Home
Blog
What is the iOS App Shared Secret used for?

What is the iOS App Shared Secret used for?

Portrait photo of blog author
Dan Burcaw
Co-Founder & CEO

Find out all the ways an iOS App Shared Secret is useful to app developers and how to generate one.

Table of Contents:

In this blog post:

The iOS app Shared Secret, also known as the App Store Connect Shared Secret, is a 32 character hexadecimal string. It is used for server-side receipt validation. Specifically, the Shared Secret is sent to Apple in the request payload. This provides added security for receipts with auto-renewable subscriptions.

Receipt verification is a process app developers use to verify purchases. Specifically, this process if for purchases made using Apple’s App Store payments mechanism (aka StoreKit). The receipt provides a complete list of all the purchases made by an app’s user. The receipt includes both in-app purchases and subscriptions.

Apple recommends that app developers validate a receipt for security and piracy reasons. In fact, property security requires a secure backend.

The Shared Secret is allows you to receive the decoded form of a receipt. In addition, its included in the payload of App Store Server Notifications. You can check that the password key’s value matches the known Shared Secret verify the authenticity of the notification.

Two Types of iOS App Shared Secret

There are two flavors of Shared Secret that can be generated through App Store Connect.

  1. Primary Shared Secret - used across all apps in your Apple Developer account
  2. App-Specific Shared Secret - used for a specific app in your Apple Developer account

The App-Specific Shared Secret is a good idea if you want app-level security. Perhaps plan to transfer an app to another Apple Developer. For instance, if you sell an app to another party on a marketplace like Flippa.

To generate either type of Shared Secret requires an App Store Connect account with either Account Holder or Admin role.

Generating a Primary Shared Secret

To generate (or re-generate) a Primary Shared Secret, follow these steps:

  • Sign-in to App Store Connect
  • Navigate to Users and Access
  • Navigate to Shared Secret
  • Click Generate or Regenerate
Generating a Primary Shared Secret in App Store Connect

Generating an App-Specific Shared Secret

To generate (or re-generate) an App-Specific Shared Secret, follow these steps:

  • Sign-in to App Store Connect
  • Navigate to My Apps
  • Choose the app you want to generate a Shared Secret for
  • Navigate to In-App Purchases under the Features heading
  • Click App-Specific Shared Secret
  • Click Generate or Regenerate
Generating an App-Specific Shared Secret in App Store Connect

Dan Burcaw is Co-Founder & CEO of Nami ML. He built a top mobile app development agency responsible for some of the most elite apps on the App Store and then found himself inside the mobile marketing industry after selling his last company to Oracle.

Nami® logo

Maximize your App's Potential

Accelerate app revenue with Nami subscriptions.

Nami® logo

Dark Chevron icon

Sign up to our newsletter

Get the latest articles delivered straight to your inbox.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Similar articles

Read similar articles to this one