The sequence
Migration email lands
Email sends from the customer’s domain via Resend (Recurr’s transactional email rail). Subject and body are co-authored with the customer during pilot scoping; the rendered email points subscribers at the customer’s branded checkout URL with an identity-binding token.Failure modes: bounce, spam-folder, delete-without-opening. Recurr’s CX layer monitors deliverability; bounce rates above baseline trigger investigation before the next wave.
Subscriber clicks link → branded checkout loads
Subscriber arrives at
subscribe.{customer-domain}.com (or whichever subdomain is configured). The page is Recurr-hosted but serves on the customer’s DNS, with the customer’s branding.See: Branded checkout.Identity bridge matches subscriber to app account
The identity-binding token in the URL matches the subscriber’s web checkout session to their existing app-store account. Sign in with Apple, Sign in with Google, or custom OAuth — depending on the customer’s authentication setup — completes the bridge.For ~99% of subscribers, this resolves automatically. The small remainder fall back to the customer’s support flow (see risk register → identity bridge).See: Identity continuity.
Stripe Connect processes the charge
Subscriber enters payment method. Stripe Checkout runs in the customer’s Stripe Connect account. The customer is Merchant of Record — Recurr never sits in the legal payment chain. Recurr’s platform fee (3.5%) and migration performance fee (2.5%) accrue as
application_fee line items on the charge.See: Stripe Connect.Entitlement sync writes new web subscription state
Before the app-store cancellation lands, Recurr writes the new web subscription state to the customer’s entitlement system (RevenueCat, Adapty, or custom backend). The app’s runtime entitlement check is preserved — same
is_subscribed boolean, same plan_id, just sourced from web now.See: Entitlements sync.App-store cancellation triggers
Recurr cancels the subscriber’s existing app-store subscription via the Apple/Google billing rails. The cancellation propagates to App Store / Google Play as a standard subscription end-of-term event.The subscriber sees no in-app prompt — the cancellation is silent from their perspective. They paid on web; their app subscription transferred. The whole transaction looks like a billing-rail switch, not a cancel-and-resubscribe.
App sees active web subscription on next check
Next time the subscriber opens the app, the runtime entitlement check returns the same active subscription it always did — just sourced from web now. No SDK changes required on the app side, because the customer’s entitlement system is the integration surface, not Recurr’s.See: No SDK.
Webhook events fire to downstream destinations
subscription.activated and (for the migration case specifically) subscription.migrated events fire to the customer’s registered destinations — warehouse, product analytics, CDP, MMP, internal pipelines. Conversion attribution lands server-side.See: API reference → events.What can break + where to look
| Symptom | Likely surface | Doc to check |
|---|---|---|
| Migration email not delivered | Resend → customer’s domain reputation | Data handling → subscriber data |
| Branded checkout 404 or theme broken | DNS CNAME + theme config | Branded checkout |
| Identity bridge fails to match subscriber | OAuth config or token expiry | Identity continuity |
| Payment fails | Stripe Connect account state | Stripe Connect |
| Web sub paid but app still says expired | Entitlement sync race condition | Entitlements sync |
| Apple receipt + web sub both active | App-store cancellation lag | Risk register → double billing |
| Conversion event not in warehouse | Webhook delivery + retry | API reference → retry policy |
| Subscriber stuck mid-flow | Identity bridge incompletion | Risk register → identity bridge |
The integration surface as a whole
The migration flow runs across 5 integration mechanisms, but the customer’s engineering team touches only 4 surfaces during integration:- Auth provider (RevenueCat / Adapty / custom) — for the identity bridge + entitlement sync
- Stripe Connect — for the payment rail (Connect account setup)
- DNS — for the branded subdomain CNAME
- Webhook endpoint(s) — for events flowing to downstream destinations
Cross-references
- No SDK — why this works without an app release
- Stripe Connect — payment rail mechanics
- Entitlements sync — write path to RC / Adapty / custom backend
- Identity continuity — OAuth and identity bridge
- Branded checkout — subdomain + theme
- API reference overview — webhook delivery + retry
- Risk register — failure modes by exposure
- Reliability — operational error modes + incident response
