In-App Purchases 路 Receipt Validation Starter Project |

This is a companion discussion topic for the original entry at

Hi Brian
Can you please give the steps to integrate open ssl into a swift project, it鈥檚 highly confusing and cumbersome as well as downloading the apple root certificate as anyone following this tutorial will be more interested in implementing it in his/her own project. Or ideally an extra video on how to integrate these two (integrating open ssl into a swift project & installing apple root certificate) into this project.

Hey there,

Installing the root certificate is a matter of just downloading the certificate and dragging into your project. You can find find the root certificate over here: Apple PKI - Apple

Compiling OpenSSL is really beyond the scope of the tutorial. If you are interested in doing this on your own, you can find a medium tutorial over here: OpenSSL + Swift: Everything You Need to Know | by Jonathan Cardasis | Medium

But remember, Apple recommends that you preform remote validation. It鈥檚 far easier to implement with better security.

I hope that helps!

Hi Brian,
Thanks for your prompt reply. I am trying the same medium tutorial since last one week but still no luck. The project is not compiling. If you can provide any help that will be great.

Hi Brian
What鈥檚 your take on using some cocapods library which integrates openssl into my project. Do you think will there be any licensing issues. Should I use something like pod 鈥渙penssl-universal鈥

@bdmoakley Can you please help with this when you get a chance? Thank you - much appreciated! :]

You鈥檒l need to specifically check with the library itself and review the licensing terms. Since I haven鈥檛 used openssl via. cocoapods, I鈥檓 really not at liberty to advise. Your best bet is to take it the developer forums.


Hi Brian,
I have a question about receipt persistence.
I am witnessing the following (in sandbox):
鈥 User A purchases my auto-renewing subscription
鈥 User A logs out of iTunes & App Store
鈥 User B logs in, receipt is still there on next app launch and exactly the same, so he still uses User A鈥檚 subscription.
Will the receipt be ever updated to show User B鈥檚 subscription state? How do we handle this case? Thanks in advance.

This is an edge case I hadn鈥檛 dealt with - when you say the receipt is still there - do you mean that Apple is resending the receipt or are you persisting the receipt? Once you parse a receipt, you should be done with it. If you want an updated receipt, you鈥檒l need to request it from the store.

So the process should be: a) get receipt b) process receipt c) discard receipt.Does that make sense?

I only have auto-renewing subscriptions so I use iOS default persistence and read from the file system appStoreReceiptURL as mentioned in the docs:

For non-consumable products and auto-renewable subscriptions in iOS 7 and later, use the app receipt as your persistent record.

I read the receipt on every app launch and send to my server which in turn sends to Apple servers to verify its validity. My server determines if the subscription is still active and responds back.

I would expect the receipt to be automatically cleared when logging out of iTunes & App Store (and the receipt to be different when logging in with another user) but what I see is that appStoreReceiptURL still contains the same content as before. I cannot refresh the receipt all the time because it will show the credentials alert. Also, I don鈥檛 know when the iTunes user changes so I cannot refresh only then. This might be a sandbox issue, I do not have a production app to test it with.

In essence, what I am asking for is a list of all the cases that the receipt is auto-refreshed by Apple behind the scenes, if ever. I read this happens on app update or after any transaction for example, but I would expect that to happen when iTunes & App Store user changes as well and this is something I don鈥檛 see.

This is something beyond the video course. Your best bet is to head over to our developer forums, post on stack overflow, or head over to apple鈥檚 forums (although I haven鈥檛 found them very useful in the past). Thanks!