Article

Generating a Signature for Subscription Offers

Create a signature to validate a subscription offer using your private key.

Overview

Before you can create a signature on your server, you must complete the one-time setup to generate a private key in App Store Connect, as described in Setting Up Subscription Offers. When sending data between your app and server, including the signature, use a secure connection. For more information on ensuring your data’s security, see Requirements for Connecting Using ATS.

To create the signature on your server, you will need parameters that identify the product and offer, parameters generated by the server, and your private key. Your app can optionally provide some of the required parameters in its request. The process of generating the signature consists of concatenating parameters with a UTF-8 string with an invisible separator ('\u2063').

Sign the Parameters

Generate the signature string, including the parameters for SKPaymentDiscount, in the order listed:

appBundleID

The app bundle identifier.

keyIdentifier

The KEY ID of the subscription key you generated in App Store Connect. See App Store Connect to get this value.

productIdentifier

The subscription product identifier, productIdentifier. The app can provide this value.

offerIdentifier

The subscription discount identifier, identifier. The app can provide this value.

applicationUsername

An optional string value that you define; may be an empty string. The app can provide this value and uses it in applicationUsername.

nonce

A unique UUID value that you define. This value is cached for 24 hours. The server generates this value.

timestamp

A timestamp the server generates in UNIX epoch time format, in milliseconds; the timestamp keeps the offer active for 24 hours.

Combine the parameters into a UTF-8 string with an invisible separator ('\u2063') between them, in the order shown:

appBundleId + '\u2063' + keyIdentifier + '\u2063' + productIdentifier + '\u2063' + offerIdentifier + '\u2063' + applicationUsername + '\u2063' + nonce + '\u2063' + timestamp

Sign the string using the Elliptic Curve Digital Signature Algorithm (ECDSA) with SHA 256. Make sure to hash this UTF-8 string and sign it using the PKCS#8 standard private key that you downloaded from App Store Connect.

Base64-encode the resulting signature to get a string similar to:

MEQCIEQlmZRNfYzKBSE8QnhLTIHZZZWCFgZpRqRxHss65KoFAiAJgJKjdrWdkLUOCCjuEx2RmFS7daRzSVZRVZ8RyMyUXg==

Respond with the Signature and Parameters

Respond to the app’s request over a secure connection, providing the signature string, the nonce, timestamp, and the keyIdentifier the server used to sign the string.

See Create a Signature for information about the app’s request and how it uses the signature.

See Also

Providing Subscription Offers

Setting Up Subscription Offers

Generate a key and configure offers for auto-renewable subscriptions in App Store Connect.

Implementing Subscription Offers in Your App

Offer discounted pricing for auto-renewable subscription products to eligible subscribers.