Hello, I want to provide in- app subscription option for my application services inside other apps. Is this possible? Does Apple in app subscription guidelines allow this? Reading the guidelines this use case is not clear. UseCase: I am embedding the services that my app provides inside other 3rd party apps (embed my application Framework/library within the other application) but want to provide in-app subscription option to use services provided by my library. Users can purchase this service by subscribing to monthly subscription option using Apple in-app subscription. Because there are multiple other 3rd party applications that will include my library and since these 3rd party applications in some cases are not from the same developer account I do not want to use individual in-app subscription for each application. Instead, I am looking for a way to create in-app subscription from my main application and provide the same purchase option within all other 3rd party apps that embed my application library. Can this be done? Does Apple in-app subscription allow this use case?

This is re-posted from this Stack Overflow post. I am looking at validating the purchase of a paid app from Mac AppStore. Based on this WWDC video about StoreKit 2, I am attempting to this with AppTransaction. I have not found meaningful high-level documentation about this specific use case beyond that. My approach is to first get the "cached" AppTransaction by calling AppTransaction.shared. If that is not there I proceed to getting it from Apple, via AppTransaction.refresh(). If they don't have it, or when the network is down, the user automagically gets the familiar "log in to your store account" UI that has been around as long as the Mac AppStore. Once I have the AppTransaction I use it to verify we are on the right device, using code like this, where the returned Bool represents validation success: guard let deviceVID = AppStore.deviceVerificationID?.uuidString.lowercased() else { return false } let nonce = appTransaction.deviceVerificationNonce.uuidString.lowercased() let combo = nonce + deviceVID let digest = SHA384.hash(data: Data(combo.utf8)) return (digest == appTransaction.deviceVerification) My first question is: Does that look like the right approach? Is there something else I should do, or check? My second question is around testing this approach. Refreshing the AppTransaction in the sandbox invariably yields a valid item, even if the app version does not yet exist in AppStoreConnect. This is also the case when I log out in the App Store app on the Mac. This makes me think it is using my AppleID which I am logged into in System Settings. Does that sound right? I would like to be able to remove / delete the cached AppTransactions - where might I find those on the system? Thanks for everyone's help!

The post TN3138: Handling App Store receipt signing certificate changes mentioned that receipt hashing algorithm in Sandbox and TestFlight will both change to SHA256 after 2023/8/16. However this never happened. Our apps were still getting SHA1 receipt in dev environment. Only after we had published our app, the "real store" started to send us SHA256 encrypted receipts. This is so confusing. (We're using iOS 16.6+ device for testing)

The error message "Purchase of this item is not currently available. The item is being modified." keeps appearing for journalists in different countries trying to get early copies of the latest build of my app using promo codes. This error has only started appearing when redeeming promo codes recently. Just days ago, users had no problem redeeming codes for the same build. No changes have been made to the app since then. The app is also free globally with an in-app-purchase option to remove ads. The promo codes to remove ads have been working fine with no error messages, but redeeming the latest build displayed the error message though it has worked days before. Generating new promo codes for the same build did not work either. This is the message that I got from a reviewer from one journalist: "I've sent the code over to one of our reviewers, and he says that when he tried to redeem the code to download your app, an error message popped up saying "purchase not currently available, item is being modified". He's still getting the same error message even after restarting his iPhone. He even tried a different device and checked for updates on both devices to no avail. Can you help?" It's an urgent matter not only because the press can't review the game, but also I worry it would affect the launch of the app in a few days. What if this error means users can't download the app on launch?

