Hello All, i have a need to validate the receipts from in-app purchases, i have found lots of threads here in the forums about this but i don't find a conclusive answer, i have also search google and have found various php scripts, and have tried a few of them, but none of them seem to work.
I followed Ere's code to get the receipt information from the product with the following code:
That code gives me the following string after i purchase a subscription that I'm testing using the Sandbox
One of the PHP scripts i found is this one:
I have placed that script in my server, and when i call a Post function with the iHTTPUtils library, I get a response but not the expected response, I get the following response:
sometimes I also get a 21002 Response which means The data in the receipt-data property was malformed or missing.
My question is, has any of you guys who has already dealt with this found a practical solution, and how did you guys deal with it, I know there is a post of someone who has already accomplished this but has not posted his solution.
What should the data passed to the php script look like?
In the string received with Erel's code I see that there are some base64 encoded strings, and in one of the php script I see that one of the things they are doing first is base64 encoding the receipt information, but how does that work, if there are already base64 encoded strings, are they re-encoding the same information two times?
I'm so confused, someone Help!
Thanks,
Walter
I followed Ere's code to get the receipt information from the product with the following code:
B4X:
Dim no As NativeObject = Product
Dim b() As Byte = no.NSDataToArray(no.GetField("transactionReceipt"))
{
"signature" = "A6THysyqaesU8PrBitz7MC2wCG7TEUJnxRb1qzwBjjiueVj3vFuxEmIxRAjhrBS5bk3ogv8S0fkl61APJHFCh4ILz6gz7P6Zzmzln9ffbvJvzt/QxlqJah8xY2LtA2BFmprxYFRg8va1+8DgXldrGkL0rPSjkCRU95WGTQdrADC942WJ0TXTAiKJPq5FE0ZnCSc/N+BDKApQFXBOhPIQjfl1SzANJcV6vg2iVhQ8ycqX3eXcN12Y0QPwyH1UUm+5z3J6mIVbkLPwfBHtNMB3IvPHwLm+AR3RM5j18aGvODHMmFfTEvpgiGdb97qYTRArUZTgNCF3zz48N4gfoMiEpVAAAAWAMIIFfDCCBGSgAwIBAgIIDutXh+eeCY0wDQYJKoZIhvcNAQEFBQAwgZYxCzAJBgNVBAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBsZSBXb3JsZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBwbGUgV29ybGR3aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTUxMTEzMDIxNTA5WhcNMjMwMjA3MjE0ODQ3WjCBiTE3MDUGA1UEAwwuTWFjIEFwcCBTdG9yZSBhbmQgaVR1bmVzIFN0b3JlIFJlY2VpcHQgU2lnbmluZzEsMCoGA1UECwwjQXBwbGUgV29ybGR3aWRlIERldmVsb3BlciBSZWxhdGlvbnMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApc+B/SWigVvWh+0j2jMcjuIjwKXEJss9xp/sSg1Vhv+kAteXyjlUbX1/slQYncQsUnGOZHuCzom6SdYI5bSIcc8/W0YuxsQduAOpWKIEPiF41du30I4SjYNMWypoN5PC8r0exNKhDEpYUqsS4+3dH5gVkDUtwswSyo1IgfdYeFRr6IwxNh9KBgxHVPM3kLiykol9X6SFSuHAnOC6pLuCl2P0K5PB/T5vysH1PKmPUhrAJQp2Dt7+mf7/wmv1W16sc1FJCFaJzEOQzI6BAtCgl7ZcsaFpaYeQEGgmJjm4HRBzsApdxXPQ33Y72C3ZiB7j7AfP4o7Q0/omVYHv4gNJIwIDAQABo4IB1zCCAdMwPwYIKwYBBQUHAQEEMzAxMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLXd3ZHIwNDAdBgNVHQ4EFgQUkaSc/MR2t5+givRN9Y82Xe0rBIUwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSIJxcJqbYYYIvs67r2R1nFUlSjtzCCAR4GA1UdIASCARUwggERMIIBDQYKKoZIhvdjZAUGATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMA4GA1UdDwEB/wQEAwIHgDAQBgoqhkiG92NkBgsBBAIFADANBgkqhkiG9w0BAQUFAAOCAQEADaYb0y4941srB25ClmzT6IxDMIJf4FzRjb69D70a/CWS24yFw4BZ3+Pi1y4FFKwN27a4/vw1LnzLrRdrjn8f5He5sWeVtBNephmGdvhaIJXnY4wPc/zo7cYfrpn4ZUhcoOAoOsAQNy25oAQ5H3O5yAX98t5/GioqbisB/KAgXNnrfSemM/j1mOC+RNuxTGf8bgpPyeIGqNKX86eOa1GiWoR1ZdEWBGLjwV/1CKnPaNmSAMnBjLP4jQBkulhgwHyvj3XKablbKtYdaG6YQvVMpzcZm8w7HHoZQ/Ojbb9IYAYMNpIr7N4YtRHaLSPQjvygaZwXG56AezlHRTBhL8cTqA==";
"purchase-info" = "ewoJIm9yaWdpbmFsLXB1cmNoYXNlLWRhdGUtcHN0IiA9ICIyMDE5LTEyLTIzIDIyOjM5OjIwIEFtZXJpY2EvTG9zX0FuZ2VsZXMiOwoJInVuaXF1ZS1pZGVudGlmaWVyIiA9ICI3ZDc3Yzc4MmE4YmZhOGQyNzhiNTRiMjVhZjQwYTkwMTczYzQxYmU0IjsKCSJvcmlnaW5hbC10cmFuc2FjdGlvbi1pZCIgPSAiMTAwMDAwMDYwODQ0NzIzOSI7CgkiYnZycyIgPSAiMS4wLjAiOwoJInRyYW5zYWN0aW9uLWlkIiA9ICIxMDAwMDAwNjA4NjgxMTM3IjsKCSJxdWFudGl0eSIgPSAiMSI7Cgkib3JpZ2luYWwtcHVyY2hhc2UtZGF0ZS1tcyIgPSAiMTU3NzE2OTU2MDAwMCI7CgkidW5pcXVlLXZlbmRvci1pZGVudGlmaWVyIiA9ICIwRkEwQkY2QS00NTgxLTQ1ODgtQUI1Qi1BQURBNjNFMzEyNjYiOwoJInByb2R1Y3QtaWQiID0gIk0xMjEyOTAyIjsKCSJpdGVtLWlkIiA9ICIxNDkyNzQ3MTQzIjsKCSJ2ZXJzaW9uLWV4dGVybmFsLWlkZW50aWZpZXIiID0gIjAiOwoJImlzLWluLWludHJvLW9mZmVyLXBlcmlvZCIgPSAiZmFsc2UiOwoJInB1cmNoYXNlLWRhdGUtbXMiID0gIjE1NzcyMzE2MzI4MDIiOwoJInB1cmNoYXNlLWRhdGUiID0gIjIwMTktMTItMjQgMjM6NTM6NTIgRXRjL0dNVCI7CgkiaXMtdHJpYWwtcGVyaW9kIiA9ICJmYWxzZSI7Cgkib3JpZ2luYWwtcHVyY2hhc2UtZGF0ZSIgPSAiMjAxOS0xMi0yNCAwNjozOToyMCBFdGMvR01UIjsKCSJiaWQiID0gImdlbmVzaXMuYTFyZWFkZXIiOwoJInB1cmNoYXNlLWRhdGUtcHN0IiA9ICIyMDE5LTEyLTI0IDE1OjUzOjUyIEFtZXJpY2EvTG9zX0FuZ2VsZXMiOwp9";
"environment" = "Sandbox";
"pod" = "100";
"signing-status" = "0";
}
One of the PHP scripts i found is this one:
B4X:
<?php
$json['receipt-data'] = $_POST['receipt-data'];
$post = json_encode($json);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://sandbox.itunes.apple.com/verifyReceipt");
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
$result=curl_exec ($ch);
curl_close ($ch);
?>
I have placed that script in my server, and when i call a Post function with the iHTTPUtils library, I get a response but not the expected response, I get the following response:
According to Apple's documentation a 21199 response means that there's an Internal data access error.{"status":21199}
sometimes I also get a 21002 Response which means The data in the receipt-data property was malformed or missing.
My question is, has any of you guys who has already dealt with this found a practical solution, and how did you guys deal with it, I know there is a post of someone who has already accomplished this but has not posted his solution.
What should the data passed to the php script look like?
In the string received with Erel's code I see that there are some base64 encoded strings, and in one of the php script I see that one of the things they are doing first is base64 encoding the receipt information, but how does that work, if there are already base64 encoded strings, are they re-encoding the same information two times?
I'm so confused, someone Help!
Thanks,
Walter