Post not yet marked as solved
I am interested in using sandbox users for my automation, and I want to bypass the UI and execute the automation using the APIs. I have found the APIs to list users, modify users, and clear purchase history, but I am not sure if there is a way to create and delete users programmatically.
https://developer.apple.com/documentation/appstoreconnectapi/sandbox_testers
Currently, our app calls Apple to get the payment receipt, and then our internal workflows are triggered based on the response received from Apple. Is there a way to bypass UI and achieve the same thing using the backend APIs for sandbox user accounts?
I also need some clarification on how to generate the JWT token for authorization purposes. Do I need to regenerate the JWT token every 30 days?
Thank you for your time and consideration.
Post not yet marked as solved
I am trying to calculate apple cut, if users days of paid service is more than a year apple reduces commission to %15.
By the docs:
If a subscription expires due to a cancellation or billing issue, the days of paid service stop accumulating. If the subscription is renewed within 60 days, the days of paid service resume from the recovery date.
So can i assume if original_transaction_id stays the same user not violated 60 days, therefore if i sum all the (expiration_date - purchase_date) with that id, is it a viable result ?
Thanks in advance.
Currently, my app validates App Store receipts on the device, so as per this news, I need to make changes to it,
But I am unable to make a decision on where I should start, Can anyone please help me out on this?
Do I need to make changes in the device receipt validation? If yes, what steps should I take?
OR
Should I do the receipt validation from the server side? If yes, then what steps to follow to make a receipt validation on the server?
Your suggestions will be highly appreciated.
Post not yet marked as solved
Hi,
We offer a premium account IAP for our app. We recently noticed on our proceeds section of App Store Connect that a refund for the IAP had been processed but we didn't receive a notification regarding this and from what I can see there is no way to see who applied for it.
This is a problem as we need to be able to switch the premium account off for that account.
Can someone help with this please?
Post not yet marked as solved
Can I delete the file StoreKitTestCertificate.cer if I have a published app that uses StoreKit 2?
This is how I was using it earlier to do receipt validation but it's no longer in my released app:
#if DEBUG
let certificate = "StoreKitTestCertificate"
#else
let certificate = "AppleIncRootCertificate"
#endif
Source: https://developer.apple.com/documentation/xcode/setting-up-storekit-testing-in-xcode/
Can I safely delete StoreKitTestCertificate.cer in my next version this file without affecting the released app or TestFlight?
Post not yet marked as solved
Issue
Currently I have multiple subscription offers available for yearly/monthly subscriptions. Each of the subscription offers have multiple different custom codes available. When the customer buys a subscription and the receipt is being handled in the backend, I need to know which of the custom codes was used.
What I have tried
When i call the https://buy.itunes.apple.com/verifyReceipt I get the values offer_code_ref_name and promotional_offer_id. The offer_code_ref_name is the subscription offer name AND NOT the custom code.
I tried to get more info using the https://api.storekit.itunes.apple.com/inApps/v1/subscriptions/{transactionId} request, but it does not give me any info about the custom code used either.
I do however see which custom code has been used if I go to Sales and Trends > Sales and Trends Reports and download Subscritpion Reports. There the offer code can be found ref. as "Promotional Offer ID"
my question
How can I get which custom code was used when purchasing a renewable subscription using transaction id or transaction Receipt?
Post not yet marked as solved
I'm noticing that when I build for development and switch Apple accounts while the app is running, the device receipt isn't updated even after I call SKReceiptRefreshRequest.start(). The app behaves as expected if I install fresh. Is this a known issue if we're running from Xcode?
In the old verifyReceipt endpoint doc, there is an important desc
As a best practice, always call the production URL https://buy.itunes.apple.com/verifyReceipt first and proceed to verify with the sandbox URL if you receive a 21007 status code. Following this approach ensures that you don’t have to switch between URLs while your app is in testing, in review by App Review, or live in the App Store.
So I can know the transactionId is for sandbox if return back 21007.
And I am about to access to new App Store Server API, so the same, I wonder how can I recognize the transactionId is from sandbox by status code?
