PHPackages                             hoels/app-store-server-library-php - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [API Development](/categories/api)
4. /
5. hoels/app-store-server-library-php

ActiveLibrary[API Development](/categories/api)

hoels/app-store-server-library-php
==================================

The PHP server library for the App Store Server API and App Store Server Notifications.

2.0.0(2mo ago)44162.2k—3.1%10MITPHPPHP &gt;=8.1

Since Dec 10Pushed 2mo ago5 watchersCompare

[ Source](https://github.com/hoels/app-store-server-library-php)[ Packagist](https://packagist.org/packages/hoels/app-store-server-library-php)[ RSS](/packages/hoels-app-store-server-library-php/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (10)Dependencies (14)Versions (17)Used By (0)

(Unofficial) Apple App Store Server PHP Library
===============================================

[](#unofficial-apple-app-store-server-php-library)

The **unofficial** [PHP](https://github.com/hoels/app-store-server-library-php) server library for the [App Store Server API](https://developer.apple.com/documentation/appstoreserverapi), [App Store Server Notifications](https://developer.apple.com/documentation/appstoreservernotifications), and [Retention Messaging API](https://developer.apple.com/documentation/retentionmessaging). Also available in [Swift](https://github.com/apple/app-store-server-library-swift), [Python](https://github.com/apple/app-store-server-library-python), [Node.js](https://github.com/apple/app-store-server-library-node), and [Java](https://github.com/apple/app-store-server-library-java).

Table of Contents
-----------------

[](#table-of-contents)

1. [Author](#author)
2. [Installation](#installation)
3. [Documentation](#documentation)
4. [Usage](#usage)
5. [Support](#support)

Author
------

[](#author)

I am NOT associated with Apple in any way. I am an app developer and IT security specialist who developed this library because Apple does not offer a dedicated PHP library. Not offering a native and secure library leads to insecure third-party implementations imho. Therefore, this library is intended to mirror the native Apple libraries as closely as possible. Most of the functionality is an exact copy of Apple's Python library, with some PHP-specific modifications and influences from Apple's Swift library. I intend to keep this library and its major versions up-to-date with the Apple libraries.

Installation
------------

[](#installation)

#### Requirements

[](#requirements)

- PHP 8.1+
- OpenSSL and JSON PHP Extension
- Composer

### Composer

[](#composer)

```
composer require hoels/app-store-server-library-php
```

Documentation
-------------

[](#documentation)

[Documentation of Python Library](https://apple.github.io/app-store-server-library-python/)

[WWDC Video](https://developer.apple.com/videos/play/wwdc2023/10143/)

### Obtaining an In-App Purchase key from App Store Connect

[](#obtaining-an-in-app-purchase-key-from-app-store-connect)

To use the App Store Server API or create promotional offer signatures, a signing key downloaded from App Store Connect is required. To obtain this key, you must have the Admin role. Go to Users and Access &gt; Integrations &gt; In-App Purchase. Here you can create and manage keys, as well as find your issuer ID. When using a key, you'll need the key ID and issuer ID as well.

### Obtaining Apple Root Certificates

[](#obtaining-apple-root-certificates)

Download and store the root certificates found in the Apple Root Certificates section of the [Apple PKI](https://www.apple.com/certificateauthority/) site. Provide these certificates as an array to a SignedDataVerifier to allow verifying the signed data coming from Apple.

Usage
-----

[](#usage)

### API Usage

[](#api-usage)

```
use AppStoreServerLibrary\AppStoreServerAPIClient;
use AppStoreServerLibrary\AppStoreServerAPIClient\APIException;
use AppStoreServerLibrary\Models\Environment;

$privateKey = file_get_contents("/path/to/key/SubscriptionKey_ABCDEFGHIJ.p8"); // Implementation will vary

$keyId = "ABCDEFGHIJ";
$issuerId = "99b16628-15e4-4668-972b-eeff55eeff55";
$bundleId = "com.example";
$environment = Environment::SANDBOX;

$client = new AppStoreServerAPIClient(
    signingKey: $privateKey,
    keyId: $keyId,
    issuerId: $issuerId,
    bundleId: $bundleId,
    environment: $environment
);

try {
    $response = $client->requestTestNotification();
    print_r($response);
} catch (APIException $e) {
    print_r($e);
}
```

### Verification Usage

[](#verification-usage)

```
use AppStoreServerLibrary\Models\Environment;
use AppStoreServerLibrary\SignedDataVerifier;
use AppStoreServerLibrary\SignedDataVerifier\VerificationException;

$rootCertificates = load_root_certificates(); // Implementation will vary
$enableOnlineChecks = true;
$bundleId = "com.example";
$environment = Environment::SANDBOX;
$appAppleId = null; // appAppleId must be provided for the Production environment
$signedDataVerifier = new SignedDataVerifier(
    rootCertificates: $rootCertificates,
    enableOnlineChecks: $enableOnlineChecks,
    environment: $environment,
    bundleId: $bundleId,
    appAppleId: $appAppleId
);

try {
    $signedNotification = "ey..";
    $payload = $signedDataVerifier->verifyAndDecodeNotification($signedNotification);
    print_r($payload);
} catch (VerificationException $e) {
    print_r($e);
}
```

