![\"na\"](\"https:\/\/www.tothenew.com\/blog\/wp-ttn-blog\/uploads\/2026\/03\/Screenshot-2026-03-10-at-11.31.29\u202fPM.png\")
SK1 (left): delegate\/observer cascade ending at the deprecated \/verifyReceipt endpoint. SK2 (right): async\/await chain with self-verifiable JWS tokens and the current App Store Server API.<\/p><\/div>\n
Key Architectural Changes<\/h2>\n\n- \n
\n- Transactions are now first-class citizens.<\/strong> Instead of a single monolithic receipt, SK2 gives you individual Transaction objects \u2014 signed in JSON Web Signature (JWS) format. Each Transaction carries its own payload: product ID, purchase date, expiry date, quantity, and crucially, a cryptographic signature you can verify on-device without a network call. This alone eliminates the biggest operational risk in SK1.<\/li>\n
- Async\/await throughout.<\/strong> Every SK2 API uses Swift concurrency. Product.products(for:), Product.purchase(), Transaction.currentEntitlements \u2014 all return with await. React Native bridges this naturally through the react-native-iap promise layer, giving you clean async\/await in JavaScript.<\/li>\n
- Transaction.currentEntitlements.<\/strong> This async sequence delivers every currently-active entitlement for the user \u2014 all active subscriptions, all unconsumed consumables, all non-consumables. One call, correct state, no receipt parsing.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
JWS vs Receipt \u2014 Why Your Backend Changes Too<\/h2>\n\n- SK1 backend:<\/strong> You POST a Base64 receipt blob to \/verifyReceipt, parse a deeply nested JSON response, find latest_receipt_info, check expires_date_ms, and grant access. This endpoint is deprecated \u2014 Apple will remove it.<\/li>\n
- SK2 backend:<\/strong> Each transaction delivers a jwsRepresentation string \u2014 a standard ES256-signed JWT. Verify the signature against Apple’s public key at appleid.apple.com\/auth\/keys. The payload is plain typed JSON: productId, expiresDate, type. No parsing gymnastics. Verifiable on-device or on your server.<\/li>\n<\/ul>\n
Code-level changes in react-native-iap when migrating from SK1 to SK2<\/h2>\n\n- Initialisation & Setup
\n\n\n\nStoreKit 1
\nimport { setup } from ‘react-native-iap’;
\nsetup({ storekitMode: ‘STOREKIT1_MODE’ });<\/td>\n StoreKit 2
\nimport { setup } from ‘react-native-iap’;
\nsetup({ storekitMode: ‘STOREKIT1_MODE’ });<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/li>\n- Fetching Products
\n\n\n\n\nStoreKit 1<\/strong><\/p>\n\/\/ getProducts for consumables \/<\/p>\n
\/\/ non-consumables<\/p>\n
const products = await getProducts({<\/p>\n
\u00a0 skus: [‘com.app.coins’],<\/p>\n
});<\/p>\n
\/\/ getSubscriptions for subs<\/p>\n
const subs = await getSubscriptions({<\/p>\n
\u00a0 skus: [‘com.app.monthly’],<\/p>\n
});<\/p>\n<\/td>\n
StoreKit 2\u00a0<\/strong>\/\/ Same API \u2014 no change needed<\/p>\n\/\/ SK2 resolves product metadata<\/p>\n
const products = await getProducts({<\/p>\n
skus: [‘com.app.coins’],<\/p>\n
});<\/p>\n
<\/p>\n
const subs = await getSubscriptions({<\/p>\n
skus: [‘com.app.monthly’],<\/p>\n
});<\/p>\n
<\/p>\n
\/\/ \u2713 No code change required here<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/li>\n
- Purchase Flow\u00a0 \u2190 Biggest Change
\n\n\n\nStoreKit 1\u00a0 \u2014\u00a0 Listener \/ Callback<\/strong><\/p>\n\/\/ Must register GLOBALLY<\/p>\n
\/\/ before any purchase attempt<\/p>\n
const sub = purchaseUpdatedListener(<\/p>\n
async (purchase) => {<\/p>\n
if (purchase.transactionReceipt){<\/p>\n
await sendToServer(<\/p>\n
purchase.transactionReceipt<\/p>\n
\/\/ \u2191 raw Base64 blob<\/p>\n
);<\/p>\n
await finishTransaction(<\/p>\n
{ purchase });<\/p>\n
}<\/p>\n
});<\/p>\n
<\/p>\n
\/\/ Trigger purchase separately<\/p>\n
await requestPurchase({ sku });<\/p>\n
<\/p>\n
\/\/ \u26a0 Must remove \u2014 leaks if missed<\/p>\n
sub.remove();<\/td>\n
StoreKit 2\u00a0 \u2014\u00a0 Async \/ Await<\/strong><\/p>\n\/\/ No listener needed at all<\/p>\n
\/\/ requestPurchase returns a promise<\/p>\n
<\/p>\n
try {<\/p>\n
const purchase =<\/p>\n
await requestPurchase({<\/p>\n
sku,<\/p>\n
andDangerously<\/p>\n
FinishTransaction<\/p>\n
AutomaticallyIOS: false,<\/p>\n
});<\/p>\n
<\/p>\n
\/\/ transactionId = JWS token<\/p>\n
await verifyJWS(<\/p>\n
purchase.transactionId<\/p>\n
\/\/ \u2191 signed JWT, not Base64<\/p>\n
);<\/p>\n
await finishTransaction(<\/p>\n
{ purchase });<\/p>\n
} catch (e) { \/* handle *\/ }<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/li>\n<\/ul>\n
