Hi everyone, I'm experiencing an issue with APNs server notifications where I receive a 404 error when trying to validate the signedPayload from Apple's notification. Below is a sanitized version of my code: class ServerNotificationAppleController extends Controller { // URL for StoreKit keys (Sandbox environment) private $storeKitKeysUrl = 'https://api.storekit-sandbox.itunes.apple.com/inApps/v1/keys'; public function handleNotification(Request $request) { \Log::info($request); $signedPayload = $request->input('signedPayload'); if (!$signedPayload) { return response()->json(['error' => 'signedPayload not provided'], 400); } // Step 1: Create your JWT token (token creation logic can be in a separate service) $jwtToken = $this->generateAppleJWT(); // Step 2: Send a request to the StoreKit keys endpoint $response = Http::withHeaders([ 'Authorization' => 'Bearer ' . $jwtToken, ])->get($this->storeKitKeysUrl); Log::info('Apple Keys Status:', ['status' => $response->status()]); Log::info('Apple Keys Body:', ['body' => $response->body()]); if ($response->status() !== 200) { return response()->json(['error' => "Apple public keys couldn't be retrieved"], 401); } $keysData = $response->json(); // Step 3: Validate the signedPayload $validatedPayload = $this->validateSignedPayload($signedPayload, $keysData); if (!$validatedPayload) { return response()->json(['error' => 'Invalid signedPayload'], 400); } // Process the validated data as needed Log::info("Apple Purchase Data:", (array)$validatedPayload); return response()->json(['message' => 'Notification processed successfully'], 200); } private function generateAppleJWT() { // API key details (replace placeholders with actual values) $keyId = config('services.apple.key_id'); // e.g., <YOUR_KEY_ID> $issuerId = config('services.apple.issuer_id'); // e.g., <YOUR_ISSUER_ID> $privateKey = file_get_contents(storage_path(config('services.apple.private_key'))); // Set current UTC time and expiration time (20 minutes later) $nowUtc = Carbon::now('UTC'); $expirationUtc = $nowUtc->copy()->addMinutes(20); // Create the payload with UTC timestamps $payload = [ 'iss' => $issuerId, 'iat' => $nowUtc->timestamp, 'exp' => $expirationUtc->timestamp, 'aud' => 'appstoreconnect-v1', 'bid' => 'com.example.app', // Replace with your Bundle ID if necessary ]; // Generate the JWT token return JWT::encode($payload, $privateKey, 'ES256', $keyId); } private function validateSignedPayload($signedPayload, $keysData) { try { $jwkKeys = JWK::parseKeySet($keysData); return JWT::decode($signedPayload, $jwkKeys, ['RS256']); } catch (\Exception $e) { Log::error("Apple Purchase Validation Error: " . $e->getMessage()); return null; } } } I’m particularly puzzled by the fact that I receive a 404 error when trying to retrieve the public keys from the StoreKit keys endpoint. Has anyone encountered this issue or can provide insight into what might be causing the error? Any help or suggestions would be greatly appreciated. Thanks!

I have an App Clip that uses SKOverlay.AppClipConfiguration to install the full app. Before I added a Live Activity call (Activity.request), the user could see “Install,” then “Open.” Now, once “Get” is tapped, the Clip immediately closes—no “Open” button appears. If I remove the Live Activity code, it works again. I’ve confirmed that parent/child entitlements match, and tested via TestFlight. Is there a known issue or recommended workaround for combining SKOverlay + Live Activities in an App Clip so it doesn’t dismiss prematurely? Any insights are appreciated! Note live activity is for App Clip only.

