Verify transactions with the App Store on a secure server.
An App Store receipt is a binary encrypted file signed with an Apple certificate. In order to read the contents of the encrypted file, you need to pass it through the verifyReceipt endpoint. The endpoint's response includes a readable JSON body. Communication with the App Store is structured as JSON dictionaries, as defined in RFC 4627. Binary data is Base64-encoded, as defined in RFC 4648. Validate receipts with the App Store through a secure server. For information on establishing a secure network connection with the App Store, see Preventing Insecure Network Connections.
Fetch the Receipt Data
To retrieve the receipt data from the app on the device, use the
app method of NSBundle to locate the app’s receipt, and encode the data in Base64. Send this Base64-encoded data to your server.
Send the Receipt Data to the App Store
On your server, create a JSON object with the
password (if the receipt contains an auto-renewable subscription), and
exclude-old-transactions keys detailed in requestBody.
Submit this JSON object as the payload of an HTTP POST request. Use the test environment URL
https://sandbox when testing your app in the sandbox and while your application is in review. Use the production URL
https://buy when your app is live in the App Store. For more information on these endpoints, see verifyReceipt.
Parse the Response
The App Store's response payload is a JSON object that contains the keys and values detailed in responseBody.
in array contains the non-consumable, non-renewing subscription, and auto-renewable subscription items previously purchased by the user. Check the values in the response for these in-app purchase types to verify transactions as needed.
For auto-renewable subscription items, parse the response to get information about the currently active subscription period. When you validate the receipt for a subscription,
latest contains the latest encoded receipt, which is the same as the value for
receipt-data in the request, and
latest contains all the transactions for the subscription, including the initial purchase and subsequent renewals but not including any restores.
You can use these values to check whether an auto-renewable subscription has expired. Use these values along with the
expiration subscription field to get the reason for expiration.