Post not yet marked as solved
I'm currently working on in-app-purchase.
I want to post receipt to my backend server and verify on server(not post to apple server) like this page.
But take a look at Receipt Fields, there's no way to know the environment this receipt generated in.
Is there any way to determine the environment the receipt generated in?
Post not yet marked as solved
We send StoreKit 2 signed transactions to our server for validation and processing. As part of this process, as recommended by Apple, we validate the certificate chain against the "Apple Root CA - G3 Root" certificate found here: https://www.apple.com/certificateauthority/
As of 24th September we started noticing this validation erroring because of expired certificates in the JWT. On further investigation we see the first cert in the chain, with the common name "Prod ECC Mac App Store and iTunes Store Receipt Signing", appears to have expired at "Sep 24 02:50:33 2023 GMT"
I checked and calling the App Store API at "inApps/v1/subscriptions/" with the same transaction id also returns the subscription with the same expired certificate in the chain so I am confident that this is a genuine transaction issued by Apple.
For now we have been forced to disable validating the expiry date of intermediate certificates to work around this. I'm however really surprised I haven't found anyone else discussing this or any documentation around how to handle this situation.
Is it expected that the App Store JWS would contain an expired certificate and what is the guidance on how to proceed in this situation?
There are fake receipts used by hackers, which are the receipts before iOS7.The Receipt can be successfully verified with an incorrect password.Is this a bug?https://developer.apple.com/documentation/appstorereceipts/verifyreceipt
--Do I need to completely drop compatibility for this?
Post not yet marked as solved
Ensure that your app’s local receipt validation is compatible with intermediate certificates that require using the SHA-256 algorithm.
View Technote TN3138 >
Post not yet marked as solved
I am using local receipt validation and the SKReceiptRefreshRequest API to restore purchases.
When my iOS 16.1 users tap "restore purchase", the call fails. Notably, it does not ask the users to log into their iTunes account (it normally does) and my app logs the following error:
<SKReceiptRefreshRequest: 0x281b0ad20>: Finished refreshing receipt with error: Error Domain=ASDErrorDomain Code=603 "Request throttled" UserInfo={NSLocalizedFailureReason=Unified receipt is valid and current, NSLocalizedDescription=Request throttled, AMSServerErrorCode=0}
These errors started showing up after the release of 16.1 and appear to be limited to that specific version of iOS. The relevant code has not changed in years and I have iOS 15 and iOS 16.0 users who are currently able to restore purchases without issue. Also, I am not able to reproduce the issue in the sandbox but I am able to do so in production.
I'm a bit at a loss. Why would my request be "throttled" and, further, why only on iOS 16.1 and only in production? Any thoughts on what could be happening here?
Any help is much appreciated. Thank you!
Receipt verification on my app's server suddenly started giving an error, and all billing-related processes became errors.
The error that is occurring is Signature verification failed is.(FireBaseJWT throw Exception)
The code is below, but it was working fine until 3 days ago.
JWT::decode($lastTransaction['signedTransactionInfo'], $appleCertificate, ['ES256']);
The certificate used here was created by the server developer, so I don't know how to create it.
Could you please help me which certificate should I use?
I tried using the ApplePKI certificate, but the same error occurred.
私のアプリのサーバでのレシート検証が突然エラーを吐くようになり、課金関連の処理が全てエラーになってしまいました。
発生しているエラーはSignature verification failedです。(FireBaseJWTのException)
コードは以下になっていますが、3日前までは正常に動作していたコードです。
JWT::decode($lastTransaction['signedTransactionInfo'], $appleCertificate, ['ES256']);
ここで利用している証明書はサーバ開発者に作成して貰っていたので作成方法が分かりません。
どの証明書を使えば良いか助けて貰えないでしょうか。
ApplePKIの証明書は粗方試してみましたが同様のエラーになっています。
Post not yet marked as solved
Hi , i have a question to ask:
When i first request to get transactionInfo to valid receipt. use getTransactionInfo endpoint. it found 4040010 error.
After a while ,I send the same request ,it response correct transaction info
It happen rate about 2%
What the reason?
