I build an ios app originally in IOS 6. I'm trying to migrate it to IOS 7+ / IOS 8, and I'm having trouble with In-App Purchase verification.
The verification is done server side. After each purchases, I send the SKPaymentTransaction.transactionReceipt as a Base64 string to my server (nodeJS), which then uses IAP_VERIFIER (https://github.com/pcrawfor/iap_verifier) to verify the receipt.
Since SKPaymentTransaction.transactionReceipt is depricated, I want to change it to the new NSBundle.appStoreReceiptURL, however, when I send that receipt to my server for verification, the apple verification says it is invalid. Comparing the Base64 string of the transacationReceipt and the appStoreReceipt , they are completely different, the appStoreReceipt being much bigger.
How do I verify a single In-App purchase receipt with the new method?
Are you sure it's not a Sandbox/Production issue?
Check this page, question 15: What url should I use to verify my receipt ?
And make sure you do not hit the wrong environment.
Also check the base64 encoding with different tool to make sure you don't use a buggy encoding function.
Related
I am working on an iOS library that records a successful in app purchase to our API for later processing. What I would like to be able to do is log to our api if the IAP was made in sandbox (with a test user) or not.
That information is in the receipt. You can:
1) grab the receipt and submit it to the Apple servers (sandbox or production). It will come back either valid or with a 21007/21008 error revealing its environment.
2) grab the receipt and decode it. There is an undocumented field that indicates whether or not it is from the sandbox.
I'd go with #1
After a while of hunting I came across this post which seems to be what I am trying to do. Check if iOS app is live in app store I will update the post once I am fully deployed and tested but it seems to be working for now.
I followed Ray Wenderlich's tutorial to implement receipt validation in my app. The code connects to Apple's validation server directly from my app rather than going through my own server.
After I submitted my first binary to the AppStore, I tested my app and the in-app purchasing didn't work because I had switched it over from the sandbox URL to the production URL.
Will this also fail when they AppStore reviewers test it and therefore be rejected? I've read this post but I'm still very confused about whether that applies to me if I'm not using my own server.
The solution is quite simple and it was explained on session 308 of WWDC 2012 (the video is available for registered developers). The session was related to subscriptions but you can extend it for in app purchases.
What happens is that when you develop you hard code your app to validate the receipt with the sandbox. Then you send the app to review, you clearly hard coded your app to validate the receipt with the production server.
But nothing prevents you from doing the validation in two steps:
always validate the receipt with the production server first, this will apply for 99% of your app life. If the receipt is validated, you're done.
if previous validation failed, just validate the receipt with the sandbox server. This should cover your development needs and of course fake receipts will fail validation too.
By the way, and this is officially stated in the documentation ONLY for subscriptions, if you try to validate a sandbox receipt with the production server you will get a specific status code; there is another status code that covers the case of production receipt validated with the sandbox server. In all cases the two worlds, sandbox and production, are always separated.
Don't forget also that with iOS7 added a new safer way to manage receipt validation directly from the device: consider in fact that receipt validation directly from the client (that you don't fully control, e.g. with jailbroken devices) is less secure than receipt validation done through a server you control.
Always verify your receipt first with the production URL; proceed to verify with the sandbox URL if you receive a 21007 status code. Following this approach ensures that you do not have to switch between URLs while your application is being tested or reviewed in the sandbox or is live in the App Store.
Note: The 21007 status code indicates that this receipt is a sandbox receipt, but it was sent to the production service for verification.
There is no public API to call to distinguish the production and sandbox environments so that you can decide which server to use ahead of time. If you have implemented the recommended receipt validation process, the fix can be implemented at your server which contacts the StoreKit server. If the status code for the validation attempt is 21007, then try again at the sandbox server.
It could fail. I had an app with in app purchases (but not based on my server, straight apple code) that work in development but crashed once released by Apple. It crashed because I had not done all the proper steps in iTunes Connect.
The surprising thing was that the reviewers didn't catch this, presumably since they were also working in a sandboxed environment.
I'm not sure this helps you, hope it does.
I've been seeing several purchase attempts from my Phonegap iOS app with this odd transaction receipt, which appears to be invalid when I try to verify it at the itunes endpoint.
window.plugins.inAppPurchaseManager.onPurchased = function (transactionId, productId, receipt) {
// receipt is MC4wMDAwMDA= which base64 decodes to 0.000000
}
I'm suspecting a hack, but I want to verify that we aren't doing anything wrong.
