I am an app developer, and I have implemented in-app purchases in my application. When a user completes a purchase, Apple displays a success popup. After the user taps "OK", I send the receiptData to my server to add points to their account. However, I have encountered cases where users either exit the app before tapping "OK" or experience network issues, preventing the receipt from being sent to my server. As a result, they do not receive their points. Later, some users send me a receipt from Apple Pay, claiming that the payment was successful. These receipts include details such as the orderId, email, and other transaction information. However, I am not certain whether the user actually completed the payment but encountered an issue, or if they are providing a fraudulent receipt. My question: How can I verify the authenticity of these receipts? Is there an official way to check if a given Apple Pay invoice corresponds to a real in-app purchase in my app? Any guidance or best practices would be greatly appreciated!

Our app offers auto-renewable subscriptions using StoreKit Original API for In-App Purchase and App Store Server Notifications V1. Starting around 2025-03-15, we found some cases where original_transaction_id which was associated to web_order_line_item_id of already purchased subscription had changed in the receipt information of verifyReceipt response or App Store Server Notifications V1. The detailed steps are: Around February 2025, re-purchase from the app the same subscription product which was canceled and expired some time ago, using StoreKit Original API for In-App Purchase Receive the following 2 notifications from App Store Server Notifications V1 almost at the same time INITIAL_BUY DID_CHANGE_RENEWAL_STATUS In both notifications, latest_receipt_info contains the receipt for the re-purchased subscription period with new original_transaction_id and web_order_line_item_id pending_renewal_info contains both new original_transaction_id and original one which was generated at first purchase, and original one has "is_in_billing_retry_period": "1" Starting around 2025-03-15, the following happens When we receive another "DID_CHANGE_RENEWAL_STATUS" notification from App Store Server Notifications V1, original_transaction_id which is associated to web_order_line_item_id of the re-purchased subscription period has changed back to the original one (the one which was generated at first purchase) in latest_receipt_info. When we call verifyReceipt with the receipt obtained from appStoreReceiptURL, the response does not seem to contain new original_transaction_id which was generated at re-purchase We have some questions regarding this original_transaction_id behavior. When a user re-purchase the same subscription product which was canceled and expired some time ago, it seems that new original_transaction_id is generated. Is this an expected behavior? If yes, it seems that, at some point, original_transaction_id which is associated to web_order_line_item_id of the re-purchased subscription changed back to the original original_transaction_id which had been generated at first purchase. Is this an expected behavior? What triggers the original_transaction_id change to the original one? Is it related to some user actions or subscription status change?

iOS Storekit2 Appstore production environment, some user feedback in app purchase faliure, What our log records is StoreKitError.unknown，please How to solve problem, thanks

We are distributing an application using in-app-purchase with subscription. In order to expand customer support and more optimally timed marketing activities, We want to retrieve the billing status and number of billing users managed on the Apple side and regularly verify that the data we are aware of on the server side is up-to-date. Currently, the App Store Server API provides a way to retrieve status using individual original_transaction_id, but there seems to be no official way to retrieve original_transaction_id for a specific period at once. The same was also true for App Store Server Notifications. Is there a way to specify a period of time, the Apple ID of an app, etc., and obtain the original_transaction_id or transaction_id for a specific period of time?

Hello everyone, I’m implementing external purchases in my app and I’m using ExternalPurchase.linkToExternalPurchase() on iOS 17.4+ to display the Apple modal for external purchases. However, I need to handle purchases on iOS 15.4 - 17.3, where StoreKit’s external purchase APIs do not provide tokens and return false. Questions: What is the recommended fallback for iOS 15.4 - 17.3 since the Apple modal is not available? Should I display a custom modal or directly open a WebView with the purchase page? On iOS < 15.4, since external purchase APIs are unavailable, is it acceptable to open the external purchase page directly in Safari instead of within the app? Will Apple reject the app if I use a custom modal for purchases on iOS 15.4 - 17.3 instead of the Apple-provided one on iOS 17.4+? I want to make sure my implementation complies with Apple’s guidelines while providing the best experience for users on older iOS versions. Thanks in advance for your help!

