In-App Purchases – App Store Receipt Validation

Eugene Virnik avatar
Eugene Virnik

This article answers common questions on how to implement In-App Purchases, what is receipt validation, shall you use StoreKit, and many more.

Let’s start with the basics:

What is needed to start with in-app purchases?

  • You should be familiar with in-App Purchases and StoreKit. 
  • You need to enroll in the Apple Developer Program 
  • Have a device for testing
  • Get access to the iOS Developer Center and App Store Connect.

Types of in-app purchases

There are four types of in-app purchases:

  1. Consumable – are used once and are depleted. For example, coins. 
  2. Non-Consumable – are used once, but do not expire. For example, a movie in a video app.
  3. Auto-Renewable Subscriptions – access to services with periodic payment. For example, a monthly subscription to Spotify.
  4. Non-Renewing Subscriptions – access to services for a limited period. There is no auto-renew, so users need to renew it on their end.

Note, you can add a free trial with a specific duration to a subscription.

I believe you have heard that some users do not want to pay for paid software and try to get access to app features avoiding in-app purchases. When a user makes an in-app purchase, the AppStore creates a receipt. 

What is App Store Receipt?

In-App Purchases provide you a convenient way to monetize in-app content and features within your app.

To provide access to your content, you need to pass a receipt through the receipt validation (verifyReceipt) endpoint.

Receipt is an encrypted file signed with an Apple certificate.

Let’s have a look at the receipt structure:

To validate purchases, you need to verify receipts on your server or on the device. If you work with auto-renewable subscriptions, the App Store can also notify your server of key subscription events.

To retrieve the receipt data from the app on the device, use the appStoreReceiptURL = Bundle.main.appStoreReceiptURL

Is this necessary to validate receipts?

No, until you start using in-app purchases. For example, if you use auto-renewable subscriptions, you need to check when it expires to provide or block access to your service/content. It is also used when your users need to restore purchase, for example, if your user reinstalled your app.

How to validate receipts?

There are two ways:

  1. Local validation, On-device receipt validation
  2. Server-side receipt validation with the App Store

This table shows the difference between these methods for auto-renewable subscriptions:

What is Shared Secret?

Apple uses an app-specific key called Shared Secret to receive receipts for auto-renewable subscriptions. Using this key allows developers to verify in-app purchases.

To know how to get it, you can use this guide.

How to implement in-app purchases?

There are at least three options:

1) Build your own secure server. 

Pros: not sure if it is valuable, but you make the validation process on your end.

Cons: you need to spend time to build your server and support it when changes come. It takes time and additional costs. Receipt Validation is a tiny part of your app, and it looks like it is better to focus on your main product than spend time on building your server.

2) SwiftyStoreKit

SwiftyStoreKit is a framework to implement in-app purchases without server verification. 

Pros: Simple and seamless implementation without the need to build your own server.

Cons: Apple does not recommend this method. The verification process is done on the device side. 

3) Qonversion – infrastructure for apps with subscriptions and in-app purchases.

Pros: Server-side Receipt Validation – no code required. Customer management platform, subscription analytics, real-time dashboards, 3rd-party integrations – send revenue data to analytics, marketing, and attribution tools.

Cons: If your monthly revenue is greater than $15k,  then you pay $1 for each additional $1000 revenue. 

For example, if you earn $30k, then you pay $0 for the first $15k and ($1 x 15) for the next $15k. Your total bill is $15.

If you choose your own server or Qonversion, you will be able to use new Properties from Apple without updating your app. For example promotional_offer_id, subscription_group_identifier or grace_period_expires_date.

Where is the documentation for all properties of latest_receipt_info?

The full list of responseBody.Latest_receipt_info you can find here.

Is it possible to validate a specific receipt online? 

Yes, you can use this tool  – iOS receipt validation checker. Do not forget to save it to your bookmarks.

How to test in-app purchases:

You can do it easily in the Sandbox environment. Just need to make a purchase or restore it while testing the app installed with Xcode or TestFlight. Important: The Apple Review team reviews apps in the sandbox.

Take a look at our article about testing StoreKit Xcode 12 and iOS 14

mobile-subscription-analytics-qonversion

Apple receipt validation complexity

Implementing in-app subscriptions and validating receipts is a difficult and time-consuming process. It requires building a server and jumping to the StoreKit documentation. Qonversion.io offers a simple solution that allows fast in-app subscription implementation with no server-side code required. 

Learn more about implementing in-app subscriptions with Qonversion here.