This is using the official InAppPurchaseManager plugin from the phonegap-plugins repo on Cordova 1.7.
I'm not familiar with the plugin that you're using but I don't think you're doing anything wrong. There are several programs out there that forge receipts in an attempt to steal in-app purchases. Apple recommends validating receipts via your own server to make it more difficult for hackers and hacks to scam your products. You can read about Apple's receipt validation here and their recommended best practices here.
Receipts like MC4wMDAwMDA= or ones starting with Y29tLnVydXMuaWFwLj are common forged receipt signatures and will fail validation when submitted to Apple.
According to Apple guidelines:
What url should I use to verify my receipt (iOS)?
Use the sandbox URL https://sandbox.itunes.apple.com/verifyReceipt while testing your application in the sandbox and while your application is in review.
Use the production URL http://buy.itunes.apple.com/verifyReceipt once your application is live in the App Store.
How should I do that? Do I send an app with the sandbox URL, and once reviewed I have to compile once again with the production one? I guess this would violate some review guideline, or would make reject the app when they realize the CRC or something isn't the same as what they tested, wouldn't it? Should I make some page in the middle???
I have the hope once validated, Apple would modify the bytecode in order to set the correct URL heh.
Where are you storing that URL?
According to the suggested setup from Apple, your server validates your receipt with iTunes after it is called from within your app. Your server then sends a receipt validation response back to your app, and optionally an upload URL for any uploads.
So the URL is located on your server, in a PHP script or similar. Once your app is approved you would change your server script to point to the iTunes production URL.
Therefore there is no need to update your app code after the review. In fact if you do, that requires the submission of a new version and a new review.
I've got in-app purchases working just fine, and I'm going the server validation route. The server needs to know whether I'm in the sandbox or not, so for now I'm just sending it a "&sandbox=1" parameter. Of course when the full version of the app is out I won't be sending this parameter.
I'd rather not have this hardcoded in my app, as that will make testing difficult in the future, and it's one more (big) thing to remember to change before submitting builds to Apple.
Is there a way I can ask StoreKit if I am in the sandbox so I can then determine whether or not I need to send this parameter to my server? Alternatively, is there any other best practice for handling server validation?
Thinking about this more, should I just have the server always check the live system first, then the sandbox? If apple IDs are segregated between the live and sandbox systems then it wouldn't do any harm would it?
Thanks.
After a bit of digging I found this from Apple's Technical Note TN2259:
How do I verify my receipt (iOS)?
Always verify your receipt first with the production URL; proceed to verify with the sandbox URL if you receive a 21007 status code. Following this approach ensures that you do not have to switch between URLs while your application is being tested or reviewed in the sandbox or is live in the App Store.
So it looks like I should axe the &sandbox parameter completely and just do that. I really had to dig for this answer so I'm posting it here in hopes that someone else runs across it!
I encountered that very same problem, where my app was rejected because the "production" version of my app that I submitted was hardcoded to connect to a PHP script on my server that validates receipts with the real AppStore server (whereas my development build points to another PHP script that validates receipts with the sandbox server). However, after a few exchanges with Apple engineers, I found out that they use sandboxed user accounts to tests submitted applications, which explains why they got an error.
Instead of conditionally building my app to point to one script or the other, I will use a single script that tries the production server first and then falls back to the sandbox server if it receives the 21007 status code, as explained above!
Thanks a lot!
Always verify your receipt first with the production URL; proceed to verify with the sandbox URL if you receive a 21007 status code.
Unfortunately, the technical note fails to mention this is only valid for auto-renewing subscriptions!
As the In-App Purchase Programming Guide mentions below table 7-1:
Important The non-zero status codes here apply only when recovering information about a auto-renewable subscription. Do not use these status codes when testing responses for other kinds of products.
For non-renewing subscriptions, the production server does not return a status code, but a proper receipt.
In case you are forced to use non-renewing and implement your own subscription expiring logic, a possible solution is to send your app version along to your server, and keep track of which versions are in development at the moment, as such you can redirect to the sandbox.itunes server to verify receipts where appropriate, and mimic the x-minute expiring time of a subscription (as sandbox.itunes does for auto-renewing) for development on your server.