Sandbox environment returns 21003 status code for receipt validation

Question

When I test an in-app purchase with the sandbox the post request to the sandbox url https://sandbox.itunes.apple.com/verifyReceipt returns

 data: { environment: 'Sandbox', status: 21003 }

The 21003 status code means that the receipt could not be authenticated. https://developer.apple.com/documentation/appstorereceipts/status?language=objc

Is this expected? I'd assumed my test receipt would be considered valid for the sandbox environment and return a status of 0.

Answer 1

No its not expected. I needed to provide a valid code in the password field even though the in-app purchase was not for an auto-renewable subscription.

Answer 2

You report that when you send the appStoreReceipt to the verifyReceipt endpoint that you are seeing the status result 21003. This status indicates that the appStoreReceipt was malformed, incomplete, or incorrectly encoded. Can you capture the base64 encoded appStoreReceipt and send me the contents as a text file for me to manually validate the contents. If you app process sells an auto-renewing subscription item, please include the app's shared secret. I use the following curl command line tool to validate appStoreReceipts.

For sandbox receipts:

curl -d '{ "exclude-old-transactions": true "password":"yyyy" "receipt-data": "xxxx"}' https://sandbox.itunes.apple.com/verifyReceipt

For production receipts:

curl -d '{ "exclude-old-transactions": true "password":"yyyy" "receipt-data": "xxxx"}' https://buy.itunes.apple.com/verifyReceipt

Where exclude-old-transactions is used to limit the contents of the latest_receipt_info to only the most recent entry and

"password" is the request key to indicate the shared-secret that is required when the content is an auto-renewing subscription.

yyyy - is the shared-secret and
xxxx - is the base64 encoded content of the appStoreReceipt.