I have been trying to implement receipt validation in my spritekit game. I have been following various tutorial and basically ended up with this code
enum RequestURL: String {
case production = "https://buy.itunes.apple.com/verifyReceipt"
case sandbox = "https://sandbox.itunes.apple.com/verifyReceipt"
case myServer = "my server address"
}
enum ReceiptStatusCode: Int {
// Not decodable status
case unknown = -2
// No status returned
case none = -1
// valid status
case valid = 0
// The App Store could not read the JSON object you provided.
case JSONNotReadable = 21000
// The data in the receipt-data property was malformed or missing.
case malformedOrMissingData = 21002
// The receipt could not be authenticated.
case receiptCouldNotBeAuthenticated = 21003
// The shared secret you provided does not match the shared secret on file for your account.
// Only returned for iOS 6 style transaction receipts for auto-renewable subscriptions.
case sharedSecretNotMatching = 21004
// The receipt server is currently not available.
case receiptServerUnavailable = 21005
// This receipt is valid but the subscription has expired. When this status code is returned to your server, the receipt data is also decoded and returned as part of the response.
// Only returned for iOS 6 style transaction receipts for auto-renewable subscriptions.
case subscriptionExpired = 21006
// This receipt is from the test environment, but it was sent to the production environment for verification. Send it to the test environment instead.
case testReceipt = 21007
// This receipt is from the production environment, but it was sent to the test environment for verification. Send it to the production environment instead.
case productionEnvironment = 21008
}
func validateReceipt(forTransaction transaction: SKPaymentTransaction) {
guard let receiptURL = NSBundle.mainBundle().appStoreReceiptURL else { return }
guard let receipt = NSData(contentsOfURL: receiptURL) else { return }
let receiptData = receipt.base64EncodedStringWithOptions(NSDataBase64EncodingOptions(rawValue: 0))
let payload = ["receipt-data": receiptData]
var receiptPayloadData: NSData?
do {
receiptPayloadData = try NSJSONSerialization.dataWithJSONObject(payload, options: NSJSONWritingOptions(rawValue: 0))
}
catch let error as NSError {
print(error.localizedDescription)
return
}
guard let payloadData = receiptPayloadData else { return }
guard let requestURL = NSURL(string: RequestURL.sandbox.rawValue) else { return }
let request = NSMutableURLRequest(URL: requestURL)
request.HTTPMethod = "POST"
request.HTTPBody = payloadData
let task = NSURLSession.sharedSession().dataTaskWithRequest(request) { (data, response, error) in
if let error = error {
print(error.localizedDescription)
return
}
guard let data = data else { return }
do {
let jsonData = try NSJSONSerialization.JSONObjectWithData(data, options: .MutableLeaves) as? NSDictionary
guard let json = jsonData else { return }
// Correct ?
guard let status = json["status"] as? Int where status == ReceiptStatusCode.valid.rawValue else { return }
// Unlock product here?
// Other checks needed?
}
catch let error as NSError {
print(error.localizedDescription)
return
}
}
task.resume()
}
It is pretty boiler plate code and works as expected. My issue now is that I dont know how to actually validate the receipt at last step (marked line). I believe I have to now carry 5 or so checks to validate the receipt. I just have no idea how most of them would be done in swift. The majority of tutorials are either old, dont include this step or are not written in swift.
If anyone that successfully uses receipt validation could help me get going in the right direction it would be much appreciated. Thank you very much
Update:
After the great answers from JSA986I and cbartel I turned this into a helper on github. Many thanks for the help
Here is a solution using Swift version 2.1 following the Apple guide.
Apple also recommends the following:
When validating receipts on your server, your server needs to be able to handle a production-signed app getting its receipts from Apple’s test environment. The recommended approach is for your production server to always validate receipts against the production App Store first. If validation fails with the error code “Sandbox receipt used in production”, validate against the test environment instead.
validateReceipt(NSBundle.mainBundle().appStoreReceiptURL) { (success: Bool) -> Void in
print(success)
}
private func receiptData(appStoreReceiptURL : NSURL?) -> NSData? {
guard let receiptURL = appStoreReceiptURL,
receipt = NSData(contentsOfURL: receiptURL) else {
return nil
}
do {
let receiptData = receipt.base64EncodedStringWithOptions(NSDataBase64EncodingOptions(rawValue: 0))
let requestContents = ["receipt-data" : receiptData]
let requestData = try NSJSONSerialization.dataWithJSONObject(requestContents, options: [])
return requestData
}
catch let error as NSError {
print(error)
}
return nil
}
private func validateReceiptInternal(appStoreReceiptURL : NSURL?, isProd: Bool , onCompletion: (Int?) -> Void) {
let serverURL = isProd ? "https://buy.itunes.apple.com/verifyReceipt" : "https://sandbox.itunes.apple.com/verifyReceipt"
guard let receiptData = receiptData(appStoreReceiptURL),
url = NSURL(string: serverURL) else {
onCompletion(nil)
return
}
let request = NSMutableURLRequest(URL: url)
request.HTTPMethod = "POST"
request.HTTPBody = receiptData
let task = NSURLSession.sharedSession().dataTaskWithRequest(request, completionHandler: {data, response, error -> Void in
guard let data = data where error == nil else {
onCompletion(nil)
return
}
do {
let json = try NSJSONSerialization.JSONObjectWithData(data, options:[])
print(json)
guard let statusCode = json["status"] as? Int else {
onCompletion(nil)
return
}
onCompletion(statusCode)
}
catch let error as NSError {
print(error)
onCompletion(nil)
}
})
task.resume()
}
public func validateReceipt(appStoreReceiptURL : NSURL?, onCompletion: (Bool) -> Void) {
validateReceiptInternal(appStoreReceiptURL, isProd: true) { (statusCode: Int?) -> Void in
guard let status = statusCode else {
onCompletion(false)
return
}
// This receipt is from the test environment, but it was sent to the production environment for verification.
if status == 21007 {
self.validateReceiptInternal(appStoreReceiptURL, isProd: false) { (statusCode: Int?) -> Void in
guard let statusValue = statusCode else {
onCompletion(false)
return
}
// 0 if the receipt is valid
if statusValue == 0 {
onCompletion(true)
} else {
onCompletion(false)
}
}
// 0 if the receipt is valid
} else if status == 0 {
onCompletion(true)
} else {
onCompletion(false)
}
}
}