It's my first integration of In-App Purchases. I have everything working: I can buy the item I want, also use restoreCompletedTransactions.
Every time I call restoreCompletedTransactions() I am asked for username and password.
Is this because I am in sandbox mode or will this happen once being live as well?
How do I check if the user has bought it before? (I know I can save it in the user settings, but it would be nice to check if it was bought by polling the Apple server without the user needing to enter username and password).
How do others handle this? Because surely you want to know if they refunded it.
Quote from the Apple Article Instructions on how "not" to do this:
Restoring purchases prompts for the user’s App Store credentials, which interrupts the flow of your app: because of this, don’t automatically restore purchases, especially not every time your app is launched.
The best way to do this would be use receipts.
Steps in general are:
1) Your app would usually request a payment upon first time use
2) Once the customer has paid (or subscribed), then
3) Your app should download the receipt from the AppStore, and then store a copy of the Private Key and certificate details onto your server (or Cloud if it's a non-renewable subscription)
4) Your server should verify that receipt with the AppStore.
5) Optional: Your server can then query-last-receipt to ensure that the user's subscription is always up to date.
6) Once your server is satisfied, then let the app know that content can now be unlocked etc.
In other words, use receipts to verify and not keep retrieving finished transactions otherwise it would put your customers off by keep asking them for the iTunes password every time they need to start your app.
For more information, please watch this apple video
I hope this helps
Regards
Heider
Related
I have a side project and I recently worked on my receipt manager to make it stronger and to relies more on the receipt of the app rather than persistently storing a value after a transaction.
However, there are 2 main points which although I read Apple docs and other answers on the web, I'm still confused about:
1. When a user restore their purchase, does the receipt get refreshed?
I made several tests in sandbox, and I have seen that when restoring, the receipt gets refreshed, and when I verify the receipt through the iTunes server verification, it returns a JSON including the latest transactions. This is very helpful because even if I close/open the app, the app receipt is updated and I can always verify it without refreshing it.
However, in production, this didn't work. The app receipt wasn't refreshed after restoring purchases and my users got asked to restore purchases continuously. Can anyone answer on this point?
2. Does the refresh receipt request triggers an alert asking for the Apple ID's password in production?
From the previous point, I thought ok, I will force receipt refresh after a user restores their purchases. However, in development / sandbox, I get asked to insert my sandbox user's pass every time I try to refresh the receipt (although I could restore purchases without a password request before asking for the refresh). I read a lot about this and someone says that might not happen in production. Does any of you have a clarification on this?
Note:
I know that when restoring / purchasing I get back a transaction with the receipt, however, I need to use the App Receipt to verify transactions (and this is also what Apple says to do).
Thank you in advance.
1. Refreshing the receipt
In theory, calling restore purchases should get the latest receipt. In the instances where you are experiencing issues, take a look at SKReceiptRefreshRequest. Typically, I use this in production when a call to restore purchases has encountered errors.
Use it wisely, triggering that API can lead to showing the Sign In prompts for the App Store.
2. When is the user asked to sign in?
Sadly, I have seen this vary so I cannot give a definitive answer. More often than not, a call to restore purchases should not trigger a sign in. Explicitly using SKReceiptRefreshRequest will.
If the user is not signed in to the store, calling any Store API like attempting a purchase or restoring purchases could trigger the sign in flow.
What Apple Says
From the docs
Refreshing a receipt doesn't create new transactions; it requests the latest copy of the receipt from the App Store. Refresh the receipt only once; refreshing multiple times in a row has the same result.
Restoring completed transactions creates a new transaction for every transaction previously completed, essentially replaying history for your transaction queue observer. Your app maintains its own state to keep track of why it’s restoring completed transactions and how to handle them. Restoring multiple times creates multiple restored transactions for each completed transaction.
My Recommendation
Store the hash of the last receipt you used on device. You can use this hash to check against the latest receipt so you know if anything has changed. Whenever your App resumes you can always check if the current receipt hash is different from the last cached value.
Try and submit the receipt as soon as possible. Typically when the App has launched.
If a user tries to manually restore purchases, I would start with a call to restoreCompletedTransactions. This can trigger an App Store sign in but is often less likely. Most of the time this is enough as the receipt on the device is often pretty up to date.
If the user tries another restore purchases, OR if the call failed, then move to SKReceiptRefreshRequest to guarantee a fresh receipt.
When using SKReceiptRefreshRequest, I would recommend wrapping this behind UIAlertController. I normally show something that indicates it has failed and have a "Retry" button that uses the request. This will trigger a new store sign in.
Use restoreCompletedTransactions to get a playback of all completed transactions the device is aware of.
When a user restore their purchase, does the receipt get refreshed?