We use Transaction.currentEntitlements in StokeKit 2 to unlock functionality based on a Non-Consumable IAP but we have a case involving a refund that seems wrong and I am trying to understand the interation between transactionId, originalTransactionId & revocationReason. The Context: We have a universal App on macOS and iOS that offers a shared Non-Consumable IAP. For this example I have named it "app.lifetime" On macOS we use StoreKit 2 and I am calling the Transaction.currentEntitlements and Transaction.all functions. On iOS we are still using StoreKit 1. This example customer: Originally purchased "app.lifetime" on 2024-10-27 Was refunded by Apple for "app.lifetime" on 2024-10-29 Re-purchased "app.lifetime on 2025-02-24 (I have seen an email receipt of this transaction but it never shows up in Transaction data) (all the above happened on the mac via StoreKit 2) The Transactions (all lightly redacted for privacy): on macOS the following is returned from Transaction.currentEntitlements... { "appTransactionId" : "...8123", "bundleId" : "app", "currency" : "USD", "deviceVerification" : "...", "deviceVerificationNonce" : "...", "environment" : "Production", "inAppOwnershipType" : "PURCHASED", "originalPurchaseDate" : 1729997808000, "originalTransactionId" : "...9955", "price" : 1, "productId" : "app.lifetime", "purchaseDate" : 1729997808000, "quantity" : 1, "signedDate" : 1740416289102, "storefront" : "USA", "storefrontId" : "143441", "transactionId" : "...7511", "transactionReason" : "PURCHASE", "type" : "Non-Consumable" } Note in the above example the originalTransactionId & transactionId are different. Transaction.all however returns both transactions: [ { "appTransactionId" : "...8123", "bundleId" : "app", "currency" : "USD", "deviceVerification" : "...", "deviceVerificationNonce" : "...", "environment" : "Production", "inAppOwnershipType" : "PURCHASED", "originalPurchaseDate" : 1729997808000, "originalTransactionId" : "...9955", "price" : 1, "productId" : "app.lifetime", "purchaseDate" : 1729997808000, "quantity" : 1, "revocationDate" : 1730224102000, "revocationReason" : 0, "signedDate" : 1740415969925, "storefront" : "USA", "storefrontId" : "143441", "transactionId" : "...9955", "transactionReason" : "PURCHASE", "type" : "Non-Consumable" }, { "appTransactionId" : "...8123", "bundleId" : "app", "currency" : "USD", "deviceVerification" : "...", "deviceVerificationNonce" : "...", "environment" : "Production", "inAppOwnershipType" : "PURCHASED", "originalPurchaseDate" : 1729997808000, "originalTransactionId" : "...9955", "price" : 1, "productId" : "app.lifetime", "purchaseDate" : 1729997808000, "quantity" : 1, "signedDate" : 1740416289102, "storefront" : "USA", "storefrontId" : "143441", "transactionId" : "...7511", "transactionReason" : "PURCHASE", "type" : "Non-Consumable" } ] Note here that the original transaction ("...9955") includes a revocationDate and revocationReason that match the expected refund but the secondary transaction that seems to match on all other details is missing the revocation info. Looking at the iOS SK1 receipt data to compare, after a receipt refresh I see only a single transaction "...9955" which includes the cancellation info and transaction "...7511" is not present at all. The impact of this is that on iOS we are considering the purchase void but on macOS we are following currentEntitlements and consdering it still valid. Calling the inApps/v1/history/... server API with the "...7511" transactionId that is shown in the currentEntitlements response returns the "...9955" transaction with the correct revocation status but "...7511" is no returned at all. To Summarise: currentEntitlements on macOS shows transaction "...7511" as active and with an originalTransactionId of "...9955" all on macOS includes both "...7511" as active and "...9955" as revoked iOS reciept data shows only "...9955" as revoked Server API shows only "...9955" as revoked event when explicitly called with "...7511" Neither of them show a more recent purchase the same customer made for the same IAP product. My questions are: Is this a StoreKit bug or am I mis-understanding something? If it's a bug how can I work around it to ensure revoked purchases aren't still appearing in currentEntitlements? Under what conditions can StoreKit generate multiple transactionIds for the same underlying originalTransactionId? I had assumed (and the docs suggest) this only happens for subscriptions but here it is happening for a Non-Consumable IAP. Why would transactionId "...7511" only be present on macOS/SK2 and not visible at all on iOS/SK1 or API? I don't understand why the latest IAP from 2025-02-24 that the customer assures me they made (and has shown me the receipt for is not showing up in the Transactions history at all. Any ideas?

Hello, I would like to draw your attention to the following imperfection. For validating purchases of my paid application Guru Maps Pro, I use the download id. This is a unique ID that can replace the Transaction ID for paid applications. However, with the release of the new AppTransaction API, this field is no longer present in the data. I tried parsing the receipt, but that field is absent there as well. The only way to obtain the download id is to send the receipt to the deprecated /verifyReceipt endpoint. This deprecated status concerns me, because at some point it might stop working. Let me explain a little about why I need this. My users have a guru-account, which they can use both in the web version and on Android. When a user purchases the paid version of the application, they can access the paid features on both web and Android. This works great for in-app purchases, where there is a transaction ID, but it may soon stop working for paid applications because there is no way to determine any ID associated with the purchase. Transaction ID or Download ID – I don't mind which.