Summary<\/strong><\/h2>\nStoreKit 1 served the iOS developer community for fifteen years and deserves respect for enabling an entire economy of premium apps and subscriptions. But its delegate-based, receipt-centric model was always a leaky abstraction \u2014 one that required significant server infrastructure and constant maintenance just to answer a simple question: “does this user have an active subscription?”<\/p>\n
StoreKit 2 answers that question in three lines of Swift. It eliminates receipt parsing, replaces observer spaghetti with clean async\/await, provides on-device cryptographic verification, and ships with an Xcode-integrated test harness that makes TDD for in-app purchases genuinely possible for the first time.<\/p>\n
For React Native developers, react-native-iap v12+ exposes all of this through a promise-based API that feels natural. The migration from SK1 to SK2 is non-trivial \u2014 especially if you have an existing backend validation layer \u2014 but the operational benefits are immediate and compounding. Every new Apple feature from here forward will be SK2 only. The time to migrate is now.<\/p>\n","protected":false},"excerpt":{"rendered":"
Why This Matters for React Native IAP Developers If you have shipped iOS purchases with react-native-iap, you know the ritual: Base64 receipt blobs, global listeners scattered across files, flaky Sandbox testers, and a backend endpoint Apple is actively shutting down. StoreKit 2 is not a patch \u2014 it is a clean architectural rewrite. Apple rebuilt […]<\/p>\n","protected":false},"author":2247,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":60},"categories":[5881],"tags":[8458,8459,8460],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/78314"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/2247"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=78314"}],"version-history":[{"count":4,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/78314\/revisions"}],"predecessor-version":[{"id":78646,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/78314\/revisions\/78646"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=78314"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=78314"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=78314"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- \n
- Transactions are now first-class citizens.<\/strong> Instead of a single monolithic receipt, SK2 gives you individual Transaction objects \u2014 signed in JSON Web Signature (JWS) format. Each Transaction carries its own payload: product ID, purchase date, expiry date, quantity, and crucially, a cryptographic signature you can verify on-device without a network call. This alone eliminates the biggest operational risk in SK1.<\/li>\n
- Async\/await throughout.<\/strong> Every SK2 API uses Swift concurrency. Product.products(for:), Product.purchase(), Transaction.currentEntitlements \u2014 all return with await. React Native bridges this naturally through the react-native-iap promise layer, giving you clean async\/await in JavaScript.<\/li>\n
- Transaction.currentEntitlements.<\/strong> This async sequence delivers every currently-active entitlement for the user \u2014 all active subscriptions, all unconsumed consumables, all non-consumables. One call, correct state, no receipt parsing.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
JWS vs Receipt \u2014 Why Your Backend Changes Too<\/h2>\n
- \n
- SK1 backend:<\/strong> You POST a Base64 receipt blob to \/verifyReceipt, parse a deeply nested JSON response, find latest_receipt_info, check expires_date_ms, and grant access. This endpoint is deprecated \u2014 Apple will remove it.<\/li>\n
- SK2 backend:<\/strong> Each transaction delivers a jwsRepresentation string \u2014 a standard ES256-signed JWT. Verify the signature against Apple’s public key at appleid.apple.com\/auth\/keys. The payload is plain typed JSON: productId, expiresDate, type. No parsing gymnastics. Verifiable on-device or on your server.<\/li>\n<\/ul>\n
Code-level changes in react-native-iap when migrating from SK1 to SK2<\/h2>\n
- \n
- Initialisation & Setup
\n\n\n
\n StoreKit 1
\nimport { setup } from ‘react-native-iap’;
\nsetup({ storekitMode: ‘STOREKIT1_MODE’ });<\/td>\nStoreKit 2
\nimport { setup } from ‘react-native-iap’;
\nsetup({ storekitMode: ‘STOREKIT1_MODE’ });<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/li>\n- Fetching Products
\n\n\n
\n \n StoreKit 1<\/strong><\/p>\n
\/\/ getProducts for consumables \/<\/p>\n
\/\/ non-consumables<\/p>\n
const products = await getProducts({<\/p>\n
\u00a0 skus: [‘com.app.coins’],<\/p>\n
});<\/p>\n
\/\/ getSubscriptions for subs<\/p>\n
const subs = await getSubscriptions({<\/p>\n
\u00a0 skus: [‘com.app.monthly’],<\/p>\n
});<\/p>\n<\/td>\n
