Configure in-app purchase settings

Generate a shared secret to verify receipts

To increase the security between your server and Apple’s servers when validating an App Store subscription or in-app purchase, include a shared secret with your request to verify receipts.

A shared secret is a 32 character hexadecimal string generated in App Store Connect. You may generate a primary shared secret, which is single code for all of your apps, or an app-specific shared secret for individual apps. You may also use a primary shared secret for some of your apps, and an app-specific shared secret for others.

For information about incorporating a shared secret into your app’s receipt handling, visit Validating Receipts with the App Store.

Required role: Account Holder or Admin. View role permissions.

View or generate a shared secret for all your apps (primary shared secret)

  1. From the homepage, click Users and Access.

  2. Click the Integrations tab.

  3. In the sidebar under Keys, click Shared Secret.

  4. Click Generate Primary Shared Secret.

  5. Copy the code and use it for your transactions receipt for all of your apps with auto-renewable subscriptions.

When you generate a new shared secret, all apps in your organization that use a shared secret should use the new value to verify auto-renewable subscriptions.

View or generate a shared secret for an individual app (app-specific shared secret)

You can access the app-specific shared secret from the Subscriptions page for an app. You may want to use an app-specific shared secret if you want to keep this code private for this app, or if you are planning to transfer this app to another developer account.

Note: App-specific shared secrets can’t be deleted, only regenerated.

  1. From Apps, select your app.

  2. In the sidebar under General, click App Information.

  3. In the App-Specific Shared Secret section, click Manage.

    In-app purchase app-specific shared secret
  4. You can generate a shared secret for individual apps, or regenerate a shared secret.

    Note: Clicking Regenerate will automatically generate a new shared secret, and any previously generated shared secret for this app will be invalidated.

  5. Then click Done.

  6. To generate a shared secret, click Generate or Regenerate in the dialog.

  7. Copy the code and use it for your transactions receipt for this app.

When you regenerate an app-specific shared secret, use the new value to verify your auto-renewable subscriptions for this app.