Home Blog

ios – Drawback Producing Signature for Subscription Gives – Error Code 18


I am efficiently utilizing Apple subscriptions in my app, however I am encountering SKErrorCodeDomain error 18 when attempting to use a subscription supply.

I would like apply supply code first time just for subscription.

I’ve tried many answer from on-line search however difficulty will not be fastened.
Under are particulars of what i set in appstore and what i’ve examined.

Subscription Provide Particulars

  • Provide Sort: For the primary month
  • Buyer Eligibility: New, Current, and Expired Subscribers
  • Code Standing: Energetic

Provide Code Creation Steps:

  • App Retailer Join → App → Subscription → Choose Subscription Product → Provide Codes → Add → Add Customized Codes

Signature Era for Promotional Gives

I am following Apple’s documentation to generate a signature:
https://developer.apple.com/documentation/storekit/generating-a-signature-for-promotional-offers

I’ve constructed the payload as instructed:

appBundleId + 'u2063' + keyIdentifier + 'u2063' + productIdentifier + 'u2063' + offerIdentifier + 'u2063' + appAccountToken + 'u2063' + nonce + 'u2063' + timestamp

Keys and Identifiers

  • keyIdentifier, issuerId, and .p8 file are obtained from:
    • App Retailer Join → Customers and Entry → Integrations → In-App Buy
  • Check person created below:
    • App Retailer Join → Customers and Entry → Sandbox → Check Accounts
    • Logged in with this account on the iPhone

What I’ve Tried


Apple’s pattern code to generate a signature

Downloaded from

const specific = require('specific');
const router = specific.Router();

const crypto = require('crypto');
const ECKey = require('ec-key');
const secp256k1 = require('secp256k1');
const uuidv4 = require('uuid/v4');

const KeyEncoder = require('key-encoder');
const keyEncoder = new KeyEncoder('secp256k1');

const fs = require('fs');

perform getKeyID() {
    return "KEYIDXXXXX";
}

router.put up('/supply', perform(req, res) {
    const appBundleID = req.physique.appBundleID;
    const productIdentifier = req.physique.productIdentifier;
    const subscriptionOfferID = req.physique.offerID;
    const applicationUsername = req.physique.applicationUsername;

    const nonce = uuidv4();
    const currentDate = new Date();
    const timestamp = currentDate.getTime();
    const keyID = getKeyID();

    const payload = appBundleID + 'u2063' +
                  keyID + 'u2063' +
                  productIdentifier + 'u2063' +
                  subscriptionOfferID + 'u2063' +
                  applicationUsername  + 'u2063'+
                  nonce + 'u2063' +
                  timestamp;

    // Get the PEM-formatted non-public key string related to the Key ID.
    // const keyString = getKeyStringForID(keyID);
    // Learn the .p8 file
    const keyString = fs.readFileSync('./SubscriptionKey_KEYIDXXXXX.p8', 'utf8');

    // Create an Elliptic Curve Digital Signature Algorithm (ECDSA) object utilizing the non-public key.
    const key = new ECKey(keyString, 'pem');

    // Arrange the cryptographic format used to signal the important thing with the SHA-256 hashing algorithm.
    const cryptoSign = key.createSign('SHA256');

    // Add the payload string to signal.
    cryptoSign.replace(payload);

    /*
        The Node.js crypto library creates a DER-formatted binary worth signature,
        after which base-64 encodes it to create the string that you'll use in StoreKit.
    */
    const signature = cryptoSign.signal('base64');

    /*
        Verify that the signature passes verification by utilizing the ec-key library.
        The verification course of is just like creating the signature, besides it makes use of 'createVerify'
        as a substitute of 'createSign', and after updating it with the payload, it makes use of `confirm` to cross in
        the signature and encoding, as a substitute of `signal` to get the signature.