We use Transaction.currentEntitlements in StokeKit 2 to unlock functionality based on a Non-Consumable IAP but we have a case involving a refund that seems wrong and I am trying to understand the interation between transactionId, originalTransactionId & revocationReason. The Context: We have a universal App on macOS and iOS that offers a shared Non-Consumable IAP. For this example I have named it "app.lifetime" On macOS we use StoreKit 2 and I am calling the Transaction.currentEntitlements and Transaction.all functions. On iOS we are still using StoreKit 1. This example customer: Originally purchased "app.lifetime" on 2024-10-27 Was refunded by Apple for "app.lifetime" on 2024-10-29 Re-purchased "app.lifetime on 2025-02-24 (I have seen an email receipt of this transaction but it never shows up in Transaction data) (all the above happened on the mac via StoreKit 2) The Transactions (all lightly redacted for privacy): on macOS the following is returned from Transaction.currentEntitlements... { "appTransactionId" : "...8123", "bundleId" : "app", "currency" : "USD", "deviceVerification" : "...", "deviceVerificationNonce" : "...", "environment" : "Production", "inAppOwnershipType" : "PURCHASED", "originalPurchaseDate" : 1729997808000, "originalTransactionId" : "...9955", "price" : 1, "productId" : "app.lifetime", "purchaseDate" : 1729997808000, "quantity" : 1, "signedDate" : 1740416289102, "storefront" : "USA", "storefrontId" : "143441", "transactionId" : "...7511", "transactionReason" : "PURCHASE", "type" : "Non-Consumable" } Note in the above example the originalTransactionId & transactionId are different. Transaction.all however returns both transactions: [ { "appTransactionId" : "...8123", "bundleId" : "app", "currency" : "USD", "deviceVerification" : "...", "deviceVerificationNonce" : "...", "environment" : "Production", "inAppOwnershipType" : "PURCHASED", "originalPurchaseDate" : 1729997808000, "originalTransactionId" : "...9955", "price" : 1, "productId" : "app.lifetime", "purchaseDate" : 1729997808000, "quantity" : 1, "revocationDate" : 1730224102000, "revocationReason" : 0, "signedDate" : 1740415969925, "storefront" : "USA", "storefrontId" : "143441", "transactionId" : "...9955", "transactionReason" : "PURCHASE", "type" : "Non-Consumable" }, { "appTransactionId" : "...8123", "bundleId" : "app", "currency" : "USD", "deviceVerification" : "...", "deviceVerificationNonce" : "...", "environment" : "Production", "inAppOwnershipType" : "PURCHASED", "originalPurchaseDate" : 1729997808000, "originalTransactionId" : "...9955", "price" : 1, "productId" : "app.lifetime", "purchaseDate" : 1729997808000, "quantity" : 1, "signedDate" : 1740416289102, "storefront" : "USA", "storefrontId" : "143441", "transactionId" : "...7511", "transactionReason" : "PURCHASE", "type" : "Non-Consumable" } ] Note here that the original transaction ("...9955") includes a revocationDate and revocationReason that match the expected refund but the secondary transaction that seems to match on all other details is missing the revocation info. Looking at the iOS SK1 receipt data to compare, after a receipt refresh I see only a single transaction "...9955" which includes the cancellation info and transaction "...7511" is not present at all. The impact of this is that on iOS we are considering the purchase void but on macOS we are following currentEntitlements and consdering it still valid. Calling the inApps/v1/history/... server API with the "...7511" transactionId that is shown in the currentEntitlements response returns the "...9955" transaction with the correct revocation status but "...7511" is no returned at all. To Summarise: currentEntitlements on macOS shows transaction "...7511" as active and with an originalTransactionId of "...9955" all on macOS includes both "...7511" as active and "...9955" as revoked iOS reciept data shows only "...9955" as revoked Server API shows only "...9955" as revoked event when explicitly called with "...7511" Neither of them show a more recent purchase the same customer made for the same IAP product. My questions are: Is this a StoreKit bug or am I mis-understanding something? If it's a bug how can I work around it to ensure revoked purchases aren't still appearing in currentEntitlements? Under what conditions can StoreKit generate multiple transactionIds for the same underlying originalTransactionId? I had assumed (and the docs suggest) this only happens for subscriptions but here it is happening for a Non-Consumable IAP. Why would transactionId "...7511" only be present on macOS/SK2 and not visible at all on iOS/SK1 or API? I don't understand why the latest IAP from 2025-02-24 that the customer assures me they made (and has shown me the receipt for is not showing up in the Transactions history at all. Any ideas?