Hi all, I am adding the following StoreKit 2 code to my app, and I don't see anything in Apple's documentation that explains the unverified case. When is that case exercised? Is it when someone has tampered with the app receipt? Or is it for more mundane things like poor network connectivity? // Apple's docstring on `shared` states: // If your app fails to get an AppTransaction by accessing the shared property, see refresh(). // Source: https://developer.apple.com/documentation/storekit/apptransaction/shared var appTransaction: VerificationResult<AppTransaction>? do { appTransaction = try await AppTransaction.shared } catch { appTransaction = try? await AppTransaction.refresh() } guard let appTransaction = appTransaction else { AppLogger.error("Couldn't get the app store transaction") return false } switch appTransaction { case .unverified(appTransaction, verificationError): // For what reasons should I expect this branch to be entered in production? return await inspectAppTransaction(appTransaction, verifiedByApple: false) case .verified(let appTransaction): return await inspectAppTransaction(appTransaction, verifiedByApple: true) } Thank you, Lou

Hello, I am implementing In-App Purchases in my app and want to ensure that only users whose email matches their Apple ID email (the account used on the device as apple account) can purchase the subscription. Is it possible to retrieve the Apple ID email from the device or verify if the email matches the user's email in the app? If this is not feasible, what is the recommended approach to differentiate users and associate subscriptions with specific users in a secure way? For instance, how do I ensure that a subscription is tied to the correct user within my app? I understand privacy constraints, but I am trying to find the best way to match the subscription to the correct user while adhering to Apple's guidelines. Any guidance or best practices would be appreciated. Thank you!

https://developer.apple.com/documentation/appstoreserverapi/get-v2-history-_transactionid I would like to inquire about the detailed triggers for updating receipts in this API specification. Recently, I was using this API with sort=DESCENDING&revoked=false to retrieve the expiration date of the most recent receipt and determine the subscription status. However, for some reason, an old receipt with an earlier expiration date appeared as the first receipt, and I would like to know the reason for this. Can you provide information on what specific events or actions trigger the updating of receipts in this API? Also, regarding https://developer.apple.com/documentation/appstoreserverapi/status, will statuses 3 and 4 not be returned in the response unless the billing grace period is enabled in the App Store? -- Japanese こちらのAPI仕様ですが、どのようなトリガーでレシートが更新されるのか詳細に伺いたいです。 先日このAPIを使用してsort=DESCENDING&revoked=falseで一番最初のレシートの有効期限を取得して課金状態か判断していたのですが、どういったわけか一番最初のレシートに古い有効期限のレシートが入ってきたので理由を知りたいです。 また、https://developer.apple.com/documentation/appstoreserverapi/status のステータスはAppleStoreで請求猶予期間を有効化しないと3,4はレスポンスされませんか？

With the imminent suspension of SHA-1 on App Store receipts, we desperately need an objective C code sample demonstrating how to calculate the same SDH-256 hash on device to compared with the hash from the App Store receipt. The forced migration to SHA256 for app store receipts this month mean we have to rewrite our on device receipt validation code. However there is no documentation or objC sample code on how to validate the SHA256 hash from MAS receipts. Thje documentation at https://developer.apple.com/documentation/technotes/tn3138-handling-app-store-receipt-signing-certificate-changes/ does not give any detail on how to validate SHA256. All my 100+ hours of experimentation and trial and error attempting to create a matching SHA256 has on device have failed. We desperately need some ObjC Sample code to validate the SHA256 hash on device. Our existing SHA1 code is still working but we expect SHA1 hashes to disappear from MAS Receipts any day now. Tnanks for any advice !

Stripe offers variable payment structures, also known as "irregular recurring payments," which include: Usage-based billing: Charges amounts based on usage during the billing cycle (e.g., minutes used or energy consumed). Quantity-based billing: Charges a pre-agreed amount based on quantity (e.g., number of users in a subscription). Is it possible to implement this type of billing in the Apple Store for apps? How would variations in amounts be handled?

