iOS开发--In-app Purchase内购验证方法

IOS7开始:AppStore增加了验证内购(In App Purchasement)的方法, 以确保此次支付是有效地.

下面是苹果提供的验证地址:

开发测试用:

https://sandbox.itunes.apple.com/verifyReceipt

产品用:

https://buy.itunes.apple.com/verifyReceipt

当购买成功时,会得到苹果返回的一个收据(receipt),苹果推荐的方法是将收据发给开发者的server,由server像上述地址post http消息,进行验证,苹果将结果返回.用来判断到底是真正的购买还是虚假的购买.

当然,我们也可以在客户端来验证,代码如下：

#define ITMS_SANDBOX_VERIFY_RECEIPT_URL     @"https://sandbox.itunes.apple.com/verifyReceipt"#pragma mark - VerifyFinishedTransaction-(void)verifyFinishedTransaction:(SKPaymentTransaction *)transaction{    if(transaction.transactionState == SKPaymentTransactionStatePurchased){        NSData *transactionReceipt  = transaction.transactionReceipt;        //将transactionIdentifer和加密后的transactionReceipt数据发送给server端//        NSString* receipent = [NSString stringWithFormat:@"%s", transactionReceipt.bytes];//用来POST给server        NSDictionary *requestContents = @{                                          @"receipt-data": [self encode:(uint8_t *)transactionReceipt.bytes length:transactionReceipt.length]};                NSLog(@"receipent = %@", requestContents);                // 在app上做验证, 仅用于测试        NSData *requestData = [NSJSONSerialization dataWithJSONObject:requestContents                                                              options:0                                                                error:nil];        NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:ITMS_SANDBOX_VERIFY_RECEIPT_URL]];        [request setHTTPMethod:@"POST"];        [request setHTTPBody:requestData];        NSError* err;        NSURLResponse *theResponse = nil;        NSData *data=[NSURLConnection sendSynchronousRequest:request                                           returningResponse:&theResponse                                                       error:&err];        NSError *jsonParsingError = nil;        NSDictionary *dict = [NSJSONSerialization JSONObjectWithData:data options:kNilOptions error:&jsonParsingError];        NSLog(@"requestDict: %@", dict);    }}//Base64加密- (NSString *)encode:(const uint8_t *)input length:(NSInteger)length {    static char table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";        NSMutableData *data = [NSMutableData dataWithLength:((length + 2) / 3) * 4];    uint8_t *output = (uint8_t *)data.mutableBytes;        for (NSInteger i = 0; i < length; i += 3) {        NSInteger value = 0;        for (NSInteger j = i; j < (i + 3); j++) {            value <<= 8;                        if (j < length) {                value |= (0xFF & input[j]);            }        }                NSInteger index = (i / 3) * 4;        output[index + 0] =                    table[(value >> 18) & 0x3F];        output[index + 1] =                    table[(value >> 12) & 0x3F];        output[index + 2] = (i + 1) < length ? table[(value >> 6)  & 0x3F] : '=';        output[index + 3] = (i + 2) < length ? table[(value >> 0)  & 0x3F] : '=';    }        return [[NSString alloc] initWithData:data encoding:NSASCIIStringEncoding];}

正确地返回数据应该是:

{

    receipt =     {

        bid = APPBundleID

        bvrs = AppVersion

        "item_id" = 1011063440;

        "original_purchase_date" = "2015-06-25 02:40:46 Etc/GMT";

        "original_purchase_date_ms" = 1435200046685;

        "original_purchase_date_pst" = "2015-06-24 19:40:46 America/Los_Angeles";

        "original_transaction_id" = 1000000160740781;

        "product_id" = ProductID

        "purchase_date" = "2015-06-25 02:40:46 Etc/GMT";

        "purchase_date_ms" = 1435200046685;

        "purchase_date_pst" = "2015-06-24 19:40:46 America/Los_Angeles";

        quantity = 1;

        "transaction_id" = 1000000160740781;

        "unique_identifier" = bea76003f25d87d1572ac452f600ef2575af0c7f;

        "unique_vendor_identifier" = "7C4CE200-847F-4F5C-BE32-04FAEE6C64E7";

    };

    status = 0;

}

其中: status=0,表示支付有效.

下面是其他的一些状态码:

Status Code

Description

21000

The App Store could not read the JSON object you provided.

21002

The data in the receipt-data property was malformed or missing.

21003

The receipt could not be authenticated.

21004

The shared secret you provided does not match the shared secret on file for your account.

Only returned for iOS 6 style transaction receipts for auto-renewable subscriptions.

21005

The receipt server is not currently available.

21006

This receipt is valid but the subscription has expired. When this status code is returned to your server, the receipt data is also decoded and returned as part of the response.

Only returned for iOS 6 style transaction receipts for auto-renewable subscriptions.

21007

This receipt is from the test environment, but it was sent to the production environment for verification. Send it to the test environment instead.

21008

This receipt is from the production environment, but it was sent to the test environment for verification. Send it to the production environment instead.