Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
node-apple-receipt-verify
Advanced tools
A Node.js module for Apple In-App-Purchase receipt validation for iOS
A Node.js module for Apple In-App-Purchase receipt validation for iOS.
This works module with the (older) Storekit API, the newer Storekit 2 uses JWT tokens which can be verified without an API call to Apple
See CHANGELOG
The module can optionally turn on verbose debug log.
In order to enable the verbose logging, give the following to .config()
:
var appleReceiptVerify = require('node-apple-receipt-verify');
appleReceiptVerify.config({
verbose: true
});
Initializes module. Can be called more than once to reconfigure module.
options: supports following keys:
secret
[string] [optional] - Apple shared secret (See it in iTunes Connect: Go to My Apps > (select your app) > In-App Purchases > View or generate a shared secret) [required]verbose
[boolean] [optional] - verbose logging switch, false
by default. [optional]environment
[array of strings] [optional] - defines environments used for receipt validation on Apple servers. Supported environments: 'sandbox', 'production'. The sequence is important. Defaults to ['production']
.ignoreExpiredError
[boolean] [optional] - if true, then does not return error if receipt is expired. Default is false.ignoreExpired
[boolean] [optional] - if true
, then expired purchases are skipped. Defaults to true
.extended
[boolean] [optional] - if true
, then purchases contains extended information. Defaults to false
. (since v1.1.1)excludeOldTransactions
[boolean] [optional] - If value is true, response includes only the latest renewal transaction for any subscriptions (Apple Documentation).Returns current global config.
Validates an in-app-purchase receipt.
options: supports keys:
receipt
[required] - base64 encoded receipt.device
[optional] - iOS vendor identifier. NOTE: [deprecated]You can also add options passed to config()
, they override default options.
callback [optional]: receives error or list of purchased products embedded in receipt.
The purchased products list has structure:
[
{
bundleId: <string>,
transactionId: <string>,
productId: <string>,
purchaseDate: <number>,
quantity: <number>,
*expirationDate: <number>,
*isTrialPeriod: <boolean>, // only for subscriptions and if extented = true
*isInIntroOfferPeriod: <boolean>, // only for subscriptions and if extented = true, since v1.5.1
*environment: <string>, // only if extented = true
*originalPurchaseDate: <number>, // only if extented = true
*applicationVersion: <string>, // only if extented = true
*originalApplicationVersion: <string> // only if extented = true
},
...
]
const appleReceiptVerify = require('node-apple-receipt-verify');
// Common initialization, later you can pass options for every request in options
appleReceiptVerify.config({
secret: "1234567890abcdef1234567890abcdef",
environment: ['sandbox']
});
// Callback version
appleReceiptVerify.validate({
receipt: appleReceipt,
device: '438498A7-4850-41DB-BCBE-4E1756378E39'
}, (err, products) => {
if (err) {
return console.error(err);
}
// ok!
});
// Callback version without device
appleReceiptVerify.validate({
receipt: appleReceipt
}, (err, products) => {
if (err) {
return console.error(err);
}
// ok!
});
// Promise version
try {
const products = await appleReceiptVerify.validate({
receipt: appleReceipt,
device: '438498A7-4850-41DB-BCBE-4E1756378E39'
});
// todo
}
catch (e) {
if (e instanceof appleReceiptVerify.EmptyError) {
// todo
}
else if (e instanceof appleReceiptVerify.ServiceUnavailableError) {
// todo
}
}
// Override environment
appleReceiptVerify.validate({
receipt: appleReceipt,
device: '438498A7-4850-41DB-BCBE-4E1756378E39',
environment: ['sandbox' ]
}, (err, products) => {
if (err) {
return console.error(err);
}
// ok!
});
Errors can have additional optional properties:
const appleReceiptVerify = require('node-apple-receipt-verify');
const EmptyError = appleReceiptVerify.EmptyError;
You can retry request later.
This project is licensed under the MIT License - see the LICENSE file for details
1.13.0
FAQs
A Node.js module for Apple In-App-Purchase receipt validation for iOS
We found that node-apple-receipt-verify demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.