A client application successfully performs an in-app-purchase and receives a receipt from iTunes. The client then sends this receipt to the server, which verifies it with Apple and, if successful, unlocks some content for the client.
Is it possible to insert extra data in the IAP purchase request such that the receipt or the receipt validation contains this value?
I'm trying to prevent a man-in-the-middle/packet-sniffing type hack i.e. If someone was to discover another person's receipt and validate it against my server, how is the server to know that this receipt wasn't generated by this, the validating person?
From Apple's IAP documentation there are a number of values returns in the validation response. Is it possible that I could use version_external_identifier
value? What is it's use or value?
Thanks