Skip to main content

Release 7.2.0 - Built-in Purchase Verification (aka Receipt Validation)

· 4 min read
Hyo
Hyo
Maintainer of flutter_inapp_purchase & expo-iap

IAPKit Integration

Flutter In-App Purchase 7.2.0 brings built-in purchase verification (aka receipt validation) powered by IAPKit. Now you can verify purchases with enterprise-grade backend validation using a single API call-no server setup required.

Why IAPKit?

Purchase verification is critical for any production IAP implementation. Without proper server-side validation, your app is vulnerable to receipt tampering, replay attacks, and fraudulent transactions. IAPKit solves this with a battle-tested backend infrastructure. Sign up at iapkit.com to get your API key and start verifying purchases in minutes.

Key Benefits

BenefitDescription
Security FirstServer-side validation that prevents fraud, receipt tampering, and token reuse. Far more secure than client-only verification.
Unified APISingle endpoint for both Apple App Store and Google Play. No separate validation logic needed.
Zero InfrastructureNo server setup required. IAPKit handles Apple and Google API complexity for you.
Production ReadyEnterprise-grade reliability with comprehensive error handling and detailed responses.

Getting Started

Use the new verifyPurchaseWithProvider API to verify purchases through IAPKit:

import 'package:flutter_inapp_purchase/flutter_inapp_purchase.dart';

final result = await iap.verifyPurchaseWithProvider(
  VerifyPurchaseWithProviderProps(
    provider: VerifyPurchaseProvider.iapkit,
    iapkit: RequestVerifyPurchaseWithIapkitProps(
      apiKey: 'your-iapkit-api-key',
      apple: RequestVerifyPurchaseWithIapkitAppleProps(jws: purchase.purchaseToken),
      google: RequestVerifyPurchaseWithIapkitGoogleProps(
          purchaseToken: purchase.purchaseToken),
    ),
  ),
);

if (result.iapkit case final iapkit? when iapkit.isValid) {
  // Purchase verified - grant entitlement
  print('Purchase state: ${iapkit.state}');
  print('Store: ${iapkit.store}');
}

The API returns a unified VerifyPurchaseWithProviderResult with:

  • isValid - Whether the purchase passed verification
  • state - Detailed purchase state (entitled, pending, expired, canceled, etc.)
  • store - The store where the purchase was made (apple, google, horizon)

Highlights

  • IAPKit Integration - Built-in purchase verification (aka receipt validation) with enterprise-grade backend
  • OpenIAP 1.3.0 - Updated to openiap-apple v1.3.0, openiap-google v1.3.10, and openiap-gql v1.3.0
  • New IapStore Type - Unified store identification: unknown, apple, google, horizon
  • Enhanced Purchase Types - New store field on Purchase (replaces deprecated platform)

Type System Updates

This release brings important type refinements aligned with the OpenIAP 1.3.0 specification:

New IapStore Enum

enum IapStore {
  unknown,
  apple,
  google,
  horizon,
}

Updated Purchase Types

All purchase types now include a store field for unified store identification:

final purchase = PurchaseIOS(
  productId: 'premium',
  transactionId: '12345',
  store: IapStore.apple, // NEW - unified store identification
  // ...other fields
);

Request Parameters

Request parameters now support apple/google keys alongside the legacy ios/android:

// New (recommended)
await iap.requestPurchase(
  RequestPurchaseProps(
    apple: RequestPurchasePropsApple(sku: productId),
    google: RequestPurchasePropsGoogle(skus: [productId]),
  ),
);

// Legacy (still supported but deprecated)
await iap.requestPurchase(
  RequestPurchaseProps(
    ios: RequestPurchasePropsIos(sku: productId),
    android: RequestPurchasePropsAndroid(skus: [productId]),
  ),
);

Migration from 7.1

Store Field

If you're checking platform-specific purchases, consider using the new store field:

// Before (7.1)
if (purchase.platform == 'ios') {
  // Handle iOS purchase
}

// After (7.2)
if (purchase.store == IapStore.apple) {
  // Handle Apple purchase
}

Verification Integration

Add purchase verification to your existing purchase flow:

// After successful purchase
purchaseUpdatedStream.listen((purchase) async {
  if (purchase.productId != null) {
    // Verify the purchase - send both apple and google props
    // The backend will use the appropriate one based on the store
    final verification = await iap.verifyPurchaseWithProvider(
      VerifyPurchaseWithProviderProps(
        provider: VerifyPurchaseProvider.iapkit,
        iapkit: RequestVerifyPurchaseWithIapkitProps(
          apiKey: 'your-api-key',
          apple: RequestVerifyPurchaseWithIapkitAppleProps(jws: purchase.purchaseToken),
          google: RequestVerifyPurchaseWithIapkitGoogleProps(
              purchaseToken: purchase.purchaseToken),
        ),
      ),
    );

    if (verification.iapkit case final iapkit? when iapkit.isValid) {
      // Grant entitlement
      await grantPurchase(purchase.productId!);

      // Finish the transaction
      await iap.finishTransaction(purchase);
    }
  }
});

Installation

dependencies:
  flutter_inapp_purchase: ^7.2.0

Then run:

flutter pub get

References

What's Next?

We continue to focus on:

  • Enhanced verification workflows
  • Better error handling and retry mechanisms
  • Subscription lifecycle management
  • Community feedback and improvements

Questions or feedback? Reach out via GitHub Issues or join our Slack community.