The above question I found in FAQ in Apple's Tech Notes (QNo: 15). They gave an answer like this:
Use the sandbox URL https://sandbox.itunes.apple.com/verifyReceipt
while testing your application in the sandbox and while your
application is in review.
Use the production URL http://buy.itunes.apple.com/verifyReceipt once your application is live in the App Store.
But in In-App Purchase Programming Guide (Verifying a Receipt with the App Store Section). Apple provides an url like this:
Post the JSON object to the App Store using an HTTP POST request. The
URL for the store is https://buy.itunes.apple.com/verifyReceipt.
Note that first url is using http for live account for verifying In-App Purchase while second one is using https. Which one i should use? My app got rejected because server is not getting correct response, when it sends receipt to Apple. I am using https://buy.itunes.apple.com/verifyReceipt for verifying receipt.
the best way is to first verify with the production server. if you get a 21007 code back you should make another call to the sandbox server. this is needed because during the submission process you're not always sure whether they'll use the live or sandbox server. it needs to work on both.
here's some source code that verifies receipts in safe way (counters the app store hack from last year). i added the above code to this project that will first check with the production server and then fall back to the sandbox server:
https://github.com/evands/iap_validation
EDIT: i wouldn't use that code above anymore in iOS 7. i think there are some problems with it!
Related
UPDATE: Pinterest support got back to me and confirmed that the Ver. 1 API is broken. Instead of fixing it they have offered to expedite my new app approval. I heard back from them quickly, but it's been almost a week now from submitting the materials they requested for the new app. I submitted them the same day they asked for them.
I'm having essentially the same problem that this user was:
Pinterest Authorization failed
This is an app that has been approved and working for years and we have started getting this error just in the last week when sending a GET request to https://api.pinterest.com/v1/me/boards:
{"status":"failure","code":3,"data":null,"message":"Authorization failed.","endpoint_name":"get_own_boards"}
In the header I of course have the access token, which I had just received from Pinterest successfully:
"Authorization: Bearer Ah-ObYMmQFc-(REDACTED)"
The other strange wrinkle is that when I try the same request but with the access token from the Pinterest user that owns our app on Pinterest it works as expected.
I know that this has been an issue previously, but I didn't see anyone reporting it currently. The other thing is that this endpoints are being deprecated, but the new ones are only in Beta. I have an application in for the new API, which I would love to switch to, but I don't know how long that will take. Can anyone please help with this?
I went through the approval process for V2 but they denied it. They are very strict. I don't think that a App gets approval if it's not from a known brand or company. So, say goodbye as a single dev to use the Pinterest API anymore.
I'm getting the same thing with one of my apps, it seems that they shut down version 1 before opening up version 2. I've had an app that has been working flawless a while now and stopped working a couple weeks ago.
As of right now, i had to create a new app in the version 2 of their system and waiting for approval. It's been about 2 weeks and of trying to get approval but still waiting.
Create a new app and reach out to support is my best bet, haven't found any documentation for their new API or any blogs related to it being deprecated.
Pinterest support got back to me and confirmed that the Ver. 1 API is broken. Instead of fixing it they have offered to expedite my new app approval. I heard back from them quickly, but it's been almost a week now from submitting the materials they requested for the new app. I submitted them the same day they asked for them.
I am facing some weird issue in Shopify app development. I have created app which is working fine on Development store. it is able to add some data on development store.
But for testing purpose I have offered this app to the merchants to test this app on their live store having activated Shopify Paid plan. But app can not add any data. Post/Put requests are auto converted to Get requests.
I have created couple of apps those are published on App store and in past they were being used by Active Paid Plan merchants before app has been published without any issue.
Is there something changed on Shopify side. or I am missing something this time ?
Any help will be appreciated.
every put/post request's endpoint should be on .myshopify version of domain.
I was passing primary domain. and it was working fine in dev stores as dev store. because in dev stores .myshopify version domain and primary domains are same.
I did not get this issue for so long. it was a silly mistake but stops app functionality.
Posting answer just because other people would not make such a blunder.
I am using Titanium studio to build an iphone mobile app, and I want to do the following
Send a user id using API to my server
Server processes payment for that user using the previous card on file
Server sends a success/failure response.
What is the most secure way to do this? I know if I just send the user id then anyone could hack.
Are you sure what your doing is allowed (roll-your-own Payments and credit cards in-app will generally get you rejected)
Make sure your app does not violate any of these guidelines:
11.1 Apps that unlock or enable additional features or functionality with mechanisms other than the App Store will be rejected
11.2 Apps utilizing a system other than the In App Purchase API (IAP) to purchase content, functionality, or services in an app will be
rejected
11.13 Apps that link to external mechanisms for purchases or subscriptions to be used in the app, such as a “buy” button that goes
to a web site to purchase a digital book, will be rejected
Check the latest App store review guidelines here : https://developer.apple.com/appstore/resources/approval/guidelines.html
Also refer to these SO questions for more information:
iPhone Paypal in UIWebView Appstore approval process
iOS - Integrating credit card payments
A more secure way to do this (if you pass all the above guidelines) would be to use a userid, password, and salt, encrypted either over https or SHA256. Note that you have to specify you use encryption if you go the second route, during the review process.
Here is a wikipedia article about Salt and Passwords that I used.
Here is a SHA256 library for JavaSCript that works great with Titanium and is simple to use.
(I am reposting this question here because I tried on the google news group and got no responses.)
I need to build a shop for my client, and the client already has a domain and a web site. I need to integrate e-commerce functionality in to the site. This is going to be done by sending AJAX requests to the API.
my question is whether I need to get a partner account for this? I am not yet going to write an app that people would install, I am just building a store for my client. how is it done?
You do not need a Shopify Partner account for this. You can instead create a "Private application" within the normal shopify admin, which will give you the api credentials you need to make stuff happen.
This article on the shopify wiki gives a good overview of the process for getting started (the first sections are most relevant in your case):
http://wiki.shopify.com/Using_the_shopify_api_gem_with_the_credentials_of_a_private_app
How can I intergrate the stripe api for payment processing to allow people to pay for services through my titanium mobile app. Stripe.com
I am using this code to start:
https://github.com/abh/node-stripe/blob/master/lib/main.js
How can I make sure the information is encrypted.
First you need to make sure what you are selling is physically tenable, assuming it is (and your not selling any form of digital content, or functionality within the app) then the easiest way to use stripe from within Titanium would be to just wrap it in a web view (you could implement it in native code but this could get tiresome).
Assuming you have this example in a file called index.html in your resources directory.
var webView = Ti.UI.createWebView({
url : 'index.html
});
win.add(webView);
Note that you will need to let your server support https requests for actual encryption to happen, you shouldn't be encrypting yourself (in code).
Once this is done, all the work now happens on your server to process payments using Stripes libraries like in this example in the documentation.
Really this is a server job, all your doing is sending the server the information to process, not a lot going on with Titanium here except as a gateway.