Looks like I'm getting the error "There's no information available for in app purchases. Try again later. 21102" The purchase starts, gets to in progress but never completes so I cannot grant the user any item in app. App info: I made a small test application with a simple purchase button and restore purchase button, the middle button as shown in the video that's clicked is the purchase button to kick off the transaction. If the service isn't working through the manage>test purchase in appstore>sandbox(not in-app), it is likely not a code issue from my end, it is either internally from your Apple side or a config issue on the apple account application end on my side. Ive tried deleting sandbox testers, new builds, as well as doing it on test flight. Just feel like if its not workig through manage>test purchase in appstore>sandbox then its def not a my problem Logs: <SKPaymentQueue: 0x281f4eb40>: Payment completed with error: Error Domain=ASDServerErrorDomain Code=3539 "There’s no information available for In‑App Purchases. Try again later." UserInfo={NSLocalizedFailureReason=There’s no information available for In‑App Purchases. Try again later., AMSServerErrorCode=3539, client-environment-type=Sandbox, storefront-country-code=USA} Any help would be great, this has been happening for a week now , and apple has been 0 help. Thank you so much for anything here.

When trying to refresh a sandbox receipt of my macOS app by using exit(173), storekitd on macOS Sonoma 14.1 logs the following (German) error: fehler 18:32:58.421785+0100 storekitagent com.(redacted): Failed to renew receipt for exit(173): Error Domain=AMSErrorDomain Code=100 "Authentication Failed" UserInfo={NSMultipleUnderlyingErrorsKey=(``` "Error Domain=AMSErrorDomain Code=2 \"Ein unbekannter Fehler ist aufgetreten. Versuche es erneut.\" UserInfo={NSLocalizedDescription=Ein unbekannter Fehler ist aufgetreten. Versuche es erneut.}", "Error Domain=NSURLErrorDomain Code=-1202 \"Das Zertifikat f\U00fcr diesen Server ist ung\U00fcltig. Eventuell wird eine Verbindung mit einem Server hergestellt, der vorgibt, \U201eauth-sandbox.itunes.apple.com\U201c zu sein und vertrauliche Daten gef\U00e4hrdet.\" UserInfo={NSLocalizedRecoverySuggestion=Soll die Verbindung zum Server trotzdem hergestellt werden?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9843, NSErrorPeerCertificateChainKey=(\n \"<cert(0x14f033000) s: daiquiri-ext.itunes.apple.com i: Apple Public EV Server RSA CA 2 - G1>\",\n \"<cert(0x14f01d000) s: Apple Public EV Server RSA CA 2 - G1 i: DigiCert High Assurance EV Root CA>\",\n`` The error translates to: The certificate for this server is invalid. A connection may be established with a server pretending to be "auth-sandbox.itunes.apple.com" and compromising confidential data. The certificate returned by the sandbox auth server seems to be for daiquiri-ext.itunes.apple.com and not valid for auth-sandbox.itunes.apple.com. When I try to enter https://auth-sandbox.itunes.apple.com in Safari, it tells me that it cannot establish a secure connection to the server. curl -v https://auth-sandbox.itunes.apple.com logs this: * Connected to auth-sandbox.itunes.apple.com (17.36.202.9) port 443 (#0) * ALPN: offers h2,http/1.1 * (304) (OUT), TLS handshake, Client hello (1): * CAfile: /etc/ssl/cert.pem * CApath: none * (304) (IN), TLS handshake, Server hello (2): * (304) (IN), TLS handshake, Unknown (8): * (304) (IN), TLS handshake, Certificate (11): * (304) (IN), TLS handshake, CERT verify (15): * (304) (IN), TLS handshake, Finished (20): * (304) (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384 * ALPN: server accepted h2 * Server certificate: * subject: businessCategory=Private Organization; jurisdictionCountryName=US; jurisdictionStateOrProvinceName=California; serialNumber=C0806592; C=US; ST=California; L=Cupertino; O=Apple Inc.; CN=daiquiri-ext.itunes.apple.com * start date: Aug 28 18:07:16 2023 GMT * expire date: Dec 30 18:17:16 2023 GMT * subjectAltName does not match auth-sandbox.itunes.apple.com * SSL: no alternative certificate subject name matches target host name 'auth-sandbox.itunes.apple.com' * Closing connection 0 curl: (60) SSL: no alternative certificate subject name matches target host name 'auth-sandbox.itunes.apple.com'

