iOS Storekit2 Appstore production environment, some user feedback in app purchase faliure, What our log records is StoreKitError.unknown，please How to solve problem, thanks

We are running into exceptions when trying to parse Purchase Date and Original Purchase Date from the base64 encoded receipt. Expected RFC 3339 format of ASN.1 Field Value is: yyyy-MM-ddTHH:mm:ssZ but we end up getting back 2025-04-22T19.49.03Z. Started to happen on 3rd Dec 2024.

Issue Description When using the App Store Server API endpoint GET v2/history/{transactionId} to retrieve transaction history for a specific transaction, I'm observing unexpected changes in the appTransactionId field across related transactions in the same subscription group. Important Context: This is a "clean" auto-renewable subscription with no user intervention - the user has had continuous auto-renewals without any upgrades, downgrades, cancellations, or resubscriptions. The subscription has been renewing automatically and successfully throughout the entire period. API Call GET v2/history/1000000000000001 Response Data The API returns the following transaction history, where I notice the appTransactionId values are inconsistent across what should be a straightforward auto-renewal sequence: Note: The data below has been sanitized for privacy protection (IDs, bundle identifiers, etc. have been replaced with example values), but the logical relationships, date sequences, and the core issue remain identical to the original data. Array ( [0] => Array ( [transactionId] => 1000000000000001 [originalTransactionId] => 1000000000000001 [webOrderLineItemId] => 1000000000000001 [bundleId] => com.example.myapp [productId] => MonthlySubscription [subscriptionGroupIdentifier] => 20000000 [purchaseDate] => 1743784032000 [originalPurchaseDate] => 1743784034000 [expiresDate] => 1746376032000 [quantity] => 1 [type] => Auto-Renewable Subscription [inAppOwnershipType] => PURCHASED [signedDate] => 1751868174651 [environment] => Production [transactionReason] => PURCHASE // Original purchase [storefront] => USA [storefrontId] => 143441 [price] => 100000 [currency] => USD [appTransactionId] => 700000000000000001 // Different value ) [1] => Array ( [transactionId] => 1000000000000002 [originalTransactionId] => 1000000000000001 [webOrderLineItemId] => 1000000000000002 [bundleId] => com.example.myapp [productId] => MonthlySubscription [subscriptionGroupIdentifier] => 20000000 [purchaseDate] => 1746376032000 [originalPurchaseDate] => 1746347349000 [expiresDate] => 1749054432000 [quantity] => 1 [type] => Auto-Renewable Subscription [inAppOwnershipType] => PURCHASED [signedDate] => 1751868174651 [environment] => Production [transactionReason] => RENEWAL // First auto-renewal [storefront] => USA [storefrontId] => 143441 [price] => 100000 [currency] => USD [appTransactionId] => 700000000000000002 // Same for renewals ) [2] => Array ( [transactionId] => 1000000000000003 [originalTransactionId] => 1000000000000001 [webOrderLineItemId] => 1000000000000003 [bundleId] => com.example.myapp [productId] => MonthlySubscription [subscriptionGroupIdentifier] => 20000000 [purchaseDate] => 1749054432000 [originalPurchaseDate] => 1749025657000 [expiresDate] => 1751646432000 [quantity] => 1 [type] => Auto-Renewable Subscription [inAppOwnershipType] => PURCHASED [signedDate] => 1751868174651 [environment] => Production [transactionReason] => RENEWAL // Second auto-renewal [storefront] => USA [storefrontId] => 143441 [price] => 100000 [currency] => USD [appTransactionId] => 700000000000000002 // Same as previous renewal ) [3] => Array ( [transactionId] => 1000000000000004 [originalTransactionId] => 1000000000000001 [webOrderLineItemId] => 1000000000000004 [bundleId] => com.example.myapp [productId] => MonthlySubscription [subscriptionGroupIdentifier] => 20000000 [purchaseDate] => 1751646432000 [originalPurchaseDate] => 1751617840000 [expiresDate] => 1754324832000 [quantity] => 1 [type] => Auto-Renewable Subscription [inAppOwnershipType] => PURCHASED [signedDate] => 1751868174651 [environment] => Production [transactionReason] => RENEWAL // Third auto-renewal [storefront] => USA [storefrontId] => 143441 [price] => 100000 [currency] => USD [appTransactionId] => 700000000000000002 // Same as previous renewals ) ) Questions Is this behavior expected? Should the appTransactionId change between the original purchase and subsequent renewals within the same subscription group, especially when there are no user actions (upgrades/downgrades/cancellations/resubscriptions)? What determines the appTransactionId value? The documentation doesn't clearly explain when this identifier might change or what triggers a new value. This is particularly puzzling since this is a straightforward auto-renewal scenario. How should we handle this in our backend logic? Should we treat transactions with different appTransactionId values as separate entities, or should we rely on originalTransactionId for grouping related subscription transactions? Is this a known issue? We've seen similar concerns in the community regarding transaction ID inconsistencies, but this specific case involves a clean auto-renewal flow without any complicating factors.

