What url should I use to verify my receipt in In-App Purchase

Question

The above question I found in FAQ in Apple's Tech Notes (QNo: 15). They gave an answer like this:

Use the sandbox URL https://sandbox.itunes.apple.com/verifyReceipt while testing your application in the sandbox and while your application is in review.

Use the production URL http://buy.itunes.apple.com/verifyReceipt once your application is live in the App Store.

But in In-App Purchase Programming Guide (Verifying a Receipt with the App Store Section). Apple provides an url like this:

Post the JSON object to the App Store using an HTTP POST request. The URL for the store is https://buy.itunes.apple.com/verifyReceipt.

Note that first url is using http for live account for verifying In-App Purchase while second one is using https. Which one i should use? My app got rejected because server is not getting correct response, when it sends receipt to Apple. I am using https://buy.itunes.apple.com/verifyReceipt for verifying receipt.

Answer 1

the best way is to first verify with the production server. if you get a 21007 code back you should make another call to the sandbox server. this is needed because during the submission process you're not always sure whether they'll use the live or sandbox server. it needs to work on both.

here's some source code that verifies receipts in safe way (counters the app store hack from last year). i added the above code to this project that will first check with the production server and then fall back to the sandbox server:

https://github.com/evands/iap_validation

EDIT: i wouldn't use that code above anymore in iOS 7. i think there are some problems with it!