Validating Receipts With the App Store

最新推荐文章于 2024-05-01 18:26:01 发布
最新推荐文章于 2024-05-01 18:26:01 发布
阅读量2.5k 收藏
点赞数
分类专栏: 平台对接 文章标签: Validating Receipts

来源:https://developer.apple.com/library/ios/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateRemotely.html#//apple_ref/doc/uid/TP40010573-CH104-SW1

Note: There is a vulnerability in iOS 5.1 and earlier related to receipt validation with the app store directly from a device, without using a server. For more details and a mitigation strategy, see In-App Purchase Receipt Validation on iOS.

Use a trusted server to communicate with the App Store. Using your own server lets you design your app to recognize and trust only your server, and lets you ensure that your server connects with the App Store server. It is not possible to build a trusted connection between a user’s device and the App Store directly because you don’t control either end of that connection.

Communication with the App Store is structured as JSON dictionaries, as defined in RFC 4627. Binary data is base64 encoded, as defined in RFC 4648.

Read the Receipt Data

To retrieve the receipt data, use the appStoreReceiptURL method of NSBundle to locate the app’s receipt, and then read the entire file. If the appStoreReceiptURL method is not available, you can fall back to the value of a transaction's transactionReceipt property for backward compatibility. Then send this data to your server—as with all interactions with your server, the details are your responsibility.

// Load the receipt from the app bundle.
NSURL *receiptURL = [[NSBundle mainBundle] appStoreReceiptURL];
NSData *receipt = [NSData dataWithContentsOfURL:receiptURL];
if (!receipt) { /* No local receipt -- handle the error. */ }
 
/* ... Send the receipt data to your server ... */

Send the Receipt Data to the App Store

On your server, create a JSON object with the following keys:

Key
Value

receipt-data

The base64 encoded receipt data.

password

Only used for receipts that contain auto-renewable subscriptions. Your app’s shared secret (a hexadecimal string).

Submit this JSON object as the payload of an HTTP POST request. In the test environment, use https://sandbox.itunes.apple.com/verifyReceipt as the URL. In production, usehttps://buy.itunes.apple.com/verifyReceipt as the URL.

NSData *receipt; // Sent to the server by the device
 
// Create the JSON object that describes the request
NSError *error;
NSDictionary *requestContents = @{
    @"receipt-data": [receipt base64EncodedStringWithOptions:0]
};
NSData *requestData = [NSJSONSerialization dataWithJSONObject:requestContents
                                                      options:0
                                                        error:&error];
 
if (!requestData) { /* ... Handle error ... */ }
 
// Create a POST request with the receipt data.
NSURL *storeURL = [NSURL URLWithString:@"https://buy.itunes.apple.com/verifyReceipt"];
NSMutableURLRequest *storeRequest = [NSMutableURLRequest requestWithURL:storeURL];
[storeRequest setHTTPMethod:@"POST"];
[storeRequest setHTTPBody:requestData];
 
// Make a connection to the iTunes Store on a background queue.
NSOperationQueue *queue = [[NSOperationQueue alloc] init];
[NSURLConnection sendAsynchronousRequest:storeRequest queue:queue
        completionHandler:^(NSURLResponse *response, NSData *data, NSError *connectionError) {
    if (connectionError) {
        /* ... Handle error ... */
    } else {
        NSError *error;
        NSDictionary *jsonResponse = [NSJSONSerialization JSONObjectWithData:data options:0 error:&error];
        if (!jsonResponse) { /* ... Handle error ...*/ }
        /* ... Send a response back to the device ... */
    }
}];

Parse the Response

The response’s payload is a JSON object that contains the following keys and values:

Key
Value

status

Either 0 if the receipt is valid, or one of the error codes listed in Table 2-1.

For iOS 6 style transaction receipts, the status code reflects the status of the specific transaction’s receipt.

For iOS 7 style app receipts, the status code is reflects the status of the app receipt as a whole. For example, if you send a valid app receipt that contains an expired subscription, the response is 0 because the receipt as a whole is valid.

receipt

A JSON representation of the receipt that was sent for verification. For information about keys found in a receipt, see Receipt Fields.

latest_receipt

Only returned for iOS 6 style transaction receipts for auto-renewable subscriptions. The base-64 encoded transaction receipt for the most recent renewal.

latest_receipt_info

Only returned for iOS 6 style transaction receipts for auto-renewable subscriptions. The JSON representation of the receipt for the most recent renewal.