I have an App Clip that uses SKOverlay.AppClipConfiguration to install the full app. Before I added a Live Activity call (Activity.request), the user could see “Install,” then “Open.” Now, once “Get” is tapped, the Clip immediately closes—no “Open” button appears. If I remove the Live Activity code, it works again. I’ve confirmed that parent/child entitlements match, and tested via TestFlight. Is there a known issue or recommended workaround for combining SKOverlay + Live Activities in an App Clip so it doesn’t dismiss prematurely? Any insights are appreciated! Note live activity is for App Clip only.

A purchase can result in success with verificationResult .unverified. Is there a list of reasons for which the transaction might be unverified and how should i handle it in my app? From my understanding, a successful unverified transaction means the user has already paid for the purchase. So, do i just ignore the unverified transaction or do i provide content to the user anyways?

My IAPs no longer display for one of my apps. I'm not sure where to start to troubleshoot. Any ideas?

Hi, We're currently experiencing an issue with consumable In-App Purchases on our production iOS app. Until the end of May, everything was working as expected, but starting in early June, our app no longer receives any products when calling queryProductDetails() using Flutter’s in_app_purchase plugin (which utilizes StoreKit). Here’s what we’ve confirmed so far: The product IDs are correctly configured in App Store Connect, and all items are marked as “Approved.” No recent changes have been made to the bundle ID or the product IDs. The “Base Territory” setting was updated for each IAP item in early May. After that change, product retrieval and purchases were working normally through the end of May. This issue is happening on real devices in production, and multiple users are affected. The same functionality continues to work correctly on Android. All requested product IDs are being returned in the notFoundIDs list of the queryProductDetails() response. We're quite puzzled by this issue as no clear cause has been identified so far. Any thoughts on this issue would be much appreciated. Thank you!

Hello, I use Storekit2 to test the purchase of subscription products. After purchasing a subscription product in the sandbox, it will automatically renew 12 times, and then it will no longer automatically renew. When I click to purchase again, calling the try await product.purchase() method does not pop up the purchase pop-up window. In fact, it will directly go to the case let .success(.verified(transaction)): step, and the Transaction.currentEntitlements is empty

Hi, I've been reported, and I've experienced myself, extremely slow responses from StoreKit 2 on boot. I can reproduce the issue quite consistently with the iPhone, sometimes Transaction.currentEntitlements hangs for minutes even after the device has attained full Internet access. My app is a VPN client, so there's certainly a chicken-and-egg situation, but I'm performing a basic test without the in-app validation in the packet tunnel provider. The tunnel starts fine on boot (on-demand), whereas the app takes ages to return from AppTransaction.shared and Transaction.currentEntitlements. I guess this is caused by some network call inside the framework (maybe spoiled by the on-demand VPN?), but with no timeout, exceptions, logging, or future-proof fallback (appStoreReceiptURL is deprecated), I'm poking in the dark. It goes without saying, keeping the users waiting minutes to be credited for their purchases is a no-go. I still can't find a reasonable workaround, but the frustrating part is that StoreKit 2 was supposed to make these things straightforward. At times, it doesn't feel "ready" and I spend on it a lot of time that I'd rather invest in the product. Does this sound familiar to anybody? Thanks in advance Davide

Hello everyone, I’m hoping someone might help with auto-renewable subscription validation in Apple’s Sandbox environment. Here’s the situation: My Setup: I’ve configured three auto-renewable subscriptions in App Store Connect and generated an In-App Purchase key (with the correct Issuer ID and Key ID). (I also tried the App Store Connect API Keys) I’m using Apple’s App Store Server API v2 endpoints (GET /inApps/v2/subscriptions/{originalTransactionId}/latest) to fetch the latest subscription status. I’ve created several Sandbox test users (with fresh email addresses), signed out of old test accounts on my devices, and tested purchasing subscriptions anew. What Works: I am receiving valid Server Notifications from Apple (e.g. SUBSCRIBED, DID_RENEW) with the correct environment: "Sandbox" field. My JWT generation appears to be correct because I’m no longer receiving 401 errors—only 404. That suggests Apple accepts the key and credentials. My fallback logic attempts production first; if it sees a 404 or 410, it switches over to the Sandbox endpoint. This is exactly what Apple’s documentation recommends. The Problem: Whenever I query GET https://api.storekit-sandbox.itunes.apple.com/inApps/v2/subscriptions/{originalTransactionId}/latest using the originalTransactionId from Apple’s own Server Notification, Apple returns a 404 (indicating it can’t find that subscription). This happens even though the subscription is active in Sandbox (I see notifications arriving for it). I’ve tried adding a brief waiting period (2 seconds) before calling the Sandbox endpoint, but it consistently returns 404. I’ve also tried multiple retries over a longer timeframe without success. I tested multiple fresh Sandbox test users, ensuring each one was signed in to the device’s App Store. After each new purchase, I still get the same 404. Additional Checks: These are definitely auto-renewable subscriptions, not non-renewing or consumable products. I also tried calling GET /inApps/v2/subscriptions/{transactionId}/latest but I still see 404. I tried everything mentioned above in production as I said to no avail: GET https://api.storekit.itunes.apple.com/inApps/v2/subscriptions/{originalTransactionId}/latest

