iOS test App Receipt Validation
Most parts of the answer can be found here in Apple's documentation. But there are gaps and the objective-c code is using deprecated methods.
This Swift 3 code shows how to get the App Receipt and send it to the app store for validation. You should definitely validate the App Receipt with the app store before saving the data you want. The advantage of asking the app store to validate is that it responds with data that you can easily serialize to JSON and from there pull out the values for the keys you want. No cryptography required.
As Apple describes in that documentation the preferred flow is like this...
device -> your trusted server -> app store -> your trusted server -> device
When the app store returns to your server, assuming success, that's where you'll serialize and pull out the data you require and save it as you wish. See the JSON below. And you can send the result and whatever else you want back to the app.
In validateAppReceipt() below, to make it a working example, it simply uses this flow...
device -> app store -> device
To make this work with your server just change validationURLString to point to your server and add whatever else your require to requestDictionary.
To test this in development you need to:
- make sure you have a sandbox user set up in itunesconnect
- on your test device sign out of iTunes & App Store
- during testing, when prompted, use your sandbox user
Here's the code. The happy path flows just fine. Errors and failure points just print or are commented. Deal with those as you require.
This part grabs the app receipt. If it's not there (which will happen when you are testing) it asks the app store to refresh.
let receiptURL = Bundle.main.appStoreReceiptURL
func getAppReceipt() {
guard let receiptURL = receiptURL else { /* receiptURL is nil, it would be very weird to end up here */ return }
do {
let receipt = try Data(contentsOf: receiptURL)
validateAppReceipt(receipt)
} catch {
// there is no app receipt, don't panic, ask apple to refresh it
let appReceiptRefreshRequest = SKReceiptRefreshRequest(receiptProperties: nil)
appReceiptRefreshRequest.delegate = self
appReceiptRefreshRequest.start()
// If all goes well control will land in the requestDidFinish() delegate method.
// If something bad happens control will land in didFailWithError.
}
}
func requestDidFinish(_ request: SKRequest) {
// a fresh receipt should now be present at the url
do {
let receipt = try Data(contentsOf: receiptURL!) //force unwrap is safe here, control can't land here if receiptURL is nil
validateAppReceipt(receipt)
} catch {
// still no receipt, possible but unlikely to occur since this is the "success" delegate method
}
}
func request(_ request: SKRequest, didFailWithError error: Error) {
print("app receipt refresh request did fail with error: \(error)")
// for some clues see here: https://samritchie.net/2015/01/29/the-operation-couldnt-be-completed-sserrordomain-error-100/
}
This part validates the app receipt. This is not local validation. Refer to Note 1 and Note 2 in the comments.
func validateAppReceipt(_ receipt: Data) {
/* Note 1: This is not local validation, the app receipt is sent to the app store for validation as explained here:
https://developer.apple.com/library/content/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateRemotely.html#//apple_ref/doc/uid/TP40010573-CH104-SW1
Note 2: Refer to the url above. For good reasons apple recommends receipt validation follow this flow:
device -> your trusted server -> app store -> your trusted server -> device
In order to be a working example the validation url in this code simply points to the app store's sandbox servers.
Depending on how you set up the request on your server you may be able to simply change the
structure of requestDictionary and the contents of validationURLString.
*/
let base64encodedReceipt = receipt.base64EncodedString()
let requestDictionary = ["receipt-data":base64encodedReceipt]
guard JSONSerialization.isValidJSONObject(requestDictionary) else { print("requestDictionary is not valid JSON"); return }
do {
let requestData = try JSONSerialization.data(withJSONObject: requestDictionary)
let validationURLString = "https://sandbox.itunes.apple.com/verifyReceipt" // this works but as noted above it's best to use your own trusted server
guard let validationURL = URL(string: validationURLString) else { print("the validation url could not be created, unlikely error"); return }
let session = URLSession(configuration: URLSessionConfiguration.default)
var request = URLRequest(url: validationURL)
request.httpMethod = "POST"
request.cachePolicy = URLRequest.CachePolicy.reloadIgnoringCacheData
let task = session.uploadTask(with: request, from: requestData) { (data, response, error) in
if let data = data , error == nil {
do {
let appReceiptJSON = try JSONSerialization.jsonObject(with: data)
print("success. here is the json representation of the app receipt: \(appReceiptJSON)")
// if you are using your server this will be a json representation of whatever your server provided
} catch let error as NSError {
print("json serialization failed with error: \(error)")
}
} else {
print("the upload task returned an error: \(error)")
}
}
task.resume()
} catch let error as NSError {
print("json serialization failed with error: \(error)")
}
}
You should end up with something like this. In your case this is what you would be working with on your server.
{
environment = Sandbox;
receipt = {
"adam_id" = 0;
"app_item_id" = 0;
"application_version" = "0"; // for me this was showing the build number rather than the app version, at least in testing
"bundle_id" = "com.yourdomain.yourappname"; // your app's actual bundle id
"download_id" = 0;
"in_app" = (
);
"original_application_version" = "1.0"; // this will always return 1.0 when testing, the real thing in production.
