i read this overview of the StoreKit API
but could not understand the role of developer's server exactly,
will you please elaborate the role and is it mandatory to have if i need to submit an application ?
Thanks in advance..
No. Only if you are following the Server Product Model or if you need to do subscriptions are you required to have a server. If you follow the Built-in Product Model, then you can use Apple's servers to do the payment, and then you will enable functionality based on if the user had previously purchased the item.
See In App Purchase Programming Guide: #Feature Delivery
Also, this is only if you are using StoreKit for in app purchases. It is not required to use this framework for simple iPhone applications.
Related
I have developed an iPhone application that was rejected. With this application I offer an SMS transmission service. On my website each user has an account and he can buy credits on the website to be able to send SMS.
The reason for rejections was that my app uses an external service, my website. They say I have to use in-app purchase for the credits.
So now I am about to extend my api. So if purchase takes place in-app the web server needs to know that there was a purchase and what type of purchase. This is done using HTTP-POST.
I could build a simple url and register the purchase in the user-account, since I can verify that an purchase was performed correctly in the app store. But to prevent hacking and just for security reason I think there has to be some kind of encryption.
E.g. if the payment process in the app was successful I send a HTTP-POST to my webserver. It contains some encrypted key that can be encrypted by the webserver.
What do you think about all this? How can I make my api safe regarding in-app purchase and what security algorithm could I use?
Any other suggestions or ideas?
You should probably look into the Server Product Model, rather than trying to invent some way for your app on the device to tell the server that credit was purchased after the fact. The section on Verifying Store Receipts will come in handy; in short, your app transmits the contents of transactionReceipt to your server (ideally via HTTPS). Your server base64-encodes it, embeds it in a simple JSON object, and posts it to Apple to get the status and verified purchase information.
I have a complete implementation of storekit including the server code.
http://blog.mugunthkumar.com/coding/mkstorekit-4-0-supporting-auto-renewable-subscriptions/
Try this
You should check out this wiki article on public key encryption. This is what you'll probably what to be using.
CommonCrypto is a module available for iOS that deals with this type of encryption. Here is a sample project in the iOS developer library that uses this module.
Yes You are correct. That is the best way. When user purchase credit using In-App purchase(IAP) You will have delegate method for purchase succeed. So you can call your Server API in this delegate method and put some flag with credit number in the user table of your server database. You can send this info encrypted and your server would decrypt it and insert in your database.
I am developing an iPhone app which provides in-app purchases. However, after creating a product ID for an in-app purchase, I must manually update the list in either the client, or on a custom server. This seems a little odd.
Is their any web service that I can use to directly communicate with Apple's server in order to get a list of registered product IDs dynamically?
Or is there an API that my iPhone client can use to communicate with StoreKit to get the list of registered product IDs from Apple's server?
No there isn't :
From the In App purchase Programming Guide
Apple recommends you retrieve product
identifiers from your server, rather
than including them in a property
list. This gives you the flexibility
to add new products without updating
your application.
You can find a similar answer here :
StoreKit to return all product IDs
Hope this helps,
Vincent
I'm working on an app that will provide data from a web server to users but only if they've bought an in app purchase subscription. I understand the basics of IAPs but how do I securely make sure the data from the server is only accessible to the app, and only if the subscription has been purchased? I don't want to make the user set up an account, I just want to auth the app/purchase securely.
Thanks in advance :)
I'm going to use subscription model too with IAP.
AFAIK, you SHOULD NOT use a unique phone identifier like the IMEI of the phone to identify the user on your server. According to the Apple documentation, you MUST provide a way so that an user can restore his subscriptions on several devices!
Besides, a call to restoreCompletedTransactions of the SKPaymentQueue will restore ONLY nonconsumable products! Subscriptions are not supported by this method.
See these links :
http://developer.apple.com/library/ios/#technotes/tn2009/tn2259.html (section « Frequently Asked Questions », point 10)
iPhone - How to recognize the iTunes user of my app
The only way I know is to use a login/password to identify the user on the web server but this could be quite ugly...
However, if someone know another way, could he describe his solution ?
You should upload store receipts to your server, to be able to check them on Apple's site. And, with request you should upload phone identifier. And, of course, store somewhere in the database. After all, you will have information about which phone id has access to subscription.
And, when you will request subscription-related info from your server, you'll be able to check who has acces (via phone id) and who hasn't.
Does anyone have any idea of a service provider that provides In App Purchase with subscription model. I checked Urban Airship which has solution built around non-consumable approach and iLime is not available yet. Any pointers in the right direction would be appreciated.
Though i am not aware of the service providers, i will be able to tell you about tracking of subscriptions.
Tracking usually needs the user's connected 5 devices to be enabled with the subscription. For this, you either have to maintain another set of user credentials on the server and ask the user to enter the credentials once the app is loaded onto each device.
another approach is the unique userid for the device once the app is loaded. Upon installation on the second device, the same userid needs to be entered for enabling subscriptions.
Try to look out for newer version of ApalyaTv for more details.
From My Previous question
sending request to apple - from iphone custom application
Here, I have added more specified my question.
Suppose my application has implemented followings.
Lets take an simple example
I have developed an application, for mobile dealer.
User can see ten mobile items on screen.
Now, user selects two items.(mobiles)
Now, User chooses check out option.
in check out option, he will provide his apple account - id & password.
Above I have explained the process that should be implemented in my application.
Up to 4 stpes I can do programming.
But I have no idea about the last step.
Can user make payment through apple
id - from iPhone?
What kind of steps do I/programmer
have to follow?
What kind of accounts do
I/programmer are required? (If
any..)
What kind of certificates do
I/programmer are required? (If
any..)
Let's take an another example.
Suppose, Application if something like this,
User can pay for bike (new order) through iPhone - apple id - password ?
Edit :
After a round - round question ...
Let's understand it in single line
Does apple allow to use apple-ID for payment of items other than apple-store? Why ?
You cannot sell your products through the Apple Store. If you want to have an iPhone app that interfaces with your store you can do that, but you will have to provide your own store service.
To answer the edit to your question, Apple does not allow using an Apple ID to purchase products from other stores. Instead you should use something like Paypal or Google Checkout.
StoreKit allows you to sell digital content, such as books, music, ect. and get it delivered right into the application. Payment happens via the iTunes account.
However, you cannot sell physical goods with this mechanism. You may want to consider other payment methods as mentioned by Amuck.
Answering the edited short-question:
Does apple allow to use apple-ID for
payment of items other than
apple-store? Why ?
No, because they do not pose as a payment provider to third parties and I am pretty sure they never will.