0

Apple says in their documentation here:

Verify your receipt first with the production URL; then verify with the sandbox URL if you receive a 21007 status code. This approach ensures you don’t have to switch between URLs while your application is tested, reviewed by App Review, or live in the App Store.

And I did exactly that. Used the production url, got 21007 status code, then started using the sandbox Url, tested my purchase flow, and submitted the app for a review, got the review approved and am now ready for launch.

What doesn't make sense is that Apple says above "you don’t have to switch between URLs while your application is tested, reviewed by App Review, or live in the App Store." Does that mean that after I release my app, my servers are to continue using the sandbox url after I have released the app? That doesn't make sense. I would expect to start using the production url to validate receipts on my server.

Assuming I am correct, and you DO have to switch to the production url when the app is live - what happens in the future when I want to submit my app for review when I update the app, do I have to take care and put the sandbox url back?

rasulfahad
  • 443
  • 3
  • 13
  • By the way, just above the quote from Apple's documentation I put in my question, Apple does say that "https://sandbox.itunes.apple.com/verifyReceipt when testing your app in the sandbox and while your application is in review. Use the production URL https://buy.itunes.apple.com/verifyReceipt when your app is live in the App Store." - which makes total sense. But then they follow it up with this cryptic sentence (see question) in the box. – rasulfahad Feb 10 '23 at 14:54

1 Answers1

1

You don't need to change your code after release. It should automatically switch between production and sandbox urls, based on the receipt and the response from the production endpoint.

Apple's documentation says:

Verify your receipt first with the production URL; then verify with the sandbox URL if you receive a 21007 status code.

You will never receive a 21007 status code from the production endpoint when your app is live. A 21007 status means that you have a sandbox receipt in release mode. This only occurs with TestFlight and App Store Review.

You can safely leave the sandbox receipt validation code in place since the code path of checking against the sandbox url will not be used in the normal case.

When you submit a new version for review, and Apple tests it, you will once again get a 21007 response from the production endpoint and your code will attempt validation against the sandbox url.

Paulw11
  • 108,386
  • 14
  • 159
  • 186
  • Thanks for answering. What do you mean "sandbox receipt validation code"? – rasulfahad Feb 10 '23 at 20:05
  • 1
    I am presuming that your receipt validation code is written as apple says; present the receipt to the production endpoint. If the production endpoint returns anything other than code 21007 you respect that result (ie the receipt is valid or not) if you do get 21007 then you present the receipt to the sandbox endpoint and use that validation result. So I mean "the code that you use to validate against the sandbox url when the production url gives you 21007" – Paulw11 Feb 10 '23 at 20:08