iOS在应用购买收据验证 - 沙盒与生产网址？ [英] iOS in app-purchase receipt validation - sandbox vs production url?

问题描述

我跟着 Ray Wenderlich的教程在我的应用程序中实现收据验证。代码直接从我的应用程序连接到Apple的验证服务器，而不是通过我自己的服务器。

I followed Ray Wenderlich's tutorial to implement receipt validation in my app. The code connects to Apple's validation server directly from my app rather than going through my own server.

在我将第一个二进制文件提交到AppStore后，我测试了我的应用程序和应用程序内购买无效，因为我已将其从沙箱URL切换到生产URL。

After I submitted my first binary to the AppStore, I tested my app and the in-app purchasing didn't work because I had switched it over from the sandbox URL to the production URL.

当AppStore审阅者对其进行测试时，这也会失败被拒绝了？我已阅读这篇文章但如果我不使用自己的服务器，我仍然很困惑这是否适用于我。

Will this also fail when they AppStore reviewers test it and therefore be rejected? I've read this post but I'm still very confused about whether that applies to me if I'm not using my own server.

推荐答案

解决方案非常简单，并在WWDC 2012的会议308上进行了解释（视频可供注册开发人员使用）。该会话与订阅相关，但您可以在应用内购买时进行扩展。

The solution is quite simple and it was explained on session 308 of WWDC 2012 (the video is available for registered developers). The session was related to subscriptions but you can extend it for in app purchases.

当您开发硬编码应用程序以使用沙箱验证收据时会发生什么。然后你发送应用程序进行审核，你清楚地对应用程序进行了硬编码，以便用生产服务器验证收据。

What happens is that when you develop you hard code your app to validate the receipt with the sandbox. Then you send the app to review, you clearly hard coded your app to validate the receipt with the production server.

但没有什么能阻止你分两步进行验证：

But nothing prevents you from doing the validation in two steps:

• 始终首先使用生产服务器验证收据，这将适用于99％的应用生命周期。如果收据已经过验证，您就完成了。


• 如果先前的验证失败，只需使用沙盒服务器验证收据。这应该涵盖您的开发需求，当然假收据也将无法通过验证。

顺便说一句，这是正式声明的文档仅适用于订阅，如果您尝试使用生产服务器验证沙箱收据，您将获得特定的状态代码;还有另一个状态代码，涵盖了使用沙盒服务器验证的生产收据的情况。在所有情况下，沙箱和生产这两个世界总是分开的。

By the way, and this is officially stated in the documentation ONLY for subscriptions, if you try to validate a sandbox receipt with the production server you will get a specific status code; there is another status code that covers the case of production receipt validated with the sandbox server. In all cases the two worlds, sandbox and production, are always separated.

不要忘记，iOS7添加了一种新的更安全的方式来直接管理收据验证。设备：事实上，直接从客户端（您没有完全控制，例如使用越狱设备）的收据验证不如通过您控制的服务器进行的收据验证安全。

Don't forget also that with iOS7 added a new safer way to manage receipt validation directly from the device: consider in fact that receipt validation directly from the client (that you don't fully control, e.g. with jailbroken devices) is less secure than receipt validation done through a server you control.

这篇关于iOS在应用购买收据验证 - 沙盒与生产网址？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！