A customer of mine signed up for a free trial. I got a apple server notification with notification type DID_RENEW. What does that mean? Does that mean that they will be charged the subscription price now?

users download app with Streamlined Purchasing ,but the logic of checking subscription doesn't work. there the code: func checkSubscriptionStatus() async { for await entitlement in Transaction.currentEntitlements { guard case .verified(let transaction) = entitlement else { continue } if transaction.productID == monthlyProductID || transaction.productID == yearlyProductID { if transaction.revocationDate == nil && !transaction.isUpgraded { let activeSubscribed = transaction.expirationDate ?? .distantFuture > .now if activeSubscribed { hasActiveSubscription = activeSubscribed // other operation } } } } }

I am trying to test this simulated Error. The issue is, I can't get this to trigger through the simulatedError function. Error will always end up as an unknown error Example code snippet: @available(iOS 17.0, *) func testPurchase_InvalidQuantity() async throws { // Arrange testSession.clearTransactions() testSession.resetToDefaultState() let productID = "consumable_1" try await testSession.setSimulatedError(.purchase(.invalidQuantity), forAPI: .purchase) guard let product = await fetchProduct(identifier: productID) else { XCTFail("Failed to fetch test product") return } let option = Product.PurchaseOption.quantity(4) let result = await manager.purchase(product: product, options: option) switch result { case .success: XCTFail("Expected failure due to invalid quantity") case .failure(let error): print("Received error: \(error.localizedDescription)") switch error { case .purchaseError(let purchaseError): XCTAssertEqual(purchaseError.code, StoreKitPurchaseError.invalidQuantity.code) default: XCTFail("Unexpected error: \(error)") } } } In the above code snippet, I have an Unexpected Error. But if i remove try await testSession.setSimulatedError(.purchase(.invalidQuantity), forAPI: .purchase) I will receive a XCTFail in the success of my result. So when I set the quantity to a -1, only then can I correctly receive an invalidQuantity. Does anyone know why the try await testSession.setSimulatedError(.purchase(.invalidQuantity), forAPI: .purchase) would fail to work as directed? I have tests for all the generic errors for loadProducts API and the simulatedError works great for them

Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You may be connecting to a server masquerading as a "auth-sandbox.itunes.apple.com", which threatens the security of your confidential information. "

