App Store Receipt Verification Sandbox Fallback #28
-
|
I am currently implementing this library but I've got a question about the behaviour of receipt validation/how this library is best used. In the Apple documentation for verifyReceipt (https://developer.apple.com/documentation/appstorereceipts/verifyreceipt) it advises to verify the receipt first against the production endpoint and then to fallback to the sandbox if the status code 21007 is received. The reasons they state for doing this seem to make sense to me, allowing you to use the same server for requests which might be coming from the sandbox and the production environment at the same time. For example, you might have live users sending production receipts at the same time as Apple reviewers are sending sandboxed receipts whilst testing new releases. How do you deal with this when using this library? It seems that just using the 'appstore_sandbox' parameter would make it difficult to continue development on an app once in production. I would be grateful on any thoughts on this. Thanks your your work on this library! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 7 replies
-
|
Hi @robert-nash,
UpdateThis is handled in version 0.8.5. 🎉 🎉 |
Beta Was this translation helpful? Give feedback.
-
|
Thank you, that makes sense and I see how that would get around much of the issue. Does this mean that Apple Reviewers for the production app are testing against a server using the production verifyReceipt endpoint? I will open an issue for this later on. Thank you for all your existing work on this library and taking the time to make this enhancement. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @robert-nash , This is handled in version 0.8.5. 🎉 🎉 |
Beta Was this translation helpful? Give feedback.
-
|
Great work @imdhemy ! |
Beta Was this translation helpful? Give feedback.
-
|
Thanks a lot @michavie ! Your email answer was very helpful! |
Beta Was this translation helpful? Give feedback.
-
|
Thank you @imdhemy! Sorry I didn't get around to creating an issue. I will have a look at this new release. |
Beta Was this translation helpful? Give feedback.
Hi @robert-nash,
Thank you for starting this discussion! Would you mind adding a reply with answers to the below questions?
Update
This is handled in version 0.8.5. 🎉 🎉
Now, the Verifier uses the production URI by default. When it encounters the code
21007, it resends the verification request to the sandbox URI.