アプリに課金を実装しようと思うのですが、もし不正利用された場合、アプリ側は基本的にApp Storeを通じて対応するよう案内するのが一般的と思いますが、Apple ID不正利用時とクレジットカード不正利用時で、アプリ側が行う標準的な対応プロセスは変わるのか教えていただきたいです。 また下記内容は標準的な対応プロセスとして問題ないでしょうか？
 ■Apple ID不正利用時 → ユーザー自身がAppleサポートに連絡し、パスワード変更・二段階認証の設定・不正購入の返金申請などを行うよう案内する。 ■クレジットカード不正利用時 → まずカード会社への連絡を促すが、アプリ内決済に関してはAppleのカスタマーサポート経由で返金や調査手続きを案内する 不正利用されたユーザーへの対応に備えて、アプリ側が考慮すべきことがあれば教えてください。

I encountered a scenario involving a subscription and need to determine if it's a problem or an expected outcome. Here are the details: My service received a notification from Apple of type DID_CHANGE_RENEWAL_STATUS with subtype AUTO_RENEW_DISABLED. The status field received on the payload was equal to 1 - Active. (2024-12-19T15:34:53.801) My service again received a DID_CHANGE_RENEWAL_STATUS with subtype AUTO_RENEW_DISABLED. But the status field received was 2 - Expired. (2024-12-19T23:34:57.527) My service received an EXPIRED with subtype VOLUNTARY notification. (2024-12-19T23:35:01.669) Is the event 2 an inconsistent event? Since we are receiving a notification that means the auto renew was disabled when the subscription was already expired.

I have setup offer codes and subscriptions for users to purchase, when a user signs up using an offer code outside of the app the offer code does not save into my database where the subscriptions are saved the transaction is successful and validated by store kit but I cant see that that user used an offer code - an example https://apps.apple.com/redeem/?ctx=offercodes&id=6744338284&code=ASKDOM I then setup an edge function in supabase to retrieve the data that store kit sends back and im not sure where to find the offer code as it still doesnt save is there an internal apple reference that they use as apposed to the users offer code i.e offer code askdomSA = P3050 for example how can Identify if an offer code was used thank you

Inquire the types of notifications that can occur in a SANDBOX environment Hello, WWDC 2024 is trying to conduct a test to receive notifications related to ONE_TIME_CHARGE, CONNSUMPTION_REQUEST, CONMSUMPTION_INFO, REFUND, and REFUND_DECLINED as described in the example of purchasing consumables, but as a result of the continuous search, I found that it is difficult to occur except for ONE_TIME_CHARGE. So, in order to verify only the business logic as shown below, we are testing only the business logic without actually calling the API after purchasing the test and saving the signaled Payload that we received in response to ONE_TIME_CHARGE. Can we actually request a refund for the test purchase and receive the corresponding notification and actually send the response? public void handleSignedNotification(String signedNotification) throws Exception { ResponseBodyV2DecodedPayload payload = signedDataVerifier.verifyAndDecodeNotification(signedNotification); NotificationTypeV2 type = payload.getNotificationType(); //For Apple Server Notification, only ONE_TIME_CHARGE notifications are enabled in the test environment, so for testing, change them as below to test whether they are running business logic type = NotificationTypeV2.REFUND; log.info("Apple NotificationType : {}", type); switch (type) { case CONSUMPTION_REQUEST: handleConsumptionRequest(payload); break; case REFUND: handleRefund(payload); break; case REFUND_DECLINED: handleRefundDeclined(payload); break; // For other necessary notifications, just take a log default: log.info("Unhandled notification: {}", type); } } Regarding the call of 'CONSUMPTION_INFO', which is the response of 'CONSUMPTION_REQUEST' Is there a value that WWDC 2024 must include when sending CONMSUMPTION_INFO, which is the response to CONNSUMPTION_REQUEST described in the refund example? I'm going to call the API with only sample provision and consumption like the sample code you introduced in the video. I was told to submit my refund preference within 12 hours, but can I submit it as UNDECLARED at first and use the method to express my intention? When I receive the notification, I will save it in the DB and save it in the administrator page of the service so that the administrator can choose. 2-1. Some of the materials I looked for are told that Apple can proceed with the refund even 12 hours ago, and to express your opinion as soon as I receive the notification, but I wonder if this is correct. If you get a notification as below, you should write whether you used it or not by referring to the consumption information. I think the customer said to check whether the data was provided when applying for a refund. Should I take it out of decodedTransaction, check the value, and just call it NO_PREFERENCE? I'd appreciate it if you could give me some advice. Below is a part of the code I implemented. private void handleConsumptionRequest(ResponseBodyV2DecodedPayload notification) throws Exception { // 1. transaction ID get String signedTransactionInfo = notification.getData().getSignedTransactionInfo(); JWSTransactionDecodedPayload decodedTransaction = signedDataVerifier.verifyAndDecodeTransaction(signedTransactionInfo); String transactionId = decodedTransaction.getTransactionId(); // 2. Extract the relevant transaction (The following example is an in-app payment and will be accumulated in two types of DBs, stored in one of the two) Sample sample = sampleService.findByAppleTransactionId(transactionId); Example example = exampleService.findByAppleTransactionId(transactionId); Boolean canRefund = false; // 3. Check consumption information if (sample != null) { canRefund = checkSampleStatusForApplePurchaseRefund(sample); } else if (example != null) { canRefund = checkExampleStatusForApplePurchaseRefund(example); } // 4. Create Refund Preferences RefundPreference refundPreference = determineRefundPreference(canRefund); // 5. Creating a ConsumptionRequest Object ConsumptionRequest request = new ConsumptionRequest() .refundPreference(refundPreference) .sampleContentProvided(true); log.info("forTest~ canRefund: {}", canRefund); log.info("forTest~ sample: {}", sample.toString()); log.info("forTest~ example: {}", example.toString()); log.info("forTest~ refundPreference: {}", refundPreference); log.info("forTest~ request: {}", request); // 6. Transfer to App Store (annotated with dummy requests that only confirm current business requests are going right) // appStoreServerAPIClient.sendConsumptionData(transactionId, request); }

