How to Validate In-App Purchase Receipts in iOS?

Verifying In-App Purchase Receipts

In-app purchase receipt validation is a crucial step to ensure the authenticity and validity of transactions made through your app. This article aims to provide guidance for developers struggling with receipt validation by sharing a comprehensive code example that has been successfully implemented.

Code Implementation

To verify the receipt, follow these steps:

1. Define the verifyReceipt method as shown below:

<code class="objective-c">- (BOOL)verifyReceipt:(SKPaymentTransaction *)transaction {
    // Encode receipt data
    NSString *jsonObjectString = [self encode:(uint8_t *)transaction.transactionReceipt.bytes length:transaction.transactionReceipt.length];
    
    // Construct URL with encoded receipt
    NSString *completeString = [NSString stringWithFormat:@"http://url-for-your-php?receipt=%@", jsonObjectString];
    NSURL *urlForValidation = [NSURL URLWithString:completeString];
    
    // Create request with HTTP GET method
    NSMutableURLRequest *validationRequest = [[NSMutableURLRequest alloc] initWithURL:urlForValidation];
    [validationRequest setHTTPMethod:@"GET"];
    
    // Send request synchronously
    NSData *responseData = [NSURLConnection sendSynchronousRequest:validationRequest returningResponse:nil error:nil];
    
    // Parse server response
    NSString *responseString = [[NSString alloc] initWithData:responseData encoding:NSUTF8StringEncoding];
    NSInteger response = [responseString integerValue];
    
    return (response == 0);
}</code>

2. Implement the encode method to encode the receipt data in Base64:

<code class="objective-c">- (NSString *)encode:(const uint8_t *)input length:(NSInteger)length {
    // Define encoding table
    static char table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
    
    // Create mutable data buffer
    NSMutableData *data = [NSMutableData dataWithLength:((length + 2) / 3) * 4];
    uint8_t *output = (uint8_t *)data.mutableBytes;
    
    // Encode data in loop
    for (NSInteger i = 0; i < length; i += 3) {
        NSInteger value = 0;
        for (NSInteger j = i; j < (i + 3); j++) {
            value <<= 8;
            if (j < length) {
                value |= (0xFF & input[j]);
            }
        }
        
        // Add encoded bytes to output
        NSInteger index = (i / 3) * 4;
        output[index + 0] = table[(value >> 18) & 0x3F];
        output[index + 1] = table[(value >> 12) & 0x3F];
        output[index + 2] = (i + 1) < length ? table[(value >> 6) & 0x3F] : '=';
        output[index + 3] = (i + 2) < length ? table[(value >> 0) & 0x3F] : '=';
    }
    
    return [[[NSString alloc] initWithData:data encoding:NSASCIIStringEncoding] autorelease];
}</code>

3. Call the verifyReceipt method from your SKPaymentTransactionObserver delegate method.
4. On the server-side, use PHP to handle the receipt verification:

<code class="php"><?php

// Fetch receipt data from request parameter
$receipt = json_encode(array("receipt-data" => $_GET["receipt"]));

// Set URL for receipt verification
$url = "https://sandbox.itunes.apple.com/verifyReceipt";

// Send POST request with receipt data
$response_json = call-your-http-post-here($url, $receipt);

// Decode JSON response
$response = json_decode($response_json);

// Perform receipt verification and save data accordingly
echo $response->status;

?></code>

Additional Considerations

• Ensure to use the correct URL for receipt verification, depending on the environment (sandbox or production).
• Pay attention to URL length limits and consider asynchronous HTTP request handling for large receipts.
• For added security, consider using server-side certificate validation.

The above is the detailed content of How to Validate In-App Purchase Receipts in iOS?. For more information, please follow other related articles on the PHP Chinese website!