Generate a shared secret to verify receipts
To increase the security between your server and Apple’s servers when validating a subscription or in-app purchase, include a shared secret with your request to verify receipts.
A shared secret is a 32 character hexadecimal string generated in App Store Connect. You may generate a primary shared secret, which is single code for all of your apps, or an app-specific shared secret for individual apps. You may also use a primary shared secret for some of your apps, and an app-specific shared secret for others.
For information about incorporating a shared secret into your app’s receipt handling, visit Validating Receipts with the App Store.
Required role: Account Holder or Admin. View role permissions.
View or generate a shared secret for all your apps (primary shared secret)
From Users and Access, click Shared Secret.
Copy the code and use it for your transactions receipt for all of your apps with auto-renewable subscriptions.
When you generate a new shared secret, all apps in your organization that use a shared secret should use the new value to verify auto-renewable subscriptions.
View or generate a shared secret for an individual app (app-specific shared secret)
You can access the app-specific shared secret from the Subscriptions page for an app. You may want to use an app-specific shared secret if you want to keep this code private for this app, or if you are planning to transfer this app to another developer account.
Note: Once an app uses an app-specific shared secret, it can no longer use the primary shared secret. App-specific shared secrets cannot be deleted, only regenerated.
From My Apps, select your app.
In the sidebar under General, click App Information.
In the App-Specific Shared Secret section, click Manage.
You can generate a shared secret for individual apps, or regenerate a shared secret.
Note: Clicking Regenerate will automatically generate a new shared secret, and any previously generated shared secret for this app will be invalidated.
Then click Done.
To generate a shared secret, click Generate or Regenerate in the dialog.
Copy the code and use it for your transactions receipt for this app.
When you regenerate an app-specific shared secret, use the new value to verify your auto-renewable subscriptions for this app.