In developing a new MacOS app in Xcode I set up a Storekit configuration file so I could test 2 non-consumable purchases locally. I've been successfully testing them for the past couple of weeks, but suddenly yesterday I found I was unable to make purchases. I can successfully fetch products, but when I try to purchase either of them, I get the following error: Error handling payment sheet request: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service created from an endpoint was invalidated from this process." UserInfo= {NSDebugDescription=The connection to service created from an endpoint was invalidated from this process.} Purchase did not return a transaction: Error Domain=ASDErrorDomain Code=5115 "Received failure in response from Xcode" UserInfo= {NSDebugDescription=Received failure in response from Xcode, NSUnderlyingError=0x600002d44ae0 {Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service created from an endpoint was invalidated from this process." UserInfo= {AMSDescription=An unknown error occurred. Please try again., AMSURL=http://localhost:51482/WebObjects/MZBuy.woa/wa/inAppBuy, NSDebugDescription=The connection to service created from an endpoint was invalidated from this process., AMSStatusCode=200, AMSServerPayload={ "app-list" = ( ); dialog = { cancelButtonString = Cancel; defaultButton = Buy; explanation = "Do you want to buy one App Registration for $2.99?\n\n[Environment: Xcode]"; initialCheckboxValue = 1; "m-allowed" = 0; message = "Confirm Your In-App Purchase"; okButtonAction = { buyParams = "bid=com.airlinemates.backup&bvrs=1.4&offerName=EIBREG&quantity=1&deviceVerification=5084f98e-ab99-5846-827e-048d00d9fac3"; itemName = EIBREG; kind = Buy; }; okButtonString = Buy; paymentSheetInfo = { caseControl = true; confirmationTitle = Pay; countryCode = US; currency = USD; designVersion = 2; displayPrice = "$2.99"; flexList = ( { value = ( { style = priceMain; value = "$2.99"; }, { style = priceSub; value = "One-time charge"; } ); }, { header = "$null"; value = "For testing purposes only. You will not be charged for confirming this purchase."; } ); price = "2.99"; requestor = AppStore; salableIcon = "http://localhost:53078/StoreKit/AppIcon?bid=com.airlinemates.backup"; salableIconType = app; salableInfo = ( "App Registration %%image_0%%", backup, "In-App Purchase" ); styles = ( { bold = true; name = priceMain; size = large; }, { color = gray; name = priceSub; }, { bold = true; name = priceMainSpaceBefore; size = large; spacingBefore = medium; } ); title = { type = text; value = Xcode; }; }; }; "download-queue-item-count" = 0; dsid = 17322632127; failureType = 5115; jingleAction = inAppBuy; jingleDocType = inAppSuccess; pings = ( ); }}}} I've Googled & can't find any reference to this specific error, or even anything that points me in a direction to find the root cause. It's very strange because I haven't made any changes to the code & I hadn't changed the configuration file prior to this error appearing. I've since deleted the configuration file & created a new one - but it's still not working. If I create a transaction in Storekit transaction manager, the app picks it up as having been purchased - so the issue is only isolated to purchases initiated from the app. If I stop using the configuration file when I run the app, it works fine through sandbox testing the real items in App Store Connect.

I have a subscription group with two individual subscriptions configured but when trying to load the SubscriptionStoreView I get the error: "Subscription Unavailable: The subscription is unavailable in the current storefront." When I try to load the ProductView, it appears to be stuck in a loading screen. I am running the app on a device that is signed into a sandbox account. Any guidance would be greatly appreciated. Thank you.

Please allow me to confirm the Server Notifications V2 specification. I am aware that if withdrawal an Apple account that has a subscription, the subscription will eventually be cancelled. Regarding Server Notifications V2 notifications with a notificationType of EXPIRED, am I correct in thinking that they will be sent when the subscription expires even if the Apple account is withdrawal?

Hello, I recently received feedback from two users that they charged twice after entering their password when trying to initiate payment on the app. I checked my front-end and back-end codes, both of which only initiate one order, but I don't know why the user deducts two payments after entering the password. I hope everyone can help me analyze this problem and how it came about? Additionally, I wonder if there is a possibility that the system may prompt the user to enter their password again due to network issues, resulting in the deduction of two payments. But the user told us that they only entered the password once (I don't know if the user lied). I am unable to find how the problem arose. I hope you can help me analyze how to solve this problem? If you also encounter such a problem, can you teach me how to solve it?

I am trying to implement in-app purchases in Apple TV. I added a "non-consumable" product and started testing in Sandbox, but it did not work properly. While I am trying to fetch the product from the appstore, it won't give any responses like success or failure. So that our app gets rejected in the App Store. Please provide me the steps to implement in-app purhcase in Apple tvos using Swift. Note: The same code is working fine in iOS.