Hey everyone, We're looking for the best way to handle App Store Server Notifications in our development setup and would appreciate some guidance. Our Setup: We use a single App Store Connect account for development, which supports multiple environments (e.g., staging1, staging2). Our production app lives in a separate account, so that's not an issue. The Challenge: We have only one configurable sandbox notification URL. This makes it difficult to route notifications to the correct development server (staging1 vs. staging2 vs developments) when a sandbox event occurs. We're considering using a proxy server to catch all notifications and then forward them to the appropriate environment. However, we're not sure how to determine the correct destination. Our Questions: What's the recommended approach for managing a single sandbox notification URL across multiple development environments? If a proxy is the best method, which parameter in the responseBodyV2 payload should we use to route the notification? How can we differentiate between our various dev environments? Is it possible to add custom properties to the App Store Server Notification V2 body to facilitate routing? Any advice or best practices you've implemented would be greatly appreciated.

I'm using the SwiftUI view SubscriptionStoreView (https://developer.apple.com/documentation/storekit/subscriptionstoreview/) with a subscription group that has 2 subscriptions. I set up a free trial offer in App Store Connect (https://developer.apple.com/help/app-store-connect/manage-subscriptions/set-up-introductory-offers-for-auto-renewable-subscriptions/). The storekit file in Xcode is synced with the App Store. In debug build, this works and appears correctly, showing the free trial offer: But in release build, the free trial offer is not shown: The code is very simple: SubscriptionStoreView(productIDs: [ "[PRODUCT ID FOR ANNUAL SUBSCRIPTION]", "[PRODUCT ID FOR BIMONTHLY SUBSCRIPTION]" ]) Does anyone have a solution? Thank you. (Xcode 16.3, macOS 15.5, iOS 18.5)

The app subscription function uses StoreKit. After canceling the subscription, I try to subscribe again and get the following error. I remember it was working fine before iOS 18 was released. { NSLocalizedDescription = "\U53d1\U751f\U672a\U77e5\U9519\U8bef"; NSUnderlyingError = "Error Domain=ASDErrorDomain Code=825 "(null)""; } Hope you can help me solve this problem as soon as possible. Thanks

Hi (from France) I have a MacOS application which handles the App Store receipt by requesting at the url "https://buy.itunes.apple.com/verifyReceipt". From the response, I can know what are the inApps bought by the user and that suits for me. I don't know if if I must change something in my code accordingly to this TN3118. Does someone knows the response ? Best regards.

