基本上所有的 操作都可以再前端完成操作,包括对支付凭证的验证,但是如果在客户端验证凭证可能存在被篡改的危险,
服务器去重验证和加款,是建立在 用户已经在前端支付成功,然后由ios会得到一个字节流,然后 base64后转给 后台。
后台通过这个字符串,去请求苹果的服务器,然后得到一个json字符串。
//沙箱static final String testUrl = "https://sandbox.itunes.apple.com/verifyReceipt";
//正式 static final String product = "https://buy.itunes.apple.com/verifyReceipt";
请求苹果的请求头为:
conten-type = application/json
请求的苹果的内容为:
String param = "{\"receipt-data\":\""+客户端返回的base64+"\"}";
{ "receipt": { "receipt_type": "ProductionSandbox", "adam_id": 0, "app_item_id": 0, "bundle_id": "com.microservice.test", //当前的产品的包名,一定要验证返回的包名和此包名要一致 "application_version": "2021061801", "download_id": 0, "version_external_identifier": 0, "receipt_creation_date": "2021-06-18 09:50:18 Etc/GMT", "receipt_creation_date_ms": "1539946248000", "receipt_creation_date_pst": "2021-06-18 09:50:18 America/Los_Angeles", "request_date": "2021-06-18 09:50:18 Etc/GMT", "request_date_ms": "1623981018000", "request_date_pst": "2021-06-18 09:50:18 America/Los_Angeles", "original_purchase_date": "2021-06-18 09:50:18 Etc/GMT", "original_purchase_date_ms": "1623981018000", "original_purchase_date_pst": "2021-06-18 09:50:18 America/Los_Angeles", "original_application_version": "1.0", "in_app": [ { "quantity": "1", "product_id": "10RMB.ZHB", //对应产品id,自己做一个金额的映射就行,对应到具体的金额,建议命名要规则 "transaction_id": "1000000560005678", //一定要进行去重验证,一个订单号只能加一次款 "original_transaction_id": "1000000560005678", "purchase_date": "2021-06-18 09:50:18 Etc/GMT", "purchase_date_ms": "1623981018000", "purchase_date_pst": "2021-06-18 09:50:18 America/Los_Angeles", "original_purchase_date": "2021-06-18 09:50:18 Etc/GMT", "original_purchase_date_ms": "1623981018000", "original_purchase_date_pst": "2021-06-18 09:50:18 America/Los_Angeles", "is_trial_period": "false" } ] }, "status": 0, //表示当前请求返回正常 "environment": "Sandbox" }