StoreKit 2\u00a0<\/strong>\/\/ Same API \u2014 no change needed<\/p>\n \/\/ SK2 resolves product metadata<\/p>\n
const products = await getProducts({<\/p>\n
skus: [‘com.app.coins’],<\/p>\n
});<\/p>\n
<\/p>\n
const subs = await getSubscriptions({<\/p>\n
skus: [‘com.app.monthly’],<\/p>\n
});<\/p>\n
<\/p>\n
\/\/ \u2713 No code change required here<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/li>\n
- Purchase Flow\u00a0 \u2190 Biggest Change
\n\n\n
\n StoreKit 1\u00a0 \u2014\u00a0 Listener \/ Callback<\/strong><\/p>\n \/\/ Must register GLOBALLY<\/p>\n
\/\/ before any purchase attempt<\/p>\n
const sub = purchaseUpdatedListener(<\/p>\n
async (purchase) => {<\/p>\n
if (purchase.transactionReceipt){<\/p>\n
await sendToServer(<\/p>\n
purchase.transactionReceipt<\/p>\n
\/\/ \u2191 raw Base64 blob<\/p>\n
);<\/p>\n
await finishTransaction(<\/p>\n
{ purchase });<\/p>\n
}<\/p>\n
});<\/p>\n
<\/p>\n
\/\/ Trigger purchase separately<\/p>\n
await requestPurchase({ sku });<\/p>\n
<\/p>\n
\/\/ \u26a0 Must remove \u2014 leaks if missed<\/p>\n
sub.remove();<\/td>\n
StoreKit 2\u00a0 \u2014\u00a0 Async \/ Await<\/strong><\/p>\n \/\/ No listener needed at all<\/p>\n
\/\/ requestPurchase returns a promise<\/p>\n
<\/p>\n
try {<\/p>\n
const purchase =<\/p>\n
await requestPurchase({<\/p>\n
sku,<\/p>\n
andDangerously<\/p>\n
FinishTransaction<\/p>\n
AutomaticallyIOS: false,<\/p>\n
});<\/p>\n
<\/p>\n
\/\/ transactionId = JWS token<\/p>\n
await verifyJWS(<\/p>\n
purchase.transactionId<\/p>\n
\/\/ \u2191 signed JWT, not Base64<\/p>\n
);<\/p>\n
await finishTransaction(<\/p>\n
{ purchase });<\/p>\n
} catch (e) { \/* handle *\/ }<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/li>\n<\/ul>\n
Summary<\/strong><\/h2>\n
StoreKit 1 served the iOS developer community for fifteen years and deserves respect for enabling an entire economy of premium apps and subscriptions. But its delegate-based, receipt-centric model was always a leaky abstraction \u2014 one that required significant server infrastructure and constant maintenance just to answer a simple question: “does this user have an active subscription?”<\/p>\n
StoreKit 2 answers that question in three lines of Swift. It eliminates receipt parsing, replaces observer spaghetti with clean async\/await, provides on-device cryptographic verification, and ships with an Xcode-integrated test harness that makes TDD for in-app purchases genuinely possible for the first time.<\/p>\n
For React Native developers, react-native-iap v12+ exposes all of this through a promise-based API that feels natural. The migration from SK1 to SK2 is non-trivial \u2014 especially if you have an existing backend validation layer \u2014 but the operational benefits are immediate and compounding. Every new Apple feature from here forward will be SK2 only. The time to migrate is now.<\/p>\n","protected":false},"excerpt":{"rendered":"
Why This Matters for React Native IAP Developers If you have shipped iOS purchases with react-native-iap, you know the ritual: Base64 receipt blobs, global listeners scattered across files, flaky Sandbox testers, and a backend endpoint Apple is actively shutting down. StoreKit 2 is not a patch \u2014 it is a clean architectural rewrite. Apple rebuilt […]<\/p>\n","protected":false},"author":2247,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":60},"categories":[5881],"tags":[8458,8459,8460],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/78314"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/2247"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=78314"}],"version-history":[{"count":4,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/78314\/revisions"}],"predecessor-version":[{"id":78646,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/78314\/revisions\/78646"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=78314"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=78314"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=78314"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Fetching Products
- SK2 backend:<\/strong> Each transaction delivers a jwsRepresentation string \u2014 a standard ES256-signed JWT. Verify the signature against Apple’s public key at appleid.apple.com\/auth\/keys. The payload is plain typed JSON: productId, expiresDate, type. No parsing gymnastics. Verifiable on-device or on your server.<\/li>\n<\/ul>\n
- Async\/await throughout.<\/strong> Every SK2 API uses Swift concurrency. Product.products(for:), Product.purchase(), Transaction.currentEntitlements \u2014 all return with await. React Native bridges this naturally through the react-native-iap promise layer, giving you clean async\/await in JavaScript.<\/li>\n