npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

app-store-server-api

v0.16.0

Published

A client for the App Store Server API

Downloads

44,848

Readme

app-store-server-api

A Node.js client for the App Store Server API.

Features

  • Transaction history, subscription status and order lookup endpoints
  • Notification test and history endpoints
  • Typed responses (i.e. you get auto-complete for the fields in the response)
  • Manages authentication tokens for you
  • Helpers to decode JWS items
  • Performs certificate validation against Apple's CA.
  • Types and helpers for App Store Server Notifications V2

Requirements

Node.js 18.12.0 or newer

Installation

npm install app-store-server-api

Usage

Prerequisites

To get started, you must obtain the following:

A note on the issuer ID: Apple's documentation currently has incorrect instructions on how to obtain this. To get your issuer ID, you must create an API key for App Store Connect (not the App Store Server API). Only after creating your first API key will the issuer ID appear.

Create a client

const { AppStoreServerAPI, Environment, decodeRenewalInfo, decodeTransaction, decodeTransactions } = require("app-store-server-api")
// or
import { AppStoreServerAPI, Environment, decodeRenewalInfo, decodeTransaction, decodeTransactions } from "app-store-server-api"

const KEY = 
`-----BEGIN PRIVATE KEY-----
MHcCAQEEIPWH5lyoG7Wbzv71ntF6jNvFwwJLKYmPWN/KBD4qJfMcoAoGCCqGSM49
AwEHoUQDQgAEMOlUa/hmyAPU/RUBds6xzDO8QNrTFhFwzm8E4wxDnSAx8R9WOMnD
cVGdtnbLFIdLk8g4S7oAfV/gGILKuc+Vqw==
-----END PRIVATE KEY-----`

const KEY_ID = "ABCD123456"
const ISSUER_ID = "91fa5999-7b54-4363-a2a8-265363fa6cbe"
const APP_BUNDLE_ID = "com.yourcompany.app"

const api = new AppStoreServerAPI(
  KEY, KEY_ID, ISSUER_ID, APP_BUNDLE_ID, Environment.Production
)

History

const response = await api.getTransactionHistory(originalTransactionId)

// Decoding not only reveals the contents of the transactions but also verifies that they were signed by Apple.
const transactions = await decodeTransactions(response.signedTransactions)

for (let transaction of transactions) {
  // Do something with your transactions...
}

// The response contains at most 20 entries. You can check to see if there are more.
if (response.hasMore) {
  const nextResponse = await api.getTransactionHistory(originalTransactionId, { revision: response.revision })
  // ...
}

The library supports the filter and sort options introduced at WWDC 2022. See Get Transaction History for a list of available options.

// Import parameter types
import { ProductTypeParameter, SortParameter } from "app-store-server-api"

const response = await api.getTransactionHistory(originalTransactionId, {
  productType: ProductTypeParameter.AutoRenewable,
  sort: SortParameter.Descending,
})

Subscription status

const response = await api.getSubscriptionStatuses(originalTransactionId)

// Find the transaction you're looking for
const item = response.data[0].lastTransactions.find(item => item.originalTransactionId === originalTransactionId)

const transactionInfo = await decodeTransaction(item.signedTransactionInfo)
const renewalInfo = await decodeRenewalInfo(item.signedRenewalInfo)

Order lookup

// Import the status type
import { OrderLookupStatus } from "app-store-server-api"

const response = await api.lookupOrder(orderId)

if (response.status === OrderLookupStatus.Valid) {
    const transactions = await decodeTransactions(response.signedTransactions)
    /// ...
}

Request test notification

const response = await api.requestTestNotification()
// response.testNotificationToken identifies the notification that will be sent.

Get test notification status

const response = await api.getTestNotificationStatus("ae0e2185-a3c6-47e4-b41a-6ef4bc86314e_1656062546521")

Notification history

// Start and end date are required. 
// The earliest supported start date is June 6th (the start of WWDC 2022).
const response = await api.getNotificationHistory({
  startDate: 1654466400000, // June 6th 2022
  endDate: new Date().getTime()
})

// Check if there are more items.
if (response.hasMore) {
  // Use history.paginationToken to fetch additional items.
}

Decoding server notifications

The App Store Server API and App Store Server Notifications (version 2) are closely related and use some of the same types and encoding formats. This library includes a function to help you decode notifications (which will also verify their signature).

import { decodeNotificationPayload, isDecodedNotificationDataPayload, isDecodedNotificationSummaryPayload } from "app-store-server-api"

// signedPayload is the body sent by Apple
const payload = await decodeNotificationPayload(signedPayload)

// You might want to check that the bundle ID matches that of your app
if (payload.data.bundleId === APP_BUNDLE_ID) {
  // Handle the notification...
}

// Notifications can contain either a data field or a summary field but never both.
// Use the provided type guards to determine which is present.
if (isDecodedNotificationDataPayload(payload)) {
  // payload is of type DecodedNotificationDataPayload
}

if (isDecodedNotificationSummaryPayload(payload)) {
  // payload is of type DecodedNotificationSummaryPayload
}

Verifying transactions signed by Xcode

When using StoreKit testing in Xcode, transactions will be signed by a local certificate authority (CA) instead of Apple's. To verify these you must export the root certificate generated by Xcode and obtain its SHA256 fingerprint. This can be passed in to the various decoding functions:

import { decodeTransactions, APPLE_ROOT_CA_G3_FINGERPRINT } from "app-store-server-api"

const LOCAL_ROOT_FINGERPRINT = "AA:BB:CC:DD:..."
const fingerprint = (process.env.NODE_ENV === "production") ? APPLE_ROOT_CA_G3_FINGERPRINT : LOCAL_ROOT_FINGERPRINT
const transactions = await decodeTransactions(response.signedTransactions, fingerprint)

Resources

WWDC videos:

License

MIT