search

clans123 / marketbilling

Automatically exported from code.google.com/p/marketbilling
0 stars 0 forks source link

Secure transaction #6

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Dear Sirs,
Our business is producing MMO RPG. We are interested in confirmation  ability  
of  user purchase from our server bypassing game client.
When using PayPal system, PayPal server sends information about purchases made 
by a client on indicated «http» adress. 
While using  itunes you can request the itunes about transaction correctness 
with the help of unique key number (2 kilobytes size), which is sent to 
customer with every transaction.
Unfortunately, I cannot find such mechanism for  Android Market In-app Billing. 
Is there such  mechanism?
I regret to say, that I could not find this information at web pages 
http://developer.android.com/guide/market/billing/billing_best_practices.htm 
and  http://developer.android.com/guide/market/billing/billing_overview.html.

Original issue reported on code.google.com by aigr...@gmail.com on 4 Apr 2011 at 2:16

GoogleCodeExporter commented 9 years ago 
I'll probably publish an article about this soon, but you can do secure 
validation of an order by forwarding the order receipt and signature to your 
server.

You can then do offline validation of the signature to ensure the receipt data 
came from Google and hasn't been tampered with.

Marking as invalid because this feature already exists.

Original comment by trevorjohns@google.com on 7 Apr 2011 at 11:33