How to implement our own verify endpoint

[reinos]

I was looking into the verify endpoint that is triggered by .approved(transaction => transaction.verify()). As there is no documentation for it I need to ask some clarification about this topic.

I discovered that I can set a custom url by

store.validator = 'http://mydomain.com/api/payment/in_app_purchase/verify';

But what structure should I return from that endpoint?

[selcukbeyhan]

I was also interested in the server-side verification subject. I will have to write my own.

I think this content for the iOS could be useful: https://developer.apple.com/documentation/storekit/in-app_purchase/original_api_for_in-app_purchase/validating_receipts_with_the_app_store

There is an example documentation. Maybe you can start from there: https://github.com/j3k0/cordova-subscription-example/tree/main/with-server

However, I couldn't find a clear documentation which explains the specification between the plugin/app and the server-side interface. (For example: what to do if the Apple-ID on the device is different than the one used on the app?)

[reinos]

Perhaps the main question for me as well is, is it needed? as per documentation is see here (https://github.com/j3k0/cordova-plugin-purchase/wiki/HOWTO:-Migrate-to-v13#3-using-local-receipts)

You are not validating receipt, only trusting what's reported by the device

So is that bad, is there a downside to this approach? Or is validating via your own server better and safer?

[selcukbeyhan]

My understanding is: whether you validate the receipts locally or on your backend-server depends on how much your application logic can trust on local validation.