How to Implement iOS In-App Purchases (IAP) on the Backend Server

Technology Blogs

In-app purchases (IAPs) are essential for many apps, allowing users to access premium content or features. In iOS, Apple handles the payment process, but you need to implement backend logic to handle subscriptions and manage real-time notifications from the App Store.

In this blog, we’ll cover the entire process of setting up iOS in-app purchases on the backend server. You’ll learn how to handle real-time notifications, decode signed payloads, verify subscription status, and manage subscription history efficiently.

Setting Up In-App Purchases on the Apple Developer Console

Before handling iOS in-app purchases, you must set up your app in App Store Connect and configure in-app purchases.

Step 1: Create an App in App Store Connect

  1. Log in to App Store Connect.
  2. In the App Dashboard, click My Apps.
  3. Select New App and fill in details like app name, platform, bundle ID, and SKU.
  4. Save your app.

Step 2: Enable In-App Purchases and Add Subscription Plans

  1. Navigate to your app’s dashboard.
  2. Under Features, find In-App Purchases.
  3. Click the + button to create new in-app purchases.
  4. Select Auto-Renewable Subscriptions and define different plans (monthly, yearly, etc.).
  5. Fill in product details, pricing, and localization.
  6. Save the subscriptions.

Step 3: Set Up Real-Time Developer Notifications (RTDN)

  1. In-App Store Connect, go to App Settings.
  2. Under Server Notifications, enter your backend’s URL where Apple will send RTDN.
  3. Ensure your backend can handle POST requests with signed payloads.

Step 4: Managing Sandbox Testing

  1. Before launching the app, you should test subscriptions in a sandbox environment.
  2. Create sandbox test accounts from App Store Connect.
  3. Test various subscription scenarios like renewals, cancellations, and upgrades using the sandbox environment.

What We Get in RTDN Callbacks and How to Decode the Signed Payload

Here’s a high-level process for decoding:

  1. Verify the Signature: Use Apple’s app-store-server-library for Python (or equivalent in other languages) to verify the signature.
  2. Decode the Payload: Once verified, decode the SignedPayload to extract transactionInfo and renewalInfo.

Supported Libraries:

Example of a Decoded SignedPayload:

{
    "notificationType": "SUBSCRIBED",
    "subtype": "INITIAL_BUY",
    "notificationUUID": "550ffbbb-e6a8-482c-ba57-2d5a3b2265d8",
    "data": {
      "appAppleId": 1234567890,
      "bundleId": "com.app.dev",
      "bundleVersion": "13",
      "environment": "Sandbox",
      "signedTransactionInfo": "eyJhbGciOiJFUzI1NiIsIng1Y...",
      "signedRenewalInfo": "sJnTlZCQXNNSTBGd2NHe..."
    }
}

Decoding and Understanding TransactionInfo and RenewalInfo

Both transactionInfo and renewalInfo are also signed JWTs and need to be decoded similarly. They contain important data about the subscription transaction and the auto-renewal status.

Example of Decoded TransactionInfo:

{
  "transactionId": "2000000671303537",
  "originalTransactionId": "2000000671303537",
  "webOrderLineItemId": "2000000069147956",
  "bundleId": "com.app.dev",
  "productId": "45_monthly",
  "subscriptionGroupIdentifier": "21513905",
  "purchaseDate": 1722335111000,
  "originalPurchaseDate": 1722335112000,
  "expiresDate": 1722337271000,
  "quantity": 1,
  "type": "Auto-Renewable Subscription",
  "inAppOwnershipType": "PURCHASED",
  "signedDate": 1722335124753,
  "environment": "Sandbox",
  "transactionReason": "PURCHASE",
  "storefront": "IND",
  "storefrontId": "143467",
  "price": 450,
  "currency": "INR"
}

Key Fields in TransactionInfo:

  • transactionId: Unique identifier for the transaction.
  • originalTransactionId: The original transaction ID for this subscription (remains the same across renewals).
  • productId: The product ID representing the subscription plan.
  • purchaseDate: Date and time of the subscription purchase.
  • expiresDate: Expiry date of the subscription.
  • price: Cost of the plan.

Example of Decoded RenewalInfo:

{
  "originalTransactionId": "2000000671303537",
  "autoRenewProductId": "45_monthly",
  "productId": "45_monthly",
  "autoRenewStatus": 1,
  "renewalPrice": 450,
  "currency": "INR",
  "signedDate": 1722335124753,
  "environment": "Sandbox",
  "recentSubscriptionStartDate": 1722335111000,
  "renewalDate": 1722337271000
}

Key Fields in RenewalInfo:

  • autoRenewProductId: The product ID that will be renewed.
  • autoRenewStatus: Indicates whether the subscription is set to auto-renew (1 for active, 0 for disabled).
  • signedDate: Date of the current transaction.
  • renewalDate: Date when this plan will auto-renew.

