Mostly, the backend verifies the receipt by sending it to a platform specific API for validation.If the platform has moved to sha-256,your server side code should use this algorithm to sign or hash the receipt data before sending it to the platform for verification.