To handle the upcoming App Store receipt signing certificate changes I switched my Mac app to use the new recommended APIs about a month ago at the beginning of December 2024. The transition worked seamlessly for most users except a few ones that only needed to re-enter their Mac App Store credentials. My app is available discounted to Educational Institutions who use the Apple School Manager system to purchase and manage app on student's devices. Starting Jan. 7h this week, several schools contacted me that the app fails receipt validation. Reinstalling the app from scratch doesn't help. Is this some kind of server side failure from Apple's side? Are there special cases to consider on my side when verifying receipts for educational purchases? (I didn't find anything in the documentation) Here is my (simple) receipt validation code: import StoreKit extension AppDelegate { func validateReceipt() { Task { do { let verificationResult = try await AppTransaction.shared switch verificationResult { case let .verified(appTransaction): Log.i("Receipt verification succeeded.", tag: "🧾") case let .unverified(appTransaction, verificationError): Log.w("Receipt verification failed with error: \(verificationError.localizedDescription)", tag: "🧾") showVerificationFailureAlert() } } catch { Log.w("Failed to retrieve AppTransaction: \(error.localizedDescription)", tag: "🧾") showVerificationFailureAlert() } } } private func refreshReceipt() { Task { do { let result = try await AppTransaction.refresh() switch result { case let .verified(appTransaction): Log.i("Receipt refreshed and verified successfully.", tag: "🧾") case let .unverified(appTransaction, verificationError): Log.w("Refreshed receipt verification failed with error: \(verificationError.localizedDescription)", tag: "🧾") showVerificationFailureAlert() } } catch { Log.w("Failed to refresh AppTransaction: \(error.localizedDescription)", tag: "🧾") showVerificationFailureAlert() } } } private func showVerificationFailureAlert() { DispatchQueue.main.async { let alert = NSAlert() alert.messageText = "Receipt Verification Failed" alert.informativeText = "Unable to verify the app receipt." alert.alertStyle = .critical // Add "Retry" and "Cancel" buttons alert.addButton(withTitle: "Retry") alert.addButton(withTitle: "Cancel") let response = alert.runModal() if response == .alertFirstButtonReturn { self.refreshReceipt() } else { NSApp.terminate(nil) } } } }

Hi everybody! I'm desperately looking for help as I'm stuck with a rather fundamental problem regarding StoreKit2 - and maybe Swift Concurrency in general: While renovating several freemium apps I'd like to move from local receipt validation with Receigen / OpenSSL to StoreKit2. These apps are using a dedicated "StoreManager" class which is encapsulating all App Store related operations like fetching products, performing purchases and listening on updates. For this purpose the StoreManager holds an array property with IDs of all purchased products, which is checked when a user invokes a premium function. This array can have various states during the app's life cycle: Immediately after app launch (before the receipt / entitlements are checked) the array is empty After checking the receipt the array holds all (locally registered) purchases Later on it might change if an "Ask to Buy" purchase was approved or a purchase was performed It is important that the array is instantly used in other (Objective-C) classes to reflect the "point in time" state of purchased products - basically acting like a cache: No async calls, completion handler, notification observer etc. When moving to StoreKit2 the same logic applies, but the relevant API calls are (of course) in asynchronous functions: Transaction.updates triggers Transaction.currentEntitlements, which needs to update the array property. But Xcode 16 is raising a strict error because of potential data races when accessing the instance variable from an asynchronous function / actor. What is the way to propagate IDs of purchased products app-wide without requiring every calling function as asynchronous? I'm sure I'm missing a general point with Swift Concurrency: Every example I found was working with call-backs / await, and although this talk of WWDC 2021 is addressing "protecting mutable states" I couldn't apply its outcomes to my problem. What am I missing?

Problem Description: The transaction ID 260002098039215 exists in the order lookup but is not retrievable via the history or subscription APIs. This inconsistency is causing difficulties in verifying the transaction. Steps to Reproduce: Lookup Order Details
Using the Apple Store API:
https://api.storekit.itunes.apple.com/inApps/v1/lookup/{orderId}
I queried the order details with the customer order ID: MNDBHSMSX8.
This successfully returned transaction details, including:
"transactionId": "260002098039215" Query Transaction History
Next, I used the transaction ID (260002098039215) with the API:
https://api.storekit.itunes.apple.com/inApps/v1/history/{transactionId}
However, this query failed to return any transaction data. Query Subscription History
As a workaround, I used the original transaction ID (260000951614623) with the API:
https://api.storekit.itunes.apple.com/inApps/v1/subscriptions/{originalTransactionId}
This successfully returned subscription history. However, the transaction ID 260002098039215 is missing from the subscription history response. Request for Help: Has anyone encountered a similar issue with missing transaction records? Could there be an explanation for why 260002098039215 is not included in the history or subscription results? Any guidance or insight would be greatly appreciated.

