My first post.
Im listening for statusUpdateNotifications and receiving them, but whats to stop anyone from posting to that URL?
I know the receipt data could be re-verified, but if there a way to verify that its coming from apple?
I get that some think the password should not be sent, but could a hash of it be there.
I notice a unique_identifier field, could that be it?
Documentation says password should be there, but its not.
regardless, how to you verify that this payload is from apple?
Thx!