The most likely desc is this:
If you don’t have environment information, follow these steps:
Call the endpoint using the production URL. If the call succeeds, the original transaction identifier belongs to the production environment.
If you receive an [errorCode 4040005] with errorMessage as OriginalTransactionIdNotFoundError, (or HTTP response code 404 from the Send Consumption Information endpoint), call the endpoint using the sandbox environment.
If the call succeeds, the original transaction identifier belongs to the sandbox environment. If the call fails with the same error code, the original transaction identifier isn’t present in either environment.
And I have a try for Get Transaction Info API, but actually get 4040010, Transaction id not found. as return.
So I just wanna clear that is there any doc clarify this point that I miss?
Looking forward to your response, sincerely!! :)
I try to call Get Transaction Info from App Store Server API, and the transactionId is for a Non-consumable type product, but it is odd that there are so many different transactionId and they have a same originalTransactionId
{
"bundleId": "${bundleId}",
"environment": "Production",
"inAppOwnershipType": "PURCHASED",
"originalPurchaseDate": 1691220528000,
"originalTransactionId": "${originalTransactionId}",
"productId": "${productId}",
"purchaseDate": 1691220528000,
"quantity": 1,
"signedDate": 1692590989925,
"storefront": "USA",
"storefrontId": "143441",
"transactionId": "${originalTransactionId}",
"transactionReason": "PURCHASE",
"type": "Non-Consumable"
}
the defination of Non-Consumable is can only purchase once for same apple account. But why there would have originalTransactionId?
Post not yet marked as solved
If my user purchase and get transaction_id: 2000000395609292, and then another user just makeup a same transaction_id to call the App Store Server API
If in the old way, the receipt seems impossiable to makeup, how about now? Is that equally safe as before?
Or is there any way to protect transaction_id.
I am not that good at security, so please forgive me about missing any point. o(╥﹏╥)o
Looking forward to your response, sincerely!! :)
Post not yet marked as solved
Hi all,
We're facing an issue with our app's subscription and in-app purchases:
We are using StoreKit 2
Up until 6 hours ago, everything was fine.
Now, users are telling us they can't access what they've paid for.
We could reproduce the error on iOS 16.6, not on iOS 17 developer beta
Buying or restore purchases are timing out.
Everything works fine in Sandbox and TestFlight.
We are getting these two errors with production builds:
Error enumerating unfinished transactions
Error enumerating all current transactions
both with the following timeout message:
Error Domain=NSURLErrorDomain Code=-1001 "Zeitüberschreitung bei der Anforderung." UserInfo={NSErrorFailingURLStringKey=https://mzstorekit.itunes.apple.com/inApps/v1/history?reason=initial, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask, NSUnderlyingError=0x2837a4f00 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "(null)" UserInfo={_kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4}}, _kCFStreamErrorCodeKey=-2102
Is anyone else seeing this? Any fixes?
Thanks for any help or advice.
Best,
Juno
Post not yet marked as solved
As of September 6, 2023, I have registered and paid the Apple Developer participation fee to be able to publish the application on the App Store. However, up to now, it has been 5 days since registering and I have not received any notification or response about my account status, even though Apple informed me in the message that I need to wait 2 days for processing. .
I'm really frustrated, is there anyone else like me with this situation? If you have any way to solve the above problem, please help me. Thank you very much!
Post not yet marked as solved
Hello, I finding contradictory information. Is it possible to place PWA in the app store?
Post not yet marked as solved
The error message "Purchase of this item is not currently available. The item is being modified." keeps appearing for journalists in different countries trying to get early copies of the latest build of my app using promo codes. This error has only started appearing when redeeming promo codes recently. Just days ago, users had no problem redeeming codes for the same build. No changes have been made to the app since then. The app is also free globally with an in-app-purchase option to remove ads. The promo codes to remove ads have been working fine with no error messages, but redeeming the latest build displayed the error message though it has worked days before. Generating new promo codes for the same build did not work either.
