You can interrogate the App Store for this information from a trusted server.
The endpoint for the sandbox environment is https://sandbox.itunes.apple.com/verifyReceipt
and for production it's https://buy.itunes.apple.com/verifyReceipt
You need to send the following as a JSON payload:
receipt-data
If you don't have it on your server, it can retrieved by calling the appStoreReceiptURL method of NSBundle. Read the entire contents of that file and send it to your server.
Password (For auto-renewable subscriptions only, it'll be your app's shared secret)
exclude-old-transactions Only used for iOS7 style app receipts that contain auto-renewable or non-renewing subscriptions. If value is true, response includes only the latest renewal transaction for any subscriptions.
It'll then return a payload containing the receipt status and some other additional information.
Check this article at Apple
Edit
use cURL to call the App Store endpoint (linked above). Here's a rough example, you'll need to modify it for your particular environment and to fill in the required variables.
$service_url = [one of the two above];
$curl = curl_init($service_url);
$curl_post_data = array(
'receipt-data' => $receiptData,
'password' => $password, //Only required for certain types of subscription
'exclude-old-transactions' => $excludeoldtransactions //Depends on your use case, check Apple link
);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $curl_post_data);
$curl_response = curl_exec($curl);
if ($curl_response === false) {
$info = curl_getinfo($curl);
curl_close($curl);
die('error occured during curl exec. Additioanl info: ' . var_export($info));
}
curl_close($curl);
$decoded = json_decode($curl_response);
if (isset($decoded->response->status) && $decoded->response->status == 'ERROR') {
die('error occured: ' . $decoded->response->errormessage);
}
echo 'response ok!';
var_dump($decoded->response);
http://php.net/manual/en/book.curl.php