Hello, Apple App Store Server API Team! I have one questions about the identifiers provided by Apple App Store Server API. Could you please answer? We are running an iOS App. In our app, the transactionId we get from Apple App Store Server API is called T1. (Example) Q1. Is it correct that other iOS apps cannot get T1 for transactionId from Apple App Store Server API? (I'm wondering if the transactionId is globally unique across apps.) Thank you!

Is the following subscription cancellation flow possible for an iOS in-app subscription? (Note: This is during the feature planning stage, not actual app deployment.) Planned user flow: User taps the “Cancel Subscription” button Display a “Wait a moment!” screen showing how much the user has enjoyed BFLIX content (to encourage retention) User taps “Proceed to Cancel” Collect cancellation reason from the user Redirect the user to the Apple subscription management page to complete cancellation Can this flow be implemented under Apple’s current in-app purchase and App Store Review guidelines?

I'm considering developing an app where users can create their own subscription plans by freely setting their prices, similar to YouTube's membership feature. I understand that in-app purchases must be used to unlock features within the app. With that in mind, I searched for APIs to enable this functionality but couldn't find relevant information. When I contacted Apple directly, they mentioned that they couldn't provide specific answers unless the app is under review. If anyone has knowledge about the following points, I would greatly appreciate your response: Is it possible to implement a feature similar to YouTube's membership using in-app purchase APIs? If it's not feasible with in-app purchases, is it allowed to use external payment services like Stripe?

Hello, I’m facing an issue with auto-renewable subscriptions in my React Native iOS app using react-native-iap. Before App Store approval, everything worked perfectly — I could test in-app purchases and subscriptions locally on my iPhone through Xcode using a development build and sandbox tester. After the app was approved and released on the App Store, I needed to make some updates. Now, when I build and run the same project again through Xcode (Debug, development-signed) on my iPhone, the subscriptions no longer load. The same product IDs are approved and live in App Store Connect. The live version on the App Store works fine (subscriptions load and process successfully). But on the local Xcode build, getSubscriptions() returns invalid product identifiers or an empty list. No changes were made to the bundle ID or product IDs The build is signed with an Apple Development certificate and uses the same team and bundle identifier as the published app. “In-App Purchase” capability is enabled. I’ve also tried deleting the app, rebooting the device, and re-logging into a sandbox tester account, but the issue persists. It looks like the sandbox environment no longer works for the app after its first App Store release. Has anyone experienced this issue where the same approved app’s IAPs work in production but fail to load in sandbox/dev builds through Xcode after release? Any guidance on re-enabling sandbox testing for updates would be greatly appreciated. Environment: Xcode 26.0.1 React Native with react-native-iap Auto-renewable subscriptions (3 SKUs) Thank you!

My question is simple, I do not have much experience in writing swift code, I am only doing it to create a small executable that I can call from my python application which completes Subcription Management. I was hoping someone with more experience could point out my flaws along with giving me tips on how to verify that the check is working for my applicaiton. Any inight is appreciated, thank you. import Foundation import StoreKit class SubscriptionValidator { static func getReceiptURL() -> URL? { guard let appStoreReceiptURL = Bundle.main.appStoreReceiptURL else { print("No receipt found.") return nil } return appStoreReceiptURL } static func validateReceipt() -> Bool { guard let receiptURL = getReceiptURL(), let receiptData = try? Data(contentsOf: receiptURL) else { print("Could not read receipt.") return false } let receiptString = receiptData.base64EncodedString() let validationResult = sendReceiptToApple(receiptString: receiptString) return validationResult } static func sendReceiptToApple(receiptString: String) -> Bool { let isSandbox = Bundle.main.appStoreReceiptURL?.lastPathComponent == "sandboxReceipt" let urlString = isSandbox ? "https://sandbox.itunes.apple.com/verifyReceipt" : "https://buy.itunes.apple.com/verifyReceipt" let url = URL(string: urlString)! let requestData: [String: Any] = [ "receipt-data": receiptString, "password": "0b7f88907b77443997838c72be52f5fc" ] guard let requestBody = try? JSONSerialization.data(withJSONObject: requestData) else { print("Error creating request body.") return false } var request = URLRequest(url: url) request.httpMethod = "POST" request.httpBody = requestBody request.setValue("application/json", forHTTPHeaderField: "Content-Type") let semaphore = DispatchSemaphore(value: 0) var isValid = false let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data, error == nil, let jsonResponse = try? JSONSerialization.jsonObject(with: data) as? [String: Any], let status = jsonResponse["status"] as? Int else { print("Receipt validation failed.") semaphore.signal() return } if status == 0, let receipt = jsonResponse["receipt"] as? [String: Any], let inApp = receipt["in_app"] as? [[String: Any]] { for purchase in inApp { if let expiresDateMS = purchase["expires_date_ms"] as? String, let expiresDate = Double(expiresDateMS) { let expiryDate = Date(timeIntervalSince1970: expiresDate / 1000.0) if expiryDate > Date() { isValid = true } } } } semaphore.signal() } task.resume() semaphore.wait() return isValid } }

