Guide

Do I need to install an SDK?

No. The entire integration is a single HTTP POST request. There is no SDK to install, no npm package, no CocoaPod, no Gradle dependency. The Setup Guide provides copy-paste code snippets for React Native, Swift, Kotlin, and Flutter. For AI coding assistants, see the "AI Setup" tab for ready-to-use prompt templates.

What happens when I hit the feedback limit?

Each plan has a monthly submission limit (Free: 200, Pro: 1,000). Once the limit is reached, new writes are refused with HTTP 429 monthly_limit_exceeded until the next billing period. The monthly count resets on the first day of each month (UTC). Follow-ups with parent_id and test-key submissions do not count. You can check your current usage on the Account page in the dashboard.

Can I downgrade from Pro to Free?

Yes, manage your subscription from the Account page or the Stripe billing portal. A downgrade takes effect at the end of your current billing period — you keep Pro features until then. After the downgrade, your limits revert to Free: 200/month, 1 app, and 6-month data retention. Your existing data is protected for 6 months after the switch to Free; after that, feedbacks older than 6 months are automatically deleted. If you have more than 1 app, you will need to choose which one to keep.

Can I use Signal shoot for multiple services?

Free supports 1 service, Pro supports up to 5, and Infinite is unlimited. Each service gets its own App ID, API key pair (live and test), and isolated data store — feedback from one service never appears in another's inbox. You can switch between services in the dashboard.

Do you support team access?

Team access is under consideration but not yet scheduled. All plans are single-user — one developer account, one login. If you need team access now, the workaround is sharing the dashboard session.

What payment methods do you accept?

We accept Visa, Mastercard, American Express, and JCB via Stripe. Both USD and JPY billing are supported — Stripe handles currency conversion automatically. Billing is monthly with no annual commitment. You can cancel at any time, and the cancellation takes effect at the end of the current billing period. No refunds for partial months. Stripe handles all payment processing; Signal shoot does not store your card details.

What counts toward my monthly feedback limit?

Only the initial feedback submission (a POST request without parent_id) counts toward your monthly limit. Follow-up messages in the same thread — sent with parent_id pointing to the original feedback — are stored as replies and do not increment the counter. Developer replies written from the dashboard also do not count. In short, one conversation thread costs exactly one feedback count, regardless of how many messages go back and forth. Test-key submissions (fb_test_...) are also excluded from the count.

Does Signal shoot validate the content I send?

Request structure and size are validated: - type: required, max 50 characters - message: required, max 5,000 characters - channel: optional, max 100 characters - Body: valid JSON, max 64 KB (Content-Length required; oversized or missing → 413) - Requests with user_id: HMAC signature required (see "HMAC signing" in the API Reference) Semantic meaning is not validated. If you send type: "banana", it appears as a filter in your dashboard. The same applies to channel and metadata. You define your own taxonomy — but typos (e.g. "bugg") silently create new categories.

What if my API key is leaked?

Go to Settings and regenerate the key immediately — the old key is invalidated the moment you regenerate, and any request using it will receive a 401. A leaked live key can submit new feedback, retrieve replies for a specific user_id, and call the user-data deletion endpoint to permanently remove a user's feedback. It cannot access the dashboard, modify other developers' data, or perform administrative actions. Test keys cannot perform deletion (they are rejected with 403 on the user-data endpoint) and expire one hour after generation. The risk depends on your user_id format — sequential integers allow enumeration, while UUIDs or random strings make the risk minimal. For web apps, keep the live API key on your server so it never appears in browser source code.

Do you support webhooks or push callbacks for replies?

No, reply delivery is polling-only via GET /v1/feedback/{app_id}/replies?user_id=... — there is no webhook or push callback. The endpoint returns all feedback entries for the specified user_id in one response (pagination is not yet implemented). Poll when the app foregrounds, when the user opens their inbox, or on pull-to-refresh.

How do I delete a user's data for GDPR or Apple account deletion compliance?

Call DELETE /v1/feedback/{app_id}/user/{user_id} with your live API key to permanently remove all feedback and replies for that user_id. Test keys are rejected with 403 — destructive operations require a live key. The request also requires an X-Signal-User-Id-Signature header containing HMAC-SHA256 over the URL-decoded user_id; see "HMAC signing" in the API Reference. This endpoint supports Apple Guideline 5.1.1(v) (account deletion) and GDPR Article 17 (right to erasure). The response includes the count of deleted items, or zero counts with a 200 status if no data exists. Call this from your backend when a user requests account deletion in your app.