Can I get first-time subscription receipts/transactions from App Store Server API rather than customers' devices?

The Manage in-app purchases on your server of WWDC 2021 shows the following flow:

The third arrow in the screenshot dictates the decoded transaction is sent from the customer's iPhone to our server.

Because our subscription management service and app backend are different services, we think the app shouldn't add another server to connect.

I wonder, after receiving INITIAL_BUY, if we can get the transaction/receipt using App Store Server API, i.e. we want the following flow:

Is this possible for now? Or is it essential to use customers' devices to decode transactions and receipts?

Accepted Reply

Hello!

SUBSCRIBED + INITIAL_BUY are App Store Server notifications V2, and those notifications include transaction information in signedRenewalInfo and signedTransactionInfo. These are already signed and if you can verify the signatures, no need to verify it again with another API call.

Receiving App Store Server Notifications:

> The version 2 response body, responseBodyV2, contains a signedPayload that’s cryptographically signed by the App Store in JSON Web Signature (JWS) format. The JWS format increases security and enables you to decode and validate the signature on your server. The notification data contains transaction and subscription renewal information that the App Store signs in JWS. The App Store Server API and the StoreKit In-App Purchase API use the same JWS-signed format for transaction and subscription status information. For more information about JWS, see the IETF RFC 7515 specification.

That said, you can use Get Transaction History API to get a customer’s in-app purchase transaction history for your app.

Replies

Hello!

SUBSCRIBED + INITIAL_BUY are App Store Server notifications V2, and those notifications include transaction information in signedRenewalInfo and signedTransactionInfo. These are already signed and if you can verify the signatures, no need to verify it again with another API call.

Receiving App Store Server Notifications:

> The version 2 response body, responseBodyV2, contains a signedPayload that’s cryptographically signed by the App Store in JSON Web Signature (JWS) format. The JWS format increases security and enables you to decode and validate the signature on your server. The notification data contains transaction and subscription renewal information that the App Store signs in JWS. The App Store Server API and the StoreKit In-App Purchase API use the same JWS-signed format for transaction and subscription status information. For more information about JWS, see the IETF RFC 7515 specification.

That said, you can use Get Transaction History API to get a customer’s in-app purchase transaction history for your app.