In-app autorenewable subscriptions walk-thru

Question

I'm tearing my hair out trying to work out the work-flow for auto-renewable subscriptions on iOS. It's not even clear whether I require a server to do this. I just have one product - a monthly subscription. What are the steps to getting this working? Is there a walk-thru anywhere?

Answer 1

First things first. If you're app is not a periodical like a magazine, then you should steer away from ARS (auto-renewable subscriptions). Apple may reject it and insist you use NRS (non-renewing subscriptions).

To answer your question, my two best resources were Apple's Verifying In-App Purchase Receipts and this guide on Verifying Receipts from your server using PHP and cURL.

Basically, if you're using NRS you'll need your own server. But if you're doing ARS which is what you asked about, you don't have to use your own server. It's just recommended for better security. If you don't use your own server and you do the verifications straight from the app, you have to include your shared secret in the app which could get sniffed out. Also, you're more likely to be vulnerable to someone hacking the network communication to trick your app into thinking the user purchased a subscription.