I am trying to use a payment method in a specific country, but since it is not supported by Xsolla or Google, we need to implement it on our own.
The payment is basically phone payment. The user inputs their mobile number, and the server handles the rest. The provider sends an SMS to the user's phone.
In general, our approach will be something like this:
- Unity ->
- Send POST Request containing [Phone number, Playfab player ID, Player's Secret Key, Item ID] ->
- Our server will make the payment using the payment provider's API ->
- If success, the server will send [Player ID, Item ID, Player's Secret Key] to CloudScript ->
- CloudScript will add the item (using GrantItemsToUser) to the player's inventory ->
- CloudScript will send a message to the client with the associated player ID, telling the game what to do next (add which item to inventory ...etc).
It looks complex, but we have to use this specific payment provider ..
For more security, the client will only initiate the payment request, and receive the item result. The actual payment processing will be done between our server and CloudScript directly.
My questions related to this scenario are:
- Is there a better solution?
- Are there any security issues with this approach?
- What are the available ways to communicate with CloudScript from an external server?
- GrantItemsToUser needs an authentication with "SecretKey". Is this the user's secret key? Is it available to the client API ? Is sending it secure?
- Will this approach scale well with tens of thousands of players? (average player will make 1 purchase/day).
- Will the player's client get notified automatically that an item was added to their inventory, or is there a different method to do this?
I really appreciate your time and effort. Thanks a lot.