Get Started with iOS In-App Purchases Today!

Get in Touch

Understanding Different Scenarios of Subscription

When handling subscription callbacks, you will encounter various notificationType and subType combinations. These represent the event that has occurred and the specifics of that event. The table below will help you handle various edge cases.

Events that enable service for subscriptions, including initial subscriptions, resubscribing, and successful auto-renewals:

Understanding-Different-Scenarios-of-Subscription

Customers changing their subscription options, including upgrading, downgrading, or canceling:

Customers-changing-their-subscription-options-including-upgrading-downgrading-or-canceling

Billing events, including billing retries, entering and exiting the Billing Grace Period, and expiring subscriptions:

Billing-events-including-billing-retries-entering-and-exiting-Billing-Grace-Period-and-expiring-subscriptions

There are a few more such combinations that you can explore in Apple’s documentation.

Handling Subscription Callbacks on the Backend and Identifying Users

When you receive a real-time developer notification (RTDN) from Apple, the backend must handle the subscription event based on the notificationType and subType, and correctly identify the user associated with the subscription. Here’s how to do it:

  1. Verify the Signature:
    🔺Use Apple’s provided library to verify the authenticity of the signed payload to ensure it has not been tampered with.
  2. Decode TransactionInfo and RenewalInfo:
    🔺Once the signature is verified, decode the signedTransactionInfo and signedRenewalInfo. These contain critical information about the subscription, such as the originalTransactionId, productId, expiresDate, autoRenewStatus, and more.
  3. Identify the User:
    🔺Use the originalTransactionId to map the subscription to the correct user. When a user first subscribes, you store this originalTransactionId in your database alongside the user’s information. This ID remains constant for the lifetime of the subscription, including renewals, upgrades, or downgrades.
    🔺On receiving a renewal or other event, use the originalTransactionId from the transactionInfo to look up the user in your database and retrieve their associated subscription data.
  4. Check notificationType and subType:
    🔺The notificationType and subType help you identify what kind of event has occurred. For example, an event could indicate a successful renewal (DID_RENEW), a cancellation (DID_FAIL_TO_RENEW), or a change in auto-renew status (DID_CHANGE_RENEWAL_STATUS).
  5. Update the Database:
    🔺Based on the event type, update the subscription details in your database.
    For instance:
    On Renewal: Update the expiresDate, autoRenewStatus, and other relevant fields.
    On Cancellation or Expiration: Set the subscription as expired or disabled in your database.
  6. Notify the User (Optional):
    🔺Optionally, notify the user about the subscription event (e.g., renewal, cancellation, or expiration) via email or push notification, depending on your app’s requirements.
coma

Conclusion

Handling iOS in-app purchases and subscriptions on the backend is critical to providing a seamless user experience. By understanding the notificationType and subType combinations, decoding the signedPayload, transactionInfo, and renewalInfo, and efficiently managing these events in your database, you ensure accurate subscription management.

Implementing best practices like secure payload verification and maintaining a detailed subscription history will allow you to provide a reliable service for your users, enhancing their trust in your application.

Ravi Mourya

Software Engineer

Ravi is a skilled full-stack developer with over 2.5 years of experience in developing robust web applications using Python and Django. He has built fast, reliable, and secure REST APIs and has expertise in integrating third-party services to enhance functionality. With proficiency in Angular, Ravi creates dynamic and responsive web pages. Additionally, he is familiar with cloud computing services that optimize content storage and delivery. Always eager to learn new technologies, Ravi is committed to improving his coding practices and staying ahead in the evolving tech landscape.

How-To-Hire-Remote-Developers

How to Effectively Hire and Manage a Remote Team of Developers.

Download Now

Keep Reading

Technology Blogs
Enhance Your React Native App with Custom Widgets for iOS and Android
Read More
Technology Blogs
React Native In-App Purchase In Android And IOS
Read More
Technology Blogs
A Comprehensive Guide to Android In-App Purchases (IAPs)
Read More

Keep Reading

Technology Blogs
Enhance Your React Native App with Custom Widgets for iOS and Android
Read More
Technology Blogs
React Native In-App Purchase In Android And IOS
Read More
Technology Blogs
A Comprehensive Guide to Android In-App Purchases (IAPs)
Read More
  • Service
  • Career

  • Let's create something together!