Hi does anyone have trouble using expo store review package for ios apps. for some reason on our app., the review may show for certain people, but when they submit a review, it doesn't update our review count

I get crash reports which I can't reproduce when trying to present an SKStoreProductViewController : Fatal Exception: UIApplicationInvalidInterfaceOrientation Supported orientations has no common orientation with the application, and [SKStoreProductViewController shouldAutorotate] is returning YES No matter what app Deployment info orientation I try I can't get my SKStoreProductViewController shouldAutorotate property to return YES. It is always false. Does anyone knows why or how to get an SKStoreProductViewController to return shouldAutorotate YES?

I have consumable IAPs in my app. Currently there is no way for me to test refunds for them as Xcode testing doesn't allow refunds option for my Purchases. According to this official documentation on Transaction.all , i should be getting my refunded consumables in Transaction's all property. But there is no way for me to know what kind of data is in the refunded transaction object. Will there be a 'revocation date' like in the case of non-consumables?

Hi! I’m new in programming apps for Apple Store and I’m creating my first app. I already send my for review but I get an answer of problems with the subs flow. If there’s anyone who can help me fix this problem and implement my subscriptions in my app and test it out I would be thankful, I want the flow work like in the image!

Problem Summary Apple's provisioning servers are not generating the com.apple.developer.storekit entitlement for App ID com.driftnotes.app (Team ID: 43Y6AG5NPY), making it impossible to build iOS apps for physical devices despite all configurations being correct. Environment macOS: 15.3.1 (24D70) Xcode: 16.1 (xcode-select version 2409) Flutter: 3.35.2 • channel stable Account: Individual Developer (Kazakhstan) Bundle ID: com.driftnotes.app Team ID: 43Y6AG5NPY Error Message Error (Xcode): Provisioning profile "iOS Team Provisioning Profile: com.driftnotes.app" doesn't include the com.apple.developer.storekit entitlement. /Users/vyacheslavkuzin/Desktop/FlutterProjects/DriftNotesDart/ios/Runner.xcodeproj Steps to Reproduce Configure App ID with In-App Purchase capability (✅ verified in Developer Portal) Add In-App Purchase capability in Xcode project (✅ done) Configure entitlements file with StoreKit keys (✅ done) Enable automatic signing in Xcode (✅ done) Run: flutter build ios --release Build completes successfully ("Xcode build done. 13,8s") but fails at signing stage Expected vs Actual Result Expected: Provisioning profile should include com.apple.developer.storekit entitlement Actual: Profile is created WITHOUT the entitlement, despite all configurations being correct Configuration Details Developer Portal App ID com.driftnotes.app has In-App Purchase capability enabled ✅ All agreements are active in App Store Connect ✅ Xcode Project In-App Purchase capability added via Signing & Capabilities ✅ Automatically manage signing: Enabled ✅ Team: 43Y6AG5NPY (Vyacheslav Kuzin) ✅ Entitlements File (ios/Runner/Runner.entitlements) <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.in-app-payments</key> <array> <string>merchant.com.driftnotes.app</string> </array> <key>com.apple.developer.storekit</key> <true/> </dict> </plist> Build Settings CODE_SIGN_ENTITLEMENTS: Runner/Runner.entitlements ✅ PRODUCT_BUNDLE_IDENTIFIER: com.driftnotes.app ✅ DEVELOPMENT_TEAM: 43Y6AG5NPY ✅ Troubleshooting Attempted Multiple Attempts Profile Recreation: Manual and automatic profiles recreated dozens of times Cache Cleanup: Complete removal of: ~/Library/Developer/Xcode/DerivedData/* ~/Library/MobileDevice/Provisioning\ Profiles/* Flutter clean & pod cache clean Signing Methods: Tested both manual and automatic signing management Wait Periods: 48+ hours for server propagation Complete Profile Deletion: Removed ALL profiles from Developer account per Apple Support Apple Support Workaround Following Senior Advisor recommendation: ✅ Deleted all provisioning profiles from account ✅ Confirmed IAP capability in project ✅ Created StoreKit Configuration