Table 2-1  Status codes

Status Code

Description

21000

The App Store could not read the JSON object you provided.

21002

The data in the receipt-data property was malformed or missing.

21003

The receipt could not be authenticated.

21004

The shared secret you provided does not match the shared secret on file for your account.

Only returned for iOS 6 style transaction receipts for auto-renewable subscriptions.

21005

The receipt server is not currently available.

21006

This receipt is valid but the subscription has expired. When this status code is returned to your server, the receipt data is also decoded and returned as part of the response.

Only returned for iOS 6 style transaction receipts for auto-renewable subscriptions.

21007

This receipt is from the test environment, but it was sent to the production environment for verification. Send it to the test environment instead.

21008

This receipt is from the production environment, but it was sent to the test environment for verification. Send it to the production environment instead.

The values of the latest_receipt and latest_receipt_info keys are useful when checking whether an auto-renewable subscription is currently active. By providing any transaction receipt for the subscription and checking these values, you can get information about the currently-active subscription period. If the receipt being validated is for the latest renewal, the value for latest_receipt is the same as receipt-data (in the request) and the value for latest_receipt_info is the same as receipt.


JK0803_wantao
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
iOS审核被拒含义及应对措施-长文
m0_62962254的博客
11-25 7376
我相信很多开发者在提包的时候都有被拒的经历,暂且先不说苹果独有的【黑箱操作】,他模棱两可的话术也让很多开发者头大不已,有时候会不知道自己的问题到底出在哪,导致不知道该如何应对。今天我整理了一下比较热门以及开发者私信我比较多的问题做一篇总结。下文我会以第一人称来描述含义及措施,lets go~ 如果各位开发者遇到审核问题,或者iOS开发相关的,都可以来公众号找我哟 公众号-app不内卷 Guideline 2.1 - Information Needed We have started the
validating the safty of cooking procedures
01-01
美食该如何制作?食品安全以什么为标准?...这么一份validating the safty of cooki...该文档为validating the safty of cooking procedures,是一份很不错的参考资料,具有较高参考价值,感兴趣的可以下载看看
Mac App Store receipt validater
yuedong56的专栏
06-24 602
用这个测试账号,能不能打开 SmartFinder 1.0? yuedongkui [2:01 PM]  你那我估计应该也能建吧? [2:02]  SmartFinder1.0?你是说当时1.0的测试包吗? lianxu [2:02 PM]  对 yuedo
Validating Receipts Locally
07-15 1469
Validating Receipts Locally Perform receipt validation immediately after your app is launched, before displaying any user interface or spawning any child processes. Implement this check in the ma
iOS - 审核问题记录
最新发布
qq_27189275的博客
05-01 884
iOS - 审核问题记录,所有的问题都可以在issues上交流。
内购审核支付失败_【第5期】springboot:苹果内购服务端验证
weixin_39536728的博客
11-25 987
​苹果内购:只要你在苹果系统购买APP中虚拟物品(虚拟货币,VIP充值等),必须通过内购方式进行支付,苹果和商家进行三七开验证模式有两种:Validating Receipts With the App Store 通过访问苹果接口进行验证。Validating Receipts Locally 本地代码解码进行验证官方验证文档地址:https://developer.apple.com/libr...
[审核]2. 1 Performance: App Completeness(性能:应用程序完整性)
热门推荐
Gamin
10-21 1万+
2. 1 Performance: App Completeness Guideline 2.1 - Performance - App Completeness We found that your in-app purchase products exhibited one or more bugs when reviewed on iPad running iOS 13.1.2 on Wi-...
C#中ValidatingValidated事件
05-29
C#中的 ValidatingValidated 事件 在 C# 中,ValidatingValidated 事件是两个重要的事件,它们在控件的数据验证过程中扮演着关键角色。这些事件通常用于验证用户输入的数据,以确保输入的数据符合要求。 ...
论文研究-Failure Detection and Validation of Multifunctional Self-validating Sensor Using WRVM Predictor.pdf
