I have an interesting problem... (for me at least)
I have developed an app that uses an auto-renewing subscription. They way I have it set up, the app saves the subscription receipt then each time the subscription needs to be verified, the app sends the receipt info to my server, which verifies the receipt is still valid.
In my app I have an app-wide constant called "testMode". Among other things, this causes the app to query my server with either a Sandbox, or Production flag. So if I am testing the app in test mode, the app will query a file on my server that checks the sandbox Apple server. If the app is not in test mode (like when I submit it to Apple) it queries the production file on my server which checks the data against Apple's production server.
My app was rejected because it produced an error when subscribing. That error was 21007 which means a sandbox receipt was sent to the production verification server.
So my question is: How can I submit an app that users the production server verification, if the Apple testers use the sandbox environment?
I ran into similar issues. This is the best way to handle it:
Whenever your server receives a new receipt from the app, first verify it with the production server. Then if you get error 21007, try the same receipt with the sandbox server. This is what I do and it has worked well. Apple should recommend this, but they don't.
Using this method, you should be able to get rid of your testMode in the app (unless you use it for other purposes).
Related
I have created an app which has auto-renewable subscriptions.
The following is the logic that I use to know if the user has an active subscription.
Whenever paymentQueue(_:updatedTransactions:) of SKPaymentQueue is called, I try to perform receipt validation using following steps
I check if the local receipt is present. If it is not present I use SKReceiptRefreshRequest to refresh the receipt.
I send the receipt information to verifyReceipt endpoint of the App Store server.
The server returns response which contains information about the subscription expiration date.
I store the expiration date in the app and present the appropriate UI based on whether the user has an active subscription or not.
The App Store review has rejected my app multiple times because the SKReceiptRefreshRequest errors out. I am unable to reproduce the error faced by the App Store review board.
While searching the internet to solve the problem, I got to know the following facts about the local receipt-
The local receipt is always present in the production mode. The local receipt may not present if the app is installed using Testflight or during testing. (link)
The App Store server will return the latest subscription information even it it sent an old local receipt (link)
From the above 2 pieces of information, I deduce that there is no need to ever call SKReceiptRefreshRequest in production because the App Store server will provide the latest details even if the local receipt is old and the local receipt is always present in production.
In order to get my app through the App Store review, I have decided to remove the SKReceiptRefreshRequest as it gives errors in the Testflight builds and is not required in the production.
Can anyone confirm if I am correct to do this?
Your logic has multiple flaws:
1) paymentQueue(_:updatedTransactions:) is called in the background and (as far as I know) updates already the local receipt. Also an app downloaded from the App Store always contains the receipt. So there is no need to call SKReceiptRefreshRequest in that method.
2) SKReceiptRefreshRequest requires the users to input his password to allow the receipt refresh. Since you triggered the method within paymentQueue(_:updatedTransactions:), which was called in the background, I reckon this is the problem why the refresh request failed and Apple rejected your app. Nevertheless this method has its reason for being: in production you need it to allow users to restore purchases after reinstalling the app or on other devices and for debug and TestFlight builds you need it to get the latest receipt.
3) You shouldn't send the receipt from your app to Apple's endpoint
Warning
Do not call the App Store server verifyReceipt endpoint from your app. You can't build a trusted connection between a user’s device and the App Store directly, because you don’t control either end of that connection, which makes it susceptible to a man-in-the-middle attack.
Source
How to proceed?
I would recommend to do the following things:
1) Do not trigger SKReceiptRefreshRequest in paymentQueue(_:updatedTransactions:)
2) If not already done provide a "restore purchases" button in your app (which calls SKReceiptRefreshRequest)
3) Implement local or server-to-server receipt validation
I have used the following way to generate the receipt and send the generated receipt to server for verification:
https://developer.apple.com/documentation/storekit/in-app_purchase/validating_receipts_with_the_app_store
In App Purchases work in Sandbox environment but don't work during Apple review which results in the app rejection:
I can't find the problem as In App purchases work well on the test device with Sandbox accounts. I did send the IAPs for review as well and I don't do any kind of receipt validation.