I'm receiving the following error when attempting to validate an in‑app purchase receipt: Certificate verification failed at depth 0 : forge.pki.UnknownCertificateAuthority Certificate chain validation failed: Certificate is not trusted. This error occurs during the certificate chain validation process of the receipt's PKCS#7 container. My implementation uses node‑forge to decode the receipt, extract the embedded certificate chain, and verify that the chain properly links from the leaf certificate (which directly signed the receipt) through the intermediate certificate to the trusted Apple Inc. Root certificate. What the Error Indicates: "UnknownCertificateAuthority" at depth 0: This suggests that the leaf certificate in the receipt is not being recognized as part of a valid chain because it cannot be linked back to a trusted root in my CA store. "Certificate chain validation failed: Certificate is not trusted": This means that the entire certificate chain does not chain up to a trusted certificate authority (in this case, the Apple Inc. Root certificate) as expected. Steps Taken: I verified that the receipt is a valid PKCS#7 container. I extracted the certificate chain from the receipt. However, the receipt only provided the leaf certificate. I manually added the intermediate certificate (AppleWWDRCAG5.pem) to complete the chain. I loaded the official Apple Inc. Root certificate (AppleIncRootCertificate.pem) into my CA store. Despite these steps, the validation still fails at depth 0, indicating that the leaf certificate is not recognized as being issued by a trusted authority. Request for Assistance: Could you please help clarify the following points: Is the certificate chain for receipts (leaf → intermediate → Apple Inc. Root) as expected, or has there been any change in the chain that I should account for? Is there a recommended or updated intermediate certificate I should be using for receipt validation? Are there known issues or recent changes on Apple's side that might cause the leaf certificate to not be recognized as part of a valid chain? Any guidance to resolve this certificate chain validation error would be greatly appreciated.

Hello, Since updating to iOS 26 Beta 3, I’ve been experiencing an issue where transactions purchased through the normal in-app purchase flow continue to be reported as updated and unfinished—even after calling the finish() function. Please resolve this promptly.

this error occurred during the StoreKit1 payment process. Could you please tell me the reason? SKErrorDomain Code=0 "发生未知错误\" UserInfo= {NSLocalizedDescription=发生未知错误，NSUnderlyingError=0x17652ee50 {Error Domain=ASDErrorDomain Code=500"(null)\"Userlnfo={NSUnderlyingError=0x17652d530 {Error Domain=AMSErrorDomain Code=203 "(null)" Userlnfo= {NSUnderlyingError=0x17652c3c0 {Error Domain=AMSErrorDomain Code=203"(null)\"UserInfo=0x1663e5940(not displayed)}}}

I am currently using StoreKit2 to set up the in-app purchase subscription flow, and I have already configured the subscription products in App Connect. I created a StoreKit Configuration file in Xcode and used it in the scheme. However, after completing the purchase, the transaction.jsonRepresentation data returns a transactionId of 0. After checking the documentation, I found that I need to disable the StoreKit Configuration and enable Sandbox Testing. But after disabling the StoreKit Configuration, I can't retrieve the real product data using Product.products(for: productIds). I can confirm that the ProductId I provided is real and matches the data configured in App Connect. Could you please help me identify the issue? Thank you

Currently, over the xcode environment to do the testing of product subscriptions through appstore are working correctly using the storeKit. When deployed in testflight to do the testing over the integration environment, the store response times are being excessively high, in excess of 20 minutes. This behavior is not replicated on Xcode, and is happening on recent versions uploaded to testflight, as earlier versions that were already tested and are currently in production. In addition the communication between the appstore webhook and the BE is also failing in this environment. It is being blocked to generate any test to be able to launch to production.