"original_purchase_date" = "2013-08-01 07:00:00 Etc/GMT";
"original_purchase_date_ms" = 1375340400000;
"original_purchase_date_pst" = "2013-08-01 00:00:00 America/Los_Angeles";
"receipt_creation_date" = "2016-09-21 18:46:39 Etc/GMT";
"receipt_creation_date_ms" = 1474483599000;
"receipt_creation_date_pst" = "2016-09-21 11:46:39 America/Los_Angeles";
"receipt_type" = ProductionSandbox;
"request_date" = "2016-09-22 18:37:41 Etc/GMT";
"request_date_ms" = 1474569461861;
"request_date_pst" = "2016-09-22 11:37:41 America/Los_Angeles";
"version_external_identifier" = 0;
};
status = 0;
}
iOS7 - receipts not validating at sandbox - error 21002 (java.lang.IllegalArgumentException)
I've had this problem and looked everywhere, including on Apple's development forums. Apple will give a couple of stock replies, and that's it. I think it's a bug on Apple's side. Validation locally on the device will work, so try to convert to that. If you absolutely must use server side validation, only transactionReceipt seems to work right now.
The function is just deprecated, not banned, so I would just use it and hope Apple approves of the app. In fact, it's what I just did, fingers crossed, waiting for approval.
You can turn off the warning in Xcode by bracketing your code like this:
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wdeprecated-declarations"
// code using transactionReceipt
#pragma clang diagnostic pop
AppStore verifyReceipt returning 21007 in sandbox
Exactly a problem from the App Store, see this post in the official Developer Forums:
21007 Status Code being returned by Sandbox Verify Receipt Endpoint
You can see many developers are having the same issue there.
Sandbox environment returns 21003 status code for receipt validation
No its not expected. I needed to provide a valid code in the password field even though the in-app purchase was not for an auto-renewable subscription.
Receipt validation is incorrect
Please try following code and steps for SECRECT KEY.
#define SHARED_SECRET @"SECRECT KEY"
-(void)checkReceipt {
// verifies receipt with Apple
NSError *jsonError = nil;
NSString *receiptBase64 = [receiptData base64EncodedStringWithOptions:0];//receiptData NSData for validate Receipt
NSLog(@"Receipt Base64: %@",receiptBase64);
NSData *jsonData = [NSJSONSerialization dataWithJSONObject:[NSDictionary dictionaryWithObjectsAndKeys:
receiptBase64,@"receipt-data",
SHARED_SECRET,@"password",
nil]
options:NSJSONWritingPrettyPrinted
error:&jsonError
];
NSLog(@"%@",jsonData);
NSError * error=nil;
NSDictionary * parsedData = [NSJSONSerialization JSONObjectWithData:jsonData options:kNilOptions error:&error];
NSLog(@"%@",parsedData);
NSLog(@"JSON: %@",[[NSString alloc] initWithData:jsonData encoding:NSUTF8StringEncoding]);
// URL for sandbox receipt validation; replace "sandbox" with "buy" in production or you will receive
// error codes 21006 or 21007
NSURL *requestURL = [NSURL URLWithString:@"https://sandbox.itunes.apple.com/verifyReceipt"];
NSMutableURLRequest *req = [[NSMutableURLRequest alloc] initWithURL:requestURL];
[req setHTTPMethod:@"POST"];
[req setHTTPBody:jsonData];
NSOperationQueue *queue = [[NSOperationQueue alloc] init];
[NSURLConnection sendAsynchronousRequest:req queue:queue
completionHandler:^(NSURLResponse *response, NSData *data, NSError *connectionError) {
if (connectionError) {
/* ... Handle error ... */
} else {
NSError *error;
NSDictionary *jsonResponse = [NSJSONSerialization JSONObjectWithData:data options:0 error:&error];
NSLog(@"Respond : %@",jsonResponse);
if (!jsonResponse) { /* ... Handle error ...*/ }
/* ... Send a response back to the device ... */
}
}];
}
You need to change "SECRECT KEY" with the secret key that you get from iTunes Connect.sample look like 39fkjc38jd02mg72k9cn29dfkm39fk00.
Below is the step for create/view Secreate Key.
Login into iTunes Connect -> My Apps > Select your app > In-App
Purchases > View or generate a shared secret.
Related Topics
Url Opening Swift App - Open Works - Called Function Does Not Work
How to Make a Phonegap App for iOS Without Mac
Gkmatchmaker Invite Handler Deprecated
How Is a Swift Cgvector Created with Dx and Dy (Derivative)
Gcm Support for iOS Application When Application in Background or Killed
Data Repeat in UItableview When Scrolling
iOS - Running Background Task for Update User Location Using Swift
Can Someone Explain This @Synthesize Syntax
-Webkit-Overflow-Scrolling: Touch' Broken for Initially Offscreen Elements in iOS7
Swift 3 Weird Crashes (Type Inference)
How to Set Requestserializer in Alamofire
How to Programmatically Open Apple Watch Companion App from iOS App
Display: Flex; Doesn't Work on iPad (Both Chrome and Safari)
Force Wkwebview to Show Mobile Version
How to Get HTML5 Video Thumbnail Without Using Poster on Safari or iOS
Ckfetchnotificationchangesoperation Sometimes Does Not Return Update, Delete Notifications