Can I sell a subscription through Stripe or my website?

For a digital subscription consumed in the app, not outside the US storefront. Other storefronts require in-app purchase or a regional external-link entitlement, so a plain Stripe checkout for digital content draws a 3.1.1 rejection there. On the United States storefront, since May 2025 you can include external purchase links without an entitlement. Physical goods and real-world services always use external payment.

Do physical goods need in-app purchase?

No, and using it for them is a rejection. Physical goods and real-world services, such as a shipped product, a ride, or food delivery, must use external payment and may not use Apple in-app purchase. In-app purchase is reserved for digital goods and services consumed within the app. Matching the method to the product is the part developers most often get backward.

The US allows external links now, so can I drop in-app purchase entirely?

Only for the United States storefront. The 2025 change removed the prohibition on external purchase links for US apps with no entitlement required, but apps shipped worldwide still need in-app purchase or a regional entitlement on other storefronts. The commission terms for US external purchases have been litigated, so confirm Apple's current terms rather than assuming a specific rate.

Does fixing a 3.1.1 rejection require a new build?

Usually yes. Adding StoreKit in-app purchase changes the binary, so you rebuild and resubmit, and the app re-enters review. Simply removing an external call-to-action from metadata can sometimes be a metadata change, but most real fixes involve wiring in in-app purchase, which is code. Batch the change with any other binary fixes so you restart review only once.

How do I fix a Guideline 3.1.1 in-app purchase rejection?

A Guideline 3.1.1 rejection usually means you sold a digital product without using Apple's in-app purchase, often through a Stripe checkout or a "subscribe on our website" link an AI builder wired in for you. The fix is not always to add in-app purchase; it depends on what you sell and which storefront you sell it on. Here is the line and the path back through review.

Short answer

Guideline 3.1.1 requires Apple in-app purchase whenever you grant access to digital features or content inside your app, such as subscriptions, premium content, or in-game currency. Per Apple's App Review Guidelines, you may not use your own mechanisms, including license keys, QR codes, or an external checkout, to sell those digital goods. Physical goods and real-world services are the opposite: they must use external payment, not in-app purchase. Since May 2025, apps on the United States storefront may include external purchase links without an entitlement, while other storefronts still require in-app purchase or a regional entitlement.

What you should know

Digital goods consumed in-app need in-app purchase: subscriptions, premium content, feature access, and in-game currency all fall under 3.1.1.
Your own access mechanisms are banned: license keys, QR codes, and cryptocurrencies cannot be used to enable digital features.
Physical goods must not use in-app purchase: shipped items and real-world services use external payment instead.
The US storefront changed in 2025: US apps can include external purchase links and buttons with no entitlement.
Other storefronts still require in-app purchase: outside the US you use in-app purchase or apply for a regional external-link entitlement.

What does Guideline 3.1.1 require?

It requires in-app purchase for anything that enables digital features or functionality inside the app. Apple's wording lists subscriptions, in-game currencies, game levels, access to premium content, and opening the full version, and states that apps may not use their own mechanisms to enable that content, such as license keys, augmented reality markers, QR codes, or cryptocurrencies. The principle is that digital goods consumed in your app are sold through Apple's payment system, so a web checkout or a third-party processor for that same content is what draws the rejection.

Digital goods or physical goods: which one needs in-app purchase?

The deciding question is whether the thing you sell is consumed inside the app. Digital goods and services used in the app go through in-app purchase. Physical goods and real-world services, the kind delivered outside the app, must use a different payment method and may not use in-app purchase at all. Getting this backward is its own rejection, so the distinction matters in both directions. The table sorts the common cases.

What you sell	Apple in-app purchase?
Subscription, premium content, in-app feature access, in-game currency	Yes, required outside the US storefront
Physical goods or real-world services (shipped item, ride, delivery)	No, use external payment
Reader-app content bought elsewhere (books, music, video)	Not required; reader-app rules apply
Any digital goods on the United States storefront	External purchase links now allowed without an entitlement

Did the US external-link rules change this?

Yes, significantly. Following a 2025 court order in the Epic Games case, Apple updated the guidelines so that apps on the United States storefront are no longer prohibited from including buttons, external links, or other calls to action that point to a purchasing method other than in-app purchase, and no entitlement is required to do so. Outside the US, the older rule stands: digital goods use in-app purchase, or you apply for the StoreKit External Purchase Link Entitlement available in designated regions. The commission and business terms for US external purchases have been the subject of ongoing court proceedings, so confirm the current terms with Apple before you rely on a specific rate.

How do you fix a 3.1.1 rejection in an AI-built app?

Match the payment method to what you sell, then rebuild. The order that works:

Identify the flagged flow: find where the app sells a digital good, often a Stripe checkout, a payment link, or a "buy on our site" button an AI builder added.
Decide the correct method: digital goods consumed in-app move to StoreKit in-app purchase; physical goods stay on external payment; reader content follows the reader-app rules.
Implement in-app purchase where required: add the products in App Store Connect and wire up StoreKit so the digital purchase runs through Apple.
Scope external links by storefront if you keep them: on the US storefront a link can stay, but other storefronts need in-app purchase or the entitlement.
Rebuild and resubmit: adding in-app purchase changes the binary, so you upload a new build and reply explaining the change.

What to watch out for

The first trap is selling physical goods through in-app purchase, which is just as much a rejection as the reverse. The second is assuming the US change is global; it is not, so an app shipped worldwide still needs in-app purchase or an entitlement outside the US storefront. There is also a security angle that AI-built payment flows tend to ignore. When a builder wires in Stripe quickly, it sometimes puts a Stripe secret key directly in the client, which ships in your binary for anyone to extract. A pre-submission scan such as PTKD.com (https://ptkd.com) reads the compiled APK, AAB, or IPA for hardcoded payment keys and other secrets against OWASP MASVS, so you do not trade a policy rejection for a leaked key. Guideline 3.1.1 itself is a business-model rule a scan cannot decide for you, so pair the scan with a clear choice about what you sell and where.

What to take away

Guideline 3.1.1 requires Apple in-app purchase for digital goods consumed in your app, and bans your own access mechanisms like license keys or an external checkout for them.
Physical goods and real-world services are the opposite: they must use external payment and may not use in-app purchase.
Since May 2025, US-storefront apps can include external purchase links without an entitlement, but other storefronts still require in-app purchase or a regional entitlement.
Adding in-app purchase is a binary change, so rebuild, and scan the build for hardcoded payment keys with a pre-submission scan such as PTKD.com so a quick Stripe integration does not leak a secret.