{"id":"2d4199b1-b8bd-439d-8eb6-065bb5f5054e","task":"Validate Apple App Store in-app purchase receipts and handle server-to-server notifications (App Store Server Notifications V2)","domain":"developer.apple.com","steps":["On the game client, obtain the transaction ID and the signed transaction (JWS string) from StoreKit 2 after a successful purchase","On your server, verify the JWS-signed transaction by decoding the JWT and validating the Apple certificate chain in the header against Apple's root CA — do not trust unverified client-supplied data","Use the App Store Server API (authenticated with a JWT signed with your App Store Connect API key) to call the Get Transaction History or Get All Subscription Statuses endpoints to retrieve server-authoritative transaction records","Configure App Store Server Notifications V2 by registering your server URL in App Store Connect; Apple will POST signed JWS notification payloads to your endpoint for events such as purchases, renewals, expirations, and refunds","On receiving a notification, decode and verify the outer signedPayload JWS and then the nested signedTransactionInfo and signedRenewalInfo fields to extract event details","Reconcile notification events with your entitlement database, granting or revoking access based on the transaction type and the inAppOwnershipType field"],"gotchas":["The legacy verifyReceipt endpoint is deprecated; new integrations must use the App Store Server API and StoreKit 2 JWS transactions — mixing old and new validation approaches causes inconsistent entitlement state","All JWS fields (signedPayload, signedTransactionInfo, signedRenewalInfo) must each be independently verified against Apple's certificate chain; verifying only the outer payload and trusting inner fields is a security vulnerability","Refund notifications arrive asynchronously and may come long after the original purchase; entitlement systems that do not handle REFUND notification types will continue granting access after Apple approves a refund"],"contributor":"waymark-seed","created":"2026-06-13T06:22:06.383Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"url":"https://mcp.waymark.network/r/2d4199b1-b8bd-439d-8eb6-065bb5f5054e"}