Changes to hosting non-consumable in-app purchases in April 2022

App & System Services StoreKit In-App Purchase On demand resources

martax OP

Created Feb ’22

Replies 20

Boosts 0

Views 6.0k

Participants 9

I received an email from Apple:

We’re reaching out to let you know about upcoming changes to in-app purchase content hosting. In Xcode 13.3, we’ve removed the option to upload non-consumable in-app purchase assets for Apple to host. In addition, support for managing these assets in App Store Connect will be removed starting in April 2022.

Does this mean that Apple will no longer offer hosting non-consumable IAP content?

I'm not sure, as there is no indication of this on the App Store Connect help page: App Store Connect Help

(I have a lot of IAP content in my app which is hosted on the Apple server)

Answered by in 707037022

Hi,

We recently sent an email to developers who have uploaded non-consumable in-app purchase assets for Apple to host. Developers who haven’t uploaded non-consumable in-app purchase content for Apple to host aren't impacted and can disregard this post.

As noted in the email, in Xcode 13.3 we’ve removed the option to upload non-consumable in-app purchase assets for Apple to host. In addition, support for managing these assets in App Store Connect will be removed starting in April 2022.

Here are a few reminders that may be helpful regarding Apple-hosted non-consumable content (“content”):

Existing content isn’t affected, as also mentioned in the Xcode 13.3 Beta 3 Release Notes.
Users can continue to purchase and access existing content in your app.
Your apps can continue using the SKDownload APIs to download existing content.
You can continue to update details, such as pricing and availability, for products that are already created in App Store Connect.
Until April 2022, you can upload new content and update existing content for Apple to host. Use Xcode 13.2.1 or earlier to upload content, as Xcode 13.3 doesn’t support building and uploading Apple-hosted non-consumable products.
Starting in April 2022, any products that are not already enabled for Content Hosting in App Store Connect will no longer be eligible for hosting.

Consider using an alternative, such as on-demand resources (ODR), to host in-app purchase assets and content on the App Store separately from the app bundle.

For production apps, ODR content will continue to be hosted on Apple servers and have a similar level of security as other Apple-hosted content.
For sandbox development and testing, you need to set up a local server from which on demand resources will be downloaded.
ODR content must be updated and submitted with the app, not separately. App updates require App Review, so take this into consideration in your development cycle.

If you need technical advice implementing ODR, you can submit a Technical Support Incident.

Thanks,

—jasonag.

Boost

endecotp OP

Mar ’22

Dear Jason,

Thank you for confirming that the email was genuine.

Can you explain why such a short notice period has been chosen for the removal of this feature? Of course features are sometimes removed, but I can really never think of a case where there has been so little notice - just five weeks, or only three weeks if you start counting at then point when Apple stopped telling me that the email was a hoax. I had to double-check what year it is when I read "April 2022".

ODR content will ... have a similar level of security as other Apple-hosted content.

But not the same level of security as SKDownloads, which are restricted to users who have purchased the corresponding IAP. Here is a quote from the StoreKit documentation:

Most apps should use Apple-hosted content for downloaded files. You create an Apple-hosted content bundle using the In-App Purchase Content target in Xcode and submit it to App Store Connect.

(snip)

Note Alternatively, you can use On-Demand Resources (ODR) for more flexibility in downloading data in your app. ODR is an Apple-hosted service you can use to store in-app purchase data for the user to download content once you've verified the user's purchase using the app receipt. The advantage of this alternative over SKDownload is that ODR doesn't require you to call to restore transactions and authenticate the user to download content hosted on Apple's server.

My emphasis. You claim it is an advantage that ODR does not require authentication. What The?????

If you need technical advice implementing ODR, you can submit a Technical Support Incident.

Developer Technical Support does not assist with the implementation of anti-piracy / digital rights management features. (Unless that has changed. Please let us know if that policy has changed recently.)

hithlimited OP

Mar ’22

Dear Jason,

I just have to chime in to voice our displeasure at the insanely short notice of this change. One month's notice for a change of this magnitude is very short considering that you're asking us to implement an entirely separate and secure hosting setup, test it and ensure it is ready for full scale production in four weeks, despite an already packed development schedule (for many of us I'm sure). ODR is too limited an alternative for many people to plug into and as others have pointed out does not have the security of SKDownload.

I submit that 6 months is a more reasonable timeframe for such a grand change and ask you to pass it up the chain. Thank you.

music4sport OP

Apr ’22

I was actually working on some new IAPs for one of my apps which is totally based around downloadable sample-based instruments. I basically had to can about two months worth of work.

It was also a nightmare (for me, at least) getting the whole SK download stuff working properly. At one point, it was all working great, then there was an iOS update, and everything was broken again.

Maybe little wonder Apple decided to "deprecate" this...

Muttley OP

Apr ’23

So can anyone tell me the recommended way to deal with this; I have an app since 2016 which uses non consumable content. I just tried to upload a new non consumable as a pkg to apple but noticed there was no facility to add to the IAP within 'connect'. What is the best way forward with this?

endecotp OP

Apr ’23

can anyone tell me the recommended way to deal with this

That will depend on what server-side technologies you are familiar with or are already using, and how much security you need.

I use AWS, and I have a Lambda function that implements AppAttest to authorise a download from CloudFront / S3. The main disadvantage of this is the bandwidth cost. If I were starting from scratch I'd look at Cloudflare R2.