如何在您的服务器上验证 ios 应用内购买
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21013678/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to verify ios In-App Purchase on your server
提问by Marko Zadravec
I am up to build my first in-app purchase app. I would like to know whether there is a way to verify purchase on your server.
我准备构建我的第一个应用内购买应用。我想知道是否有一种方法可以在您的服务器上验证购买。
I have to build the whole user management, and I would like to know for all registered user what they already bought on their iOS devices, so that they get web app for free, or something like that. So, is there a way for me to check on Apple store side, if this user has already buy some product?
我必须建立整个用户管理,我想为所有注册用户知道他们已经在他们的 iOS 设备上购买了什么,以便他们免费获得网络应用程序,或者类似的东西。那么,如果该用户已经购买了某些产品,我有没有办法在Apple Store端查看?
EDIT:
编辑:
Scenario is like this:
场景是这样的:
User A buy app B on mobile device. After this I would like to check on my server (on my web page,...) if user A is bought app B, or (similar) which app was bought by user A.
用户 A 在移动设备上购买应用程序 B。在此之后,我想检查我的服务器(在我的网页上,...)是否用户 A 购买了应用程序 B,或者(类似)用户 A 购买了哪个应用程序。
I don't want to send message from mobile device to my server that user A buy app B, because users can reproduce this call on server even if they didn't buy app B.
我不想从移动设备向我的服务器发送用户 A 购买应用程序 B 的消息,因为即使用户没有购买应用程序 B,他们也可以在服务器上重现此调用。
I would check on server side whit app Store if user A bought app B.
如果用户 A 购买了应用程序 B,我会检查服务器端的应用商店。
回答by s4y
Fetch the app's receipt (from the file at [[NSBundle mainBundle] appStoreReceiptURL]) and send it to your server. Then either…
获取应用程序的收据(从位于 的文件中[[NSBundle mainBundle] appStoreReceiptURL])并将其发送到您的服务器。那么要么……
Parse the receipt and check its signature against Apple's certificate as described here(on your server, not in the app). Or,
Send the receipt (again, from your server) to the app store for validation as described here.
回答by Dan Loewenherz
I just released a simple Python/Django web app (In-App Purchase Receipt Verifier) that automatically handles the annoying part of this process (i.e., verifying the receipt on your server while maintaining cryptographic integrity). The code itself is relatively simple, but I figured others would appreciate not having to do the grunt-work here.
我刚刚发布了一个简单的 Python/Django Web 应用程序(应用内购买收据验证器),它会自动处理这个过程中烦人的部分(即,在保持加密完整性的同时验证服务器上的收据)。代码本身相对简单,但我想其他人会很高兴不必在这里做繁重的工作。
To use it, just make sure you have your app-specific shared secret ready to go, then go hereand click "Deploy to Heroku". Your app will be up and running within a minute.
要使用它,只需确保您准备好特定于应用程序的共享密钥,然后转到此处并单击“部署到 Heroku”。您的应用程序将在一分钟内启动并运行。
I've also included some sample code for how to use this web app to validate your receipts within your app. Using Swift 4:
我还提供了一些示例代码,用于说明如何使用此 Web 应用程序在应用程序中验证收据。使用 Swift 4:
guard let receiptURL = Bundle.main.appStoreReceiptURL,
let data = try? Data(contentsOf: receiptURL) else {
return
}
let encodedData = data.base64EncodedData(options: [])
let url = URL(string: "https://your-app.herokuapp.com/verify")!
var request = URLRequest(url: url)
request.httpBody = encodedData
request.httpMethod = "POST"
let task = URLSession.shared.dataTask(with: request) { (data, response, error) in
guard let data = data,
let object = try? JSONSerialization.jsonObject(with: data, options: []),
let json = object as? [String: Any] else {
return
}
// Your application logic here.
}
task.resume()
Note: There are other solutions floating around on StackOverflow that suggest to do the validation completely within the app itself, but I'd highly recommend against that. From Apple's documentation in Receipt Validation Programming Guide:
注意:StackOverflow 上还有其他解决方案建议完全在应用程序内部进行验证,但我强烈建议不要这样做。来自 Apple 在Receipt Validation Programming Guide 中的文档:
Use a trusted server to communicate with the App Store. Using your own server lets you design your app to recognize and trust only your server, and lets you ensure that your server connects with the App Store server. It is not possible to build a trusted connection between a user's device and the App Store directly because you don't control either end of that connection.
使用受信任的服务器与 App Store 通信。使用您自己的服务器,您可以将 app 设计为仅识别和信任您的服务器,并确保您的服务器与 App Store 服务器连接。无法直接在用户设备和 App Store 之间建立可信连接,因为您无法控制该连接的任何一端。
Further improvements could probably be made to add some sort of cryptographic signature within the response header so that your app can check whether the response is safe, but I'll probably add that in a future release.Done :)
可能会进一步改进以在响应标头中添加某种加密签名,以便您的应用程序可以检查响应是否安全,但我可能会在未来的版本中添加它。完毕 :)
回答by Jin Tan
Server can verify receipt with App Store by Http Post. Please refer to https://developer.apple.com/library/ios/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateRemotely.html
服务器可以通过 Http Post 与 App Store 验证收据。请参考 https://developer.apple.com/library/ios/releasenotes/General/ValidateAppStoreReceipt/Chapters/ValidateRemotely.html
回答by Ashutosh
For this you can use following things: 1. Make entries of users on your server along with purchase status. 2. Also you can use payment recipt provided by apple using store kit.
为此,您可以使用以下内容: 1. 在您的服务器上输入用户以及购买状态。2.您也可以使用Apple提供的付款收据使用商店套件。
Also if you are using non-consumable product, then you just need a restore button for this. Please go through the apple's document for this. https://developer.apple.com/in-app-purchase/
此外,如果您使用的是非消耗品,那么您只需要一个恢复按钮即可。请仔细阅读苹果的文档。 https://developer.apple.com/in-app-purchase/
回答by hakiko
https://developer.apple.com/documentation/appstorereceipts/verifyreceipt
https://developer.apple.com/documentation/appstorereceipts/verifyreceipt
On this page you can find detailed information about IOS receipt verification. It is very easy. You should just send http request with payload.
在此页面上,您可以找到有关 IOS 收据验证的详细信息。这很容易。您应该只发送带有有效负载的 http 请求。