### Receipt Usage

[](#receipt-usage)

```
use AppStoreServerLibrary\AppStoreServerAPIClient;
use AppStoreServerLibrary\AppStoreServerAPIClient\APIException;
use AppStoreServerLibrary\Models\Environment;
use AppStoreServerLibrary\Models\TransactionHistoryRequest;
use AppStoreServerLibrary\Models\TransactionHistoryRequest\Order;
use AppStoreServerLibrary\Models\TransactionHistoryRequest\ProductType;
use AppStoreServerLibrary\ReceiptUtility;

$privateKey = file_get_contents("/path/to/key/SubscriptionKey_ABCDEFGHIJ.p8"); // Implementation will vary

$keyId = "ABCDEFGHIJ";
$issuerId = "99b16628-15e4-4668-972b-eeff55eeff55";
$bundleId = "com.example";
$environment = Environment::SANDBOX;

$client = new AppStoreServerAPIClient(
    signingKey: $privateKey,
    keyId: $keyId,
    issuerId: $issuerId,
    bundleId: $bundleId,
    environment: $environment
);
$receiptUtility = new ReceiptUtility();
$appReceipt = "MI..";

try {
    $transactionId = $receiptUtility->extractTransactionIdFromAppReceipt($appReceipt);
    if ($transactionId !== null) {
        $transactions = [];
        $response = null;
        $request = new TransactionHistoryRequest(
            sort: Order::ASCENDING,
            revoked: false,
            productTypes: [ProductType::AUTO_RENEWABLE]
        );
        while ($response === null || $response->getHasMore() === true) {
            $revision = $response?->getRevision();
            $response = $client->getTransactionHistory(
                transactionId: $transactionId,
                revision: $revision,
                transactionHistoryRequest: $request
            );
            foreach ($response->getSignedTransactions() as $transaction) {
                $transactions[] = $transaction;
            }
        }
        print_r($transactions);
    }
} catch (APIException $e) {
    print_r($e);
}
```

### Promotional Offer Signature Creation

[](#promotional-offer-signature-creation)

```
use AppStoreServerLibrary\PromotionalOfferSignatureCreator;

$privateKey = file_get_contents("/path/to/key/SubscriptionKey_ABCDEFGHIJ.p8"); // Implementation will vary

$keyId = "ABCDEFGHIJ";
$bundleId = "com.example";

$promotionalOfferSignatureCreator = new PromotionalOfferSignatureCreator(
    signingKey: $privateKey,
    keyId: $keyId,
    bundleId: $bundleId
);

$productId = "";
$subscriptionOfferId = "";
$applicationUsername = "";
$nonce = "";
$timestamp = time() * 1000;
$base64EncodedSignature = $promotionalOfferSignatureCreator->createSignature(
    productIdentifier: $productId,
    subscriptionOfferId: $subscriptionOfferId,
    applicationUsername: $applicationUsername,
    nonce: $nonce,
    timestamp: $timestamp
);
```

Support
-------

[](#support)

Only the latest major version of the library will receive updates, including security updates. Therefore, it is recommended to update to new major versions.

###  Health Score

56

—

FairBetter than 98% of packages

Maintenance86

Actively maintained with recent releases

Popularity47

Moderate usage in the ecosystem

Community15

Small or concentrated contributor base

Maturity59

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 95.7% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~54 days

Recently: every ~84 days

Total

16

Last Release

78d ago

Major Versions

0.1.1 → 1.0.02024-01-28

1.9.1 → 2.0.02026-03-01

### Community

Maintainers

![](https://www.gravatar.com/avatar/91bf35548c45f62dd1c1f62dfe4377bcc123ddbdbe70c3c0db68b761da90c2e5?d=identicon)[hoels](/maintainers/hoels)

---

Top Contributors

[![hoels](https://avatars.githubusercontent.com/u/51371415?v=4)](https://github.com/hoels "hoels (44 commits)")[![alikemalcivelek](https://avatars.githubusercontent.com/u/20399827?v=4)](https://github.com/alikemalcivelek "alikemalcivelek (2 commits)")

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Code StylePHP\_CodeSniffer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/hoels-app-store-server-library-php/health.svg)

```
[![Health](https://phpackages.com/badges/hoels-app-store-server-library-php/health.svg)](https://phpackages.com/packages/hoels-app-store-server-library-php)
```

###  Alternatives

[google/apiclient

Client library for Google APIs

9.8k191.4M997](/packages/google-apiclient)[laravel/socialite

Laravel wrapper around OAuth 1 &amp; OAuth 2 libraries.

5.7k96.9M674](/packages/laravel-socialite)[wheelpros/fitment-platform-api

Magento 2 (Open Source)

12.1k1.2k](/packages/wheelpros-fitment-platform-api)[packbackbooks/lti-1p3-tool

A library used for building IMS-certified LTI 1.3 tool providers in PHP.

51438.3k2](/packages/packbackbooks-lti-1p3-tool)[get-stream/stream

A PHP client for Stream (https://getstream.io)

1451.3M8](/packages/get-stream-stream)[agence104/livekit-server-sdk

Server-side SDK for LiveKit.

79189.9k1](/packages/agence104-livekit-server-sdk)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)