App Store Receipt Validation Service

This receipt verification service is for iOS in-app purchases (IAP). If you offer IAP then you should add receipt validation code to your App to prevent unauthorized purchases from being accepted.

Free access for all Google accounts, just sign in with Google / OpenID

Sign in

We recommend using the Free account until you are ready to publish your App with Apple.

iOS Receipt Verification Service

What

This service accepts your App's binary receipt data and returns a JSON object according to Apple's Receipt Validation Programming Guide.

Why

  • If you are offering subscriptions then you need the decyprted data to read the details of the subscription term
  • For all types of IAP transactions you need to read the decrypted receipt to verify the receipt is actually for your app and not a hacker's faked receipt.

When you implement In-App Purchases on the phone, Apple will send you a receipt of the transaction. The receipt is encrypted and the only secure way to decrypt it is to setup your own server to communicate with Apple.

Performing this validation from the device directly to Apple is not secure. It is not possible to build a trusted connection between an arbitrary user's device and the App Store because you don't control either end of that connection.

Unfortunately many apps are simply skipping receipt validation and assuming that the payment transaction is valid and unlocking the rocket car upgrade

How

When your app receives a payment transaction from Apple, you will POST that binary data to this service. The service will return a JSON object for your app to inspect. Technical specifics are detailed in the API docs.