Non-consumables: Set aside the current receipts, perform a restore operation, and validate the new receipts.
To do this have a look on restorePurchases function of OSXInAppPurchaseManager class
Consumables: If you have saved the receipts, either on the device or on your server, revalidate the receipts after implementing your mitigation strategy. If you have not saved the receipts, you cannot validate these past transactions; you should not take any action.
When you got OnTransactionComplete action from the OSXInAppPurchaseManager class, it contains OSXStoreKitResponse as event data. From OSXStoreKitResponse, you can get transaction recipe, send it to your server and validate transaction there.
Note: AppleÃ¢ÂÂs official recommendation to perform receipt validation is to connect to your own server, which then connects to AppleÃ¢ÂÂs servers to validate the receipts.For a number of reasons, this is more secure than connecting to Apple directly.
If you do not want to use your server you can use apple server for transaction validation
After you got OnTransactionComplete action and the product state is Purchased call
you will get OnVerificationComplete action request is complete. Action contains IOSStoreKitVerificationResponse data, with information about transaction from apple server.
Learn more here
Warning: Use SANDBOX_VERIFICATION_SERVER url (https://sandbox.itunes.apple.com/verifyReceipt) during app testing and APPLE_VERIFICATION_SERVER url (https://buy.itunes.apple.com/verifyReceipt) on production.