Any ideas where I can find the problem roots?
Always verify your receipt first with the production URL; proceed to verify with the sandbox URL if you receive a 21007 status code. Following this approach ensures that you do not have to switch between URLs while your application is being tested or reviewed in the sandbox or is live in the App Store.
The 21007 status code indicates that this receipt is a sandbox receipt, but it was sent to the production service for verification. A status of 0 indicates that the receipt was properly verified.
Look here: https://developer.apple.com/library/content/technotes/tn2413/_index.html#//apple_ref/doc/uid/DTS40016228-CH1-RECEIPTURL
https://developer.apple.com/library/content/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateRemotely.html
How do I verify my receipt (iOS)?
Always verify your receipt first with the production URL; proceed to verify with the sandbox URL if you receive a 21007 status code. Following this approach ensures that you do not have to switch between URLs while your application is being tested or reviewed in the sandbox or is live in the App Store.
https://developer.apple.com/library/content/technotes/tn2259/_index.html
Add some sort of logging that you can see remotely. I suspect they're hitting one of the SKErrorDomain errors because of the weird environment they operate in (app store signed builds, but sandbox accounts).
Do you refresh the receipt in your purchase flow? That's a step where they typically encounter an error.
I followed Ray Wenderlich's tutorial to implement receipt validation in my app. The code connects to Apple's validation server directly from my app rather than going through my own server.
After I submitted my first binary to the AppStore, I tested my app and the in-app purchasing didn't work because I had switched it over from the sandbox URL to the production URL.
Will this also fail when they AppStore reviewers test it and therefore be rejected? I've read this post but I'm still very confused about whether that applies to me if I'm not using my own server.
The solution is quite simple and it was explained on session 308 of WWDC 2012 (the video is available for registered developers). The session was related to subscriptions but you can extend it for in app purchases.
What happens is that when you develop you hard code your app to validate the receipt with the sandbox. Then you send the app to review, you clearly hard coded your app to validate the receipt with the production server.
But nothing prevents you from doing the validation in two steps:
always validate the receipt with the production server first, this will apply for 99% of your app life. If the receipt is validated, you're done.
if previous validation failed, just validate the receipt with the sandbox server. This should cover your development needs and of course fake receipts will fail validation too.
By the way, and this is officially stated in the documentation ONLY for subscriptions, if you try to validate a sandbox receipt with the production server you will get a specific status code; there is another status code that covers the case of production receipt validated with the sandbox server. In all cases the two worlds, sandbox and production, are always separated.
Don't forget also that with iOS7 added a new safer way to manage receipt validation directly from the device: consider in fact that receipt validation directly from the client (that you don't fully control, e.g. with jailbroken devices) is less secure than receipt validation done through a server you control.
Always verify your receipt first with the production URL; proceed to verify with the sandbox URL if you receive a 21007 status code. Following this approach ensures that you do not have to switch between URLs while your application is being tested or reviewed in the sandbox or is live in the App Store.
Note: The 21007 status code indicates that this receipt is a sandbox receipt, but it was sent to the production service for verification.
There is no public API to call to distinguish the production and sandbox environments so that you can decide which server to use ahead of time. If you have implemented the recommended receipt validation process, the fix can be implemented at your server which contacts the StoreKit server. If the status code for the validation attempt is 21007, then try again at the sandbox server.
It could fail. I had an app with in app purchases (but not based on my server, straight apple code) that work in development but crashed once released by Apple. It crashed because I had not done all the proper steps in iTunes Connect.
The surprising thing was that the reviewers didn't catch this, presumably since they were also working in a sandboxed environment.
I'm not sure this helps you, hope it does.
The iOS IAP documentation states, that if you want to test a store you should log out from you itunes account in the settings application. When doing an in-app-purchase, you are then asked for username and password. However, inside the app, I don't know if the user is logged in or if he is using a sandbox account.