This question is about In-App Purchase. This is an inquiry from one of our customers. We have set up a free trial. This is your first time using the service, but you have stated that you have been charged. Document. https://developer.apple.com/documentation/appstorereceipts/is_trial_period 「You can use this value to determine whether the specific record is in a subscription trial period. If a previous subscription period in the receipt has the value "true" for either the is_trial_period or is_in_intro_offer_period keys, the user is not eligible for a free trial or introductory price within that subscription group.」 Our expectation is that is_trial_period is true. Receipt is not contain is_trial_period : true or is_in_intro_offer_period : true. Only one case has occurred. Other customers are no problem.

I have several ObjC based apps in the App Store and used to validate the receipt file inside the app in my code, and then reject it with exit(173) if it's invalid, which did trigger macOS to update the receipt if possible. This isn't working any more in recent macOS versions, where the user is instead just told that the app is damaged, and they need to re-install it manually. Which sucks. So I wanted to update my code. I read about SKReceiptRefreshRequest, which is supposed to re-download and install the receipt file, if I understand it correctly. I implemented the code but now have trouble verifying that it works as intended, and does this in a user friendly way. I found in my tests that macOS now caches the receipt in ~/Library/Caches/com.apple.appstoreagent/fsCachedData and then hardlinks the file into the app. BTW: Sadly, this also requires that the app is located on the startup volume or the system will refuse to install the receipt, which wasn't a requirement in past times. Now, if the receipt is already present in the cache folder, then my code works - the receipt gets re-linked. But what if the cached receipt isn't there, yet? Such as that the user had copied the app from another Mac over to a freshly installed Mac? In the past, when the user then launched the app on the new Mac, he'd be prompted to login to the MAS and if that worked, the receipt would get installed and the app launched. Basically, the question is: What if the receipt validation fails in my app and I request a new receipt, but the user has not yet logged into MAS (e.g. new computer)? To simulate this, I logging out of the MAS and TestFlight, deleting all copies of the app and then run the app that I had copied from another Mac where it was authorized with a valid receipt for that device. If I do this with the old version that uses exit(173), I get these two messages in macOS 15.2: The second one is especially terrible because it shows the translocated path, which the average user surely get quite confused, and then maybe even search in vain for the app in there and get frustrated. But that's out of my hands. Sigh. Now, that was proving that the old method with exit(173) isn't working any more and needs to be changed in my apps. Since I'm still developing (testing) this new behavior, the app is therefore not in the MAS yet - the only way for me to test this is to use TestFlight. However, running a Testflight app copied from another Mac leads to this error: That is not helpful in simulating what would happen if this app was released in the MAS. This won't let me find out what happens if my app is run on a Mac where the receipt fails and I ask it to load it via SKReceiptRefreshRequest and if the user is NOT yet logged into the MAS account for this purchased app of his/hers. That leaves only one option: Release the app with untested code and hope for the best. Contrary to this new behavior, the old method did let me test this easily because I would just use the special App Store tester account with the MAS app, i.e. the built MAS app would, when I launched it locally, request for a login and I'd provide my tester's account. But this isn't available any more, apparently. What a mess.

Hi, My app has been on the store for a few months now with a few updates. Now I plan a major update that will affect the structure of core data itself (key attribute replaced by relationship). I see no other way than asking the users to delete and reinstall the app to reset all data and start it as new. In a previous update I provided users the possibility to backup their data in a file so they can restore it with the future release. Is there a better way than using the "What's new in this version" section to pass the message to the users ?

Hello everyone, I want to set up subscriptions but I'm having problems testing them. Indeed, when I use the storekit file to view the subscriptions it works, I see the subscriptions and I can subscribe in XCODE mode. However, I'd like to go further and test with server notifications. So I removed the storekit file from the scheme, but I can't retrieve the products. The application doesn't retrieve any products.. I've been stuck on it for 2 weeks... I checked the contracts and put in all the information last Friday and everything is validated. I tested it in testflight mode, and it doesn't recognize any products! Just so you know, I use the original API for maximum compatibility.

Dear Reviewers/Apple Team/Community, We have trying to submit our app continuously for review and being rejected continuously by Apple. Our app works perfectly fine in TestFlight using the same ID apple is using. We have also provided recorded video of the testing in TestFlight to Apple reviewer. However, despite our requests below things are not done: Before testing the in-app purchase subscription are not being approved, despite us requesting the same every time during submissions. At times we are getting snapshots under error category, where everything is correct even from Apple testing. We have no other way but to explain, give snapshots, give videos to Apple to help them understand how to test the app. We have requested the reviewers multiple times for a call, but we got a call only 1 time. We are not sure what is the way we can get to talk with the reviewer and understand from them the issue they are facing. Can anyone please help us out? Below is one example, it was given it us under error category, where even with apple standard, the purchase is successful. Can someone help us out plz.