Cannot retrieve products for iap or subscription on simulator iPhone 16 and real device iPhone XR also. lutter: IAPError(code: storekit2_products_error, source: app_store, message: The operation couldn’t be completed. (NSURLErrorDomain error -1009.), details: The operation couldn’t be completed. (NSURLErrorDomain error -1009.)) flutter: Error fetching IAP products: IAPError(code: storekit2_products_error, source: app_store, message: The operation couldn’t be completed. (NSURLErrorDomain error -1009.), details: The operation couldn’t be completed. (NSURLErrorDomain error -1009.))

I have non-consumable and consumable in-app purchases in my app. The tutorial I was following stated Transaction.currentEntitlements includes unfinished consumables, which is incorrect according to the documentation. Is the correct way to handle unfinished consumables (and non-consumables) to implement Transaction.updates and call finish() if it’s verified? The documentation says that listener will receive unfinished transactions once upon app launch, so with that, do I understand correctly you do not need to implement Transaction.unfinished unless you want to look for unfinished transactions manually later on? Otherwise what is the correct and most recommended way to handle unfinished consumables? Is there a way to test that scenario in Xcode?

Hello, I’m trying to change the business model of my app to in-app subscriptions. My goal is to ensure that previous users who paid for the app have access to all premium content seamlessly, without even noticing any changes. I’ve tried using RevenueCat for this, but I’m not entirely sure it’s working as expected. I would like to use RevenueCat to manage subscriptions, so I’m attempting a hybrid model. On the first launch of the updated app, the plan is to validate the app receipts, extract the originalAppVersion, and store it in a variable. If the original version is lower than the latest paid version, the isPremium variable is set to true, and this status propagates throughout the app. For users with versions equal to or higher than the latest paid version, RevenueCat will handle the subscription status—checking if a subscription is active and determining whether to display the paywall for premium features. In a sandbox environment, it seems to work fine, but I’ve often encountered situations where the receipt doesn’t exist. I haven’t found a way to test this behavior properly in production. For example, I uploaded the app to TestFlight, but it doesn’t validate the actual transaction for a previously purchased version of the app. Correct me if I’m wrong, but it seems TestFlight doesn’t confirm whether I installed or purchased a paid version of the app. I need to be 100% sure that users who previously paid for the app won’t face any issues with this migration. Is there any method to verify this behavior in a production-like scenario that I might not be aware of? I’m sharing the code here to see if you can confirm that it will work as intended or suggest any necessary adjustments. func fetchAppReceipt(completion: @escaping (Bool) -> Void) { // Check if the receipt URL exists guard let receiptURL = Bundle.main.appStoreReceiptURL else { print("Receipt URL not found.") requestReceiptRefresh(completion: completion) return } // Check if the receipt file exists at the given path if !FileManager.default.fileExists(atPath: receiptURL.path) { print("The receipt does not exist at the specified location. Attempting to fetch a new receipt...") requestReceiptRefresh(completion: completion) return } do { // Read the receipt data from the file let receiptData = try Data(contentsOf: receiptURL) let receiptString = receiptData.base64EncodedString() print("Receipt found and encoded in base64: \(receiptString.prefix(50))...") completion(true) } catch { // Handle errors while reading the receipt print("Error reading the receipt: \(error.localizedDescription). Attempting to fetch a new receipt...") requestReceiptRefresh(completion: completion) } } func validateAppReceipt(completion: @escaping (Bool) -> Void) { print("Starting receipt validation...") guard let receiptURL = Bundle.main.appStoreReceiptURL else { print("Receipt not found on the device.") requestReceiptRefresh(completion: completion) completion(false) return } print("Receipt found at URL: \(receiptURL.absoluteString)") do { let receiptData = try Data(contentsOf: receiptURL, options: .alwaysMapped) print(receiptData) let receiptString = receiptData.base64EncodedString(options: []) print("Receipt encoded in base64: \(receiptString.prefix(50))...") let request = [ "receipt-data": receiptString, "password": "c8bc9070bf174a8a8df108ef6b8d2ae3" // Shared Secret ] print("Request prepared for Apple's validation server.") guard let url = URL(string: "https://buy.itunes.apple.com/verifyReceipt") else { print("Error: Invalid URL for Apple's validation server.") completion(false) return } print("Validation URL: \(url.absoluteString)") var urlRequest = URLRequest(url: url) urlRequest.httpMethod = "POST" urlRequest.httpBody = try? JSONSerialization.data(withJSONObject: request) URLSession.shared.dataTask(with: urlRequest) { data, response, error in if let error = error { print("Error sending the request: \(error.localizedDescription)") completion(false) return } guard let data = data else { print("No response received from Apple's server.") completion(false) return } print("Response received from Apple's server.") do { if let json = try JSONSerialization.jsonObject(with: data) as? [String: Any] { print("Response JSON: \(json)") // Verify original_application_version if let receipt = json["receipt"] as? [String: Any], let appVersion = receipt["original_application_version"] as? String { print("Original application version found: \(appVersion)") // Save the version in @AppStorage savedOriginalVersion = appVersion print("Original version saved in AppStorage: \(appVersion)") if let appVersionNumber = Double(appVersion), appVersionNumber < 1.62 { print("Original version is less than 1.62. User considered premium.") isFirstLaunch = true completion(true) } else { print("Original version is not less than 1.62. User is not premium.") completion(false) } } else { print("Could not find the original application version in the receipt.") completion(false) } } else { print("Error parsing the response JSON.") completion(false) } } catch { print("Error processing the JSON response: \(error.localizedDescription)") completion(false) } }.resume() } catch { print("Error reading the receipt: \(error.localizedDescription)") requestReceiptRefresh(completion: completion) completion(false) } } Some of these functions might seem redundant, but they are intended to double-check and ensure that the user is not a previous user. Is there any way to be certain that this will work when the app is downloaded from the App Store? Thanks in advance!

