Home
Blog
iOS App Shared Secret: What is it, Types & How to Generate One

iOS App Shared Secret: What is it, Types & How to Generate One

Portrait photo of blog author
Dan Burcaw
Co-Founder & CEO

The iOS App Shared Secret is a crucial component in the development and management of applications within Apple's ecosystem. This secret key is used primarily to enhance security and streamline the validation of in-app purchases, ensuring that only authorized transactions are processed. In this article, we will delve into the concept of the iOS App Shared Secret, explore the different types available, and provide a comprehensive guide on how to generate one.

Table of Contents:

In this blog post:

What is an iOS App Shared Secret?

The iOS App Shared Secret is a unique, 32-character hexadecimal string private key that developers use to secure in-app purchase transactions. This key ensures that communications between your app and Apple's servers are authenticated, preventing unauthorized access and fraudulent transactions.

It is especially vital for apps with subscription-based models, where the key is used to validate and renew subscriptions securely.  It works fantastic for server-side receipt validation and provides added security for receipts with auto-renewable subscriptions.

Receipt Verification and the Role of Shared Secret

Receipt verification is a process app developers use to verify purchases. Specifically, this process if for purchases made using Apple’s App Store payments mechanism (aka StoreKit). The receipt provides a complete list of all the purchases made by an app’s user. The receipt includes both in-app purchases and subscriptions.

Apple recommends that app developers validate a receipt for security and piracy reasons.  In fact, property security requires a secure backend.

The Shared Secret  allows you to receive the decoded form of a receipt.  In addition, its included in the payload of App Store Server Notifications. You can check that the password key’s value matches the known Shared Secret verify the authenticity of the notification.

👉Read more: Test In-App Purchases iOS Guide

Types of iOS App Shared Secrets

There are primarily two types of shared secrets you might encounter in the iOS development environment:

  1. App-Specific Shared Secret: This is used for a single app to manage its in-app purchases. It is particularly useful for apps with subscription services, as it allows the app to verify receipts and manage subscriptions effectively.
  2. Primary Shared Secret: This is used for multiple apps within a single developer account. It offers the convenience of managing subscriptions across several apps, streamlining the process for developers with a portfolio of applications.

How to Generate an iOS App Shared Secret

Generating an iOS App Shared Secret is a straightforward process. Here’s a step-by-step guide:

1. Log in to App Store Connect:

Visit App Store Connect and log in with your Apple Developer account credentials. To generate either type of Shared Secret requires an App Store Connect account with either Account Holder or Admin role.

2. Access My Apps:

Navigate to the "My Apps" section and select the app for which you need to create a shared secret.

4. In-App Purchases:

In the app's dashboard, go to the "Features" tab and select "In-App Purchases".

5. Generating App-Specific Shared Secret:

If you are generating an app-specific shared secret, find the section labeled "App-Specific Shared Secret" and click on "Generate" or "Reset" if a key already exists.

Generating an App-Specific Shared Secret in App Store Connect

6. Generating Primary Shared Secret:

For a primary shared secret, go to "Users and Access" and select "Shared Secret" from the sidebar. Click on "Generate" to create a new key.

Generating a Primary Shared Secret in App Store Connect

The App-Specific Shared Secret is a good idea if you want app-level security. Perhaps plan to transfer an app to another Apple Developer. For instance, if you sell an app to another party on a marketplace like Flippa.

7. Save Your Shared Secret:

Once generated, copy the shared secret and store it securely. It will be needed for integrating your app's in-app purchase functionality with your backend server.

Managing Your iOS App Shared Secret

Proper management of your shared secret is crucial for maintaining app security. Here are some best practices:

  • Regularly Rotate Keys: To enhance security, regularly regenerate your shared secret.
  • Secure Storage: Store the shared secret in a secure environment, such as a vault or secure server.
  • Access Control: Limit access to the shared secret to only those who absolutely need it.
  • Monitor Usage: Keep an eye on the usage of your shared secret to detect any unauthorized access or anomalies.

👉Read more: App Store Verify Receipt Definitive Guide

Conclusion

Understanding and effectively managing your iOS App Shared Secret is essential for maintaining the security and integrity of your app's in-app purchases. By following the steps outlined in this article, you can ensure that your app's transactions are secure, providing a better experience for your users and peace of mind for yourself.

For more detailed guidance on app development and in-app purchase security, visit our website at NamiML to explore our low-code solutions designed to simplify and enhance your app's functionality.


     
   
   

Dan Burcaw is Co-Founder & CEO of Nami ML. He built a top mobile app development agency responsible for some of the most elite apps on the App Store and then found himself inside the mobile marketing industry after selling his last company to Oracle.

Sign up to our newsletter

Get the latest articles delivered straight to your inbox.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Similar articles

Read similar articles to this one