iOS Receipt Validation – Apple App Store In-App Purchases

This article answers common questions on how to implement In-App Purchases, what is receipt validation, shall you use StoreKit, and many more.

To learn more about Apple App Store Receipt validation of Apple App Store receipts without Apple’s servers let’s start with the basics:

What is needed to start with in-app purchases?

• You should be familiar with in-App Purchases and StoreKit. 
• You need to enroll in the Apple Developer Program 
• Have a device for testing
• Get access to the iOS Developer Center and App Store Connect.

Types of in-app purchases

There are four types of in-app purchases:

1. Consumable – are used once and are depleted. For example, coins. 
2. Non-Consumable – are used once, but do not expire. For example, a movie in a video app.
3. Auto-Renewable Subscriptions – access to services with periodic payment. For example, a monthly subscription to Spotify.
4. Non-Renewing Subscriptions – access to services for a limited period. There is no auto-renewal, so users need to renew it on their end.

Note, you can add a free trial with a specific duration to a subscription.

I believe you have heard that some users do not want to pay for software and try to get access to app features avoiding in-app purchases. When a user makes an in-app purchase, the AppStore creates a receipt. 

What is App Store Receipt?

In-App Purchases provide you a convenient way to monetize in-app content and features within your app.

To provide access to your content, you need to pass a receipt through the receipt validation (verifyReceipt) endpoint.

Receipt is an encrypted file signed with an Apple certificate.

Let’s have a look at the receipt structure:

To validate purchases, you need to verify receipts on your server or the device. If you work with auto-renewable subscriptions, the App Store can also notify your server of key subscription events.

To retrieve the receipt data (appStoreReceiptURL) from the app on the device, use the appStoreReceiptURL = Bundle.main.appStoreReceiptURL

Is it necessary to validate receipts?

No, until you start using in-app purchases. For example, if you use auto-renewable subscriptions, you need to check when it expires to provide or block access to your service/content. It is also used when your users need to restore purchase, for example, if your user reinstalled your app.

How to validate receipts?

Check our new guide on how to decode receipts.

There are two ways:

1. Local validation, On-device receipt validation
2. Server-side receipt validation with the App Store

This table shows the difference between these methods for auto-renewable subscriptions:

What is Shared Secret?

Apple uses an app-specific key called Shared Secret to receive receipts for auto-renewable subscriptions. Using this key allows developers to verify in-app purchases.

To know how to get it, you can use this guide.

How to implement in-app purchases?

There are at least three options:

1) Build your own secure server. 

Pros: not sure if it is valuable, but you make the validation process on your end.

Cons: you need to spend time to build your server and support it when changes come. It takes time and additional costs. Receipt Validation is a tiny part of your app, and it looks like it is better to focus on your main product than spend time on building your server.

2) SwiftyStoreKit

SwiftyStoreKit is a framework to implement in-app purchases without server verification. 

Pros: Simple and seamless implementation without the need to build your own server.

Cons: Apple does not recommend this method. The verification process is done on the device-side. 

3) Qonversion – infrastructure for apps with subscriptions and in-app purchases.

Pros: Server-side Receipt Validation – no code required. Customer management platform, subscription analytics, real-time dashboards, 3rd-party integrations – send revenue data to analytics, marketing, and attribution tools.

Cons: If your monthly revenue is greater than $15k,  then you pay $1 for each additional $1000 revenue. 

For example, if you earn $30k, then you pay $0 for the first $15k and ($1 x 15) for the next $15k. Your total bill is $15.

If you choose your own server or Qonversion, you will be able to use new Properties from Apple without updating your app. For example promotional_offer_id, subscription_group_identifier or grace_period_expires_date.

Where is the documentation for all properties of latest_receipt_info?

The full list of responseBody.Latest_receipt_info you can find here.

Is it possible to validate a specific receipt online? 

Yes, you can use this tool  – iOS receipt validation checker. Do not forget to save it to your bookmarks.

How to test in-app purchases?

You can do it easily in the Sandbox environment. Just need to make a purchase or restore it while testing the app installed with Xcode or TestFlight. Important: The Apple Review team reviews apps in the sandbox.

Take a look at our article about StoreKit Testing In Xcode 12 and iOS 14.

Apple receipt validation complexity

Implementing in-app subscriptions and validating receipts is a difficult and time-consuming process. It requires building a server and jumping to the StoreKit documentation. Qonversion.io offers a simple solution that allows fast in-app subscription implementation with no server-side code required. 

Learn more about implementing in-app subscriptions with Qonversion here.