Apple App Store Server Notifications sends transaction data to your server. It is especially good for in-app purchase refunds. If you had previously recorded the transaction ID of the original purchase you can match it up to the server notification and attach it to a user.
When you use the App Store Server Notifications you receive(in Post Raw) either standard issue JSON(v1) or JWT(v2). I was using v1. When v2 was offered the description said you get more events with v2. So I went with v2 and got into the JWT issue. I was able to get the data out of the JWT but I'm still figuring out the verification. JWT is 3 period delimited base 64 encoded items. Header, Payload and Signature. JWT is not encrypted but by using the header and signature you can see if the payload has been manipulated or has dropped/scrambled bits Because the hash will not match. The payload(base 64 encoded) contains some the previously observed v1 JSON data. The actual transaction data is in a JSON element as another JWT encoded string. Again you base 64 decode item 2(period delimited) the transaction data and viola the remaining v1 JSON transaction elements are there. JWT uses Base 64 URL encoding. The "+" and "/" are substituted with "-" and "_" so A JWT can exist in a URL without any problems. Just scratching the surface of this giant headache. I now have the both payloads JSON but have to figure out how to verify the hash. I'm no worse off than the v1 straight up JSON but "inquiring minds want to know". Film at 11. Ralph DiMola IT Director Evergreen Information Services rdim...@evergreeninfo.net _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
