Back to Docs

Apple Shared Secret Setup Guide

Connect your iOS app to B4X Purchase Manager for in-app purchase and subscription validation. The shared secret is used to verify receipts with Apple's verification API.

1

Open App Store Connect

Sign in to App Store Connect and select your app from the My Apps section.

Open App Store Connect
2

Navigate to App Information

In the left sidebar, go to General → App Information and scroll down to the App-Specific Shared Secret section.

If you don't see this section, make sure you have the Admin or App Manager role for this app.

3

Generate or copy the Shared Secret

Click Manage next to App-Specific Shared Secret. If one already exists, copy it. If not, click Generate to create one.

App-Specific vs Master Shared Secret

We recommend using the app-specific shared secret. This limits the scope to a single app. A master shared secret works across all your apps but is a broader security scope than needed.

4

Paste it into your dashboard

Go back to your app's settings in the B4X Purchase Manager dashboard and paste the shared secret into the Apple Shared Secret field, then click Upload Secret.

The secret is encrypted and stored safely server-side — only used internally when verifying receipts with Apple.

How it works

When your iOS app sends a receipt for validation, our server includes the shared secret in the request to Apple's verifyReceipt API. Apple uses it to authenticate that the request is from an authorized source for your app.

Without the shared secret, Apple will reject auto-renewable subscription receipts. Non-consumable and consumable purchases may still validate, but we recommend always configuring the secret for complete coverage.

Troubleshooting

Check your B4X IDE logs for lines starting with 🛡 — these show exactly what the server returned.

🛡 Server error: {"error":"apple_secret_not_configured"...}

The shared secret hasn't been uploaded for this app yet. Go to your app's settings in the dashboard and upload it.

🛡 Response: invalid_receipt — Apple validation failed with status 21004

The shared secret doesn't match what Apple has on file. Double-check you copied the correct app-specific secret from App Store Connect.

🛡 Response: invalid_receipt — Apple validation failed with status 21002

The receipt data is malformed or corrupted. This is usually a client-side issue — make sure the receipt is properly base64-encoded before sending.

Subscriptions not validating but purchases work

Auto-renewable subscriptions require the shared secret. If purchases validate but subscriptions don't, the secret is likely missing or incorrect. You'll typically see the apple_secret_not_configured error above in your logs.