IAP Receipt Verifier

by lionheart

GitHub Readme.md


A simple, one-click deploy web app to simplify the process of validating In-App Purchase receipts on the App Store. Written using Django 1.11 and Python 3.6.2.



  1. (Optional, but highly recommended) Download IAPVerifierKeyGenerator.playground and run the playground. Copy the highlighted Base-64 encoded values below. Save these values for the next steps.

  2. Create the project on Heroku using the Deploy Button above. Before you do, make sure that you've already obtained your app-specific shared secret for authentication from iTunes Connect. For the BASE64_ENCODED_SIGNING_KEY value, paste in the value for the private key from Step 1.

In Your iOS App

  1. Add IAPReceiptVerifier to your Podfile, then run pod update.

  2. Use something like the following in your iOS app to validate your receipts.

    // Insert your Heroku app URL here.
    let url = URL(string: "https://your-app-name.herokuapp.com/verify")!
    // The Base 64 Encoded public key from Step 1.
    let publicKey = "..."
    // Create the receipt verifier from the above values.
    guard let verifier = IAPReceiptVerifier(url: url, base64EncodedPublicKey: publicKey) else {
    // Check the app store to see if there is a valid receipt.
    verifier.verify { receipt in
        guard let receipt = receipt else {
            // Someone tampered with the payload!
        // Your application logic here.

Local Testing

curl -X POST -T receipt https://your-app.herokuapp.com/verify

...where receipt is a file with base-64 encoded receipt data.


In-App Purchase Receipt Verifier is available under the Apache 2.0 license. See the LICENSE file for more info.