BPMB4X Purchase Manager
Sign In
Back to Docs

Apple Shared Secret Setup Guide

Connect your iOS app to B4X Purchase Manager for in-app purchase and subscription validation. The shared secret is used to verify receipts with Apple's verification API.

1

Open App Store Connect

Sign in to App Store Connect and select your app from the My Apps section.

Open App Store Connect
2

Navigate to App Information

In the left sidebar, go to General → App Information and scroll down to the App-Specific Shared Secret section.

If you don't see this section, make sure you have the Admin or App Manager role for this app.

3

Generate or copy the Shared Secret

Click Manage next to App-Specific Shared Secret. If one already exists, copy it. If not, click Generate to create one.

App-Specific vs Master Shared Secret

We recommend using the app-specific shared secret. This limits the scope to a single app. A master shared secret works across all your apps but is a broader security scope than needed.

4

Paste it into your dashboard

Go back to your app's settings in the B4X Purchase Manager dashboard and paste the shared secret into the Apple Shared Secret field, then click Upload Secret.

The secret is stored securely in Google Cloud Secret Manager and is never exposed in logs or API responses.

How it works

When your iOS app sends a receipt for validation, our server includes the shared secret in the request to Apple's verifyReceipt API. Apple uses it to authenticate that the request is from an authorized source for your app.

Without the shared secret, Apple will reject auto-renewable subscription receipts. Non-consumable and consumable purchases may still validate, but we recommend always configuring the secret for complete coverage.

Troubleshooting

"apple_secret_not_configured"

The shared secret hasn't been uploaded for this app yet. Go to your app's settings and upload it.

"invalid_receipt" with status 21004

The shared secret doesn't match what Apple has on file. Double-check you copied the correct app-specific secret from App Store Connect.

"invalid_receipt" with status 21002

The receipt data is malformed or corrupted. This is usually a client-side issue — make sure the receipt is properly base64-encoded before sending.

Subscriptions not validating but purchases work

Auto-renewable subscriptions require the shared secret. If purchases validate but subscriptions don't, the secret is likely missing or incorrect.

Back to Docs