iOS 7: in app purchase receipt validation and verification
I am new to receipt validation in iOS. I have implemented in-app purchase successfully. Now I wish to include receipt validation part in this in-app puchase.
My in-app purchase is for 3 products. I want that before purchase of each single product in my app, receipt validation should be performed.
For this I followed the following link: official apple developer tutorial
I managed to get the receipt data, but I am puzzled as what to do after getting the receipt data. How do I send it back to apple server for verification and then start the in-app purchase process?
Following is my code:
-(void)paymentQueue:(SKPaymentQueue *)queue updatedTransactions:(NSArray *)transactions {
NSLog(@"transactions count : %d",transactions.count);
BOOL flgIsProductRestorable=NO;
for (SKPaymentTransaction *transaction in transactions) {
switch (transaction.transactionState) {
case SKPaymentTransactionStatePurchasing:
{
// show wait view here
//statusLabel.text = @"Processing...";
NSLog(@"Processing...");
}
break;
case SKPaymentTransactionStatePurchased:
{
[[SKPaymentQueue defaultQueue] finishTransaction:transaction];
[SVProgressHUD dismiss];
// remove wait view and unlock feature 2
//statusLabel.text = @"Done!";
NSLog(@"Success : %@ = %@",transaction.payment.productIdentifier,transaction.transactionIdentifier);
NSURL *receiptURL = [[NSBundle mainBundle] appStoreReceiptURL];
NSData *receipt = [NSData dataWithContentsOfURL:receiptURL];
NSLog(@"%@",receipt);
NSError *error;
NSDictionary *requestContents = @{
@"receipt-data": [receipt base64EncodedStringWithOptions:0]
};
NSData *requestData = [NSJSONSerialization dataWithJSONObject:requestContents
options:0
error:&error];
if (!requestData) { /* ... Handle error ... */ }
// Create a POST request with the receipt data.
NSURL *storeURL = [NSURL URLWithString:@"https://sand.itunes.apple.com/verifyReceipt"];
NSMutableURLRequest *storeRequest = [NSMutableURLRequest requestWithURL:storeURL];
[storeRequest setHTTPMethod:@"POST"];
[storeRequest setHTTPBody:requestData];
// Make a connection to the iTunes Store on a background queue.
NSOperationQueue *queue = [[NSOperationQueue alloc] init];
[NSURLConnection sendAsynchronousRequest:storeRequest queue:queue
completionHandler:^(NSURLResponse *response, NSData *data, NSError *connectionError) {
if (connectionError) {
/* ... Handle error ... */
} else {
NSError *error;
NSDictionary *jsonResponse = [NSJSONSerialization JSONObjectWithData:data options:0 error:&error];
NSLog(@"response : %@",jsonResponse);
if (!jsonResponse) { /* ... Handle error ...*/ }
/* ... Send a response back to the device ... */
}
}];
[self WS_EbookDetail:transaction.transactionIdentifier];
}...
I have just copy pasted the receipt retrieval code from the apple link I have given in this question.
What do I do next?
Answer
Keep in mind Apple recommends that you securely send the receipt data to your server and then call their servers. Calls to Apple's servers are not secure.
You can also do local receipt validation in your app. See Validating Receipts Locally for information on how to do this.
There is also a great WWDC video from 2014 "Preventing Unauthorized Purchases with Receipts" which goes into detail about implementing on device receipt validation.