08-17
基于小波相关向量机预测器的多功能自确认传感器故障检测和确认,申争光,宋凯,针对传统多功能传感器无法状态自确认的局限性,提出了一种基于小波相关向量机(WRVM)和多项式预测滤波器(PFP)的测量值及其不确定度的�
Validating CC/PP and UAProf Profiles
01-23
Validating CC/PP and UAProf Profiles
Validating-Form-Using-MVC-Architecture-with-Servlet-And-JSP
06-19
使用带有 Servlet 和 JSP 的 MVC 架构验证表单。
苹果内购返回错误代码描述
吾林木木的专栏
09-25 3464
Status Code     Description 21000     The App Store could not read the JSON object you provided. 21002     The data in the receipt-data property was malformed or missing. 21003     The receipt coul
authenticating with the app store 一直卡住--问题记录
weixin_30257433的博客
08-29 1249
参考链接:https://blog.csdn.net/csdn2314/article/details/90021367 authenticating with the app store 一直卡住最近更新App,要上传到 App Store 的时候,一直卡在 Authenticating with the App Store ,有人说 打开终端执行以下命令即可,试了,但是并没有...
iOS__上传应用到AppStore出现Authenticating with the iTunes store
qq_15602525的博客
06-25 3883
iOS__上传应用到AppStore出现Authenticating with the iTunes store image.png eV1e7.png upload to App Store 出现一直在 Authenticating with the iTunes store 卡住 最近打包上传到App Store的时候,一直卡在验
内购审核支付失败_企业支付宝过风险,百分之90的人都在用
weixin_39944515的博客
11-14 156
过风险需要资料1.营业执照、身份证正反面、法人个人支付宝登录密码认证企业支付宝提前准备1准备IP软件切换IP (一一个IP只能过三个企业支付宝)2电脑做下载几个浏览器1QQ浏览器、搜狗浏览器、360浏览器、 谷歌浏览器、火狐浏览器3先用IP软件切换IP在打开浏览器进入支付宝网页去注册账号进去设置密码填写要认证的企业信息上传执照身份证4.1认证要是出审核那就等系统通知手机有短信通知大概在4- 8小时...
In-App Purchase Programming Guide----(八) ---- Preparing for App Review
05-11 217
Preparing for App Review After you finish testing, you’re ready to submit your app for review. This chapter highlights a few tips to help you through the review process. 当你完成测试以后,就表示已经准备好提交应用...
In-App-Purcharse 官方原文摘要笔记
weixin_30507481的博客
07-30 849
博客搬家咯~http://joeleee.github.io/ 博客搬家咯~http://joeleee.github.io/ 博客搬家咯~http://joeleee.github.io/ 这并不是一篇关于 In-App-Purcharse 的专业深入分析文章,只是在初次浏览有关IAP官方文档后记录的一些需要注意的地方,就像是课堂笔记。 因为这是原版、并且涉及到支付的内容,所...
This Apple ID has not yet been used in the ITunes Store/此Apple ID尚未在iTunes Store使用过
柳鲲鹏
11-25 2386
注意,验证码在你的手机上。
shiro Error while validating the session java.lang.NullPointerException: null
11-22
在Shiro中,当会话过期或无效时,可能会出现“Error while validating the session java.lang.NullPointerException: null”的错误。这通常是由于在会话过期或无效时尝试访问会话属性而导致的。为了解决这个问题,您可以在Shiro配置文件中配置一个错误页面,以便在会话过期或无效时重定向到该页面。以下是一个示例配置: ```xml <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean"> <!-- ... other properties ... --> <property name="filters"> <util:map> <entry key="authc"> <bean class="org.apache.shiro.web.filter.authc.FormAuthenticationFilter"> <property name="loginUrl" value="/login"/> <property name="errorUrl" value="/login?error=true"/> </bean> </entry> </util:map> </property> <property name="securityManager" ref="securityManager"/> <property name="loginUrl" value="/login"/> <property name="successUrl" value="/"/> <property name="unauthorizedUrl" value="/403"/> <property name="filterChainDefinitions"> <value> /login = authc /** = anon </value> </property> <property name="errorPages"> <util:map> <entry key="org.apache.shiro.authz.UnauthorizedException" value="/403"/> <entry key="org.apache.shiro.authc.AuthenticationException" value="/login?error=true"/> <entry key="java.lang.Exception" value="/error"/> </util:map> </property> </bean> ``` 在这个示例中,我们配置了一个错误页面映射,以便在会话过期或无效时重定向到“/login?error=true”页面。这将确保用户在会话过期或无效时不会看到“Error while validating the session java.lang.NullPointerException: null”的错误。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值