App Store Connect Help
Generate a shared secret to verify receipts
To increase the security between your server and Apple’s servers when validating an App Store subscription or in-app purchase, include a shared secret with your request to verify receipts.
A shared secret is a 32 character hexadecimal string generated in App Store Connect. You may generate a primary shared secret, which is single code for all of your apps, or an app-specific shared secret for individual apps. You may also use a primary shared secret for some of your apps, and an app-specific shared secret for others.
For information about incorporating a shared secret into your app’s receipt handling, visit Validating Receipts with the App Store.
Required role: Account Holder or Admin. View role permissions.
View or generate a shared secret for all your apps (primary shared secret)
-
From the homepage, click Users and Access.
-
Click the Integrations tab.
-
In the sidebar under Keys, click Shared Secret.
-
Click Generate Primary Shared Secret.
-
Copy the code and use it for your transactions receipt for all of your apps with auto-renewable subscriptions.
When you generate a new shared secret, all apps in your organization that use a shared secret should use the new value to verify auto-renewable subscriptions.
View or generate a shared secret for an individual app (app-specific shared secret)
You can access the app-specific shared secret from the Subscriptions page for an app. You may want to use an app-specific shared secret if you want to keep this code private for this app, or if you are planning to transfer this app to another developer account.
Note: App-specific shared secrets can’t be deleted, only regenerated.
-
From Apps, select your app.
-
In the sidebar under General, click App Information.
-
In the App-Specific Shared Secret section, click Manage.
-
You can generate a shared secret for individual apps, or regenerate a shared secret.
Note: Clicking Regenerate will automatically generate a new shared secret, and any previously generated shared secret for this app will be invalidated.
-
Then click Done.
-
To generate a shared secret, click Generate or Regenerate in the dialog.
-
Copy the code and use it for your transactions receipt for this app.
When you regenerate an app-specific shared secret, use the new value to verify your auto-renewable subscriptions for this app.