iOS in-app payment (IAP) service end-of-end verification

IAP Process

The IAP process is divided into two types:

One is to purchase and verify directly with Apple's servers,

The other is to assume that the server is validating. Because the domestic network connection Apple server verification is very slow, but also to prevent hackers to forge proof of purchase, the general practice is to set up a server to verify.

Let's take a look at the differences between the two ways:

Using the Apple server
Set up your own server
The important thing here is to talk about the service side of this piece of the verification process because it involves verifying legitimacy. 1, first get the client's payment Receiptdata and transaction information 2, the service side through the Receiptdata through to the Apple Server Post data Verification 3, the service end of the Apple server Response data processing and verifying the legitimacy of the order. 3. If the order is lawful, the order will be processed accordingly. Appendix: Apple Server Response body data {"status": 0, "Environment": "Sandbox", "receipt": {"Receipt_type": "Productionsandbox", "adam_id": 0, " app_item_id ": 0," bundle_id ":" App id "," application_version ":" Version number "," download_id ": 0," Version_external_identifier ": 0, "Receipt_creation_date": "2017-07-13 08:33:57 etc/gmt", "Receipt_creation_date_ms": "1499934837000", "Receipt_ Creation_date_pst ":" 2017-07-13 01:33:57 america/los_angeles "," request_date ":" 2017-07-13 08:34:02 Etc/GMT "," request _date_ms ":" 1499934842771 "," Request_date_pst ":" 2017-07-13 01:34:02 america/los_angeles "," original_purchase_date ": "2013-08-01 07:00:00 etc/gmt", "Original_purchase_date_ms": "1375340400000", "Original_purchase_date_pst": " 2013-08-01 00:00:00 america/los_angeles "," original_application_version ":" 1.0 "," In_app ": [{" Quantity ":" 1 "," product _id ":", "transaction_id": "", "original_transaction_id": "", "Purchase_date ":" 2017-05-20 04:22:32 etc/gmt "," Purchase_date_ms ":" 1495254152000 "," Purchase_date_pst ":" 2017-05-19 21:22:32 america/los_angeles "," original_purchase_date ":" 2017-05-20 04:22:32 etc/gmt "," Original_purchase_date_ms ": "1495254152000", "Original_purchase_date_pst": "2017-05-19 21:22:32 america/los_angeles", "Is_trial_period": "false" },{"Quantity": "1", "product_id": "", "transaction_id": "", "original_transaction_id": "", "Purchase_date": "2017-05-20 04:28:32 etc/gmt "," Purchase_date_ms ":" 1495254512000 "," Purchase_date_pst ":" 2017-05-19 21:28:32 America/Los_Angeles "," Original_purchase_date ":" 2017-05-20 04:28:32 etc/gmt "," Original_purchase_date_ms ":" 1495254512000 "," Original_ Purchase_date_pst ":" 2017-05-19 21:28:32 america/los_angeles "," Is_trial_period ":" false "}]}} Status Description status code description
21000 APP Store does not read the JSON data you provide
21002 The receipt data does not conform to the format
21003 receipts cannot be verified
21004 the shared key you provided is inconsistent with the shared key of the account
21005 the receipt server is not currently available
21006 the receipt is valid, but the subscription service has expired. When this message is received, the decoded receipt information is also included in the returned content
21007 Receipt information is test (sandbox), but is sent to the product environment to verify
21008 The receipt information is used in the product environment but is sent to the test environment to verify

iOS in-app payment (IAP) service end-of-end verification