Search Unity

  1. Welcome to the Unity Forums! Please take the time to read our Code of Conduct to familiarize yourself with the forum rules and how to post constructively.
  2. We have updated the language to the Editor Terms based on feedback from our employees and community. Learn more.
    Dismiss Notice
  3. Join us on November 16th, 2023, between 1 pm and 9 pm CET for Ask the Experts Online on Discord and on Unity Discussions.
    Dismiss Notice
New Forum User Notice Update to the Unity Editor Software Terms Unite 2023 - Ask the Experts Online

[Closed] Remote Receipt Validation on iOS

Discussion in 'Unity IAP' started by JoshuaMarkk, Oct 21, 2016.

Thread Status:
Not open for further replies.

  1. JoshuaMarkk

    JoshuaMarkk

    Joined:
    Oct 27, 2015
    Posts:
    13
    Hey guys,

    I'm working on a game where we validate IAP receipts on the server-side of our multiplayer game. I've been following this guide so far:

    https://docs.unity3d.com/Manual/UnityIAPValidatingReceipts.html

    It works perfectly fine with the Play Store, we just put the Google key right from our developer console in the CrossPlatformValidator call on the server and everything is good, but I'm not sure about how to do it for iOS. It doesn't seem like there is a unique key for us on the Apple dev console, and the manual linked above mentions "Apple's root certificate" but I haven't been able to find any good information on what that is, where to get it, or how to use it.

    Has anybody had any luck with remote validation for iOS? I'm not sure where to go from here.
     
    Last edited: Oct 21, 2016
    JoshuaMarkk, Oct 21, 2016
    #1

  2. WillemKokke

    WillemKokke

    Joined:
    Sep 6, 2014
    Posts:
    31
    Interesting approach.

    How are you running Unity's CrossPlatformValidator on the server?

    Did you just use the UnityEngine.Purchasing.Security .net DLL and it's dependencies directly in and ASP.NET project or did you create a headless executable that you run on the server?

    Either way, if you import Unity IAP from the service editor window, you can find the apple certificate at

    /Assets/Plugins/UnityPurchasing/Editor/AppleIncRootCertificate.cer

    Once you run the Window/Unity IAP/Receipt Validation Obfuscator menu item, you can find the processed apple root certiface ready for feeding to CrossPlatformValidator at

    /Assets/Plugins/UnityPurchasing/generated/AppleTangle.cs


    on iOS (and macOS) apple signs every receipt with their own key. You can then validate that the receipt is unmodified after apple signing it with the certificate. (CrossPlatformValidator does this for you)

    That is why there is no application specific key to validate with.

    Having said all that, on iOS, server side verification is usually done by your app sending the receipt to you server, and the sever then sending the receipt to apple's servers. (https://sandbox.itunes.apple.com/verifyReceipt or https://buy.itunes.apple.com/verifyReceipt)

    Apple will then tell you whether the receipt is valid or not. Because you control the server, you can trust the returned value and credit the player with whatever he has bought.

    Don't bother doing this from the app directly as then security is easily circumvented again.

    More information about this can be found here:

    https://developer.apple.com/library...html#//apple_ref/doc/uid/TP40010573-CH104-SW1

    Good luck!
     
    WillemKokke, Oct 25, 2016
    #2
    mcmorry, BigToe, erika_d and 1 other person like this.

  3. JoshuaMarkk

    JoshuaMarkk

    Joined:
    Oct 27, 2015
    Posts:
    13
    Sorry for the late reply but I did manage to get it working, thanks for your help!
     
    JoshuaMarkk, Dec 7, 2016
    #3

  4. Apoll0

    Apoll0

    Joined:
    Jun 11, 2015
    Posts:
    16
    By your own server or from the game?
    Can you please describe the steps?
     
    Apoll0, Apr 6, 2017
    #4
Thread Status:
Not open for further replies.