Store Integration - iOS
Overview
This guide covers the integration of the iTunes iOS Store with brainCloud's marketplace, enabling secure server-side verification of iOS in-app purchases. The brainCloud backend performs server-to-server verification directly with Apple's App Store, ensuring transaction authenticity and preventing client-side tampering. This architecture establishes the backend as the authoritative source for purchase validation and entitlement management.
Verification Process
When bc.AppStore.VerifyPurchase(receipt) is invoked, brainCloud executes the following operations:
- Extracts StoreKit 2 JWS (JSON Web Signature) from receipt data
- Validates Apple's cryptographic signature
- Authenticates transaction integrity
- Confirms environment context (Sandbox vs. Production)
- Implements replay attack prevention
- Communicates with Apple App Store Server API
- Returns validated purchase metadata
Purpose & Architecture
VerifyPurchase enforces server-authoritative purchase validation, ensuring the backend—not the client—determines transaction legitimacy and entitlement provisioning.
Key Benefits
- Authority: Server-side control over purchase validation
- Security: Protection against client-side manipulation and replay attacks
- Lifecycle Management: Centralized handling of consumables, non-consumables, and subscription state
The backend becomes the single source of truth for user entitlements, managing consumable grants, non-consumable persistence, and subscription expiration logic.
Implementation
For detailed integration steps, refer to the official documentation:
Store Integration - iOS