Hello! How can I set appAccountToken when I'm using the new SwiftUI view SubscriptionStoreView for subscription? Previously I was able to set it as a purchase option here https://developer.apple.com/documentation/storekit/product/purchase(options:) but I don't see purchase options with SubscriptionStoreView. Thank you, sendai

My question is simple, I do not have much experience in writing swift code, I am only doing it to create a small executable that I can call from my python application which completes Subcription Management. I was hoping someone with more experience could point out my flaws along with giving me tips on how to verify that the check is working for my applicaiton. Any inight is appreciated, thank you. import Foundation import StoreKit class SubscriptionValidator { static func getReceiptURL() -> URL? { guard let appStoreReceiptURL = Bundle.main.appStoreReceiptURL else { print("No receipt found.") return nil } return appStoreReceiptURL } static func validateReceipt() -> Bool { guard let receiptURL = getReceiptURL(), let receiptData = try? Data(contentsOf: receiptURL) else { print("Could not read receipt.") return false } let receiptString = receiptData.base64EncodedString() let validationResult = sendReceiptToApple(receiptString: receiptString) return validationResult } static func sendReceiptToApple(receiptString: String) -> Bool { let isSandbox = Bundle.main.appStoreReceiptURL?.lastPathComponent == "sandboxReceipt" let urlString = isSandbox ? "https://sandbox.itunes.apple.com/verifyReceipt" : "https://buy.itunes.apple.com/verifyReceipt" let url = URL(string: urlString)! let requestData: [String: Any] = [ "receipt-data": receiptString, "password": "0b7f88907b77443997838c72be52f5fc" ] guard let requestBody = try? JSONSerialization.data(withJSONObject: requestData) else { print("Error creating request body.") return false } var request = URLRequest(url: url) request.httpMethod = "POST" request.httpBody = requestBody request.setValue("application/json", forHTTPHeaderField: "Content-Type") let semaphore = DispatchSemaphore(value: 0) var isValid = false let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data, error == nil, let jsonResponse = try? JSONSerialization.jsonObject(with: data) as? [String: Any], let status = jsonResponse["status"] as? Int else { print("Receipt validation failed.") semaphore.signal() return } if status == 0, let receipt = jsonResponse["receipt"] as? [String: Any], let inApp = receipt["in_app"] as? [[String: Any]] { for purchase in inApp { if let expiresDateMS = purchase["expires_date_ms"] as? String, let expiresDate = Double(expiresDateMS) { let expiryDate = Date(timeIntervalSince1970: expiresDate / 1000.0) if expiryDate > Date() { isValid = true } } } } semaphore.signal() } task.resume() semaphore.wait() return isValid } }

Please help! I have a subscription IAP failing on tvOS 18.2 at: func makePurchase(_ product: Product) async throws { let result = try await product.purchase() //ERROR OCCURS HERE (See error message below) ... Xcode Console message: "Could not get confirmation scene ID for [insert my IAP id here]" The IAP subscription was working fine on 18.1 and earlier, and the same IAP and code is also running fine on iOS 18.2. The tvOS error on 18.2 happens both in production and sandbox. Are there any changes to StoreKit 2 which might cause this error?

After the release of StoreKit 2.0, the in-app purchase failure rate increased by 63.19%, with the majority of errors being StoreKitError.unknown. When encountering this error, many users repeatedly attempt to make a purchase, but the outcome remains unchanged, resulting in the same unknown error. In some cases, users who wait approximately 2 minutes before retrying the purchase may either succeed or encounter the following error: “StoreKit.StoreKitError.systemError(Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named com.apple.storekitd”)”. This issue has directly impacted our app's purchasing flow. Because our app only displays the promotional purchase offer once, these issues have significantly reduced the number of users successfully completing the offer. As a result, the conversion rate for this promotion has dropped well below expectations, negatively impacting our business metrics.

