Post

Replies

Boosts

Views

Activity

How to validate the apple revoke token api (appleid.apple.com/auth/revoke) successfully
Per Account deletion requirement iOS If your app offers Sign in with Apple, you’ll need to use the Sign in with Apple REST API to revoke user tokens when deleting an account. Referring to this answer, we are trying to send this revoke token API on our server-side. Here are some snippet privateKey = fs.readFileSync("xxxxxxxx.p8") client_secret = jwt.sign({ iss: 'xxxx-***-xx-xxxx-xxxxxxxx', iat: Math.floor(Date.now() / 1000), exp: Math.floor(Date.now() / 1000) + 1200, aud: 'https://appleid.apple.com', sub: "sample.com" }, privateKey, { algorithm: 'ES256', header: { alg: 'ES256', kid: 'xxxxxxxxxxx' } }); data = { 'token': token, 'client_id': "sample.com", 'client_secret': client_secret }; body = qs.stringify(data) opts = protocol: 'https:' host: 'appleid.apple.com' path: '/auth/revoke' method: 'POST' timeout: 6000 headers: 'Content-Type': 'application/x-www-form-urlencoded' 'Content-Length': Buffer.byteLength(body) // call https to send this opts message And the status code of the above codes could be 200. However, the response code 200 of revoke token api The request was successful; the provided token has been revoked successfully or was previously invalid. It seems the status code 200 includes the provided token was previously invalid. How could we distinguish whether the revoke token API was returned by the invalid token or revoked successfully? We also try to test this revoke token API through curl with invalid client_secret and token, the status code 200 could be returned either. It is so weird. curl -v POST "https://appleid.apple.com/auth/revoke" \ -H 'content-type: application/x-www-form-urlencoded' \ -d 'client_id=***.xxxx.yyyy' \ -d 'client_secret=ddddddeyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlBGUVRYTTVWUlcifQ.dddd.DmMifw6qWHMqKgDIbO8KrIzDvbF7T4WxxEo9TmtN0kmTISsi8D8FG52k_LPGkbNEnS_-w_SRimEKIH1rsuawFA' \ -d 'token=dddddd' \ -d 'token_type_hint=access_token' > POST /auth/revoke HTTP/1.1 > Host: appleid.apple.com > User-Agent: curl/7.77.0 > Accept: */* > content-type: application/x-www-form-urlencoded > Content-Length: 240 > * Mark bundle as not supporting multiuse < HTTP/1.1 200 < Server: Apple < Date: Thu, 09 Jun 2022 07:36:31 GMT < Content-Length: 0 < Connection: keep-alive < Host: appleid.apple.com
1
2
3.2k
Jun ’22
How to use send consumption info server api?
Recently, some users of our apps ask us to do a refund, since they got the information that the developer refused to refund from app store. We think this Send Consumption Information could help us to make the refund have a greater chance of success. However, after testing this API with several cases and got the status 202 from this API, the app store still decline those refunds. We are confused now and want to know how to use this API correctly? As we know, the App Store uses the consumption information you provide to inform its refund decisions. It seems the app store ignore the information we provided through consumption info, and just make a refund decision as before. If so, why this API is created for developers? Here are some cases we have done case 1: The customer is an inactive user and our app failed to deliver IAP product to the customer and the customer did not consume this product, the content of ConsumptionRequest is below. AccountTenure: 1 AppAccountToken: "", ConsumptionStatus: 1, CustomerConsented: true, DeliveryStatus: 5, LifetimeDollarsPurchased: 2, LifetimeDollarsRefunded: 1, Platform: 1, PlayTime: 0, SampleContentProvided: false, UserStatus: 0, case 2: The customer is an active user and our app failed to deliver IAP product to the customer and the customer did not consume this product, the content of ConsumptionRequest is below. AccountTenure: 1 AppAccountToken: "", ConsumptionStatus: 1, CustomerConsented: true, DeliveryStatus: 5, LifetimeDollarsPurchased: 2, LifetimeDollarsRefunded: 1, Platform: 1, PlayTime: 4, SampleContentProvided: false, UserStatus: 1 case 3: The customer is an active user and our app delivers IAP product to the customer successfully and the customer did not consume this product, the content of ConsumptionRequest is below. AccountTenure: 1 AppAccountToken: "", ConsumptionStatus: 1, CustomerConsented: true, DeliveryStatus: 0, LifetimeDollarsPurchased: 2, LifetimeDollarsRefunded: 1, Platform: 1, PlayTime: 4, SampleContentProvided: false, UserStatus: 1
0
0
720
Sep ’21
How to send Consumption Information to App Store to make refund successfully
As we know, the customer initiated a refund request for a consumable in-app purchase, the CONSUMPTION_REQUEST notification will be received on the developer server side. The developer could send consumption info to help the app store to do refund decisions. I want to make the refund have a greater chance of success. How could we send this consumption info? We try to send consumption info to indicate one inactive user as below AccountTenure: 1, AppAccountToken: "", ConsumptionStatus: 0, CustomerConsented: true, DeliveryStatus: 0, LifetimeDollarsPurchased: 0, LifetimeDollarsRefunded: 0, Platform: 1, PlayTime: 0, SampleContentProvided: false, UserStatus: 0, The app store failed to refund Then we try to send consumption info to indicate one active user as below AccountTenure: 1, AppAccountToken: "", ConsumptionStatus: 0, CustomerConsented: true, DeliveryStatus: 0, LifetimeDollarsPurchased: 0, LifetimeDollarsRefunded: 0, Platform: 1, PlayTime: 4, SampleContentProvided: false, UserStatus: 1, The app store refuses to refund again.