Some of my users reported they can not completed the purchase . According to the logs and screen captures . Their purchase progress's last status are "purchasing" func paymentQueue(_ queue: SKPaymentQueue, updatedTransactions transactions: [SKPaymentTransaction]) { .... .... case .purchasing: // 处理正在购买的情况 //print("购买中"); AppDelegate.log.debug("paymentQueue purchasing"); LoadingAlert.shared.setText(text: "购买中".localized()) .... After this ，It neither entered any error branch nor prompted the user to confirm the purchase or enter a password, but simply stopped here. There are no other purchase-related logs, and the program is still running normally. At the same time, other users are able to complete their purchases without any issues. However, there have been 4-5 users recently who reported problems with purchasing. What could be the possible reasons? In my local environment, I repeated the test many times, including using sandbox users from different regions and real Apple IDs, and everything worked fine. // // Payment.swift // RadialMenu // // Created by pat on 2023/6/26. // import Foundation import StoreKit class Payment:NSObject,SKProductsRequestDelegate,SKPaymentTransactionObserver{ func paymentQueue(_ queue: SKPaymentQueue, updatedTransactions transactions: [SKPaymentTransaction]) { for transaction in transactions { AppDelegate.log.debug("paymentQueue transaction product = \(transaction.payment.productIdentifier) state = \(transaction.transactionState)"); //let productID = transaction.payment.productIdentifier switch transaction.transactionState { case .purchased,.restored: if(transaction.transactionState == .purchased){ AppDelegate.log.debug("paymentQueue purchased"); LoadingAlert.shared.setText(text: "已购买".localized()) } if(transaction.transactionState == .restored){ LoadingAlert.shared.setText(text: "已恢复".localized()) AppDelegate.log.debug("paymentQueue restored"); } //} break; case .failed: AppDelegate.log.debug("paymentQueue failed "); if let error = transaction.error as? NSError { // 获取错误代码和描述 let errorCode = error.code let errorDescription = error.localizedDescription AppDelegate.log.debug("paymentQueue Transaction failed with error code: \(errorCode), description: \(errorDescription)") } queue.finishTransaction(transaction) LoadingAlert.shared.hideModal(); // 处理购买失败的情况 // 提供错误信息给用户 //print("购买失败"); alertRetry(); break; case .deferred: AppDelegate.log.debug("paymentQueue deferred"); LoadingAlert.shared.setText(text: "购买延迟".localized()) // 处理交易延迟的情况（仅限家庭共享） break; case .purchasing: // 处理正在购买的情况 //print("购买中"); AppDelegate.log.debug("paymentQueue purchasing"); LoadingAlert.shared.setText(text: "购买中".localized()) break; @unknown default: AppDelegate.log.debug("paymentQueue nknown default\(transaction.transactionState)"); break } } }

Because of historical reasons we have the same app with different bundle identifiers in different App Stores, e. g. one in Germany and one in Poland and one in France. Every app offers a monthly and a yearly in app subscription. We want to consolidate our apps and user base and want to have only one app in the end. The question is now: Can Apple make the monthly/daily subscriptions from e. g. the app in the store in Poland available or migrate them to the german app in the german App Store when we make the "german" app available also in Poland? The final goal would be that a user who bought a subscription in the polish store would have the subscription also available on his Apple ID in the german store. Is this possible? Can Apple make this possible?