When was validating receipts with the App Store deprecated?
When will this stop working? I can’t find any information on this?
https://developer.apple.com/documentation/appstorereceipts/verifyreceipt
buy.itunes.apple.com/verifyReceipt
Asked
Active
Viewed 1,557 times
4
-
I don't believe that Apple has announced a date when it will stop working, but it is best to plan a transition to another method sooner rather than later. – Paulw11 Jun 09 '23 at 08:49
-
1The link you posted has the following: *"Find deprecation date in the HTTP header The verifyReceipt endpoint is deprecated. The HTTP header includes the deprecation date, according to RFC 8594."*. – HangarRash Jun 16 '23 at 22:04
1 Answers
2
Refer to the answer to this question When will the verifyReceipt api be deprecated from Apple Developer Forums.
The verifyReceipt and App Store Server Notification v1 are marked for deprecation which means moving forward the API will not receive any new features and updates. It will continue to function until an end-of-life date is announced.
The end-of-life date is currently yet to be determined and the developer will get a notification in advance prior to the end of life.
Currently, the recommendation is to scope and start using App Store Server API and App Store Server Notification v2 as soon as possible, leveraging existing resources such as available documentation and App Store Server Library.
Per this doc https://developer.apple.com/documentation/appstorereceipts/verifyreceipt#4209023
The verifyReceipt endpoint is deprecated. The HTTP header includes the deprecation date, according to RFC 8594.
What should we do
Several ways of ios receipt verification on the server side
- Local receipt validation on the server
- Do the Validating receipts on the device on your server, verify the contents of app receipts by decoding and parsing the receipt on the device
- App Store Server API
- To validate in-app purchases on your server without using receipts, call the App Store Server API (like Get Transaction Info) to get Apple-signed transaction and subscription information for your customers, or verify the AppTransaction a Transaction signed data that your app obtains
- Here is one app store server API implementation by Golang https://github.com/richzw/appstore
- App Store server Notification
- You can also get the same signed transaction and subscription information from the App Store Server Notifications V2 endpoint
zangw
- 43,869
- 19
- 177
- 214
-
How does the `Get Transaction Info` endpoint help us validate the purchase? This endpoint just takes a transaction Id. Consider an example like a 'restore purchase' scenario - how can I be sure that *this* user is allowed to restore using *this* transactionid? Previously this was done by verifying the receipt, what is the replacement? – Shaun Rowan Aug 27 '23 at 20:00
-
@ShaunRowan, You could use `GetTransactionInfo` to get the purchase receipt details through transactionId, which could replace the `verify`. The `GetTransactionInfo` server API requires JSON Web Tokens (JWTs) for authorization; you obtain keys to create the tokens from your organization’s App Store Connect account, Here are more [details](https://developer.apple.com/documentation/appstoreserverapi#3814333). Please correct me if I am misunderstand you. – zangw Aug 28 '23 at 03:07
-
@ShaunRowan, For your question: how can I be sure that this user is allowed to restore using this transaction? I think it is also hard to check whether this user could be allowed to restore this transaction for `verify` function. Please let me know if something is missing or misunderstood. – zangw Aug 28 '23 at 03:11