Our app introduces monthly subscriptions. The process is to execute SKProductsRequest.start() from the app, verify the received receipt with our system, and turn on the premium feature. With the current app design, if you resubscribe from the iPhone settings, the app cannot detect it, so we have introduced a process to retrieve the receipt from Bundle.main.appStoreReceiptURL and verify whether it is the correct receipt. The expected receipt information is the receipt that includes the "original_transaction_id" and "transaction_id" information as shown below. "receipt": { ···omission··· }, "auto_renew_product_id": "jp.co.**********.subscription", "auto_renew_status": 1, "latest_receipt_info": { ···omission··· "original_transaction_id": "20000**********", ···omission··· "transaction_id": "200013**********", ···omission··· }, "latest_receipt": "Receipt", "status": 0 However, as shown below, we found many logs (more than a few dozen for 2% of users) where receipts with missing information were retrieved. Considering the number of data items, it is unlikely that the receipt was falsified. "receipt": { ···omission··· "in_app": [] }, "environment": "Production", "status": 0 Our system links users based on "original_transaction_id" and "transaction_id," but since we are unable to obtain the necessary information, we are unable to determine whether the user has already purchased a subscription. Question 1 What are the possible situations in which receipts with missing information like this are obtained? For example, is it possible for a receipt like this to be generated even though no charges have been made? Question 2 Is there a way to update such receipts with the correct information? I searched the Developer forum, but if I do SKReceiptRefreshRequest, will I be able to obtain necessary information such as "original_transaction_id" and "transaction_id"?

Here is a summary of the steps we have taken: Endpoint Configuration: We have set up an HTTPS endpoint on our server hosted with Heroku. Our application is built with Node.js and Express, and it is designed to listen for POST requests for processing Apple's server notifications. App Store Connect Setup: We have entered the correct endpoint URL in App Store Connect for both production and sandbox environments. We have also ensured that we are set up to receive version 2 notifications, as this is the latest format. TLS Support: We have verified that Heroku supports TLS 1.2 by default, and our server is configured to utilize this protocol. Receipt and Shared Secret: We have generated the shared secret from App Store Connect and stored it securely as a config var in Heroku. This shared secret is used to validate receipts with Apple's verifyReceipt endpoint. Testing: We have conducted tests using Apple's sandbox environment by performing transactions to trigger server notifications. Additionally, we have also checked the Heroku logs for any incoming requests and haven't observed any related to the Apple server notifications. Firewall and IP Whitelisting: Our server does not have any IP whitelisting or firewall rules that would block incoming HTTP POST requests from external services. However, despite these measures, we have not been able to receive any server-to-server notifications

I have some questions about your Commerce refund/chargeback area. I would really appreciate it if you could help clarify these questions. As we are a Saas game backend company helping game studios build their backend, and our system is not directly integrated with your platform transaction system, it is very difficult for us to detect any refund/chargeback and perform revocation of items/VCs accordingly. So, I’m wondering if your platform provides any kind of workaround for us to gather player refund/chargeback events? Any suggestions or guidance will be highly appreciated. Thank you!

Hi everyone, I'm trying to understand something for analytics purpose. We see a large number of transactions coming in Transaction.update that don't initiate from our app's paywalls. When using AppStore.sync, does this send any restored transactions in Transaction.update? Or does it simply update what currentEntitlements will return. In other words, when I validate a transaction coming from Transaction.update, and the reason is .purchase, is it always a new purchase, or can it be an old purchase which is replayed? If the answer to the above question is yes, how can we distinguish actual purchases from restored transactions when verifying a transaction? Thanks! Bruno

Hi, Currently we are using store kit api and we get the receipt which then backend validate from apple using /verifyReceipt. Now we are planning to move to store kit v2 api. But in this case, we are getting signedPayload instead of receipt. Now this signedPayload cannot be used in the /verifyReceipt. So what is the other way to validate the signedToken from apple and get the data that we get from the /verifyReceipt response. Thanks for the help!

