Not understanding loadRootCAs() in the node @apple/app-store-server-library

I am setting up an api endpoint in our server to intake apple store V2 notifications and I'm confused on the section outlining root CAs for the verifyAndDecodeNotification method.

Are we suppose to download those certs from https://www.apple.com/certificateauthority/ and store them on our server for reference to use in verifyAndDecodeNotification.

Seems odd to reference them locally and convert them to buffers for an api call

Up vote post of evandynh Down vote post of evandynh
323 views
Posted by
evandynh
Reply
Add a Comment

Replies

For my S2S notifications logic, I make an https call to download the cert. I then essentially cache it for 24 hours. This way it doesn’t download with every notification that I decode, but it will refresh the cert daily. You probably could store it on your server, though, as the certs won’t change very often.

Posted by
amill
Up vote reply of amill Down vote reply of amill
Add a Comment