File for testing ✅ Verified automatic signing management ✅ Multiple "Try Again" attempts in Xcode Result: Problem persists Apple Support Reference Case #102680105923 - Senior Advisor Simone confirmed after internal team consultation that this requires engineering team attention and directed to Developer Forums. Technical Analysis What Works Flutter build completes successfully Pod install executes without issues (25,9s) Xcode build finishes successfully (13,8s) All dependencies resolve correctly What Fails Provisioning profile generation: Server creates profile but omits StoreKit entitlement All profile types affected: Both manual and automatic profiles Consistent across configurations: Debug, Release, Profile all fail identically Root Cause This appears to be a server-side bug where Apple's provisioning systems are not properly correlating the App ID's In-App Purchase capability with the StoreKit entitlement generation for this specific App ID (com.driftnotes.app). The issue is NOT in client-side configuration - all settings match Apple's official documentation exactly. The problem occurs during the server-side provisioning profile generation process. Request for Engineering Team This issue requires attention from Apple's provisioning infrastructure team to resolve the server-side entitlement generation bug for App ID com.driftnotes.app. Impact Critical: Complete inability to build iOS app for physical devices Business: Blocking app deployment and updates Developer Experience: Extensive time spent on troubleshooting correctly configured setup All configurations have been verified multiple times and match Apple's official documentation. The issue has been escalated through Apple Support (Case #102680105923) and requires engineering team intervention.

Hi Apple Developer Team, I'm looking to confirm some technical details regarding the pre-order flow and App Store receipt handling. Specifically, I have the following questions: Q1: After a user installs an app via pre-order and launches it for the first time, will a valid App Store receipt be available immediately via [[NSBundle mainBundle] appStoreReceiptURL]? Are there any known cases where the receipt might be missing or invalid, requiring a manual refresh (e.g., via SKReceiptRefreshRequest)? Q2: Is the pre-order flow currently supported in the sandbox environment? Specifically, is it possible to simulate pre-ordering an app and installing it in a sandbox or TestFlight environment, in order to test receipt generation and related logic? https://developer.apple.com/documentation/appstorereceipts/responsebody/receipt Q3: The receipt field in the App Store receipt structure is marked as deprecated. Is it still acceptable to use this field for validating receipts? Has Apple announced any timeline or system version in which this field will be fully removed or unsupported?

Hello, I'm encountering an issue when trying to use the subscriptionGroupLookups endpoint in the App Store Connect API. Despite having the correct setup, I continue to receive a 404 NOT FOUND error when making requests to: GET https://api.appstoreconnect.apple.com/v1/subscriptionGroupLookups Here is the current state of my environment: I am the Account Holder of the App Store Connect account The App Store Connect API key has been successfully created I have the correct Key ID, Issuer ID, and .p8 private key I can authenticate and access the apps and subscriptionGroups endpoints However, the subscriptionGroupLookups endpoint always returns: { "errors": [ { "status": "404", "code": "NOT_FOUND", "title": "The specified resource does not exist" } ] } I suspect that LookUp Keys (UUIDs) have not been assigned to our subscription groups, even though they were created and are active in App Store Connect. There is no “Request Access” button visible under the Integrations tab (as mentioned in Apple support instructions), and my keys appear under “App Store Connect API” > “Keys” as active. Questions: How can I ensure that LookUp Keys are assigned to my subscription groups? Is there a way to trigger this manually or via support? Has anyone successfully resolved this? Any advice or experience would be greatly appreciated. Thank you!