Skip to content

Receipt Validation

Jump to bottom
levching edited this page Apr 15, 2020 · 3 revisions

The receipt for an application or in-app purchase is a record of the sale of the application and of any in-app purchases made from within the application. You can add receipt validation code to your application to prevent unauthorized copies of your application from running. Refer to the license agreement and the review guidelines for specific information about what your application may and may not do to implement copy protection.

Receipt validation requires an understanding of cryptography and a variety of secure coding techniques. It's important that you employ a solution that is unique to your application.

Validating Receipts With the App Store

Validating with the App Store requires a secure connection between your app and your server, and code on your server to validate the receipt with the App Store.

Use a trusted server to communicate with the App Store. Using your own server lets you design your app to recognize and trust only your server, and lets you ensure that your server connects with the App Store server. It is not possible to build a trusted connection between a user’s device and the App Store directly because you don’t control either end of that connection.

Communication with the App Store is structured as JSON dictionaries, as defined in RFC 4627. Binary data is base64 encoded, as defined in RFC 4648.

To retrieve the receipt data, use the AppStoreReceipt property of ISN_SKPaymentQueue to locate the app’s receipt, and then read the entire file. Send this data to your server—as with all interactions with your server, the details are your responsibility.

using SA.iOS.StoreKit;
...
var receipt = ISN_SKPaymentQueue.AppStoreReceipt;
Debug.Log("Receipt loaded, byte array length: " + receipt.Data.Length);
Debug.Log("Receipt As Base64 String" + receipt.AsBase64String);

Learn here how to properly build the communication between your and apple server after you have obtained the receipt.

Refreshing the App Receipt

Use the ISN_SKReceiptRefreshRequest object to request a new receipt if the receipt is invalid or missing. In the sandbox environment, you can request a receipt with any combination of properties to test the state transitions related to Volume Purchase Plan receipts. Make sure to leave ISN_SKReceiptDictionary as null for a production environment.

For the available receipt properties, see the values of ISN_SKReceiptProperty.

Use example for sandbox environment:

using SA.iOS.StoreKit;
...
var properties = new ISN_SKReceiptDictionary();
properties.Add(ISN_SKReceiptProperty.IsExpired, 0);
properties.Add(ISN_SKReceiptProperty.IsRevoked, 1);

var request = new ISN_SKReceiptRefreshRequest(properties);
request.Start((result) => {
    Debug.Log("Receipt Refresh Result: " + result.IsSucceeded);
    if(result.HasError) {
        Debug.Log(result.Error.Code + " / " + result.Error.Message);
    }
});

Use example for production environment:

using SA.iOS.StoreKit;
...
var request = new ISN_SKReceiptRefreshRequest(null);
request.Start((result) => {
    Debug.Log("Receipt Refresh Result: " + result.IsSucceeded);
    if(result.HasError) {
        Debug.Log(result.Error.Code + " / " + result.Error.Message);
    }
});

Reliable and high-quality Unity Development service. Let's Talk!

Website | AssetStore | LinkedIn | Youtube | Scripting Reference

About

Foundation

AV Foundation

App Tracking Transparency

Game Kit

Store Kit

UI Kit

Social

Replay Kit

Contacts

AVKit

Photos

App Delegate

User Notifications

MediaPlayer

Core Location

AdSupport

EventKit

CloudKit

Authentication Services

XCode

Knowledge Base

Clone this wiki locally