Yes, it should. But it also sounds like you're doing some server-side validation? If that's the case, you can send any receipt from the user to the /verifyReceipt endpoint to get the latest status. You don't need to send the latest receipt, since /verifyReceipt will also refresh it.
Does the refresh receipt request triggers an alert asking for the Apple ID's password in production?
There's no clear Apple documentation on this, but it definitely will if there's no receipt file present in the app (rare in production). But if you're doing server-side validation (see #1), then you can send up any receipt you have, no need to refresh it. So you're only refreshing the receipt if nothing is present, which will trigger the sign-in. Keep in mind a receipt file is not present on the device after installing in sandbox - only after a purchase. This differs a lot from production where a receipt file is generated after installation.
From what it sounds like you're trying to do, my recommendation would be to check if any receipt file is present at launch, send it to /verifyReceipt to get the latest status for the user and cache the result. You can do this on every app launch.
In a perfect world you're storing the receipt server-side and keeping it up-to-date there, but you mentioned side project so that sounds like overkill. However, an out-of-the box solution that correctly implements all of this and will scale with you - such as RevenueCat - is another alternative (Disclaimer: I work there).
After many tests and after I sent my app in production, I'm now able to answer my questions properly:
1. When a user restores their purchase, does the receipt get refreshed?
YES, this is immediate as for Sandbox, BUT the problem is that the receipt DOESN'T include non-consumable purchases.
This means in other words that the receipt will include the purchased subscriptions, but you won't find purchases of non-consumable products.
However, when the user restores or purchases, you get the transactions in return, and you can extract the non-consumable products, and store this info somewhere like UserDefaults or Keychain, so you can use them when the user opens your app.
For the rest, the best approach is to always validate and check the receipt when the app is opened.
2. Does the refresh receipt request trigger an alert asking for the Apple ID's password in production?
YES. For sure it does the first time.
Thank you to Daniel and enc for their answers that can still be useful.
As title said, I am implementing a flow to fetch a local receipt then try to validate it from our backend server. As what Apple suggested, if the receipt tis nil or invalid. I need to do a receipt refresh request, the problem is, this requires network as well as user login.
So the actual issue we are facing is, from the dev build and test flight build, when we build a fresh new app that has not opened before. Once open, it will show a popup to ask for user login (obviously it's because of my logic - if receipt nil then do receipt refresh request). But we don't want to spam user with this dialog box every time and we have the business need to validate the user's receipt at app start up.
So back to the title question, since the dev and test flight build isn't working as expected (show login dialog because receipt is nil). Does the prod build - the app download from App Store, actually issues a receipt from App Store? In a WWDC video they said it should, but not very specific, so I am here to get some confirmation or some other thoughts from you guys.
Thanks!!
It's been a long time since I've used receipt validation (I used for auto renewable subscription) so what I'm going to tell you could have been changed.
In my experience it never happen to receive a nil receipt in production since the first receipt is downloaded from the App Store along with the application even for free apps. nil receipt happens in sandbox and in adhoc (don't know which should be the right behavior from from TestFlight) and in this case the best way to replicate production is to "restore purchases" or make a refresh request.
There is an old discussion about it on Apple dev forum where an employee clarifies that(probably 2015), I'm not able to find it again, but maybe you can also make a search there.
I've read a lot of SO answers about handling auto-renewable subscriptions with your own user login system, but there is an issue that I am still not sure how to handle: what to do when the transaction observer is triggered while the user is logged out.
Apple recommends to implement a transaction observer right in the App Delegate:
Adding your app's observer at launch ensures that it will persist
during all launches of your app, thus allowing your app to receive all
the payment queue notifications.
Say the user starts a purchase, but it doesn't complete immediately (for instance because it needs to be approved by their parents, or the app crashes, etc.). The user logs out and opens the app again, and since we are observing transactions in App Delegate, we might receive a transaction immediately when launching the app, before he logs in. We are then unaware of which user to associate the subscription to.
Two ideas:
Non-ideal: should I store the fact that there is a subscription pending and assume that the first user to log in will be the right one, and then associate it in some way to them once they log in? And if so, where would I keep the receipt? KeyChain, UserDefaults? This sounds pretty clunky.
Another way that sounds better: can I store some information about the transaction when it is initiated, and then use one of these fields to actually know exactly whose user's subscription purchase just finished?
(Not particularly relevant, but FYI I am using SwiftyStoreKit).
This is how I would approach this:
When the user tries to purchase a subscription, I first have them login or create an account.
Once the user is logged in, I send their appStoreReceipt to my server and store it there. I check and make sure the user is able to purchase. (At this point they should have the subscription they are trying to purchase)
Once I get a response from the server that the user should be able to purchase I go ahead and start the in-app-purchase
When the in-app-purchase process is done, I send the updated appStoreReceipt to my server and upgrade their account.
