DEV Community

Cover image for What iOS Developers Need to Know about Receipt Validation
Henning for Glassfy

Posted on • Updated on • Originally published at glassfy.io

What iOS Developers Need to Know about Receipt Validation

Receipt validation, server-side verification, on-device validation and now transaction-side: We know it can be somewhat confusing at the best of times to truly grasp what your iOS stack should look like for your in-app purchases & subscriptions, not to mention the endless jargon adding to further complexity for app leaders.

One thing is certain; it’s difficult to unpick if you haven’t the technical expertise or knowledge to know what to build and which solutions to implement for your in-app purchases & subscriptions.

But what technical basics should you be aware of even if you’re not the most technically astute? Let’s dive in so you can help your engineers focus on what matters most: Building new features that drive more value for your customers and in turn, grow your subscription revenue.

Receipt to transaction-side Validation: What’s the difference?

Sounds complex, right? It can be but don’t overthink it. Developers still need to authenticate purchases server-side to ensure that purchases are made by legitimate users. It can of course be done ‘locally’ on-device, but for the purposes of this article we’re going to focus on server-side validation for your iOS in-app purchases and subscriptions.

Having a server running in the background allows you to easily query the status of your subscribers, meaning you know exactly which piece of paid content they have unlocked within the app at any given moment. Without a server you might still have a fabulous front-end, a great product and revenue lining your pocket nicely but visibility into subscriber status’ and their entitlements will be almost impossible.

Receipt validation involves the in-app purchase or subscription receipt being validated server-side to determine the authenticity of the user and subsequent purchase. Without getting too bogged down in the technical weeds, your server (on the backend of the app) communicates with Apple’s verifyreceipt endpoint, which in turn verifies the purchase as authentic or flags it as fraudulent in much rarer cases.

It’s the best way to authenticate purchases on iOS version 14 and below using the original StoreKit - Apple’s technology for allowing developers to add in-app purchases and subscriptions to their app. However, after the release of StoreKit 2 in 2021, Apple announced that receipts can now be validated by StoreKit which marks the end of the verifyreceipt endpoint.

Instead Apple now provides developers the option to validate purchases server-side using the App Store Server API, this API returns the latest transaction of a particular user as well as their full paginated history of purchases. This is where it might get confusing, we are now calling it transaction-side as opposed to receipt validation as a consequence of the deprecation of the verifyreceipt endpoint on Apple’s side.

Why should you validate purchases server-side?

The receipt no longer needs to be sent across various systems in order for it to be validated. Although all of this is not compulsory, we recommend still validating purchases server-side for several reasons outlined below.

  • Increased Visibility: Similarly to receipt validation with the original StoreKit, transaction-side validation gives you insight into which subscriptions a user has unlocked inside your app.
  • Better Data: Without validating purchases server-side using the App Store Server API, you’re unlikely to gain the full picture of what’s happening with your subscribers in real-time.
  • Managing refunds: Historically a challenge on StoreKit, having a backend server allows you to manage, track and view refunds more easily.
  • Cross-Platform Subscription Access: Validating purchases transaction-side gives you the ability to more easily manage premium access to subscriptions to the same user across the web and Stores.
  • Real-time Event Notifications: Using the App Store Server Notifications API gives you granular visibility into purchase events in real-time. For example, when a subscriber turns off auto-renewal on their auto-renewable subscription, enters billing retry status or requests a refund. App Store Server Notifications V2 is significantly more sophisticated than the original App Store Server Notifications API V1.

Can everyone switch to transaction-Side validation?

Of course, but we must remember that StoreKit 2 is only available on iOS version 15 and above coupled with the fact that it’s currently limited to the Swift programming language exclusively. We still recommend validating receipts server-side using the traditional verifyreceipt endpoint unless you’re only supporting iOS versions +15 as well as coding your app in Swift - This is where transaction-side comes beautifully into play and it might be a good time to update to the more advanced StoreKit if you’re ready to bin support for iOS 14 and below, but this is by no means a simple task.

Conclusion

We recommend validating purchases server-side, regardless of whether you’re using the original StoreKit or the more advanced StoreKit 2 with the introduction of the App Store Server API - Which as we’ve seen in this year’s WWDC 2023, continues to offer greater functionality and sophistication in its quality of APIs.

Setting up a server for managing your subscriptions and in-app purchases can be a complicated and arduous task, especially for those with little experience and in need to get to market quickly with subscriptions.

You may also like: 3 reasons NOT to use StoreKit

Tools like Glassfy handle server-side validation for you, allowing you to focus on what matters most: Building new features and functionality to drive greater value for your users, which in turn generates you more revenue for your business.

Top comments (0)