Question

Having trouble with Apple Server Notification Forwarding

  • 10 May 2024
  • 1 reply
  • 31 views

Badge

Hello, I am trying to setup Apple Server Notification Forwarding. I can verify that I am getting a notification forwarded to my api route, but I am having trouble parsing the response. 

When I try to verify the signedPayload against the in-app-purhcase-key I always get the JONSWebTokenError.

The I am using the same .p8 key that I uploaded to revenue cat. Any suggestions? 
 

export default async function handler(
req: NextApiRequest,
res: NextApiResponse
) {
const signedPayload = req.body.signedPayload
console.log('the signed payload', req.body.signedPayload)
if (!signedPayload) {
return res
.status(400)
.json({ error: 'Signed payload not found in request body' })
}

// Verify and decode the signed payload using your App Store public key
// const publicKey =
// '-----BEGIN PRIVATE KEY----- *** my key ***
-----END PRIVATE KEY-----`

console.log('private key', privateKey)

let decodedPayload
try {
decodedPayload = jwt.verify(signedPayload, privateKey)
} catch (error) {
console.error('Error verifying signature:', error)
return res.status(403).json({ error: 'Invalid signature' })
}
pieces.pngCopy And Savelink.pngSharecopilot.pngAsk Copilotsettings.png

 


This post has been closed for comments

1 reply

Userlevel 3
Badge +5

Hi! I saw that you also reached out via an individual support ticket and were helped by my coworker, Jeffrey, but I just wanted to repost his response here as well in case anyone else runs into the same issue and comes across this post.

His Response:

“For context, when you add a forwarding URL to RevenueCat, we catch the notification from Apple and reply to them with a "Temporary Redirect" response, to which Apple follows the redirect and forwards the original notification to you. So, the server notification technically comes from Apple.
 
Here is Apple's documentation on receiving App Store Server Notifications: https://developer.apple.com/documentation/appstoreservernotifications/receiving_app_store_server_notifications
 
Specifically, here are instructions on parsing the signed payload: https://developer.apple.com/documentation/appstoreservernotifications/responsebodyv2