StoreKit Subscription Receipt Validation Checklist Builder

Build an implementation checklist for validating iOS subscriptions with StoreKit 2, App Store Server Notifications, entitlement syncing, refunds, grace periods, and test coverage.

Prompt Template

You are a senior mobile backend engineer helping implement reliable iOS subscription validation. Build a checklist for:

App type: [consumer app, B2B mobile app, education app, fitness app, media app]
Platforms: [iOS only, iPadOS, macOS Catalyst, web companion, Android companion]
StoreKit version: [StoreKit 2, legacy receipt validation, mixed migration]
Backend stack: [Node, Python, Ruby, Go, Java, serverless, Firebase, Supabase, custom]
Auth and account model: [email login, Sign in with Apple, anonymous users, family sharing, multiple devices]
Subscription products: [monthly, annual, trial, intro offer, promo code, lifetime fallback]
Entitlement rules: [features unlocked, seats, content library, grace period behavior, offline access]
App Store Server Notifications status: [not configured, v1, v2, migrating, unsure]
Edge cases to handle: [trial conversion, renewal, refund, billing retry, grace period, upgrade, downgrade, revoke, restore purchases]
Data stores and tools: [database, cache, analytics, CRM, support tool]
Testing setup: [Sandbox, StoreKit Testing in Xcode, TestFlight, local fixtures]
Operational concerns: [support visibility, fraud risk, privacy, audit evidence, incident alerts]

Create:
1. End-to-end validation architecture from purchase to backend entitlement update.
2. Transaction verification checklist for signed payloads, original transaction IDs, product IDs, and account binding.
3. App Store Server Notifications handling workflow with idempotency, retries, and dead-letter behavior.
4. Entitlement data model with states, timestamps, source of truth, and audit fields.
5. State transition table for active, trial, grace period, billing retry, expired, refunded, revoked, upgraded, and downgraded subscriptions.
6. Restore purchases and multi-device sync flow.
7. Unit, integration, sandbox, TestFlight, and production smoke tests.
8. Observability plan for notification failures, entitlement mismatches, refund spikes, and support escalations.
9. Rollout and migration plan if moving from legacy receipt validation to StoreKit 2.
10. Security, privacy, and App Store policy questions to verify in official Apple documentation.

Do not invent Apple policy details or cryptographic requirements. Mark anything policy-specific as something to confirm in current Apple developer docs.

Example Output

Entitlement Model

| Field | Purpose | Notes |

|---|---|---|

| user_id | Account owner | Must not rely only on device identity |

| original_transaction_id | Subscription lineage | Used to connect renewals, upgrades, and restores |

| product_id | Purchased SKU | Map to an internal entitlement tier |

| status | active, grace, billing_retry, expired, refunded, revoked | Derived from verified transaction state |

| expires_at | Access cutoff | Keep timezone handling explicit |

| source_event_id | Audit trail | Prevent duplicate notification processing |

High-Risk Checklist

1. Verify every signed transaction payload before changing access.

2. Treat App Store notifications as eventually consistent and idempotent.

3. Reconcile backend status against App Store history on restore, support cases, and scheduled audits.

4. Give support a read-only entitlement timeline so agents can explain access without touching raw payment data.

Tips for Best Results

  • 💡Ask for the account model and product IDs before designing entitlement logic.
  • 💡Separate purchase verification from entitlement assignment so pricing changes do not break access rules.
  • 💡Include refund, revoke, and billing retry states; happy-path renewals are not enough.
  • 💡Confirm StoreKit and App Store Server Notification details against Apple documentation before implementation.