This is a follow-up on a previous discussion: https://community.playfab.com/questions/8889/protection-from-iap-cancellations.html @Brendan
While it is true that we developers can check for IAP cancellations locally, it is actually impossible to revoke items accurately. The problem is that we don't have access to a PlayFab player's full purchase history via any API (although we can see all of those using the developer dashboard), so we are not able to match purchases in a receipt with items in a player's inventory, because there is no way to match transaction IDs. PlayFab also said previously that they have no interest in providing such API because of cost: https://community.playfab.com/questions/12944/get-purchases-made-by-user-on-cloudscript-server-a.html
So instead of providing all the transaction history, I'm proposing several solutions that can satisfy the need to revoke items safely
1. Bare Minimum: A new Client API that allows developer to provide a transaction ID (as recorded in IAP receipt, determined locally). If PlayFab finds a previously accepted transaction with the exact ID, PlayFab revokes the item related to that transaction. If there is no match, do nothing.
2. Parse receipt on server: Do item 1, but instead of the developer parses the receipt in Client code to determine refund status, PlayFab does that on its end and developer provides the receipt.
I believe by doing so, PlayFab can still keep the cost controlled.