We send StoreKit 2 signed transactions to our server for validation and processing. As part of this process, as recommended by Apple, we validate the certificate chain against the "Apple Root CA - G3 Root" certificate found here: https://www.apple.com/certificateauthority/ As of 24th September we started noticing this validation erroring because of expired certificates in the JWT. On further investigation we see the first cert in the chain, with the common name "Prod ECC Mac App Store and iTunes Store Receipt Signing", appears to have expired at "Sep 24 02:50:33 2023 GMT" I checked and calling the App Store API at "inApps/v1/subscriptions/" with the same transaction id also returns the subscription with the same expired certificate in the chain so I am confident that this is a genuine transaction issued by Apple. For now we have been forced to disable validating the expiry date of intermediate certificates to work around this. I'm however really surprised I haven't found anyone else discussing this or any documentation around how to handle this situation. Is it expected that the App Store JWS would contain an expired certificate and what is the guidance on how to proceed in this situation?

Ensure that your app’s local receipt validation is compatible with intermediate certificates that require using the SHA-256 algorithm. View Technote TN3138 >

I am using local receipt validation and the SKReceiptRefreshRequest API to restore purchases. When my iOS 16.1 users tap "restore purchase", the call fails. Notably, it does not ask the users to log into their iTunes account (it normally does) and my app logs the following error: <SKReceiptRefreshRequest: 0x281b0ad20>: Finished refreshing receipt with error: Error Domain=ASDErrorDomain Code=603 "Request throttled" UserInfo={NSLocalizedFailureReason=Unified receipt is valid and current, NSLocalizedDescription=Request throttled, AMSServerErrorCode=0} These errors started showing up after the release of 16.1 and appear to be limited to that specific version of iOS. The relevant code has not changed in years and I have iOS 15 and iOS 16.0 users who are currently able to restore purchases without issue. Also, I am not able to reproduce the issue in the sandbox but I am able to do so in production. I'm a bit at a loss. Why would my request be "throttled" and, further, why only on iOS 16.1 and only in production? Any thoughts on what could be happening here? Any help is much appreciated. Thank you!

Hi , i have a question to ask: When i first request to get transactionInfo to valid receipt. use getTransactionInfo endpoint. it found 4040010 error. After a while ,I send the same request ,it response correct transaction info It happen rate about 2% What the reason?

Hello, I finding contradictory information. Is it possible to place PWA in the app store?

As of September 6, 2023, I have registered and paid the Apple Developer participation fee to be able to publish the application on the App Store. However, up to now, it has been 5 days since registering and I have not received any notification or response about my account status, even though Apple informed me in the message that I need to wait 2 days for processing. . I'm really frustrated, is there anyone else like me with this situation? If you have any way to solve the above problem, please help me. Thank you very much!

Hello, I have an existing app which is beeing sold in the app store since 2010. Now I want to convert this app into a free app with optional in-app purchases. A part of the functionality which paid users currently have should then be accessible only by IAP. Therefore, I must identify my existing customers, to not make them pay again for functionality they have paid already. Googling around reveals that this is not easy to do, if it was possible at all. However, I found this post: https://stackoverflow.com/questions/3735635/convert-existing-ios-paid-app-to-freemium-model-with-in-app-purchase Quote: "There is now an Apple-approved way to do this on both iOS and macOS. The originally downloaded version of the app can be obtained from the receipt using the info key Original Purchased Version. You can then decide whether to unlock features if that version predates the switch to IAP." Now I have played around with this a bit, or more precisely: NSURL *receiptURL = [[NSBundle mainBundle] appStoreReceiptURL]; NSData *receipt = [NSData dataWithContentsOfURL:receiptURL]; However, in my tests, receipt will always be nil. The URL also points to some local location with sandbox in the name. Am I doing something wrong in general, or is this just not supposed to work how I thought it would? Note that I have installed my app from the app store on my device, then launched the above code on my device (so I'm NOT testing this in the simulator). I also read about SKReceiptRefreshRequest, however I cant figure out how to use it. So the question is, how would I figure out if a user has already purchased the orignal paid version? My app does not have a server-component, and by checking some NSUserDefaults key would result in charging users which reinstall the app on a new device. So what should I do?

