Morioh
Login
Sander Horpestad

Sander Horpestad

3 years ago

Transaction receipts: the key element of subscription management

Transaction receipts are a key element in managing subscriptions through in-app purchases, as well as for automatically renewing and cancelling subscriptions based on the receipt status and validity. They should be handled with care at the initial purchase stage, ensuring that they are persisted in your backend database and stored in a secure manner.

This article walks through the process of generating a transaction receipt in React Native, before sending it to your server with user identifiers in order to persist a transaction to a user account. Note that even if the reader is using native iOS APIs to manage in-app purchases within their app, that receipt can still be sent to the JavaScript side via an Express route and persisted in their backend database.

If the reader has not yet set up in-app purchases within their apps and would like to do so before following this piece, check out my article on setting up iOS subscriptions in React Native: React Native: Subscriptions with In-App Purchases. This piece will act as a natural follow-on to the setup discussed.

How this article is structured

There are three key pieces to validating transaction receipts and persisting them with user identifiable metadata:

  • Sending transaction receipts to your server upon the initial in-app purchase of a subscription. Importantly, this initial purchase is also the only opportunity to associate a receipt to a user ID or unique account identifier: Apple do not allow ad-hoc data that could be tied into a user’s identity, and is therefore not supplied in their webhook service. Instead, we must associate this info when that initial receipt is generated. Receipts are also used later in the subscription lifecycle when it comes to renewing or cancelling, and should not be discarded under any circumstances.
  • Validating the receipt server-side. There is a security risk inherent with web services that could entail users spoofing transaction receipts in an attempt to obtain a free subscription to your app. This can be prevented by validating the receipt server-side before persisting it in a backend database. We will be using a package called node-apple-receipt-verify to carry out the validation, that provides a simple API for contacting Apple servers for the validation.
  • Persisting the receipt with account identifiers. A receipt should be linked to some user or account so your infrastructure knows which user or account initiated a transaction. This becomes very important when automatically renewing or cancelling a subscription with your own NodeJS runtime (that will be the subject of another article). This section will therefore document how to persist receipt and UIDs in a MongoDB collection on an Express server.

Let’s start with the central piece of data of an in-app purchase — the transaction receipt. Let’s first discuss how packages like react-native-iap generate the receipt upon an in-app purchase, and how to send a transaction receipt to your backend database.

#react-native #ios-app-development #nodejs #ios

Validating iOS Subscription Receipts in React Native & Node.js

medium.com

Validating iOS Subscription Receipts in React Native & Node.js

Managing transaction receipts and persisting them with user identifiers. In this post, you'll see Validating iOS Subscription Receipts in React Native & Node.js

2.50 GEEK