Suddenly receiving error 21002 from verifyReceipt endpoint for sandbox receipt

We started getting error code 21002 from the verifyReceipt endpoint today for any receipt passed to it:

{
    "status": 21002
}

I have created a new sandbox tester, and cleared and reinstalled the application before attempting the purchase. I'm seeing this response through RevenueCat's receipt validation tool (https://www.revenuecat.com/app-store-receipt-validation/) and from a direct cURL command:

curl --location --request POST 'https://sandbox.itunes.apple.com/verifyReceipt' \

--header 'content-type: application/json' \

--data-raw '{

    "receipt-data":"{RECEIPT_DATA}",

    "password":"{SECRET}",

    "exclude-old-transactions":"false"

}'

This was working as of yesterday, but seems to be failing for anyone who has tried today. Has anyone else run into issues with this?

Up vote post of w_grand Down vote post of w_grand
6.2k views
Posted by
w_grand
Reply

  • +1 we face the same issue starting from yesterday. all receipts verified against sandbox return error 21002

    moschous_manos
Add a Comment

Apple Recommended

There was an outage with the App Store receipt verification that is now resolved. See the status page for details. File a Feedback report if the issue still occurs.

Posted by
DTS Engineer
Up vote reply of DTS Engineer Down vote reply of DTS Engineer
Post marked as Apple Recommended Post marked as solved

  • We are still getting 21002s. When curling the endpoint multiple times it will succeed once out of approximately every 10 requests.

    KevinTwitch

  • We're still experiencing this issue. I have filed FB11984721 (App Store Sandbox Receipt Verification).

    Skyler_S

  • Also still experiencing the issue. I have filed FB11983534.

    tromboneparrot

Replies

I am also running into the same issue and it started occurring sometime this morning.

Posted by
nlaw9009
Post not yet marked as solved Up vote reply of nlaw9009 Down vote reply of nlaw9009
Add a Comment

Yes, we are seeing the same symptoms over here.

  • Everything was fine a few days ago.
  • We didn't change anything
  • Same error (21002) from RevenueCat's tool
  • Painstakingly bypassed any of our server-side or javascript code that is in any way involved.
Posted by
rparrett
Post not yet marked as solved Up vote reply of rparrett Down vote reply of rparrett
Add a Comment

The status page now shows an outage for Receipt Verification - https://developer.apple.com/system-status/. Hopefully this will be resolved soon.

Posted by
w_grand
Up vote reply of w_grand Down vote reply of w_grand
Add a Comment

Yes I am also facing the same issue since multiple hours now, should be an Apple problem, hope they will fix it soon

Posted by
eliaszaghrini
Post not yet marked as solved Up vote reply of eliaszaghrini Down vote reply of eliaszaghrini
Add a Comment

My team is hitting the exact same problem sandbox receipts as of today are returning as malformed data - worked fine in testing yesterday it seems like there must be some issue with the IAP system?

Posted by
ryan-dailyburn
Up vote reply of ryan-dailyburn Down vote reply of ryan-dailyburn
Add a Comment

Running into the same issue as well using both curl and our server receipt verification we get the 21002 response from https://sandbox.itunes.apple.com/verifyReceipt

Posted by
Jonh Snav
Up vote reply of Jonh Snav Down vote reply of Jonh Snav
Add a Comment

Yeah we are facing the same issue as well. It works in the App Store build but TestFlight and sandbox are failing

Posted by
kushsolitary
Up vote reply of kushsolitary Down vote reply of kushsolitary
Add a Comment

me too , env = sandbox , 21002

Posted by
eggapple1220
Up vote reply of eggapple1220 Down vote reply of eggapple1220
Add a Comment

+1. I hope Apple's official developers can answer this problem.

Posted by
sailip
Up vote reply of sailip Down vote reply of sailip
Add a Comment

Facing the same issue, Apple is aware of it and is reporting it as an outage in the System Statuses for developers

Posted by
eliaszaghrini
Post not yet marked as solved Up vote reply of eliaszaghrini Down vote reply of eliaszaghrini
Add a Comment

It is probably connected to Upcoming changes to the App Store receipt signing certificate

Posted by
KarymovDN
Post not yet marked as solved Up vote reply of KarymovDN Down vote reply of KarymovDN
Add a Comment

Ok, I took a receipt from Sandbox environment and extracted the certificates used to sign it. The last cert was Apple Root certificate, but the first 2 were the already expired intermediate certificates. Anything signed with those MUST fail after February 7. The part with "Not After : Feb 7 21:48:47 2023 GMT"

Certificate:
  Signature Algorithm: sha1WithRSAEncryption
    Issuer: C=US, O=Apple Inc., OU=Apple Worldwide Developer Relations, CN=Apple Worldwide Developer Relations Certification Authority
    Validity
      Not Before: Nov 13 02:15:09 2015 GMT
      Not After : Feb 7 21:48:47 2023 GMT
    Subject: CN=Mac App Store and iTunes Store Receipt Signing, OU=Apple Worldwide Developer Relations, O=Apple Inc., C=US

____________________

Certificate:
  Signature Algorithm: sha1WithRSAEncryption
    Issuer: C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Apple Root CA
    Validity
      Not Before: Feb 7 21:48:47 2013 GMT
      Not After : Feb 7 21:48:47 2023 GMT
    Subject: C=US, O=Apple Inc., OU=Apple Worldwide Developer Relations, CN=Apple Worldwide Developer Relations Certification Authority

____________________

Certificate:
  Signature Algorithm: sha1WithRSAEncryption
    Issuer: C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Apple Root CA
    Validity
      Not Before: Apr 25 21:40:36 2006 GMT
      Not After : Feb 9 21:40:36 2035 GMT
    Subject: C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Apple Root CA
Posted by
KarymovDN
Post not yet marked as solved Up vote reply of KarymovDN Down vote reply of KarymovDN

  • All my IAPs in the official/non-sandbox version stopped working as well. Also those that do no use an online Apple server check, so I assume the digital receipt already contained those certificates that expire.

    dwrae

  • Mine too - I had on-device verification of the chain to Apple Root CA. I did not check production myself, but someone wrote that one was different - it simply did not have a signature instead of expired one. So, if you did everything right and actually checked the certificates chain to root, you were stuck either way.

    Thank you Apple. What is the point of warning us to not depend on soon-to-be-changed intermediate certificates, if you actually did it not the way you described? :-(

    KarymovDN
Add a Comment

只有沙盒环境 21002

Posted by
zhangc
Up vote reply of zhangc Down vote reply of zhangc
Add a Comment

Today I discovered that purchases were broken in one application: Response from appstore for transactionId '2000000***' : {"status":21002}

In other app purchases still work. Is this an Apple problem?

Posted by
Roman34
Up vote reply of Roman34 Down vote reply of Roman34
Add a Comment

Can you explain the process of taking a receipt from the sandbox and extracting the cert?

Posted by
atom1959
Up vote reply of atom1959 Down vote reply of atom1959

  • I used an Internet article How to Validate iOS In-App Purchase Receipts Locally from https://medium.com/better-programming (I am not affiliated with it in any way.) It shows how to get the receipt (I used string input to XCode console), save it and extract the file receipt.pkcs7.certs. I opened that file with an editor and there were 3 certificates there. I divided it into 3 files, then ran command openssl x509 -in receipt.pkcs7.cert1 -text -noout for each one.

    KarymovDN

  • verifyReceipt has recovered. This restored our ability to purchase in the sandbox. It's still sporadic, so it may take a bit to clear up completely.

    atom1959
Add a Comment