IAP 对 Receipt 做验证
苹果官方文档对 store receipt 的介绍,根据我在sandbox 下面做的测试,基本符合~
我也觉得挺奇怪的,叫工作室负责内购这块的伙计把 iap 防护做一做,
他说 receipt 的键是变动的,然后就没弄了,当时我也没太在意。
但后来我一想这么马虎了事真心不行,国内破解猖獗,游戏被破解的话不就相当于撒钱么?
而且如果不做处理,当前的 iap free 十有八九是秒内购压力一点儿都不大~
原文如下:
The Store Receipt
The receipt data you send to the App Store encodes information about the transaction. When the App Store validates a receipt, the data stored in the receipt data are decoded and returned in the receipt
key
of the response. The receipt response is a JSON dictionary that includes all of the information returned to your application in theSKPaymentTransaction
object.
Your server can query these fields to retrieve the details of the purchase. Apple recommends that you send only the receipt data to your server and use receipt validation to retrieve the purchase details. Because the App Store verifies that the receipt data
has not been tampered with, retrieving this information from the response is more secure than transmitting both receipt data and the transaction data to your server.
Table 5-1 provides a list of keys that you may use to retrieve information about the purchase. Many of these keys match properties on
the SKPaymentTransaction
class.
All keys not specified in Table 5-1 are reserved for Apple.
Note: Some keys vary depending on whether your application is connected to the App Store or the sandbox testing environment. For more information on the sandbox, see “Testing a Store.”
Key |
Description |
---|---|
|
The number of items purchased. This value corresponds to the |
|
The product identifier of the item that was purchased. This value corresponds to the |
|
The transaction identifier of the item that was purchased. This value corresponds to the transaction’s |
|
The date and time this transaction occurred. This value corresponds to the transaction’s |
|
For a transaction that restores a previous transaction, this holds the original transaction identifier. |
|
For a transaction that restores a previous transaction, this holds the original purchase date. |
|
A string that the App Store uses to uniquely identify the application that created the payment transaction. If your server supports multiple applications, you can use this value to differentiate between them. Applications that are executing in the sandbox do
not yet have an |
|
An arbitrary number that uniquely identifies a revision of your application. This key is missing in receipts created by the sandbox. |
|
The bundle identifier for the application. |
|
A version number for the application. |