1 Reply
      Latest reply on Feb 21, 2020 12:24 PM by PBK
      gorgine_hoo Level 1 Level 1 (0 points)

        I am confused how to properly deal with the non-renewing subscription validation backend. My validation flow roughly like this: First, when user choose IAP item and click the Buy button, it will send a POST request to our backend for generating a order which will contain info like product_id. And then return the order_id to the ios. Secondly, the ios end call our receipt verify API which should be passed through some args including receipt_data, order_id, product_id, transaction_id. Thirdly, when above args passed, we query db with transaction_id for avoid delivering dulplicate goods with same receipt. Then, sending a POST request to the App Store endpoint /verifyReceipt. We parse the resp considering different style of receipt, get the status field first to judge if its value equels to 0, then travesing the in_app field to find if there is one which transaction_id matches the one passed from ios. Then, we compare the product_id with the matched one. Is there something else that i should pay attention to or there are some logic bugs?

        • Re: How to verify non-renewing subscription
          PBK Level 7 Level 7 (3,555 points)

          What you write is hard to understand.

          The app on the device does the entire purchase.

          When it gets a call to updatedTransactions there is a receipt on the device.

          Grab that receipt and either:


          1) decode it in the app on the device using OpenSSL - check that the identifierForVendor is correct and of so believe the receipt




          2) send the receipt securely to your server.  have your server send the receipt to Apple servers to decode.  check the receipt's transaction_id for a non-renewing subscription (there could be multiple such subscription purchases in one receipt) to be sure it is unique before accepting the receipt.  If the transaction_id is unique, accept the content of the receipt (i.e. the product_id and any relevant dates)  and provide the device with the subscription.