In the old verifyReceipt endpoint doc, there is an important desc
As a best practice, always call the production URL https://buy.itunes.apple.com/verifyReceipt first and proceed to verify with the sandbox URL if you receive a 21007 status code. Following this approach ensures that you don’t have to switch between URLs while your app is in testing, in review by App Review, or live in the App Store.
So I can know the transactionId is for sandbox if return back 21007.
And I am about to access to new App Store Server API, so the same, I wonder how can I recognize the transactionId is from sandbox by status code?
The most likely desc is this:
If you don’t have environment information, follow these steps:
Call the endpoint using the production URL. If the call succeeds, the original transaction identifier belongs to the production environment.
If you receive an [errorCode 4040005] with errorMessage as OriginalTransactionIdNotFoundError, (or HTTP response code 404 from the Send Consumption Information endpoint), call the endpoint using the sandbox environment.
If the call succeeds, the original transaction identifier belongs to the sandbox environment. If the call fails with the same error code, the original transaction identifier isn’t present in either environment.
And I have a try for Get Transaction Info API, but actually get 4040010, Transaction id not found. as return.
So I just wanna clear that is there any doc clarify this point that I miss?
Looking forward to your response, sincerely!! :)
Post not yet marked as solved
Hello, I finding contradictory information. Is it possible to place PWA in the app store?
Post not yet marked as solved
As of September 6, 2023, I have registered and paid the Apple Developer participation fee to be able to publish the application on the App Store. However, up to now, it has been 5 days since registering and I have not received any notification or response about my account status, even though Apple informed me in the message that I need to wait 2 days for processing. .
I'm really frustrated, is there anyone else like me with this situation? If you have any way to solve the above problem, please help me. Thank you very much!
Post not yet marked as solved
Hello,
I have an existing app which is beeing sold in the app store since 2010. Now I want to convert this app into a free app with optional in-app purchases. A part of the functionality which paid users currently have should then be accessible only by IAP.
Therefore, I must identify my existing customers, to not make them pay again for functionality they have paid already.
Googling around reveals that this is not easy to do, if it was possible at all. However, I found this post: https://stackoverflow.com/questions/3735635/convert-existing-ios-paid-app-to-freemium-model-with-in-app-purchase
Quote:
"There is now an Apple-approved way to do this on both iOS and macOS. The
originally downloaded version of the app can be obtained from the
receipt using the info key Original Purchased Version. You can then decide whether to unlock features if that version predates the switch to IAP."
Now I have played around with this a bit, or more precisely:
NSURL *receiptURL = [[NSBundle mainBundle] appStoreReceiptURL];
NSData *receipt = [NSData dataWithContentsOfURL:receiptURL];
However, in my tests, receipt will always be nil. The URL also points to some local location with sandbox in the name.
Am I doing something wrong in general, or is this just not supposed to work how I thought it would? Note that I have installed my app from the app store on my device, then launched the above code on my device (so I'm NOT testing this in the simulator).
I also read about SKReceiptRefreshRequest, however I cant figure out how to use it.
So the question is, how would I figure out if a user has already purchased the orignal paid version? My app does not have a server-component, and by checking some NSUserDefaults key would result in charging users which reinstall the app on a new device.
So what should I do?
Post not yet marked as solved
Hi all,
We're facing an issue with our app's subscription and in-app purchases:
We are using StoreKit 2
Up until 6 hours ago, everything was fine.
Now, users are telling us they can't access what they've paid for.
We could reproduce the error on iOS 16.6, not on iOS 17 developer beta
Buying or restore purchases are timing out.
Everything works fine in Sandbox and TestFlight.
We are getting these two errors with production builds:
Error enumerating unfinished transactions
Error enumerating all current transactions
both with the following timeout message:
Error Domain=NSURLErrorDomain Code=-1001 "Zeitüberschreitung bei der Anforderung." UserInfo={NSErrorFailingURLStringKey=https://mzstorekit.itunes.apple.com/inApps/v1/history?reason=initial, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask, NSUnderlyingError=0x2837a4f00 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "(null)" UserInfo={_kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4}}, _kCFStreamErrorCodeKey=-2102
Is anyone else seeing this? Any fixes?