        This step will not be required, but it surely's helpful to examine when implementing your signature code.
        This helps debug points with signing earlier than sending transactions to Apple.
        If verification succeeds, the subsequent really useful testing step is trying a purchase order
        within the Sandbox atmosphere.
    */
    const verificationResult = key.createVerify('SHA256').replace(payload).confirm(signature, 'base64');
    console.log("Verification outcome: " + verificationResult)

    // Ship the response.
    res.setHeader('Content material-Sort', 'utility/json');
    res.json({ 'keyID': keyID, 'nonce': nonce, 'timestamp': timestamp, 'signature': signature });

});    

module.exports = router;

Postman request and response

Request URL: http://192.168.1.141:3004/supply
Request JSON: {
    "appBundleID":"com.app.bundleid",
    "productIdentifier":"subscription.product.id",
    "offerID":"OFFERCODE1",
    "applicationUsername":"01234b43791ea309a1c3003412bcdaaa09d39a615c379cc246f5f479760629a1"
}
Response JSON: {
    "keyID": "KEYIDXXXXX",
    "nonce": "f98f2cda-c7a6-492f-9f92-e24a6122c0c9",
    "timestamp": 1753510571664,
    "signature": "MEYCIQCnA8UGWhTiCF+F6S55Zl6hpjnm7SC3aAgvmTBmQDnsAgIhAP6xIeRuREyxxx69Ve/qjnONq7pF1cK8TDn82fyePcqz"
}

Xcode Code

func purchase(_ product: SKProduct) {
    let discountOffer = SKPaymentDiscount(
        identifier: "OFFERCODE1",
        keyIdentifier: "KEYIDXXXXX",
        nonce: UUID(uuidString: "f98f2cda-c7a6-492f-9f92-e24a6122c0c9")!,
        signature: "MEYCIQCnA8UGWhTiCF+F6S55Zl6hpjnm7SC3aAgvmTBmQDnsAgIhAP6xIeRuREyxxx69Ve/qjnONq7pF1cK8TDn82fyePcqz",
        timestamp: 1753510571664)
    
    let fee = SKMutablePayment(product: product)
    fee.applicationUsername = "01234b43791ea309a1c3003412bcdaaa09d39a615c379cc246f5f479760629a1"
    fee.paymentDiscount = discountOffer
    SKPaymentQueue.default().add(fee)
}

Difficulty

Even following directions to the documentation and trying numerous mixtures, the supply retains failing with SKErrorCodeDomain error 18.

Has anybody else skilled this? Any strategies as to what could also be amiss or how it may be corrected?

ios – The way to seize the situation occasion (enter/exit) that launched the app from terminated state?


I’m implementing geofencing in my iOS app and working into some issues when the app is terminated (swiped up). I’m utilizing locationManager.startMonitoring(for: area) to provoke monitoring and utilizing locationManager(_ supervisor: CLLocationManager, didEnterRegion area: CLRegion) and didExitRegion to seize when the area boundary is crossed.

When the app is terminated and the primary set off comes by way of, the app launches within the background in response to the situation occasion. This triggers AppDelegate‘s didFinishLaunchingWithOptions and I can see that launchOptions?[UIApplication.LaunchOptionsKey.location] isn’t nil to suggest the situation occasion is why it opened. Nice!

Nevertheless, although the very first line of code in didFinishLaunchingWithOptions is locationManager.delegate = self, it is as if it is too late to seize the precise enter/exit occasion and neither didEnterRegion nor didExitRegion are fired.

Now as an example one other boundary occasion is triggered as a result of I’ve returned residence with out touching the app. This second (and all subsequent) occasions will set off didEnter/ExitRegion as a result of the app continues to be semi-launched from the primary occasion. So I can deal with these efficiently. However “lacking” that first occasion could be very problematic and appears unintended!

Does anybody have any expertise or recommendation on whether or not they’ve had the identical subject or whether or not it is a mistake on my finish?

Thanks!


Related, simplified code inside AppDelegate:

var locationManager: CLLocationManager = {
    let locationManager = CLLocationManager()
    locationManager.allowsBackgroundLocationUpdates = true
    return locationManager
}()

func locationManager(_ supervisor: CLLocationManager, didEnterRegion area: CLRegion) {
    log("didEnterRegion - sid: (area.identifier)")
}

func locationManager(_ supervisor: CLLocationManager, didExitRegion area: CLRegion) {
    log("didExitRegion - sid: (area.identifier)")
}

func startMonitoring() {
    area.notifyOnEntry = true
    area.notifyOnExit = true

    locationManager.startMonitoring(for: area)
    log("Began monitoring")
}

func utility(_ utility: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]? = nil) -> Bool {
    locationManager.delegate = self
    log("LAUNCH")

    // Test if app was launched resulting from location occasion
    if launchOptions?[UIApplication.LaunchOptionsKey.location] != nil {
        // App was launched resulting from location occasion
        log("App launched resulting from location occasion")
    } else {
        startMonitoring()
    }

    return true
}

And instance log output after terminating the app, then strolling out of the boundary after which strolling again contained in the boundary. Notice the launch occurred once I exited at 16:56, however no didExitRegion fired. Then at 16:57 once I entered, there isn’t a launch resulting from it already launching and I efficiently obtain didEnterRegion:

