Search code examples
iosin-app-purchasesubscriptionauto-renewingreceipt-validation

iOS auto-renewable subscriptions: receipt validation flows


I'm implementing an auto-renewable subscription scenario, where the receipt validation will be handled by my server-side code. Following Apple's documentation, I'll be obtaining the receipt data from NSBundle, and pass that data to my server, which will contact Apple to validate the receipt and inform the app about the result.

Now my questions are related to the necessary flows related to receipt validation:

  1. If the user purchases a subscription, my receipt will be automatically updated with the information from that purchase? If so, is it necessary to validate that receipt right after a purchase or should I "unlock" the app immediately?

  2. In what situations will my receipt be missing from NSBundle? If that happens, I suppose I should use SKReceiptRefreshRequest to refresh the receipt, and send it to the server for validation.

  3. If the user installs the app in a different device and restores his purchases restoreCompletedTransactions do I automatically get the receipt at the same time? I suppose I need to validate the receipt after a restore to make sure there's an active subscription, correct?

  4. When my server tries to validate a receipt, and that receipt is not valid, what should happen on the app side? Refresh the receipt (which will ask user for credentials) and pass it to the server again for new re-validation?


Solution

  • If the user purchases a subscription, my receipt will be automatically updated with the information from that purchase?

    Yes, the receipt is essentially a file stored on the device, after a purchase the receipt file is updated and appended with the latest transaction.

    If so, is it necessary to validate that receipt right after a purchase or should I "unlock" the app immediately?

    This depends on how concerned you are with fraud. There are many tools available to crack in-app purchases on jail broken devices, and not validating can allow users to access your content for free. If this is a problem, then validate your receipts before unlocking the content.

    In what situations will my receipt be missing from NSBundle?

    If in the middle of a purchase the user looses connectivity, the receipt data may not completely download, leaving you with an incomplete receipt. I suspect there are other scenarios, but I haven't come across any of them myself.

    If that happens, I suppose I should use SKReceiptRefreshRequest to refresh the receipt, and send it to the server for validation.

    Yes, though keep in mind this will just update the receipt file, you will then need to call appStoreReceiptURL again to retrieve the receipt from the file.

    If the user installs the app in a different device and restores his purchases restoreCompletedTransactions do I automatically get the receipt at the same time?

    The receipt file will be updated but you will need to call appStoreReceiptURL to get the receipt.

    I suppose I need to validate the receipt after a restore to make sure there's an active subscription, correct?

    Yup, good idea.

    When my server tries to validate a receipt, and that receipt is not valid, what should happen on the app side? Refresh the receipt (which will ask user for credentials) and pass it to the server again for new re-validation?

    I would tell the user that you don't believe the receipt is valid and provide an option to retry. Call SKReceiptRefreshRequest, send the receipt to your server again. Display the option again if it subsequently fails.

    If the user has made a fraudulent purchase I doubt they will complain to you or Apple.