I am currently testing my in app subscription via sandbox. I am able to make the purchase and verify it, but it will not auto renew. The sandbox account is flagged as being subscribed, so it can't be purchased again, but I don't actually get the auto renewal. I did notice that randomly on app boot up, I'll get a bunch of the backlogged auto renewals come in, but they are never actually sent to me when the 3 minute expiration is finished. This is on macOS, so I am not able to actually look at and manage the sandbox subscriptions. It seems like that's only a thing for iOS. Is this just a behavior with the sandbox environment or will this behavior also happen with legitimate App Store? The code I use is below: @MainActor func updateCustomerProductStatus() async { var purchasedSubscriptions: [Product] = [] for await result in Transaction.currentEntitlements { do { let transaction = try checkVerified(result) switch transaction.productType { case .autoRenewable: if let subscription = subscriptions.first(where: { $0.id == transaction.productID}) { purchasedSubscriptions.append(subscription) } default: break } } catch { print("catching \(error)") } } init() { subscriptions = [] updateListenerTask = listenForTransactions() Task { await requestProducts() await updateCustomerProductStatus() } } deinit { updateListenerTask?.cancel() } func listenForTransactions() -> Task<Void, Error> { return Task.detached { // Iterate through any transactions that don't come from a direct call to `purchase()`. for await result in Transaction.updates { do { let transaction = try self.checkVerified(result) // Deliver products to the user. await self.updateCustomerProductStatus() // Always finish a transaction. await transaction.finish() } catch { // StoreKit has a transaction that fails verification. Don't deliver content to the user. print("Transaction failed verification.") } } } }

I'm using the iOS simulator with a StoreKit configuration file. I can see that there have been transactions while the app has been closed, but my StoreKit 2 listener is never called with those updates to be able to finish them When I open my app from a cold start. I've added a listener on application(_:didFinishLaunching:launchOptions:) like this: func startObservingTransactions() { task = Task(priority: .background) { for await result in Transaction.updates { if case .verified(let transaction) = result { await transaction.finish() } } } } But the Transaction.updates loop never gets called (have added breakpoints to check). It's only ever called when a purchase is made, or subsequent transaction renewals when the app is open. Only then it will get the previously unfinished transactions. Steps to reproduce: Create an app with a StoreKit config file (with sped up transactions) to purchase an item Make a purchase then quit the app Wait for a bit for more transactions to be made while the app is closed. Open the app from a cold start and none of the transactions will be finished by the listener in your app. Cancel the subscription via the transaction manager. Close and open the app from a cold start. The first transaction will be finished by the listener but none of the others will be. In Apple's docs it says If your app has unfinished transactions, the listener receives them immediately after the app launches Why is this not the case?

I'm attempting to test an in app purchase for my app on my phone (not in a simulator, not sandbox testing). I'm getting an error that certificate check has failed. Could this have anything to do with the SHA-1 warnings that Apple has recently mentioned? I've tried regenerating my StoreKit file, cleaning the build, restarting XCode, resetting all of my devices purchases from the Debug > StoreKit menu, all with no luck. Any help would be greatly appreciated. 2025-01-10 19:52:19.974564-0500 MyApp[74478:30675548] [Default] Failed to verify certificate chain due to client recoverable failure: Error Domain=NSOSStatusErrorDomain Code=-67818 "“StoreKit Testing in Xcode” certificate is expired" UserInfo={NSLocalizedDescription=“StoreKit Testing in Xcode” certificate is expired, NSUnderlyingError=0x3027b9d40 {Error Domain=NSOSStatusErrorDomain Code=-67818 "Certificate 0 “StoreKit Testing in Xcode” has errors: Certificate is not temporally valid;" UserInfo={NSLocalizedDescription=Certificate 0 “StoreKit Testing in Xcode” has errors: Certificate is not temporally valid;}}} 2025-01-10 19:52:19.978233-0500 MyApp[74478:30675483] [Default] Failed to verify signature for Transaction, will assume invalid: failedToVerifyCertificateChain Purchase succeeded but verification failed: Certificate Chain Invalid Failed to purchase Premium: invalidCertificateChain saveUnencrypted: Started saving form_info.json saveUnencrypted: Saved form_info.json to Documents Directory in 9 ms (JSONEncoder chunk-based copy-on-write, 1 chunks) at ...

As you can see in the screenshot, the verification popups that appear when making a StoreKit purchase cut off the buttons. When typing the code into the input field, the window will also flicker and stutter with random view refreshes. Is this something I can configure/change? It's not a very pleasant experience for making an in app purchase.