I'm building an iOS app that will include an IAP with a non-renewing subscription. Apple provides this nugget in their overview of IAP:
You are required to deliver non-renewing subscriptions to all devices owned by the user. Non-renewing subscriptions are not automatically synchronized to all devices by Store Kit; you must implement this infrastructure yourself. For example, most subscriptions are provided by an external server; your server would need to implement a mechanism to identify users and associate subscription purchases with the user who purchased them.
I would like to follow this rule: I want my users to be able to take advantage of the subscription they purchase on one device on other devices as well. So how can I identify the same user across their iPhone and iPad? I understand that you can't use the Apple ID, and you can't rely on a registration method.
I just now found this question; the answer given there doesn't appear to be workable. There must be something more elegant that others have done.
I have a suggestion given to me from Gavin McKenzie, which sounds like the best bet I've heard:
Upon purchase of the subscription, make a "short code" available to the user. The code would be stored on the server as well, tied to that user's account. When they hit Restore on another device, request the short code from the original device and account, thereby tying those devices together.
Gavin further suggested the use of this in a "pairing" method similar to Bluetooth: when restoring, initiate the pairing on Device A, which generates the short code and pushes it to the server. Device B can then use that code. Five minutes later, or when the pairing screen is dismissed, the code is deleted.
I'm not sure how this would stand up if you want to restore to the same device, say, after deleting the phone and restoring. But this feels like a good start.
If you can drop support for iOS below version 5.0, you could use iCloud to sync a key-value pair across user's devices.
See this:
http://iphonedevsdk.com/forum/business-legal-app-store/88698-floored-by-new-rejection.html
Apparently you can require a username/password before purchase. It's really the only way that makes sense. A code can be shared by thousands of people, which is bad.
Check out Frac.as. It does a variant of the "short code" pairing suggested above, but with some built in smarts to prevent abuse. It's a SaaS API, with a generous free tier.