1

We are a registered Apple affiliate and have a website with a community of iOS developers. Membership is supposed to be only for developers who have published an app to the App Store and we would like to have some way of checking this.

Currently, we ask the developer for the App ID of one of their published apps and then we use this information to find their Artist ID (i.e. developer ID) in our database. However, the user can just copy any app's ID from the iTunes website and sign up with it, even if he isn't really that app's developer.

We thought of one way but don't think it is allowed or possible: the developer specifies the email address used to register in the Apple Developer Program and we then call some API or other resource to verify that email address really is registered. If yes, we then complete the registration process through that email address. Is this possible?

Or is there another way to check if the user has a published app? We don't need a 100% foolproof way: just a minimally reliable approach. Even simply verifying that the user is a registered Apple developer would be okay.

stifin
  • 1,390
  • 3
  • 18
  • 28
  • @stefin, the email verification won't work because no developer would give that up just to sign in to a web site other than apple site. The app Id also can be forged as you mentioned. There is truly no legal way to check the Dev id unless you receive a special permission from apple and they'll send you a link to verify that against their data base and respond back to you. If you are a official affiliate then that should/maybe your way of true verification. – Adrian P Apr 02 '13 at 01:11

2 Answers2

1

I would investigate using the developer's certificate to sign something, proving that they are the controller of the private key. You would first need to verify terms of use, since I don't know if this use is permitted by Apple, but the cryptography should work fine as an authentication.

Rob Napier
  • 286,113
  • 34
  • 456
  • 610
1

You have to be a developer to read the dev forums. Make a post to the dev forums with a code number and then ask the user for that code (post the link like: https://devforums.apple.com/message/799093). It would at least prove they have access to the forums (or to someone who does). I don't think there's a fool-proof way validate a user unless you're Apple.

Richard Brown
  • 11,346
  • 4
  • 32
  • 43