Open reinos opened 2 months ago
I was also interested in the server-side verification subject. I will have to write my own.
I think this content for the iOS could be useful: https://developer.apple.com/documentation/storekit/in-app_purchase/original_api_for_in-app_purchase/validating_receipts_with_the_app_store
There is an example documentation. Maybe you can start from there: https://github.com/j3k0/cordova-subscription-example/tree/main/with-server
However, I couldn't find a clear documentation which explains the specification between the plugin/app and the server-side interface. (For example: what to do if the Apple-ID on the device is different than the one used on the app?)
Perhaps the main question for me as well is, is it needed? as per documentation is see here (https://github.com/j3k0/cordova-plugin-purchase/wiki/HOWTO:-Migrate-to-v13#3-using-local-receipts)
You are not validating receipt, only trusting what's reported by the device
So is that bad, is there a downside to this approach? Or is validating via your own server better and safer?
My understanding is: whether you validate the receipts locally or on your backend-server depends on how much your application logic can trust on local validation.
I was looking into the verify endpoint that is triggered by
.approved(transaction => transaction.verify())
. As there is no documentation for it I need to ask some clarification about this topic.I discovered that I can set a custom url by
But what structure should I return from that endpoint?