Signed transactions are cryptographically signed JSON Web Tokens (JWTs) that Apple includes in App Store Server Notifications V2. They prove that a purchase or subscription event occurred and contain all the details about that transaction.
What's in a signed transaction?
A signed transaction JWT contains:
- Transaction ID: Unique identifier for the transaction
- Original transaction ID: Links related transactions (renewals, refunds)
- Product ID: The subscription or in-app purchase identifier
- Purchase date: When the transaction occurred
- Expiration date: When a subscription expires
- Environment: Production or sandbox
- App account token: Optional identifier you provide to link transactions to user accounts
Why they matter
Signed transactions provide:
- Proof of purchase: Cryptographically verifiable proof that a transaction occurred
- Transaction history: Complete history of all related transactions (renewals, refunds)
- Server-side verification: Your server can verify transactions without calling Apple's API
- Fraud prevention: Cryptographic signatures prevent tampering
How Yeethook handles them
Yeethook receives signed transactions in App Store Server Notifications V2 webhooks, validates the JWT signature, and includes key transaction details in Slack notifications. This lets you track subscription events server-side without building your own webhook endpoint.
Common use cases
- Track subscription revenue and churn
- Verify purchases server-side
- Build subscription analytics dashboards
- Detect refunds and cancellations