Server-Side Apple Store Receipt Verification with C#

So, you have created a great app that uses a back-end web service with premium content available via an in-app purchase. The problem is that somebody has figured out the link to your web service and now everyone is stealing your premium content! Well, there are a number of options but one of the most important is to check that the in-app purchase has been made – after all you need to make sure you are actually going to be paid. In this tutorial I will show you how to perform a server-side receipt verification.

I think there are a number of commercial organisation that will handle this for you – in fact contact me and we can arrange something! But it is really quite easy to do yourself, and frankly if you have managed to write and app and a web service, you really aren’t going to have any trouble doing this.

Let’s start verifying receipts

To make this work you are going to need a Web API function that will receive the receipt token (the receipt token is provided by the Apple store to you app when an in-app purchase is made, I will cover that in a different tutorial). Something like this.

Next we need to create a model for the receipt data that Apple will send us. Create a new class and call it AppleReceiptData (or whatever you want). Then paste this code in:

It may be that the int’s need to be bigints

Now that we have the response classes set up lets create a method that will actually perform the server-side receipt verification. I’m going to create two methods, which may seem necessary, the first method is really just an entry point because in your production app you would probably want to be able to verify receipts from other stores, such as Google Pay. It might be that you need to pass in another parameter for device type and then do some conditional logic to call functions for the other store. i will deal with server-side receipt verification for the other stores in later tutorials.

Now the method that actually makes the call to Apple to verify the receipt. Please note that in this example I have used the live store verification URL, there is also one for the sandbox, which is

I have only done a very basic check, result status = 0. But you can see from the receipt model that there are many other properties you could check. And should check! You can view Apple’s documentation on the subject here.


Final thought on C#

This is somewhat unrelated to the above article, but I think you will benefit from it. I have recently read a book by John Skeet called C# In Depth. It is truly an excellent book that will broaden your knowledge of C# immensely. Check it out. If you should purchase from this link, I will receive a small commission that will help support my efforts.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.