How do I know if an in-app-purchase receipt comes from the sandbox?

Question

The iOS IAP documentation states, that if you want to test a store you should log out from you itunes account in the settings application. When doing an in-app-purchase, you are then asked for username and password. However, inside the app, I don't know if the user is logged in or if he is using a sandbox account.

In fact, I don't really care if it is a sandbox transaction, but: on the server I have to verify real receipts via the URL https://buy.itunes.apple.com/verifyReceipt and sandbox receipts via the URL https://sandbox.itunes.apple.com/verifyReceipt . How do I know on the server, if the receipt is a sandbox receipt or a real receipt?

Or how does the app know if the receipt is real or sandbox, because I have no problem with passing an additional parameter from the app to my server.

What does not work: You cannot just say that the DEBUG version of the app uses the sandbox environment and the ADHOC or RELEASE version of the app uses the production environment. With an ADHOC-version it is perfectly possible to use iTunes Test Accounts to do in-app-purchases.

Answer 1

When you verify the receipt, if you receive a status code 21007 it means its a sandbox receipt. Look here: https://developer.apple.com/library/content/technotes/tn2413/_index.html#//apple_ref/doc/uid/DTS40016228-CH1-RECEIPTURL

What url should I use to verify my receipt?
Always verify your receipt first with the production URL; proceed to verify with the sandbox URL if you receive a 21007 status code. Following this approach ensures that you do not have to switch between URLs while your application is being tested or reviewed in the sandbox or is live in the App Store.

The 21007 status code indicates that this receipt is a sandbox receipt, but it was sent to the production service for verification. A status of 0 indicates that the receipt was properly verified. See WWDC 2012: Managing Subscriptions with In-App Purchase for more information.