Hi all, We're facing an issue with our app's subscription and in-app purchases: We are using StoreKit 2 Up until 6 hours ago, everything was fine. Now, users are telling us they can't access what they've paid for. We could reproduce the error on iOS 16.6, not on iOS 17 developer beta Buying or restore purchases are timing out. Everything works fine in Sandbox and TestFlight. We are getting these two errors with production builds: Error enumerating unfinished transactions Error enumerating all current transactions both with the following timeout message: Error Domain=NSURLErrorDomain Code=-1001 "Zeitüberschreitung bei der Anforderung." UserInfo={NSErrorFailingURLStringKey=https://mzstorekit.itunes.apple.com/inApps/v1/history?reason=initial, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask, NSUnderlyingError=0x2837a4f00 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "(null)" UserInfo={_kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4}}, _kCFStreamErrorCodeKey=-2102 Is anyone else seeing this? Any fixes? Thanks for any help or advice. Best, Juno

If my user purchase and get transaction_id: 2000000395609292, and then another user just makeup a same transaction_id to call the App Store Server API If in the old way, the receipt seems impossiable to makeup, how about now? Is that equally safe as before? Or is there any way to protect transaction_id. I am not that good at security, so please forgive me about missing any point. o(╥﹏╥)o Looking forward to your response, sincerely!! :)

I'm noticing that when I build for development and switch Apple accounts while the app is running, the device receipt isn't updated even after I call SKReceiptRefreshRequest.start(). The app behaves as expected if I install fresh. Is this a known issue if we're running from Xcode?

Issue Currently I have multiple subscription offers available for yearly/monthly subscriptions. Each of the subscription offers have multiple different custom codes available. When the customer buys a subscription and the receipt is being handled in the backend, I need to know which of the custom codes was used. What I have tried When i call the https://buy.itunes.apple.com/verifyReceipt I get the values offer_code_ref_name and promotional_offer_id. The offer_code_ref_name is the subscription offer name AND NOT the custom code. I tried to get more info using the https://api.storekit.itunes.apple.com/inApps/v1/subscriptions/{transactionId} request, but it does not give me any info about the custom code used either. I do however see which custom code has been used if I go to Sales and Trends > Sales and Trends Reports and download Subscritpion Reports. There the offer code can be found ref. as "Promotional Offer ID" my question How can I get which custom code was used when purchasing a renewable subscription using transaction id or transaction Receipt?

Can I delete the file StoreKitTestCertificate.cer if I have a published app that uses StoreKit 2? This is how I was using it earlier to do receipt validation but it's no longer in my released app: #if DEBUG let certificate = "StoreKitTestCertificate" #else let certificate = "AppleIncRootCertificate" #endif Source: https://developer.apple.com/documentation/xcode/setting-up-storekit-testing-in-xcode/ Can I safely delete StoreKitTestCertificate.cer in my next version this file without affecting the released app or TestFlight?

Hi, We offer a premium account IAP for our app. We recently noticed on our proceeds section of App Store Connect that a refund for the IAP had been processed but we didn't receive a notification regarding this and from what I can see there is no way to see who applied for it. This is a problem as we need to be able to switch the premium account off for that account. Can someone help with this please?

I am trying to calculate apple cut, if users days of paid service is more than a year apple reduces commission to %15. By the docs: If a subscription expires due to a cancellation or billing issue, the days of paid service stop accumulating. If the subscription is renewed within 60 days, the days of paid service resume from the recovery date. So can i assume if original_transaction_id stays the same user not violated 60 days, therefore if i sum all the (expiration_date - purchase_date) with that id, is it a viable result ? Thanks in advance.