1
0
1.2k
Sep ’21
The originalTransactionId of CONSUMPTION_REQUEST notification is empty
Now we got a CONSUMPTION_REQUEST notification_type and the content is {Environment:PROD NotificationType:CONSUMPTION_REQUEST Password:xxxx0b91b407f5xxxxxxxxx ExpirationIntent: AutoRenewAdamID: AutoRenewStatus: AutoRenewProductID: AutoRenewStatusChangeDate:{AutoRenewStatusChangeDate: AutoRenewStatusChangeDateMS: AutoRenewStatusChangeDatePST:} BID:com.boundle.id BVRS:89 UnifiedReceipt:{ Status:0 Environment:Production LatestReceipt:MIISegYJKoZIhvcNXXXXXXXXXX LatestReceiptInfo:[] PendingRenewalInfo:[] } } It seems there is no receipt transaction id which the customer asks for a refund. And then we try to get the receipt details through https://buy.itunes.apple.com/verifyReceipt with LatestReceipt of notification { receipt: { receipt_type: 'Production', adam_id: 125258871623, app_item_id: 125258871623, bundle_id: 'com.boundle.id', application_version: '89', download_id: null, version_external_identifier: 843111111, receipt_creation_date: '2021-07-18 04:48:20 Etc/GMT', receipt_creation_date_ms: '1626583700000', receipt_creation_date_pst: '2021-07-17 21:48:20 America/Los_Angeles', request_date: '2021-07-20 08:02:21 Etc/GMT', request_date_ms: '1626768141824', request_date_pst: '2021-07-20 01:02:21 America/Los_Angeles', original_purchase_date: '2021-07-07 00:03:57 Etc/GMT', original_purchase_date_ms: '1625616237000', original_purchase_date_pst: '2021-07-06 17:03:57 America/Los_Angeles', original_application_version: '87', in_app: [] }, environment: 'Production', status: 0 } { receipt_type: 'Production', adam_id: 125258871623, app_item_id: 125258871623, bundle_id: 'com.boundle.id', application_version: '89', download_id: null, version_external_identifier: 843111111, receipt_creation_date: '2021-07-18 04:48:20 Etc/GMT', receipt_creation_date_ms: '1626583700000', receipt_creation_date_pst: '2021-07-17 21:48:20 America/Los_Angeles', request_date: '2021-07-20 08:02:21 Etc/GMT', request_date_ms: '1626768141824', request_date_pst: '2021-07-20 01:02:21 America/Los_Angeles', original_purchase_date: '2021-07-07 00:03:57 Etc/GMT', original_purchase_date_ms: '1625616237000', original_purchase_date_pst: '2021-07-06 17:03:57 America/Los_Angeles', original_application_version: '87', in_app: [] } There is no refund receipt info either. Per doc, once received CONSUMPTION_REQUEST, we should send Consumption Information through API PUT https://api.storekit.itunes.apple.com/inApps/v1/transactions/consumption/{originalTransactionId} How could we get the originalTransactionId from notification?
0
0
971
Jul ’21
App store server api: lookup customer order id return 404
We try to use the customer order id lookup API of app store server API, like https://api.storekit.itunes.apple.com/inApps/v1/lookup/xxxxxxx However, we got 404, and the response body is empty. Here are the response through curl * Connection state changed (MAX_CONCURRENT_STREAMS updated)! < HTTP/2 404 < server: daiquiri/3.0.0 < date: Mon, 19 Jul 2021 12:03:24 GMT < content-length: 0 < x-apple-jingle-correlation-key: EJJPZLFC7B3NTSO3PLZNUVVIXY < x-apple-request-uuid: 2252fcac-a2f8-76d9-c9db-7af2da56a8be < b3: 2252fcaca2f876d9c9db7af2da56a8be-ad831e3618544a32 < x-b3-traceid: 2252fcaca2f876d9c9db7af2da56a8be < x-b3-spanid: ad831e3618544a32 < apple-seq: 0.0 < apple-tk: false < apple-originating-system: CommerceGateway < x-responding-instance: CommerceGateway:010116::: < apple-timing-app: 0 ms < strict-transport-security: max-age=31536000; includeSubDomains < x-daiquiri-instance: daiquiri:45824002:st44p00it-hyhk15104701:7987:21HOTFIX14 < How to debug this issue? or Is there anything am I missing? Thanks
2
0
1.7k
Jul ’21
Storekit: get transaction history return 404
We try to get transaction history per this doc https://developer.apple.com/documentation/appstoreserverapi/get_transaction_history However, we got 404, and response details are < HTTP/2 404 < server: daiquiri/3.0.0 < date: Mon, 19 Jul 2021 09:04:48 GMT < content-length: 0 < x-apple-jingle-correlation-key: TROLAF3A72KS6FCSQRCVCFFJKY < x-apple-request-uuid: 9c5cb017-60fe-952f-1452-84455114a956 < b3: 9c5cb01760fe952f145284455114a956-cdbaee3838492961 < x-b3-traceid: 9c5cb01760fe952f145284455114a956 < x-b3-spanid: cdbaee3838492961 < apple-seq: 0.0 < apple-tk: false < apple-originating-system: CommerceGateway < x-responding-instance: CommerceGateway:010196::: < apple-timing-app: 3 ms < strict-transport-security: max-age=31536000; includeSubDomains < x-daiquiri-instance: daiquiri:45824002:st44p00it-hyhk15104701:7987:21HOTFIX14 < Does it mean there is no related transaction history or something wrong with API usage? Thanks
3
0
2.3k
Jul ’21