iPhone in app purchase subscription to web server data. How should I auth?

I'm working on an app that will provide data from a web server to users but only if they've bought an in app purchase subscription. I understand th开发者_开发知识库e basics of IAPs but how do I securely make sure the data from the server is only accessible to the app, and only if the subscription has been purchased? I don't want to make the user set up an account, I just want to auth the app/purchase securely.

Thanks in advance :)

I'm going to use subscription model too with IAP.

AFAIK, you SHOULD NOT use a unique phone identifier like the IMEI of the phone to identify the user on your server. According to the Apple documentation, you MUST provide a way so that an user can restore his subscriptions on several devices!

Besides, a call to restoreCompletedTransactions of the SKPaymentQueue will restore ONLY nonconsumable products! Subscriptions are not supported by this method.

See these links :

http://developer.apple.com/library/ios/#technotes/tn2009/tn2259.html (section « Frequently Asked Questions », point 10)

iPhone - How to recognize the iTunes user of my app

The only way I know is to use a login/password to identify the user on the web server but this could be quite ugly... However, if someone know another way, could he describe his solution ?

You should upload store receipts to your server, to be able to check them on Apple's site. And, with request you should upload phone identifier. And, of course, store somewhere in the database. After all, you will have information about which phone id has access to subscription. And, when you will request subscription-related info from your server, you'll be able to check who has acces (via phone id) and who hasn't.