The problem you are worried about is what if the user gets done with step 3 but never gets to step 4.
Well, since I have their receipt stored on my server (from step 2), I can just ask Apple to give the latest version of their receipt, and if it shows up that they did purchase, I upgrade their account. You can choose when the right time is to do this check, it can be every time the app launched, or every time the user logs.
Hope this helps.
We currently developing an iOS app which uses auto-renewbale subscriptions purchased via IAP. We would like to be able to get either a receipt OR a list of previous transactions from the user w/o requiring that they enter their iTunes password.
The documentation says the following:
Users restore transactions to maintain access to content they’ve already purchased. For example, when they upgrade to a new phone, they
don’t lose all of the items they purchased on the old phone. Include
some mechanism in your app to let the user restore their purchases,
such as a Restore Purchases button. Restoring purchases prompts for
the user’s App Store credentials, which interrupts the flow of your
app: because of this, don’t automatically restore purchases,
especially not every time your app is launched. In most cases, all
your app needs to do is refresh its receipt and deliver the products
in its receipt. The refreshed receipt contains a record of the user’s
purchases in this app, on this device or any other device.
We have interpreted this to mean that the restoreCompletedTransactions API will require iTunes credentials be entered and the SKReceptRefreshRequest will not.
Unfortunately, in the sandbox, the exact opposite seems to be the case. My Sandbox users are NOT required to enter credentials when they are restoring transactions, but they are required when they are requesting a fresh receipt.
Does anyone have any idea if its the documentation that is incorrect, or if the IAP sandbox has different behaviors than the production environment?
Both refresh receipt mechanism and restore purchases require user authentication, in production and sandbox environment.
As from this, we assume the behaviour is that if the receipt is already present on the device (stale receipt), refresh doesn't ask for credentials, but if the receipt is absent it does. (1)
I have verified the above behaviour myself in the sandbox environment.
Also, as per this Apple doc, receipt is always present in production. (2)
Both (1) and (2), combined should mean refreshReceipt should not ask for iTunes login in production.
But as per this, (1) may be applicable only for Sandbox and in production it might always require login.
Also, the behaviour may change from time to time and between OS versions and devices. You should basically not depend on the behaviour for critical features of your application.
I'm building an iOS app, which provides a service which our website already provides. It's a subscription based service, where all features are enabled when you're subscribed. To get people to sign up for regular payments on the app, it seems like I'll have to go through Apple's in app purchasing API, with auto-renewing subscriptions. That's fine, but the problem is the service users will purchase through the app must also be available on the site. But reading through walkthroughs and the developer guide, it looks like the only way to process transactions is through the app itself, which then can be set up to pass the info to the server. But then I'm imagining this scenario:
User purchases a subscription on the iOS app, goes back and forth between using the site and the iOS app. On the day the user is to be charged, and the days after, they're using just the website, for whatever reason. The server doesn't know they've been billed though, and so features are disabled. In order for the server to find out the user has been billed by Apple, the user has to open the app on their iphone or ipad and sync it with both Apple and my server.
Is there any way for my server to ping Apple directly and get information about the purchases made for my app for a given user? I haven't been able to find anything; the two suggested layouts, with or without server, both use the iOS app as the sole communicator with Apple, aside from having the server verify that information is valid. If it's not possible for the server to get this information first hand, what other possible solution could there be?
Try to not use Apple's built in payment system, and risk getting rejected (with the app duplicating a service that's been available for years online, do we no longer have to use their in app purchasing system anyway?)
If a user is paying through Apple, have the server give them a generous buffer between expected payment dates and when features are disabled (makes the problem happen less frequently but doesn't solve it)
When their account seems expired to the server but it doesn't expect that, email the user a message saying they have to open the app or else their account will not be credited for time purchased (seems like a strange and not really great thing to have to ask a user to do in order to use the service)
This is about all I've been able to think up so far. Anyone have any advice on these solutions, or know of others, or know who I could talk to to try and figure this out?
Yes, you can check on the status of a user's account from your server. There are a few caveats:
First and foremost, Auto-Renewing Subscriptions are reserved for periodicals such as magazines and newspapers. If your app doesn't resemble those, Apple may reject it (as they did mine) and request that you use Non-Renewing Subscriptions (read: Manually-Renewing Subscriptions).
Second: This scenario would require you to store all receipts that you receive on the app, on your server.
Finally: I don't know how your username/password system works, but the user would have to login with the same credentials on your app as they do on your website.
Here's how you check the status of a user's account: Store at least one receipt per user on your server. When you want to check the status, follow Apple's procedure for Verifying App Store Receipts. Send them that one receipt and they'll respond with the latest receipt and the expiration date. Now you'll know, at any given moment, if a person's account is current or not.