npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

iap_verifier

v0.0.12

Published

iOS In App Purchase Receipt Verification library

Downloads

22,681

Readme

IAPVerifier - Node.js verification library for iOS in app purchase receipts

Installation

IAPVerifier is available via npm

npm install iap_verifier

It has no external dependencies other than node itself.

Overview

IAPVerifier takes an iOS In App purchase receipt string in it's raw string form and sends it to the Apple servers for verification, it then returns a response indicating whether the receipt is valid or not.

There are two environments for Apple's verification servers SandBox and Production, you can configure IAPVerifier to use either environment depending if you are testing your system or running it in production.

Usage

When instantiating the verifier you need to provide the itunes shared secret for the application you are verifying receipts for. This can be found on the itunes connect page for the applications' in app purchases.

The IAPVerifier API is very simple, create an instance of IAPVerifier and then call verifyReceipt on it with a callback. The first argument is the receipt data string, the second is a boolean indicating whether or not the receipt data is encoded as base64 already or not (this arguments is optional, defaults to false) and the last argument is the callback which includes three parameters.

verifyReceipt(rawReceipt, function(isValid, message, data){
  // do something with the verification info...      
});

verifyAutoRenewReceipt(rawReceipt, function(isValid, message, data){
  // do something with the verification info...
});

The callback has three params sent back to it, these are:

  • isValid - boolean indicating that the receipt has valid or the auto-renewing subscription is active
  • message - the message associated in Apple's system with the statusCode
  • data - the receipt data returned by Apple's server

The callback function includes isValid which indicates whether the receipt is for a valid subscription/purchase, the statusCode returned by Apple's server and the Message associated with the statusCode.

To verify a receipt:

Javascript:

var IAPVerifier = require('iap_verifier');

// Verify a receipt
receipt = 'raw_receipt_data_from_ios'

var client = new IAPVerifier(itunes_shared_secret);
client.verifyReceipt(receipt, function(valid, msg, data) {
  if (valid) {
    // update status of payment in your system
    console.log("Valid receipt");
  } else {
    console.log("Invalid receipt");
  }
});

CoffeeScript:

IAPVerifier = require('iap_verifier')

# Verify a receipt
receipt = 'raw_receipt_data_from_ios'

client = new IAPVerifier(itunes_shared_secret)
client.verifyReceipt receipt, (valid, msg, data) ->
  if valid
    console.log("Valid receipt")
  else
    console.log("Invalid receipt")            

Similarly you can verify auto-renewing receipts:

Javascript:

// Verify an auto-renewing receipt
receipt = 'raw_receipt_data_from_ios'

var client = new IAPVerifier('your_secret_key_from_itunes')
client.verifyAutoRenewReceipt(receipt, function(valid, msg, data){
  if(valid) {
    // update status of payment in your system
  }
});

CoffeeScript:

# Verify an auto-renewing receipt
receipt = 'raw_receipt_data_from_ios'

client = new IAPVerifier('your_secret_key_from_itunes')
client.verifyAutoRenewReceipt receipt, (valid, msg, data) ->
  if valid
    console.log("Valid receipt")
  else
    console.log("Invalid receipt")

Special Note: Handling App Store reviews:

There is a special case for iOS In App Purchase verification that occurs during application review.

When you app is reviewed Apple is testing with a Distribution (production) build of your application however for testing reasons they use dns to fake out your app so that it thinks it's hitting the Production servers but is in fact hitting the Sandbox servers when processing In App purchases.

This means when verifying receipts during a review you must failover to check receipts on the Sandbox environment, IAPVerifier does this automatically by checking the error codes sent back from Apple's server and auto-retrying the verification on the Sandbox environment if a Sandbox receipt has been sent to the Production environment. This approach is recommended by Apple as the simplest way to handle these app store review receipts.

License

See LICENSE file.