I am using Storekit-2 for InApp purchase. The product is consumable. After the purchase is successful, I need to call API and backend will grant 200 coins to that user.

Now, users can try to access the data with no subscription by simply executing requests to the server. For this reason, I will have to validate receipt on server side.

I have done some R&D and get to know that I need to pass the following receiptData to server.

// Get the receipt if it's available.
if let appStoreReceiptURL = Bundle.main.appStoreReceiptURL,
    FileManager.default.fileExists(atPath: appStoreReceiptURL.path) {

    do {
        let receiptData = try Data(contentsOf: appStoreReceiptURL, options: .alwaysMapped)
        print(receiptData)
        let receiptString = receiptData.base64EncodedString(options: [])
        // Read receiptData.
    }
    catch { print("Couldn't read receipt data with error: " + error.localizedDescription) 
    }
}

Then the server should send a request to Apple’s verification server at the following URL:

Production:

Sandbox:

I also read one article and they suggest to use following:

switch try await product.purchase() {
case .success(let result):
    let jws = result.jwsRepresentation
    // send jws to your backend

Is that the right way to do? Also my question is, the following receiptData is not for specific transaction, i.e it is not generated from a transaction. Then how specific transaction is verified?