iOS IAP internal purchase verification

Referring to my previous notes Apple notes, we need to verify two times after the client has successfully purchased Apple.

Two validations

After the iOS was successfully purchased in a sandbox environment, two validations were made to Apple to confirm that the user was successful.

When an app requests a purchase from an Apple server, Apple returns the following four data to the app after it succeeds

Four validation data

ProductIdentifier:cosmosbox.strikehero.gems60state:Purchasedreceipt: Ewojinnpz25hdhvyzsigpsaiqxf1m3jir1grbmjmegvvzs9vzglma3dqwvlbdkqrvte1l1nrl2y0cgzlaflbowfavghsbtnmvxphc25tugd3avbommsxstvfa Vpwegp6aezss0jdvxbpeheywfk5n1lhuguzmfo0cthmrlldzwjpehfzwljauu01n2xtzfo0bdn6ehnnawpgemfiykrxlzm4cm1eexftt0fsyzres3dxtgfpc2 Ezyuy5d2jwbufbqurwekndqtfnd2dnstdvqu1dqvfjq0ncdxa0k1bbag0vte1bmeddu3fhu0lim0rrrujcuvvbtug4een6qupcz05wqkfzvefsvlrnuk13rvf zrfzruuteqxbcy0hcc1pt//receipt omit dozens of lines transactionidentifier:1000000160385706

1. Product Identifier: Products Identifier

Product IDs defined within the itunes Store app, such as COM. Company name. Product Name (COM.XXXX.VIDEO.VIP)

2. Trading Status: State

Purchased	Purchase success
Restored	Restore purchase
Failed	Failed
Deferred	Wait for confirmation, child mode needs to ask parental consent

3. Receipt

A long string, about 49 lines, as an important basis for two validations

4. Trade identifier: Transaction Identifier

We need to send receipt to Apple's server to verify that the user's purchase information is true

Verify server address

In the test server, send receipt Apple's test server (Https://sandbox.itunes.apple.com/verifyReceipt) authentication

In the official server (already online AppStore), send receipt to Apple's official server (HTTPS://BUY.ITUNES.APPLE.COM/VERIFYRECEIPT) authentication

When we submit the application to the Apple audit, Apple is also in the sandbox environment to purchase, the resulting purchase voucher, but also can only connect to Apple's Test authentication server, so we can first send to Apple's official server authentication, if Apple returns 21007, then once again connected to the test server to verify.

Verify Purchase information

The following is to send the client's purchase information to the Apple test server for confirmation, the data returned by Apple:

ISN:url:https:Sandbox.itunes.apple.com/verifyreceiptoriginal JSON: {"Receipt": {"Original_purchase_date_pst":"2015-06-22 20:56:34 america/los_angeles",Time of purchase, Pacific Standard Time"Purchase_date_ms":"1435031794826",Purchase time milliseconds"Unique_identifier":"5BCC5503DBCC886D10D09BEF079DC9AB08AC11BB",Unique identifiers"ORIGINAL_TRANSACTION_ID":"1000000160390314",Original Transaction ID"Bvrs":"1.0",Version number of iphone program"TRANSACTION_ID":"1000000160390314",Identification of the trade"Quantity":"1",Quantity of goods purchased"Unique_vendor_identifier":"aeec55c0-fa41-426a-b9fc-324128342652",Developer Transaction ID "item_id":  "1008526677", //app store a string to identify the program  "product_id":  "COSMOSBOX.STRIKEHERO.GEMS60", //product identification  "purchase_date":  "2015-06-23 03:56:34 etc/gmt", //purchase time  "original_purchase_date":  "2015-06-23 03:56:34 etc/gmt", // Original purchase time  "Purchase_date_pst":  "2015-06-22 20:56:34 america/los_angeles", //Pacific Standard Time  "bid":  "Com.cosmosbox.StrikeHero", // The bundle identifier of the iphone program  "Original_purchase_date_ms":  "1435031794826" //ms},  "status": 0 //status code, 0 for success}              

Apple return Status code

Explanation of the Apple return status code: https://developer.apple.com/library/ios/releasenotes/General/ValidateAppStoreReceipt/Chapters/ Validateremotely.html

TD valign= "Top" >21003

Status	description
21000	app store does not read what you provide JSON object
21002	receipt-data domain data problems
receipt cannot be verified
21004
21005	rec in your account The Eipt server is currently unavailable
21006	receipt legal, but the subscription has expired. When the server receives this status code, the receipt data is still decoded and sent together
21007	receipt is sandbox re Ceipt, but sent to the production system authentication Service
21008	receipt is production receipt, but sent to sandbox Validation services for the environment

For more details, please refer to: http://www.2cto.com/kf/201504/389224.html

It is best to save a database in the client, track the status of the order, to prevent the user order in a certain aspect of the problem can not find the order to two times processing.

When you go to AppStore to request data, sometimes errors occur, and you can connect us in itunes Connect to write email feedback questions. But most of the time you have to wait and you can solve it. Maybe he'll be fine that day.

Standalone/server Mode

IOS in-app payment (/in app Purchase) has two modes:

1) stand-alone mode

2) Server Mode

Stand-alone mode

The single-machine mode process can be summarized in the following simple steps:

1) app to get product information from App Store

2) The user chooses the product which needs to purchase

3) app send payment request to App Store

4) The App store handles payment requests and returns transaction information

5) The app will show the content of the purchase to the user

Server mode

The main process for server mode is as follows:

1) The app gets a list of product identities from the server

2) app to get product information from App Store

3) The user chooses the product which needs to purchase

4) app send payment request to App Store

5) The App store handles payment requests and returns transaction information

6) The app sends transaction receipt to the server

7) The server receives the receipt and sends it to the app Stroe to verify the validity of the receipt

8) The App Store returns the verification result of the receipt

9) based on the results returned by the App Store, determines whether the user purchased the success

Comparison of two modes

The difference between the above two modes is mainly: Receipt verification of transactions, built-in model does not specifically verify the transaction receipts, and the server mode will use a separate server to verify the transaction receipts. Built-in mode is simple and quick, but easy to crack. The server mode process is relatively complex, but relatively secure.

The stability of the domestic connection Apple server

At the beginning of the development, Apple was responsible for informing us that our servers were not stable. After the real development, Apple was found to be responsible, not only unstable, but slow enough. App Store server verifies that a receipt takes 3-6s time.

1. Can the user endure 3-6s waiting time

2. If the App Store server goes down, how to ensure that users who have paid successfully will get regular service.

For the first question, we have reason to believe that the user is completely unbearable, so in the way of asynchronous authentication, the server receives the request from the client and puts the request into MCQ.

For the second issue, because the Apple staff is very responsible for the notification: Our server is not stable, so do not exclude the receipt verification timeout situation. For receipts that validate timeouts, are saved to the database and marked as a validation timeout, timed tasks go to the app store at regular intervals to verify the results of receipt validation.

Reprint: https://www.cnblogs.com/zhaoqingqing/p/4597794.html

iOS IAP internal purchase verification