I am confused how to properly deal with the non-renewing subscription validation backend. My validation flow roughly like this: First, when user choose IAP item and click the
Buy button, it will send a
POST request to our backend for generating a order which will contain info like
product_id. And then return the
order_id to the ios. Secondly, the ios end call our receipt verify API which should be passed through some args including
transaction_id. Thirdly, when above args passed, we query db with
transaction_id for avoid delivering dulplicate goods with same receipt. Then, sending a POST request to the App Store endpoint
/verifyReceipt. We parse the resp considering different style of receipt, get the
status field first to judge if its value equels to
0, then travesing the
in_app field to find if there is one which
transaction_id matches the one passed from ios. Then, we compare the
product_id with the matched one. Is there something else that i should pay attention to or there are some logic bugs?
What you write is hard to understand.
The app on the device does the entire purchase.
When it gets a call to updatedTransactions there is a receipt on the device.
Grab that receipt and either:
1) decode it in the app on the device using OpenSSL - check that the identifierForVendor is correct and of so believe the receipt
2) send the receipt securely to your server. have your server send the receipt to Apple servers to decode. check the receipt's transaction_id for a non-renewing subscription (there could be multiple such subscription purchases in one receipt) to be sure it is unique before accepting the receipt. If the transaction_id is unique, accept the content of the receipt (i.e. the product_id and any relevant dates) and provide the device with the subscription.