[2025-07-30 16:56:05.392] [INFO] LAUNCH
[2025-07-30 16:56:05.393] [INFO] App launched resulting from location occasion
[2025-07-30 16:57:49.290] [INFO] didEnterRegion - sid: 7285152

AI-Generated Code Poses Main Safety Dangers in Practically Half of All Improvement Duties, Veracode Analysis Reveals   


Whereas AI is turning into higher at producing that useful code, additionally it is enabling attackers to establish and exploit vulnerabilities in that code extra rapidly and successfully. That is making it simpler for less-skilled programmers to assault the code, rising the pace and class of these assaults — making a scenario during which code vulnerabilities are rising at the same time as the power to use them is turning into simpler, in accordance with new analysis from software danger administration software program supplier Veracode.

AI-generated code launched safety vulnerabilities in 45% of 80 curated coding duties throughout greater than 100 LLMs, in accordance with the 2025 GenAI Code Safety Report. The analysis additionally discovered that GenAI fashions selected an insecure methodology to write down code over a safe methodology 45% of the time. So, though AI can create code that’s useful and syntaactically appropriate, the report reveals that safety efficiency has not stored tempo.

“The rise of vibe coding, the place builders depend on AI to generate code, usually with out explicitly defining safety necessities, represents a elementary shift in how software program is constructed,” Jens Wessling, chief know-how officer at Veracode, mentioned in an announcement saying the report. “The primary concern with this pattern is that they don’t must specify safety constraints to get the code they need, successfully leaving safe coding selections to LLMs. Our analysis reveals GenAI fashions make the mistaken decisions practically half the time, and it’s not enhancing.” 

In saying the report, Veracode wrote: “To judge the safety properties of LLM-generated code, Veracode designed a set of 80 code completion duties with recognized potential for safety vulnerabilities in accordance with the MITRE Frequent Weak spot Enumeration (CWE) system, a regular classification of software program weaknesses that may flip into vulnerabilities. The duties prompted greater than 100 LLMs to auto-complete a block of code in a safe or insecure method, which the analysis staff then analyzed utilizing Veracode Static Evaluation. In 45 % of all check instances, LLMs launched vulnerabilities categorised throughout the OWASP (Open Internet Software Safety Undertaking) Prime 10—essentially the most important net software safety dangers.”

Different findings within the report had been that Java was discovered to be the riskiest of programming languages for AI code technology, with a safety failure fee of greater than 70%.  Failure charges of between 38% and 45% had been present in apps creating in Python, C# and JavaScript. The analysis additionally revealed LLMs did not safe code towards cross-site scripting and log injection in 86% and 88%, respectively, in accordance with Veracode. 

 Wessling famous that the analysis confirmed that bigger fashions carry out no higher than smaller fashions, which he mentioned signifies that the vulnerability difficulty is a systemic one, reasonably than an LLM scaling downside.

“AI coding assistants and agentic workflows symbolize the way forward for software program growth, and they’ll proceed to evolve at a speedy tempo,” Wessling concluded. “The problem dealing with each group is making certain safety evolves alongside these new capabilities. Safety can’t be an afterthought if we wish to forestall the buildup of huge safety debt.” 

 

Begin Your Networking Profession with Cisco U.


Specialists weigh in: Why does “Again to Fundamentals” matter on your profession?

In the event you may return to the start of your profession, what would you do otherwise? It’s a thought-provoking query that many seasoned professionals usually mirror on. For these simply beginning out within the tech world—or these seeking to refresh their information—this query holds the important thing to constructing a robust profession basis.

This month, Cisco U. is embracing the theme of “Again to Fundamentals” by specializing in important coaching paths just like the CCNA Studying Path. These assets are designed to assist learners construct the talents they should succeed, whether or not they’re getting into the tech business for the primary time or strengthening their foundational information.

On this weblog, you’ll hear from Cisco consultants who share their insights into which studying paths they’d prioritize in the event that they had been beginning their careers right this moment—and why these foundational steps are so essential.

Who’re the Cisco consultants?

To deliver you one of the best recommendation, we’ve gathered insights from three skilled Topic Matter Specialists (SMEs) at Cisco who’ve constructed profitable careers within the tech business.

