Download the PHP package readdle/app-store-receipt-verification without Composer

On this page you can find all versions of the php package readdle/app-store-receipt-verification. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package app-store-receipt-verification

About

This is a *zero-dependencies* pure PHP* library that allows receipts parsing/validation/verification without API calls to the App Store Server API.

However, the bridge to the App Store Server API is also implemented, so it's possible to go even further and extend receipt data using the API.

* Zero-dependencies means this library doesn't rely on any third-party library. At the same time, this library relies on such essential PHP extensions as json and openssl

NOTE

If you need to deal with the App Store Server API instead of (or additionally to) receipts parsing/verification, check out this library.

Installation

Nothing special here, just use composer to install the package:

composer require readdle/app-store-receipt-verification

Usage

Parse base64-encoded receipt data and verify it was signed by Apple root certificate:

Extend receipt with the latest info using the bridge to the readdle/app-store-server-api package:

Self-signed StoreKit receipts

Since version 1.4.0, self-signed StoreKit receipts have also been supported. Note that such receipts contain a very limited amount of data if compared to sandbox/production receipts, and they could NOT be verified, so parse them in dev mode (see below) ONLY.

About the content of receipts

Unfortunately, App Store receipts don’t contain all the information returned by the deprecated App Store Receipt Verification API inside them.

At the same time, they contain some extra fields that are probably not so useful, but as they are there anyway, you'll get them in the result set as well.

The list of missing fields in the in-app purchase receipt:

The list of extra fields in the app receipt:

Extending receipts

A bit funny annoying, but the App Store Server API returns NOT as detailed set of information as you could find in the response of the App Store Receipt Verification API ¯_(ツ)_/¯

Thus, receipts extended with info from the App Store Server API contain the most information available.

Merging new entries in receipts

The second argument of the $receiptExtender->extend() method is a boolean flag, indicating if you want to merge new entries into the in_app/latest_receipt_info arrays.

New means those transactions not present in the receipt itself but are available through the API (for example, when dealing with an outdated receipt). In this case, the information set about each new transaction is limited to what is available from the API.

Dev mode

You can turn on dev mode using this call:

In dev mode, no receipt container check will be performed, so use it ONLY for development purposes or in tests.

There will also be a property called unknown in both app and in-app purchase receipts. This property will contain all unrecognized fields found in the binary data.

In case you know what any of them mean, please get in touch with me, and I will update the library :)

Tests

In the tests/ directory you can find some tests.

The most useful for you will be tests/Functional/AppStoreReceiptVerificationTest.php.

This test looks into the tests/playground/ directory searching for four files (you don't have to create all four, just those which you need): production.json, sandbox.json, xcode.json and unknown.json. An expected structure of all of them is the same:

NOTE: each hash can contain any additional key/value pairs, these two are the only ones that are used

Each file can contain as many entries as you want. Separation for production/sandbox/xcode/unknown is just to make the management of test receipts a bit more convenient. However, there is a difference, xcode and unknown lists will be parsed in dev mode (because it's impossible to verify self-signed receipts, and unknown, as followed by its name, can contain self-signed receipts as well).

This test will result in the creation of production.parsed.json, sandbox.parsed.json, xcode.parser.json, and unknown.parsed.json. Each of them will contain a hash, where a key will be the name of the receipt (name in the source file OR unknown_X in case name is omitted, where X is an index number of the receipt in the source file) and the value will be parsed receipt data (the same as you get from the AppStoreReceipVerification::verifyReceipt()).

External links

Validating receipts on the device

Receipt Validation Programming Guide

A Layman's Guide to a Subset of ASN.1, BER, and DER

ASN.1 Made Simple — What is ASN.1?

Information technology – ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)

Module PKCS7 (X.420:06/1999)

Module AuthenticationFramework (X.509:08/1997)


All versions of app-store-receipt-verification with dependencies

PHP Build Version
Package Version
Requires php Version ^7.4 || ^8
ext-json Version *
ext-openssl Version *
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package readdle/app-store-receipt-verification contains the following files

Loading the files please wait ....