Thanks for any help or advice.
Best,
Juno
Post not yet marked as solved
If my user purchase and get transaction_id: 2000000395609292, and then another user just makeup a same transaction_id to call the App Store Server API
If in the old way, the receipt seems impossiable to makeup, how about now? Is that equally safe as before?
Or is there any way to protect transaction_id.
I am not that good at security, so please forgive me about missing any point. o(╥﹏╥)o
Looking forward to your response, sincerely!! :)
I try to call Get Transaction Info from App Store Server API, and the transactionId is for a Non-consumable type product, but it is odd that there are so many different transactionId and they have a same originalTransactionId
{
"bundleId": "${bundleId}",
"environment": "Production",
"inAppOwnershipType": "PURCHASED",
"originalPurchaseDate": 1691220528000,
"originalTransactionId": "${originalTransactionId}",
"productId": "${productId}",
"purchaseDate": 1691220528000,
"quantity": 1,
"signedDate": 1692590989925,
"storefront": "USA",
"storefrontId": "143441",
"transactionId": "${originalTransactionId}",
"transactionReason": "PURCHASE",
"type": "Non-Consumable"
}
the defination of Non-Consumable is can only purchase once for same apple account. But why there would have originalTransactionId?
Post not yet marked as solved
I'm noticing that when I build for development and switch Apple accounts while the app is running, the device receipt isn't updated even after I call SKReceiptRefreshRequest.start(). The app behaves as expected if I install fresh. Is this a known issue if we're running from Xcode?
Post not yet marked as solved
Issue
Currently I have multiple subscription offers available for yearly/monthly subscriptions. Each of the subscription offers have multiple different custom codes available. When the customer buys a subscription and the receipt is being handled in the backend, I need to know which of the custom codes was used.
What I have tried
When i call the https://buy.itunes.apple.com/verifyReceipt I get the values offer_code_ref_name and promotional_offer_id. The offer_code_ref_name is the subscription offer name AND NOT the custom code.
I tried to get more info using the https://api.storekit.itunes.apple.com/inApps/v1/subscriptions/{transactionId} request, but it does not give me any info about the custom code used either.
I do however see which custom code has been used if I go to Sales and Trends > Sales and Trends Reports and download Subscritpion Reports. There the offer code can be found ref. as "Promotional Offer ID"
my question
How can I get which custom code was used when purchasing a renewable subscription using transaction id or transaction Receipt?
Post not yet marked as solved
Can I delete the file StoreKitTestCertificate.cer if I have a published app that uses StoreKit 2?
This is how I was using it earlier to do receipt validation but it's no longer in my released app:
#if DEBUG
let certificate = "StoreKitTestCertificate"
#else
let certificate = "AppleIncRootCertificate"
#endif
Source: https://developer.apple.com/documentation/xcode/setting-up-storekit-testing-in-xcode/
Can I safely delete StoreKitTestCertificate.cer in my next version this file without affecting the released app or TestFlight?
Currently, my app validates App Store receipts on the device, so as per this news, I need to make changes to it,
But I am unable to make a decision on where I should start, Can anyone please help me out on this?
Do I need to make changes in the device receipt validation? If yes, what steps should I take?
OR
Should I do the receipt validation from the server side? If yes, then what steps to follow to make a receipt validation on the server?
Your suggestions will be highly appreciated.
Post not yet marked as solved
Hi,
We offer a premium account IAP for our app. We recently noticed on our proceeds section of App Store Connect that a refund for the IAP had been processed but we didn't receive a notification regarding this and from what I can see there is no way to see who applied for it.
This is a problem as we need to be able to switch the premium account off for that account.
Can someone help with this please?
Hello everyone
I am testing receipt validation for an app to be submitted to the mac app store.
After starting the app a login window popped up and I entered my regular apple
id before realising I need to enter an apple id associated with a sandbox account.
Now I can't get the login window to show again when starting the app, it seems as
I am permanently (or temporarily?) logged into the sandbox account on the mac.
How can I log out from the sandbox account? Is it even possible? Does the account
time out after a while so that I just need to wait?