In fact, I don't really care if it is a sandbox transaction, but: on the server I have to verify real receipts via the URL https://buy.itunes.apple.com/verifyReceipt and sandbox receipts via the URL https://sandbox.itunes.apple.com/verifyReceipt . How do I know on the server, if the receipt is a sandbox receipt or a real receipt?
Or how does the app know if the receipt is real or sandbox, because I have no problem with passing an additional parameter from the app to my server.
What does not work: You cannot just say that the DEBUG version of the app uses the sandbox environment and the ADHOC or RELEASE version of the app uses the production environment. With an ADHOC-version it is perfectly possible to use iTunes Test Accounts to do in-app-purchases.
When you verify the receipt, if you receive a status code 21007 it means its a sandbox receipt. Look here: https://developer.apple.com/library/content/technotes/tn2413/_index.html#//apple_ref/doc/uid/DTS40016228-CH1-RECEIPTURL
What url should I use to verify my receipt?
Always verify your receipt first with the production URL; proceed to verify with the sandbox URL if you receive a 21007 status code. Following this approach ensures that you do not have to switch between URLs while your application is being tested or reviewed in the sandbox or is live in the App Store.
The 21007 status code indicates that this receipt is a sandbox receipt, but it was sent to the production service for verification. A status of 0 indicates that the receipt was properly verified. See WWDC 2012: Managing Subscriptions with In-App Purchase for more information.
I've got in-app purchases working just fine, and I'm going the server validation route. The server needs to know whether I'm in the sandbox or not, so for now I'm just sending it a "&sandbox=1" parameter. Of course when the full version of the app is out I won't be sending this parameter.
I'd rather not have this hardcoded in my app, as that will make testing difficult in the future, and it's one more (big) thing to remember to change before submitting builds to Apple.
Is there a way I can ask StoreKit if I am in the sandbox so I can then determine whether or not I need to send this parameter to my server? Alternatively, is there any other best practice for handling server validation?
Thinking about this more, should I just have the server always check the live system first, then the sandbox? If apple IDs are segregated between the live and sandbox systems then it wouldn't do any harm would it?
Thanks.
After a bit of digging I found this from Apple's Technical Note TN2259:
How do I verify my receipt (iOS)?
Always verify your receipt first with the production URL; proceed to verify with the sandbox URL if you receive a 21007 status code. Following this approach ensures that you do not have to switch between URLs while your application is being tested or reviewed in the sandbox or is live in the App Store.
So it looks like I should axe the &sandbox parameter completely and just do that. I really had to dig for this answer so I'm posting it here in hopes that someone else runs across it!
I encountered that very same problem, where my app was rejected because the "production" version of my app that I submitted was hardcoded to connect to a PHP script on my server that validates receipts with the real AppStore server (whereas my development build points to another PHP script that validates receipts with the sandbox server). However, after a few exchanges with Apple engineers, I found out that they use sandboxed user accounts to tests submitted applications, which explains why they got an error.
Instead of conditionally building my app to point to one script or the other, I will use a single script that tries the production server first and then falls back to the sandbox server if it receives the 21007 status code, as explained above!
Thanks a lot!
Always verify your receipt first with the production URL; proceed to verify with the sandbox URL if you receive a 21007 status code.
Unfortunately, the technical note fails to mention this is only valid for auto-renewing subscriptions!
As the In-App Purchase Programming Guide mentions below table 7-1:
Important The non-zero status codes here apply only when recovering information about a auto-renewable subscription. Do not use these status codes when testing responses for other kinds of products.
For non-renewing subscriptions, the production server does not return a status code, but a proper receipt.
In case you are forced to use non-renewing and implement your own subscription expiring logic, a possible solution is to send your app version along to your server, and keep track of which versions are in development at the moment, as such you can redirect to the sandbox.itunes server to verify receipts where appropriate, and mimic the x-minute expiring time of a subscription (as sandbox.itunes does for auto-renewing) for development on your server.