0

I would like to store the physical in app purchase receipt within the keychain, and thus allow for it to be replicated between devices when the user has keychain set across devices.

My question is how to save the receipt (NSData) to keychain?

Ultimately, I would like to save the receipt itself and also a string that would contain a string to show the IAP level applicable, and perhaps an expiry date.

Any help would be very greatly appreciated.

NeilMortonNet
  • 1,500
  • 4
  • 16
  • 36
  • What type of purchase is it? Consumable, non-consumable or subscription? For non-consumable and subscription you need to provide purchase restore functionality in your app using the in-app purchase APIs. – Paulw11 Jun 01 '14 at 21:03
  • @Paulw11 Thanks for your reply. It is a non-renewing subscription, and therefore the receipt is not available again from the App Store using the API's. So I can store the date for subscription, but if I wish to check the validity of a receipt (and check it has not been cancelled), I need the original receipt so that I can check it at a later stage. Hence, I am after saving the actual receipt from the application bundle into Keychain. – NeilMortonNet Jun 01 '14 at 21:39
  • If it is a non-renewing subscription then you don't really need worry about a subscription being cancelled - Subscriptions are valid until their end date. Cancelling just prevents the automatic renewal, which isn't a problem in your case. Apple customer service can cancel & refund a subscription in the event that a customer makes a case (such as an incorrect purchase) but I would have thought that was fairly rare. You could look at MKStoreKit - it stores purchase information in Keychain, but I don't think it stores the actual receipt – Paulw11 Jun 01 '14 at 22:49
  • @Paulw11 Interesting. Thank you. So ultimately then it would be okay to simply save the expiry date then? The other reason I was keeping the receipt was also to validate the integrity / validity of the purchase, i.e. I can check the purchase online, and I would know if the app had been hacked. – NeilMortonNet Jun 01 '14 at 22:56
  • Yes, fraud is a valid concern, but a server-based approach is more secure in that case – Paulw11 Jun 01 '14 at 23:25

1 Answers1

1

I have used SSKeychain which has sync capability built in. Using SSKeychain, it is then possible to convert the receipt data into a string, which can be stored as a password within keychain, and therefore converted back to data on any of the users devices and check the validity of the receipt.

NeilMortonNet
  • 1,500
  • 4
  • 16
  • 36