This is the message that I got from a reviewer from one journalist:
"I've sent the code over to one of our reviewers, and he says that when he tried to redeem the code to download your app, an error message popped up saying "purchase not currently available, item is being modified".
He's still getting the same error message even after restarting his iPhone. He even tried a different device and checked for updates on both devices to no avail. Can you help?"
It's an urgent matter not only because the press can't review the game, but also I worry it would affect the launch of the app in a few days. What if this error means users can't download the app on launch?
Post not yet marked as solved
Hello!
Please let me know after I make a request for purchase information
GET https://api.storekit-sandbox.itunes.apple.com/inApps/v1/transactions/2000000411047647
I receive encrypted information in this format
{
"signedTransactionInfo":"eyJhbGciOiJFUzI1NiIsIng1YyI6WyJNSUlFTURDQ0E3YWdBd0lCQWdJUWZUbGZkMGZOdkZXdnpDMVlJQU5zWGpBS0JnZ3Foa2pPUFFRREF6QjFNVVF3UWdZRFZRUURERHRCY0hCc1pTQlhiM0pzWkhkcFpHVWdSR1YyWld4dmNHVnlJRkpsYkdGMGFXOXVjeUJEWlhKMGFXWnBZMkYwYVc5dUlFRjFkR2h2Y21sMGVURUxNQWtHQTFVRUN3d0NSell4RXpBUkJnTlZCQW9NQ2tGd2NHeGxJRWx1WXk0eEN6QUpCZ05WQkFZVEFsVlRNQjRYRFRJek1Ea3hNakU1TlRFMU0xb1hEVEkxTVRBeE1URTVOVEUxTWxvd2daSXhRREErQmdOVkJBTU1OMUJ5YjJRZ1JVTkRJRTFoWXlCQmNIQWdVM1J2Y21VZ1lXNWtJR2xVZFc1bGN5QlRkRzl5WlNCU1pXTmxhWEIwSUZOcFoyNXBibWN4TERBcUJnTlZCQXNNSTBGd2NHeGxJRmR2Y214a2QybpBQmhpVm9kSFJ3T2k4dmIyTnpjQzVoY0hCc1pTNWpiMjB2YjJOemNEQXpMWGQzWkhKbk5qQXlNSUlCSGdZRFZSMGdCSUlCRlRDQ0FSRXdnZ0VOQmdvcWhraUc5Mk5rQlFZQk1JSCtNSUhEQmdnckJnRUZCUWNDQWpDQnRneUJzMUpsYkdsaGJtTmxJRzl1SUhSb2FYTWdZMlZ5ZEdsbWFXTmhkR1VnWW5rZ1lXNTVJSEJoY25SNUlHRnpjM1Z0WlhNZ1lXTmpaWEIwWVc1alpTQnZaaUIwYUdVZ2RHaGxiaUJoY0hCc2FXTmhZbXhsSUhOMFlXNWtZWEprSUhSbGNtMXpJR0Z1WkNCamIyNWthWFJwYjI1eklHOW1JSFZ6WlN3Z1kyVnlkR2xtYVdOaGRHVWdjRzlzYVdONUlHRnVaQ0JqWlhKMGFXWnBZMkYwYVc5dUlIQnlZV04wYVdObElITjBZWFJsYldWdWRITXVNRFlHQ0NzR0FRVUZCd0lCRmlwb2RIUndPaTh2ZDNkM0xtRndjR3hsTG1OdmJTOWpaWEowYVdacFkyRjBaV0YxZEdodmNtbDBlUzh3SFFZRFZSME9CQllFRkFNczhQanM2VmhXR1FsekUyWk9FK0dYNE9vL01BNEdBMVVkRHdFQi93UUVBd0lIZ0RBUUJnb3Foa2lHOTJOa0Jnc0JCQUlGQURBS0JnZ3Foa2pPUFFRREF3Tm9BREJsQWpFQTh5Uk5kc2twNTA2REZkUExnaExMSndBdjVKOGhCR0xhSThERXhkY1BYK2FCS2pqTzhlVW85S3BmcGNOWVVZNVlBakFQWG1NWEVaTCtRMDJhZHJtbXNoTnh6M05uS20rb3VRd1U3dkJUbjBMdmxNN3ZwczJZc2xWVGFtUllMNGFTczVrPSIsIk1JSURGakNDQXB5Z0F3SUJBZ0lVSXNHaFJ3cDBjMm52VTRZU3ljYWZQVGp6Yk5jd0NnWUlLb1pJemowRUF3TXdaekViTUJrR0ExVRWUVFERER0QmNIQnNaU0JYYjNKc1pIZHBaR1VnUkdWMlpXeHZjR1Z5SUZKbGJHRj000OUJBTURBMmdBTUdVQ01RQ0Q2Y0hFRmw0YVhUUVkyZTN2OUd3T0FFWkx1***5UmhIRkQvM21lb3locG12T3dnUFVuUFdUeG5TNGF0K3FJeFVDTUcxbWloREsxQ"
}
Please tell me how I can decode the information signedTransactionInfo ?
