How to Verify In-App Purchase Receipts for Authenticity

Verifying In-App Purchase Receipts

In-app purchases allow users to acquire digital goods and services within mobile applications. Validating receipts is crucial to ensure the authenticity of these purchases. This article aims to address common challenges in receipt validation and provide a practical solution.

Understanding Receipt Validation

Receipt validation involves sending the purchase receipt to Apple's servers to verify its authenticity. The receipt holds crucial information, including the transaction details, product identifier, and purchase date. Apple responds with a validation status, indicating whether the receipt is valid or not.

Implementing Receipt Validation

The provided code demonstrates a method for receipt validation on the client side:

- (BOOL)verifyReceipt:(SKPaymentTransaction *)transaction {
    // Encode receipt data to base64 string
    NSString *jsonObjectString = [self encode:(uint8_t *)transaction.transactionReceipt.bytes length:transaction.transactionReceipt.length];
    // Construct URL for validation
    NSString *completeString = [NSString stringWithFormat:@"http://url-for-your-php?receipt=%@", jsonObjectString];
    NSURL *urlForValidation = [NSURL URLWithString:completeString];
    // Send HTTP GET request to server for validation
    NSMutableURLRequest *validationRequest = [[NSMutableURLRequest alloc] initWithURL:urlForValidation];
    [validationRequest setHTTPMethod:@"GET"];
    NSData *responseData = [NSURLConnection sendSynchronousRequest:validationRequest returningResponse:nil error:nil];
    [validationRequest release];
    // Extract response status
    NSString *responseString = [[NSString alloc] initWithData:responseData encoding: NSUTF8StringEncoding];
    NSInteger response = [responseString integerValue];
    [responseString release];
    // Return validation status
    return (response == 0);
}

Server-Side Implementation

On the server side, a simple PHP script can handle the request and forward it to Apple.

<code class="php">$receipt = json_encode(array("receipt-data" => $_GET["receipt"]));
$url = "https://sandbox.itunes.apple.com/verifyReceipt";
$response_json = call-your-http-post-here($url, $receipt);
$response = json_decode($response_json);

echo $response->status;</code>

Conclusion

By implementing these methods, you can validate in-app purchase receipts on your iOS application and securely record transaction data on your server. This ensures that only legitimate purchases are processed, preventing fraudulent activities.

The above is the detailed content of How to Verify In-App Purchase Receipts for Authenticity. For more information, please follow other related articles on the PHP Chinese website!