Validate My Experience

So we’re looking at updating one of our apps here for iOS 11 and joining the move to subscriptions which it appears is the only reasonable path to sustaining a productivity app on the horizon, so we’re seeing what’s new in receipt validation to support that, as last time we checked into it was four years ago and all and RMStore we picked then has languished since.

Let’s look around a bit … hmmm … hmmm … oh, what’s this? A comprehensive series walking through the whole process, updated for Swift 3? Well, bit late to the party, but looks like it’s all still relevant, and receipt validation code is something we really ought to write ourselves:

Preparing to Test Receipt Validation for iOS

After having to piece together each step along the path of preparing to test receipt validation for iOS apps, I’ve decided to combine everything into the following guide. Whether you’re working to implement receipt validation for a new iOS app, or for an existing one, this walk-through should provide guidance to get you ready to work with receipts in your iOS application…

Loading a Receipt for Validation with Swift

There are at least 5 steps to validate a receipt, as the Receipt Validation Programming Guide outlines…

Extracting a PKCS7 Container for Receipt Validation with Swift

Before attempting to work with OpenSSL’s PKCS7 functions, you’ve got to do a little prep work to get the functions to play nicely with Swift. Unfortunately, Swift doesn’t work well with C union types. It simply can’t see things defined with a C union…

Receipt Validation – Verifying a Receipt Signature in Swift

The aim of this guide is to help you take a look inside the PKCS #7 container, and verify the presence and authenticity of the signature on the receipt…

Receipt Validation – Parse and Decode a Receipt with Swift

The aim of this guide is to help you parse a receipt and decode it so that you have readable pieces of metadata to inspect and finalize all of the receipt validation steps…

Finalizing Receipt Validation in Swift – Computing a GUID Hash

After finishing this guide, you’ll simply need to use the parsed receipt data to perform any app-specific enabling/disabling of features based on the data within a valid receipt. If the receipt is invalid, you’ll need to handle that as well. But all of the relatively difficult work of working with the Open SSL crypto library will be DONE after this guide….

… The bottom line is that from this point on, you no longer need Open SSL or any additional cryptic, low-level, unsafe pointer-type stuff to finish things out. I hope this series has been helpful in setting you up to validate receipts locally on a user’s device!

That … is a veritably monumental guide to the validation process. And conveniently finished up right when we need it too, thanks ever so much @andrewcbancroft!


We just beat by a day Messr. Bancroft pulling together his own collection guide, now that you’ve read ours go to the real thing!

Local Receipt Validation for iOS in Swift From Start to Finish

and code at SwiftyLocalReceiptValidator!

Alex | July 31, 2017

Leave a Reply