Validate iTunes Transaction and Unified style receipts with local decoding and remote validation.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

iTunes Receipt Validator

Code Climate Test Coverage Build Status Gem Version

Decode locally

The difference between this gem and any of the alternatives is that it decodes the base64 encoded receipt with our ItunesReceiptDecoder library to extract the data from the receipt without making a HTTP request to Apple's servers.

No redundent HTTP requests

Because this library decodes the receipt first, it determins the origin of the receipt before making any HTTP requests. This means you don't need to make an additional request to the sandbox or production URLs.

Secondly, if the receipt can't be decoded, it can't be validated. This will prevent unnecessary requests when you receive fraudulent receipts.

Handle any style of receipt

Apple offers two kinds of receipts:

  1. The deprecated [SKPaymentTransaction transactionReceipt] and;
  2. The Grand Unified Receipt [NSBundle appStoreReceiptURL]

Validating both kinds of receipts requires separate logic because the schemas and data are entirely different.

Normalize all the things

No matter if the receipt is a [SKPaymentTransaction transactionReceipt] or [NSBundle appStoreReceiptURL], the responses are normalized with extra helpful methods for all your iOS and OSX receipt validation needs.

Need a complete solution?

We have a cloud service available at, it takes care of in-app purchase management, receipt validation and reporting so you don't have to. It even offers integration with your own API through webhooks to notify you of new, expired, renewed and cancelled purchases for iOS, OSX and Google Play receipts. It will save you time and money but most of all it allows you to focus on your core project instead of wasting time on receipt validation.

We offer this libary because we believe in the Open Source movement, is built upon a foundation of Open Source projects, so this libary is our way of giving back to the community.


Install from the command line:

$ gem install itunes_receipt_validator

Or include it in your Gemfile:

gem 'itunes_receipt_validator'



validator =
  shared_secret: 'your_shared_secret'
) # => ItunesReceiptValidator::Receipt

Or intialize with a block:

shared_secrets = {
  'com.example.app1' => 'shared_secret_for_app1'
  'com.example.app2' => 'shared_secret_for_app2'
validator = do |receipt|
  receipt.shared_secret = shared_secrets.fetch(receipt.bundle_id)

BYO HTTP requests

If you require more flexibility with upstream HTTP requests to Apple's Validation API you can initialize with your own request method.

validator = do |receipt|
  receipt.shared_secret = 'your_shared_secret'
  receipt.request_method = lambda do |url, headers, body|, headers: headers, body: body)

Your custom method exposes a HTTP status code and a response body as status and body respectively.

ItunesReceiptValidator::Receipt methods


Returns true or false (opposite of production?).


Returns true or false (opposite of sandbox?).


Returns the bundle_id of the app (e.g. com.mbaasy.ios).


Returns a sub-class of Array, with transactions sourced locally from the receipt. See ItunesReceiptValidator::TransactionsProxy methods.


Returns a sub-class of Array, with transactions sourced from Apple's validation API. See ItunesReceiptValidator::TransactionsProxy methods.


Returns a base64 encoded string for the latest receipt sourced from Apple's validation API.


Returns the ItunesReceiptDecoder::Decode::Transaction or ItunesReceiptDecoder::Decode::Unified instances. See the ItunesReceiptDecoder gem.


Returns the ItunesReceiptValidator::Remote instance.

ItunesReceiptValidator::TransactionsProxy methods

Inerhits from Array and includes Enumerable.

transactions.where(id: 1234)

Like ActiveRecord's where it accepts a hash of arguments and returns a new instance of ItunesReceiptValidator::TransactionsProxy.

ItunesReceiptValidator::Transaction methods


Returns true or false. This method will make a request to Apple's validation API to check if the receipt itself has expired, or if the latest transaction retrieved is expired.


Returns true or false.


Returns true if web_order_line_item_id is present.


Returns true or false.


Returns a ItunesReceiptValidator::Transaction by making a request to Apple's validation API and matches it with the original_id.

ItunesReceiptValidator::Transaction properties

The transaction identifier of the item that was purchased.

See Transaction Identifier.


For a transaction that restores a previous transaction, the transaction identifier of the original transaction. Otherwise, identical to the transaction identifier.

See Original Transaction Identifier.


The product identifier of the item that was purchased.

See Product Identifier.


The number of items purchased.

See Quantity.


For a transaction that restores a previous transaction, the date of the original transaction. Cast as a Time instance.

See Original Purchase Date.


The date and time that the item was purchased. Cast as a Time instance.

See Purchase Date.


The expiration date for the subscription. Cast as a Time instance.

See Subscription Expiration Date.


For a transaction that was canceled by Apple customer support, the time and date of the cancellation. Cast as a Time instance.

See Cancellation Date.


The primary key for identifying subscription purchases.

See Web Order Line Item ID.


Undocumented with Apple.


  1. bundle install
  2. rake

Copyright 2015 This project is subject to the MIT License.