29

I use In App Payment to sell ingame consumables. After successfull payment I forward the payment receipt to my backend, which validates the receipt with the iTunes payment backend. This works flawlessly in the sandbox environment.

Now I submitted my app so it can be approved by the Apple guys and be published in the App Store. Of course I made sure that my backend will be validating the payment receipts with the production environment of the itunes backend, because I expected the Apple guys to test the app in production mode. However, the app was rejected. As a reason I was told that the purchase of my consumables does not work (refused by my backend because of an invalid receipt). After checking my logs I see 3 attempted purchases. I decoded the receipts that were used and see, that all of these are "environment" = "Sandbox".

Does this mean that Apple tests submitted apps in sandbox mode? That would be crazy! Am I supposed to allow sandbox payment in my production environment or what? Any facts about this?

AstroCB
  • 12,337
  • 20
  • 57
  • 73
Thomas Hilbert
  • 293
  • 1
  • 3
  • 4

3 Answers3

46

Thomas, you should definitely read Apple's FAQ on In-App Purchase: https://developer.apple.com/library/content/technotes/tn2413/_index.html#//apple_ref/doc/uid/DTS40016228-CH1-RECEIPTURL

Always verify your receipt first with the production URL; proceed to verify with the sandbox URL if you receive a 21007 status code. Following this approach ensures that you do not have to switch between URLs while your application is being tested or reviewed in the sandbox or is live in the App Store.

So yes, they are kinda crazy. But we knew that, didn't we?

Cœur
  • 37,241
  • 25
  • 195
  • 267
janpio
  • 10,645
  • 16
  • 64
  • 107
  • 2
    wow thank you for this...I cannot believe how much time I spent trying to debug code – eirikrl Nov 27 '12 at 10:51
  • don't you happen to know where i can find an example server side validation code that has this workflow implemented? I know that is kinda of a long shot but i don't want to waste another week with apple reviewing. – Julian Osorio Feb 04 '13 at 16:21
  • i have been able to implement the workflow described in the answer but i have a question. Wouldn't it be possible with this configuration for me to hack the app by using a test account in the production app? Thanks – Julian Osorio Feb 04 '13 at 20:32
  • 2
    @JulianOsorio once the app went live, apple no longer allow sandox account to buy the in app-purchase so receipt itself not generated so its safe. – Chandan Shetty SP Mar 27 '13 at 13:04
  • It can be made on obj c code also. Send your sandbox receipt to apple's production server. Put a if condition `if(status == 21007)` and if yes, again send receipt to Sandbox server and you will get `status = 0` – Vaibhav Saran Jul 17 '14 at 05:16
  • I just hope your server is not live yet and their test data won't affect your production data. – smndiaye Dec 19 '19 at 04:23
1

@Jan P's answer is correct. If you're looking for a quick YES/NO answer, the specific answer from the FAQ is;

You should use the sandbox while your application is in review.

(15) What url should I use to verify my receipt ? Use the sandbox URL https://sandbox.itunes.apple.com/verifyReceipt while testing your application in the sandbox and while your application is in review.

nspire
  • 1,567
  • 23
  • 26
  • 1
    And how do we know when the application is in review other than using a (shock, horror) timer or ping to a server? – DrMickeyLauer May 23 '17 at 12:07
  • @DrMickeyLauer The only way to achieve this is rewriting your logic so that it tries Production first and then Sandbox. Ridiculous but true. More details are here: https://developer.apple.com/library/archive/technotes/tn2413/_index.html#//apple_ref/doc/uid/DTS40016228-CH1-RECEIPTURL – Guven Nov 05 '18 at 13:49
  • Alright. This will not be applicable to local receipt verification though, which is what I'd still prefer, especially for offline-capable apps. – DrMickeyLauer Nov 05 '18 at 13:52
1

quick answer: if your app in review, use sandbox.

What url should I use to verify my receipt? Use the sandbox URL https://sandbox.itunes.apple.com/verifyReceipt while testing your application in the sandbox and while your application is in review.

Use the production URL https://buy.itunes.apple.com/verifyReceipt once your application is live in the App Store.

hakki
  • 6,181
  • 6
  • 62
  • 106