and what is needed for this? (I'm trying to decode on Node.js)
Post not yet marked as solved
Hi , i have a question to ask:
When i first request to get transactionInfo to valid receipt. use getTransactionInfo endpoint. it found 4040010 error.
After a while ,I send the same request ,it response correct transaction info
It happen rate about 2%
What the reason?
Receipt verification on my app's server suddenly started giving an error, and all billing-related processes became errors.
The error that is occurring is Signature verification failed is.(FireBaseJWT throw Exception)
The code is below, but it was working fine until 3 days ago.
JWT::decode($lastTransaction['signedTransactionInfo'], $appleCertificate, ['ES256']);
The certificate used here was created by the server developer, so I don't know how to create it.
Could you please help me which certificate should I use?
I tried using the ApplePKI certificate, but the same error occurred.
私のアプリのサーバでのレシート検証が突然エラーを吐くようになり、課金関連の処理が全てエラーになってしまいました。
発生しているエラーはSignature verification failedです。(FireBaseJWTのException)
コードは以下になっていますが、3日前までは正常に動作していたコードです。
JWT::decode($lastTransaction['signedTransactionInfo'], $appleCertificate, ['ES256']);
ここで利用している証明書はサーバ開発者に作成して貰っていたので作成方法が分かりません。
どの証明書を使えば良いか助けて貰えないでしょうか。
ApplePKIの証明書は粗方試してみましたが同様のエラーになっています。
There are fake receipts used by hackers, which are the receipts before iOS7.The Receipt can be successfully verified with an incorrect password.Is this a bug?https://developer.apple.com/documentation/appstorereceipts/verifyreceipt
--Do I need to completely drop compatibility for this?
Post not yet marked as solved
We send StoreKit 2 signed transactions to our server for validation and processing. As part of this process, as recommended by Apple, we validate the certificate chain against the "Apple Root CA - G3 Root" certificate found here: https://www.apple.com/certificateauthority/
As of 24th September we started noticing this validation erroring because of expired certificates in the JWT. On further investigation we see the first cert in the chain, with the common name "Prod ECC Mac App Store and iTunes Store Receipt Signing", appears to have expired at "Sep 24 02:50:33 2023 GMT"
I checked and calling the App Store API at "inApps/v1/subscriptions/" with the same transaction id also returns the subscription with the same expired certificate in the chain so I am confident that this is a genuine transaction issued by Apple.
For now we have been forced to disable validating the expiry date of intermediate certificates to work around this. I'm however really surprised I haven't found anyone else discussing this or any documentation around how to handle this situation.
Is it expected that the App Store JWS would contain an expired certificate and what is the guidance on how to proceed in this situation?
Post not yet marked as solved
I'm currently working on in-app-purchase.
I want to post receipt to my backend server and verify on server(not post to apple server) like this page.
But take a look at Receipt Fields, there's no way to know the environment this receipt generated in.
Is there any way to determine the environment the receipt generated in?