  • We’re looking for the best. Are you in?

quote

The team at Mindbowser was highly professional, patient, and collaborative throughout our engagement. They struck the right balance between offering guidance and taking direction, which made the development process smooth. Although our project wasn’t related to healthcare, we clearly benefited...

author

Dan Barnes

Founder, Texas Ranch Security

quote

Mindbowser played a crucial role in helping us bring everything together into a unified, cohesive product. Their commitment to industry-standard coding practices made an enormous difference, allowing developers to seamlessly transition in and out of the project without any confusion....

author

David Hoffman

CEO, MarketsAI

quote

I'm thrilled to be partnering with Mindbowser on our journey with TravelRite. The collaboration has been exceptional, and I’m truly grateful for the dedication and expertise the team has brought to the development process. Their commitment to our mission is...

author

Marc Ott

Founder & CEO, TravelRite

quote

The Mindbowser team's professionalism consistently impressed me. Their commitment to quality shone through in every aspect of the project. They truly went the extra mile, ensuring they understood our needs perfectly and were always willing to invest the time to...

author

Spencer Barns

CTO, New Day Therapeutics

quote

I collaborated with Mindbowser for several years on a complex SaaS platform project. They took over a partially completed project and successfully transformed it into a fully functional and robust platform. Throughout the entire process, the quality of their work...

author

David Rhodes

President, E.B. Carlson

quote

Mindbowser and team are professional, talented and very responsive. They got us through a challenging situation with our IOT product successfully. They will be our go to dev team going forward.

author

Dan Munro

Founder, Cascada

quote

Amazing team to work with. Very responsive and very skilled in both front and backend engineering. Looking forward to our next project together.

author

Anthony Lewis

Co-Founder, Emerge

quote

The team is great to work with. Very professional, on task, and efficient.

author

Matthew Holsclaw

Founder, PeriopMD

quote

I can not express enough how pleased we are with the whole team. From the first call and meeting, they took our vision and ran with it. Communication was easy and everyone was flexible to our schedule. I’m excited to...

author

Angela Boudreaux

Founder, Seeke

quote

We had very close go live timeline and Mindbowser team got us live a month before.

author

Shaz Khan

CEO, BuyNow WorldWide

quote

If you want a team of great developers, I recommend them for the next project.  

author

Vladimir Kudryavtsev

Founder, Teach Reach

quote

Mindbowser built both iOS and Android apps for Mindworks, that have stood the test of time. 5 years later they still function quite beautifully. Their team always met their objectives and I'm very happy with the end result. Thank you!

author

Bart Mendel

Founder, Mindworks

quote

Mindbowser has delivered a much better quality product than our previous tech vendors. Our product is stable and passed Well Architected Framework Review from AWS.

author

Pankaj Parashar

CEO, PurpleAnt

quote

I am happy to share that we got USD 10k in cloud credits courtesy of our friends at Mindbowser. Thank you Pravin and Ayush, this means a lot to us.

author

Sudheer Bandaru

CTO, Shortlist

quote

Mindbowser is one of the reasons that our app is successful. These guys have been a great team.

author

Dave Dubier

Founder & CEO, MangoMirror

quote

Kudos for all your hard work and diligence on the Telehealth platform project. You made it possible.

author

Joyce Nwatuobi

CEO, ThriveHealth

quote

Mindbowser helped us build an awesome iOS app to bring balance to people’s lives.

author

Addie Wootten

CEO, SMILINGMIND

quote

They were a very responsive team! Extremely easy to communicate and work with!

author

Kristen M.

Founder & CEO, TotTech

quote

We’ve had very little-to-no hiccups at all—it’s been a really pleasurable experience.

author

Chacko Thomas

Co-Founder, TEAM8s

quote

Mindbowser was very helpful with explaining the development process and started quickly on the project.

author

Hieu Le

Executive Director of Product Development, Innovation Lab

quote

The greatest benefit we got from Mindbowser is the expertise. Their team has developed apps in all different industries with all types of social proofs.

author

Alex Gobel

Co-Founder, Vesica

quote

Mindbowser is professional, efficient and thorough. 

author

MacKenzie Richter

Consultant, XPRIZE

quote

Very committed, they create beautiful apps and are very benevolent. They have brilliant Ideas.

author

Laurie Mastrogiani

Founder, S.T.A.R.S of Wellness

quote

Mindbowser was great; they listened to us a lot and helped us hone in on the actual idea of the app. They had put together fantastic wireframes for us.

author

Bennet Gillogly

Co-Founder, Flat Earth

quote

Ayush was responsive and paired me with the best team member possible, to complete my complex vision and project. Could not be happier.

author

Katie Taylor

Founder, Child Life On Call

quote

The team from Mindbowser stayed on task, asked the right questions, and completed the required tasks in a timely fashion! Strong work team!

author

Michael Wright

CEO, SDOH2Health LLC

quote

Mindbowser was easy to work with and hit the ground running, immediately feeling like part of our team.

author

George Hodulik

CEO, Stealth Startup

quote

Mindbowser was an excellent partner in developing my fitness app. They were patient, attentive, & understood my business needs. The end product exceeded my expectations. Thrilled to share it globally.

author

Jirina Harastova

Owner, Phalanx

quote

Mindbowser's expertise in tech, process & mobile development made them our choice for our app. The team was dedicated to the process & delivered high-quality features on time. They also gave valuable industry advice. Highly recommend them for app development...

author

Marty Betz

Co-Founder, Fox&Fork