https://github.com/devsisters/go-applereceipt

Apple-issued receipts parser & verifier, without any external API call
https://github.com/devsisters/go-applereceipt

Last synced: 5 months ago
JSON representation

Apple-issued receipts parser & verifier, without any external API call

• Host: GitHub
• URL: https://github.com/devsisters/go-applereceipt
• Owner: devsisters
• License: mit
• Created: 2023-06-21T06:22:21.000Z (over 2 years ago)
• Default Branch: master
• Last Pushed: 2025-03-01T02:06:52.000Z (about 1 year ago)
• Last Synced: 2025-04-02T13:01:59.540Z (12 months ago)
• Language: Go
• Size: 47.9 KB
• Stars: 13
• Watchers: 3
• Forks: 1
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# go-applereceipt [![Test](https://github.com/devsisters/go-applereceipt/actions/workflows/test.yaml/badge.svg)](https://github.com/devsisters/go-applereceipt/actions/workflows/test.yaml) [![Go Reference](https://pkg.go.dev/badge/github.com/devsisters/go-applereceipt.svg)](https://pkg.go.dev/github.com/devsisters/go-applereceipt)

Go library to parse and verify Apple App Store receipts, locally on the server.

> The verifyReceipt endpoint is deprecated. To validate receipts on your server, follow the steps in [Validating receipts on the device](https://developer.apple.com/documentation/appstorereceipts/validating_receipts_on_the_device) on your server.

> — https://developer.apple.com/documentation/appstorereceipts/verifyreceipt

This library implements the PKCS#7 signature verification and ASN.1 parsing of the payload locally on the server, without the need to call Apple's `verifyReceipt` endpoint. The parsed receipt is filled in a concrete `AppReceipt` struct, which is auto-generated based on [the documented fields](https://developer.apple.com/library/archive/releasenotes/General/ValidateAppStoreReceipt/Chapters/ReceiptFields.html) published by Apple.

Note that at this moment, receipts from Apple is signed using SHA1-RSA, which has [removed support since Go 1.18](https://go.dev/issue/41682) and requires `GODEBUG=x509sha1=1` to verify receipts. SHA-256 signatures will be available from receipts since August 14, 2023. ([TN3138](https://developer.apple.com/documentation/technotes/tn3138-handling-app-store-receipt-signing-certificate-changes))

## Installation

```sh

go get github.com/devsisters/go-applereceipt

```

## Usage

```go

package main

import (

	"fmt"

	"github.com/devsisters/go-applereceipt"

	"github.com/devsisters/go-applereceipt/applepki"

)

func main() {

	receipt, err := applereceipt.DecodeBase64("MIIT...", applepki.CertPool())

	if err != nil {

		panic(err)

	}

	fmt.Println(receipt.BundleIdentifier)

}

```