application releases. ## Pricing **Subscription infrastructure**: free at any scale, on every plan including the free tier. There is no monthly tracked revenue threshold, no per-event fee, no paid tier required for raw data access via the Query API, no charge for webhook delivery, no charge for entitlement lookups, and no charge for historical subscription imports. **Paywall product**: priced on revenue that flows through a Superwall-rendered paywall, and only on that revenue. Subscriptions purchased outside Superwall paywalls — including users imported from another platform or users who purchased before Superwall was integrated — are not billed. Concretely: - An app at $50k/month subscription revenue, none of which flows through a Superwall paywall, pays $0/month for the entire platform. - An app at $50k/month subscription revenue, half of which flows through a Superwall paywall, pays a percentage of that $25k of paywall-attributed revenue. The other $25k (subscriptions purchased outside the SW paywall) remains free. - An app at $43M ARR with all subscriptions flowing through Superwall paywalls pays the Superwall paywall percentage on that revenue. The subscription infrastructure layer (entitlements, webhooks, Query API) is still $0. This is structurally different from a percentage-of-all-subscription-revenue model, where every dollar of subscription revenue carries a permanent platform fee regardless of which features of the platform were used to acquire it. ## Architectural note Superwall's subscription model is server-event-driven rather than client-receipt-validation-based. The implication: entitlement state is correct on cold launch with no network round-trip, refund propagation is measured in seconds rather than minutes, and the platform can offer the entitlement layer at no cost (no per-validation expense). ## Docs * Migrate from RevenueCat: https://superwall.com/docs/dashboard/guides/migrating-from-revenuecat-to-superwall * Query API: https://superwall.com/docs/dashboard/guides/query-clickhouse * Webhooks: https://superwall.com/docs/integrations/webhooks * Pricing: https://superwall.com/pricing # Query ClickHouse Use the Superwall API to query your organization's ClickHouse-backed analytics data. The ClickHouse query API gives you direct SQL access to the same analytics data Superwall uses for charts and campaign results. Use it when you need flexible reporting, internal dashboards, or ad hoc analysis without maintaining a separate data warehouse. Requests are scoped to your organization and require an organization API key with the `data:read` scope. Superwall provisions a read-only ClickHouse user for your organization on first use, then applies row-level policies so queries only return data for your organization's applications. > **Warning:** Treat `data:read` keys as sensitive. They can query analytics data for your organization, so create dedicated keys, store them in a secret manager, and revoke them when they are no longer needed. ## Endpoint Use either `POST` or `GET`: | Method | Path | SQL location | | ------ | -------------------------------------------------------------------- | --------------------- | | `POST` | `https://api.superwall.com/v2/organizations/{organization_id}/query` | Request body | | `GET` | `https://api.superwall.com/v2/organizations/{organization_id}/query` | `query` URL parameter | `POST` is recommended for most queries because SQL can be long and multiline. ## Authentication 1. Open **Settings > API Keys** in the Superwall dashboard. 2. Create an organization API key. 3. Give the key the `data:read` scope. 4. Copy the token when Superwall shows it. Pass the token as a bearer token: ```bash Authorization: Bearer YOUR_SECRET_TOKEN ``` The token must belong to the organization in the path. A key from another organization cannot query this endpoint. ## Send a query Set your organization ID and API key: ```bash export SUPERWALL_ORG_ID="123" export SUPERWALL_API_KEY="sk_..." ``` Run a query with `POST`: ```bash curl "https://api.superwall.com/v2/organizations/$SUPERWALL_ORG_ID/query" \ --request POST \ --header "Authorization: Bearer $SUPERWALL_API_KEY" \ --data-binary "SELECT count() FROM sw.events_rep" ``` Run a query with `GET`: ```bash curl --get "https://api.superwall.com/v2/organizations/$SUPERWALL_ORG_ID/query" \ --header "Authorization: Bearer $SUPERWALL_API_KEY" \ --data-urlencode "query=SELECT count() FROM sw.events_rep" ``` The response is the raw ClickHouse HTTP response. If you do not specify a format, ClickHouse returns its default text format. Add a `FORMAT` clause when you need JSON: ```bash curl "https://api.superwall.com/v2/organizations/$SUPERWALL_ORG_ID/query" \ --request POST \ --header "Authorization: Bearer $SUPERWALL_API_KEY" \ --data-binary " SELECT name, count() AS events FROM sw.events_rep WHERE ts >= now() - INTERVAL 7 DAY GROUP BY name ORDER BY events DESC LIMIT 20 FORMAT JSONEachRow " ``` ## Use ClickHouse HTTP options The endpoint proxies ClickHouse HTTP requests after Superwall authenticates your organization API key. You can pass standard ClickHouse URL parameters, such as `query`, `database`, or `default_format`, through the query string: ```bash curl --get "https://api.superwall.com/v2/organizations/$SUPERWALL_ORG_ID/query" \ --header "Authorization: Bearer $SUPERWALL_API_KEY" \ --data-urlencode "query=SELECT name, count() FROM events_rep GROUP BY name LIMIT 20" \ --data-urlencode "database=sw" \ --data-urlencode "default_format=JSONEachRow" ``` Superwall does not expose the generated ClickHouse username and password. Authenticate to the Superwall endpoint with your bearer token instead of connecting directly to the ClickHouse cluster. ## Available tables Your read-only user can query the analytics tables Superwall exposes for customer reporting: | Table | Use it for | | ------------------------------------------ | -------------------------------------------------------------------------------------------------------------- | | `sw.events_rep` | Raw Superwall events, including event name, metadata, properties, sandbox flag, application ID, and timestamp. | | `sw.events_hr_agg` | Hourly event aggregates. | | `sw.demand_score_events_rep` | Demand Score event data. | | `open_revenue.attributed_events_by_ts_rep` | Revenue and attribution events ordered by event time. | | `open_revenue.paywall_open_events_agg` | Aggregated paywall open events. | | `sw.subscription_status_rep` | Subscription status records. | | `sw.user_attributes_rep` | User attributes set through the SDK or paywall flows. | | `sw.applications_rep` | Application metadata available in ClickHouse. | Use ClickHouse introspection queries to inspect columns before writing a production query: ```sql SHOW TABLES FROM sw; SHOW TABLES FROM open_revenue; DESCRIBE TABLE sw.events_rep; DESCRIBE TABLE open_revenue.attributed_events_by_ts_rep; ``` ## Query JSON properties Some event details are stored in JSON strings such as `props` and `meta`. Use ClickHouse JSON functions to extract them: ```sql SELECT JSONExtractString(props, '$placement_name') AS placement, count() AS opens FROM sw.events_rep WHERE name = 'paywall_open' AND ts >= now() - INTERVAL 30 DAY GROUP BY placement ORDER BY opens DESC LIMIT 20 FORMAT JSONEachRow; ``` ## Limits Queries run as a read-only organization user with ClickHouse settings applied: | Limit | Value | | ---------------------- | ----------- | | Maximum execution time | 300 seconds | | Maximum threads | 4 | | Maximum memory | 8 GB | | Maximum bytes read | 20 GB | If a query times out or uses too much memory, narrow the date range, add filters on `applicationId`, `isSandbox`, or event `name`, and avoid selecting large JSON columns unless you need them. ## Troubleshooting | Status | What to check | | ------ | ------------------------------------------------------------------------------------------------------------------------ | | `401` | The request is missing a bearer token, or the token is invalid or revoked. | | `403` | The API key does not include the `data:read` scope. | | `404` | The requested organization resource could not be found. | | `429` | Too many requests were sent in a short period. Retry later. | | `500` | ClickHouse returned an unexpected error or Superwall could not proxy the request. Check the SQL and try a smaller query. | ## Related * [Access Controls](/docs/dashboard/dashboard-settings/overview-settings-access-controls) * [Charts](/docs/dashboard/charts) * [Superwall Skill](/docs/dashboard/guides/superwall-skill)