NAME
    Plack::Middleware::AppStoreReceipt - Verifying a Receipt with the Apple
    App Store

SYNOPSIS
    In the app.psgi

        enable "AppStoreReceipt";

    That's it.

    By default, you can POST 'receipt_data' with a base64 encoded string to
    /receipts/validate

    aka, curl -X POST http://localhost:5000/receipts/validate -d
    "receipt_data=$base64EncodedString"

    Since it's disable a sandbox request by default, therefore to use the
    sandbox testing environment, please set allow_sandbox to true

        enable "AppStoreReceipt", allow_sandbox => 1;

    Perhaps, you don't like /receipts/validate endpoint, though you are able
    to change the default route as well by either

        enable "AppStoreReceipt", route => { 'post' => '/appstore/verify' };
        (to use route, the format is 'route => { $method => $path }')
    or
        enable "AppStoreReceipt", method => 'POST', path => '/appstore/verify';

    And you can even change the default receipt_data parameter

        enable "AppStoreReceipt", receipt_data => '(name of receipt parameter here)';

    If you have a shared secret for iTunes, you may set it as

        enable "AppStoreReceipt", shared_secret => '(shared secret bytes here)';

    This middleware will make an asynchronous request (based on
    AnyEvent::HTTP), if psgi.nonblocking interface is true.

DESCRIPTION
    This middleware provides an endpoint for an iOS app to validate its
    reciept data. Therefore, this middleware ensures that your iOS app does
    not post the iap receipt to any fake Apple server.

    It does post given receipt data to iTunes production first. If it’s a
    sandbox receipt (told by iTunes production), it will be re-sended to
    iTunes sandbox again automatically.

AUTHOR
    zdk

LICENSE
    This library is free software; you can redistribute it and/or modify it
    under the same terms as Perl itself.

SEE ALSO
    Plack::Middleware

    http://www.macworld.com/article/1167677/hacker_exploits_ios_flaw_for_fre
    e_in_app_purchases.html