We've got a Unity IOS/Android project using the PlayFab Legacy economy.
I'm looking for a strategy for adding virtual currency from IAP purchases. It appears that the AddUserVirtualCurrency() end point is vulnerable to hacking if it appears in client code. So far I'm calling ValidateIOSReceipt in the ProcessPurchase function of the Unity IAP Flow.
I want to use a data driven approach so I intend to put a "Payload" value into the PlayFab.CustomData field in my IAP items. I will parse this to add specific values to a player's virtual currency account.
Should I be calling a cloudscript from the OnSuccess block of the Validate Receipt function?