Meet Kyle Winters

A tall man with light skin wearing a Cisco polo shirt stands next to a TV screen that contains text about DevNetA tall man with light skin wearing a Cisco polo shirt stands next to a TV screen that contains text about DevNet
Kyle Winters at Cisco Stay 2019
  • Function: Technical Advocate, Cisco
  • Background: Kyle has over a decade of expertise spanning community safety, enterprise improvement, and technical advertising. He’s earned a number of Cisco certifications and has been acknowledged with prestigious awards just like the Cisco Stay Distinguished Speaker Award.

Kyle’s profession has taken him from startups to enterprise roles, giving him a complete view of the tech panorama.

Meet Francois Caen

A light-skinned man with a brown goatee wearing a red polo shirt holds a bunch of cordsA light-skinned man with a brown goatee wearing a red polo shirt holds a bunch of cords
Francois Caen within the early days of his networking profession
  • Function: Technical Product Supervisor, Be taught with Cisco
  • Background: With 20 plus years of community engineering expertise, Francois is a printed creator and an skilled in programmability and automation. He now focuses on creating cutting-edge coaching for Cisco prospects and companions.

Francois has a ardour for educating and enjoys serving to learners break down complicated matters into manageable steps.

Meet Chuck Stickney

  • Studying Engineering Chief, Cisco
  • Background: Chuck has greater than 20 years of expertise, 18 at Cisco, in networking and enterprise improvement.

With a college-aged youngster who’s now contemplating the cybersecurity area as a profession, Chuck has a private curiosity in what newcomers ought to deal with.

What do Cisco consultants advocate for beginning a networking profession?

Kyle’s suggestions: The place to start out with networking

Why it issues: This 14-hour studying path offers foundational information of key ideas, protocols, administration methods, and safety that underpin community techniques. It’s good for these with basic IT expertise seeking to specialise in networking.

  • Kyle’s recommendation: Begin small, however keep constant. Construct a robust basis, don’t rush by way of materials simply to earn a cert, and all the time search for methods to use what you’re studying by way of labs, initiatives, or volunteer work. Even small wins stack up.”
  • Further suggestion for newbies: Kyle recommends the Networking Fundamentals course on Cisco Networking Academy for a extra holistic introduction to networking ideas.

Francois’s suggestion: Deal with subnetting first

  • Key course: Introducing the TCP/IP Web Layer, IPv4 Addressing, and Subnets, a part of the Cisco U. CCNA Studying Path.

Why subnetting is necessary in networking: Subnetting is a foundational talent crucial for any networking skilled. Although Francois concedes it might not be essentially the most thrilling matter, it’s important for understanding IP addressing and community design.

  • Francois’s recommendation: Eat the greens first, save the steak for later. Subnetting might not be enjoyable, however it’s completely obligatory.”
  • Profession perception: Francois encourages learners to pursue networking if they’re naturally curious. “In the event you’re the kind of one that opened your toys with a screwdriver to see how they labored, networking might be a rewarding area. Curiosity is vital to staying motivated on this ever-evolving business.”

Chuck’s suggestion: Begin with Cisco Licensed Assist Technician (CCST) content material

A stable understanding of community fundamentals and hands-on expertise is important, starting with incomes the CCST certification, then continuing to earn the Cisco Licensed Community Affiliate (CCNA) certification.

  • “CCNA has been the minimal baseline for many years,” Chuck notes, “and we preserve the content material related to right this moment. From there you may proceed deeper into community infrastructure matters or if infrastructure will not be your factor—department out into associated areas like automation and cyber safety. We now have (free) NetAcad content material in these areas and likewise Affiliate coaching and certifications in these disciplines.”
  • Profession perception: “Constructing a cyber or automation skillset on high of a robust community basis will set you aside in your area!”

What do consultants say about tech studying?

All three consultants emphasize the significance of specializing in the basics when beginning your profession. Listed below are the important thing takeaways from their insights:

  1. Perceive the fundamentals first: Foundational information of networking ideas like subnetting, protocols, and safety is crucial for long-term success. Begin with CCST content material, then proceed into CCNA.
  2. From the CCNA, proceed into community infrastructure matters or department out into automation or cybersecurity.
  3. Be curious and adaptable: Networking is consistently evolving, and a curious mindset will assist you to keep engaged and motivated as you proceed to be taught.
  4. Certifications open doorways: Whereas understanding the fabric is extra necessary than dashing to earn certifications, having certifications just like the CCNA will help you exhibit your experience and advance your profession.

What closing recommendation do the Cisco U. consultants have?