There are fake receipts used by hackers, which are the receipts before iOS7.The Receipt can be successfully verified with an incorrect password.Is this a bug?https://developer.apple.com/documentation/appstorereceipts/verifyreceipt --Do I need to completely drop compatibility for this? FB number is https://feedbackassistant.apple.com/feedback/13205370 but the ticket's status is Investigation complete - Unable to diagnose with current information,but No reply message

I have recently set up subscription flow on app. I have configure the subscription with Pricing and an introductory offer of free trial. Submitted the version of app and got it approved. Now I'm trying to release the next phase with loaded features... But this time when I try to test the same via testflight, the free trial introductory offer(which is still active) isn't showing up against the subscription plan. Same happens in Sandbox environment as well. Need some help to get that free trial option to show up on the subscription pop-up screen.

We have noticed lately that a bunch of our receipts coming in from the Apple IAP webhook appear to be the older style receipts pre ios 7 that has the in_app array empty and doesn't provide a latest_receipt_info. Our app only supports iOS 15+ so not sure how these receipts are coming in. I noticed a couple receipts that didn't have the latest_receipt_info initially when coming in, ended up getting a latest_receipt_info a few days later. We are trying to figure out what is causing this as it is messing up our IAP processing system. The receipts look like this. { "receipt": { "receipt_type": "Production", "adam_id": <app_id>, "app_item_id": <app_id>, "bundle_id": "<bundle_id>", "application_version": "308", "download_id": <download_id>, "version_external_identifier": 859744352, "receipt_creation_date": "2023-09-12 23:58:47 Etc/GMT", "receipt_creation_date_ms": "1694563127000", "receipt_creation_date_pst": "2023-09-12 16:58:47 America/Los_Angeles", "request_date": "2023-10-06 14:54:57 Etc/GMT", "request_date_ms": "1696604097794", "request_date_pst": "2023-10-06 07:54:57 America/Los_Angeles", "original_purchase_date": "2022-10-05 13:05:53 Etc/GMT", "original_purchase_date_ms": "1664975153000", "original_purchase_date_pst": "2022-10-05 06:05:53 America/Los_Angeles", "original_application_version": "98", "in_app": [] }, "environment": "Production", "status": 0 } We are trying to figure out what is causing this and if it is an issue on our side or Apple's.

I have recently set up subscription flow on app. I have configure the subscription with Pricing and an introductory offer of free trial. Submitted the version of app and got it approved. Now I'm trying to release the next phase with loaded features... But this time when I try to test the same via testflight, the free trial introductory offer(which is still active) isn't showing up against the subscription plan. Same happens in Sandbox environment as well. Need some help to get that free trial option to show up on the subscription pop-up screen. TIA

I'm currently working on in-app-purchase. I want to post receipt to my backend server and verify on server(not post to apple server) like this page. But take a look at Receipt Fields, there's no way to know the environment this receipt generated in. Is there any way to determine the environment the receipt generated in?

We send StoreKit 2 signed transactions to our server for validation and processing. As part of this process, as recommended by Apple, we validate the certificate chain against the "Apple Root CA - G3 Root" certificate found here: https://www.apple.com/certificateauthority/ As of 24th September we started noticing this validation erroring because of expired certificates in the JWT. On further investigation we see the first cert in the chain, with the common name "Prod ECC Mac App Store and iTunes Store Receipt Signing", appears to have expired at "Sep 24 02:50:33 2023 GMT" I checked and calling the App Store API at "inApps/v1/subscriptions/" with the same transaction id also returns the subscription with the same expired certificate in the chain so I am confident that this is a genuine transaction issued by Apple. For now we have been forced to disable validating the expiry date of intermediate certificates to work around this. I'm however really surprised I haven't found anyone else discussing this or any documentation around how to handle this situation. Is it expected that the App Store JWS would contain an expired certificate and what is the guidance on how to proceed in this situation?