I have created a class which handles the purchases on In-App Purchases and also the validating of receipts. A while ago I used to use the transactionReceipt property on an SKPaymentTransaction, but have updated my code a fair amount and now use appStoreReceiptURL on the [NSBundle mainBundle].
Basically it seems as though my receipt is being sent to Apple's server in an acceptable manner, but I keep getting the status code of 21002. In auto-renewable subscriptions I know that this means the receipt is not in an acceptable format, however I have no idea what this status means in regard to an in-app purchase receipt.
Here is the local method validating the receipt:
/**
* Validates the receipt.
*
* @param transaction The transaction triggering the validation of the receipt.
*/
- (void)validateReceiptForTransaction:(SKPaymentTransaction *)transaction
{
// get the product for the transaction
IAPProduct *product = self.internalProducts[transaction.payment.productIdentifier];
// get the receipt as a base64 encoded string
NSData *receiptData = [[NSData alloc] initWithContentsOfURL:[NSBundle mainBundle].appStoreReceiptURL];
NSString *receipt = [receiptData base64EncodedStringWithOptions:kNilOptions];
NSLog(@"Receipt: %@", receipt);
// determine the url for the receipt verification server
NSURL *verificationURL = [[NSURL alloc] initWithString:IAPHelperServerBaseURL];
verificationURL = [verificationURL URLByAppendingPathComponent:IAPHelperServerReceiptVerificationComponent];
NSMutableURLRequest *urlRequest = [[NSMutableURLRequest alloc] initWithURL:verificationURL];
urlRequest.HTTPMethod = @"POST";
NSDictionary *httpBody = @{@"receipt" : receipt,
@"sandbox" : @(1)};
urlRequest.HTTPBody = [NSKeyedArchiver archivedDataWithRootObject:httpBody];
[NSURLConnection sendAsynchronousRequest:urlRequest
queue:[[NSOperationQueue alloc] init]
completionHandler:^(NSURLResponse *response, NSData *data, NSError *connectionError)
{
// create a block to be called whenever a filue is hit
void (^failureBlock)(NSString *failureMessage) = ^void(NSString *failureMessage)
{
[[NSOperationQueue mainQueue] addOperationWithBlock:
^{
// log the failure message
NSLog(@"%@", failureMessage);
// if we have aready tried refreshing the receipt then we close the transaction to avoid loops
if (self.transactionToValidate)
product.purchaseInProgress = NO,
[[SKPaymentQueue defaultQueue] finishTransaction:transaction],
[self notifyStatus:@"Validation failed." forProduct:product],
self.transactionToValidate = nil;
// if we haven't tried yet, we'll refresh the receipt and then attempt a second validation
else
self.transactionToValidate = transaction,
[self refreshReceipt];
}];
};
// check for an error whilst contacting the server
if (connectionError)
{
failureBlock([[NSString alloc] initWithFormat:@"Failure connecting to server: %@", connectionError]);
return;
}
// cast the response appropriately
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *)response;
// parse the JSON
NSError *jsonError;
NSDictionary *json = [NSJSONSerialization JSONObjectWithData:data options:kNilOptions error:&jsonError];
// if the data did not parse correctly we fail out
if (!json)
{
NSString *responseString = [NSHTTPURLResponse localizedStringForStatusCode:httpResponse.statusCode];
NSString *failureMessage = [[NSString alloc] initWithFormat:@"Failure parsing JSON: %@\nServer Response: %@ (%@)",
data, responseString, @(httpResponse.statusCode)];
failureBlock(failureMessage);
return;
}
// if the JSON was successfully parsed pull out status code to check for verification success
NSInteger statusCode = [json[@"status"] integerValue];
NSString *errorDescription = json[@"error"];
// if the verification did not succeed we fail out
if (statusCode != 0)
{
NSString *failureMessage = [[NSString alloc] initWithFormat:@"Failure verifying receipt: %@", errorDescription];
failureBlock(failureMessage);
}
// otherwise we have succeded, yay
else
NSLog(@"Successfully verified receipt."),
[self provideContentForCompletedTransaction:transaction productIdentifier:transaction.payment.productIdentifier];
}];
}
The important PHP function on the server does this:
/**
* Validates a given receipt and returns the result.
*
* @param receipt Base64-encoded receipt.
* @param sandbox Boolean indicating whether to use sandbox servers or production servers.
*
* @return Whether the reciept is valid or not.
*/
function validateReceipt($receipt, $sandbox)
{
// determine url for store based on if this is production or development
if ($sandbox)
$store = 'https://sandbox.itunes.apple.com/verifyReceipt';
else
$store = 'https://buy.itunes.apple.com/verifyReceipt';
// set up json-encoded dictionary with receipt data for apple receipt validator
$postData = json_encode(array('receipt-data' => $receipt));
// use curl library to perform web request
$curlHandle = curl_init($store);
// we want results returned as string, the request to be a post, and the json data to be in the post fields
curl_setopt($curlHandle, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curlHandle, CURLOPT_POST, true);
curl_setopt($curlHandle, CURLOPT_POSTFIELDS, $postData);
$encodedResponse = curl_exec($curlHandle);
curl_close($curlHandle);
// if we received no response we return the error
if (!$encodedResponse)
return result(ERROR_VERIFICATION_NO_RESPONSE, 'Payment could not be verified - no response data. This was sandbox? ' . ($sandbox ? 'YES' : 'NO'));
// decode json response and get the data
$response = json_decode($encodedResponse);
$status = $response->{'status'};
$decodedReceipt = $response->{'receipt'};
// if status code is not 0 there was an error validation receipt
if ($status)
return result(ERROR_VERIFICATION_FAILED, 'Payment could not be verified (status = ' . $status . ').');
// log the returned receipt from validator
logToFile(print_r($decodedReceipt, true));
// pull out product id, transaction id and original transaction id from infro trurned by apple
$productID = $decodedReceipt->{'product_id'};
$transactionID = $decodedReceipt->{'transaction_id'};
$originalTransactionID = $decodedReceipt->{'original_transaction_id'};
// make sure product id has expected prefix or we bail
if (!beginsWith($productID, PRODUCT_ID_PREFIX))
return result(ERROR_INVALID_PRODUCT_ID, 'Invalid Product Identifier');
// get any existing record of this transaction id from our database
$db = Database::get();
$statement = $db->prepare('SELECT * FROM transactions WHERE transaction_id = ?');
$statement->bindParam(1, $transactionID, PDO::PARAM_STR, 32);
$statement->execute();
// if we have handled this transaction before return a failure
if ($statement->rowCount())
{
logToFile("Already processed $transactionID.");
return result(ERROR_TRANSACTION_ALREADY_PROCESSED, 'Already processed this transaction.');
}
// otherwise we insert this new transaction into the database
else
{
logToFile("Adding $transactionID.");
$statement = $db->prepare('INSERT INTO transactions(transaction_id, product_id, original_transaction_id) VALUES (?, ?, ?)');
$statement->bindParam(1, $transactionID, PDO::PARAM_STR, 32);
$statement->bindParam(2, $productID, PDO::PARAM_STR, 32);
$statement->bindParam(3, $originalTransactionID, PDO::PARAM_STR, 32);
$statement->execute();
}
return result(SUCCESS);
}
The actual PHP script being executed is:
$receipt = $_POST['receipt'];
$sandbox = $_POST['sandbox'];
$returnValue = validateReceipt($receipt, $sandbox);
header('content-type: application/json; charset=utf-8');
echo json_encode($returnValue);