To shut, right here’s some parting knowledge from our SMEs:

  • Kyle: Don’t simply deal with incomes certifications—deal with actually understanding the fabric. Employers worth adaptability and the power to be taught over memorization.”
  • Francois: Keep curious. Networking requires steady studying, and your curiosity will preserve you engaged and motivated as you develop in your profession.”
  • Chuck: “The sector could be very wide-open now, with no one-size-fits-all; nevertheless, all the pieces is constructed on the community.”

By specializing in the proper foundational expertise, you’ll set your self up for long-term success within the tech business.

Prepared to start your networking coaching?

Cisco U. is right here to help you each step of the best way. Discover all of our “Again to Fundamentals” content material right this moment and begin constructing the inspiration for a profitable profession in networking.

Go on. Take step one towards attaining your profession targets with Cisco U.

Join Cisco U. | Be a part of the  Cisco Studying Community right this moment totally free.

Be taught with Cisco

X |Threads | Fb |LinkedIn |Instagram |YouTube

Use  #CiscoU and #CiscoCert to hitch the dialog.

Learn subsequent:

Educating Tomorrow’s Tech Workforce: A New Map for AI-Period Abilities

5 Causes Why Community Safety Coaching Ought to Be Your Subsequent Transfer

5 Empowering Ideas for ICT Profession Success

Share:



ios – Switching tab and pushing to NavigationStack doesn’t present new View


I’ve a TabView with two tabs (FirstTab and SecondTab).

From the primary tab, I need to programmatically swap to the second tab after which instantly push a element display contained in the second tab’s NavigationStack.

I wrote a simplified instance:

struct FirstTab: View {
    var onNavigate: (String) -> Void

    var physique: some View {
        VStack {
            Textual content("FirstTab")

            Button("Go to SecondTab") {
                onNavigate("Whats up from FirstView")
            }
        }
    }
}


class SecondTabViewModel: ObservableObject {
    @Printed var textToShow: String? = nil
}

struct SecondTab: View {
    @ObservedObject var viewModel: SecondTabViewModel
    @State non-public var path = NavigationPath()

    var physique: some View {
        NavigationStack(path: $path) {
            VStack {
                Textual content("SecondTab")
            }
            .navigationDestination(for: String.self) { worth in
                DetailView(textual content: worth)
            }
            .onChange(of: viewModel.textToShow) { oldValue, newValue in
                print("onChange SecondTab textual content: (String(describing: newValue))")
                if let newValue = newValue, newValue != oldValue {
                    print("Pushing DetailView with: (newValue)")
                    path.append(newValue)
                }
            }
        }
    }
}

struct DetailView: View {
    let textual content: String

    var physique: some View {
        VStack {
            Textual content("DetailView")

            Textual content("Textual content: (textual content)")
        }
    }
}

struct ContentView: View {
    @State non-public var selectedTab = 0
    @StateObject non-public var secondVM = SecondTabViewModel()

    var physique: some View {
        TabView(choice: $selectedTab) {
            FirstTab { textual content in
                print("Closure referred to as with textual content: (textual content)")
                selectedTab = 1 // swap tab
                DispatchQueue.foremost.asyncAfter(deadline: .now() + 1) {
                    secondVM.textToShow = textual content
                }
            }
            .tabItem { Label("First", systemImage: "1.circle") }
            .tag(0)

            SecondTab(viewModel: secondVM)
                .tabItem { Label("Second", systemImage: "2.circle") }
                .tag(1)
        }
    }
}

The problem :

  • The closure is appropriately referred to as once I faucet the button in FirstTab.
  • The tab switches to SecondTab.
  • I anticipate the DetailView to mechanically push within the NavigationStack.

However nothing seems – onChange is named, however no push happens.

If I wrap the textToShow inside a DispatchQueue.foremost.asyncAfter (e.g. 0.1 seconds), it really works.

Instance of the workaround:

FirstTab { textual content in
    print("Closure referred to as with textual content: (textual content)")
    selectedTab = 1 // swap tab
    DispatchQueue.foremost.asyncAfter(deadline: .now() + 1) {
        secondVM.textToShow = textual content
    }
}

However this looks like a hack.

Why doesn’t the navigation push (path.append) work when switching tabs instantly?

Is there a beneficial, clear manner in SwiftUI to vary tab after which push a vacation spot in that tab’s NavigationStack?

Ought to I be utilizing a distinct navigation method (e.g. Coordinator, Observable shared state)?