question

sowee avatar image
sowee asked

Custom purchase validation

Hi!

In my game, some items can be unlocked by completing levels. This is managed in custom data in playfab. I'm currently only allows the client to click on the purchase button if the item is unlocked, then I call PlayFab.PlayFabClientAPI.PurchaseItem from Unity to complete the purchase. However, I'd like to add a server side validation to prevent a hacked client from completing purchases even if the item is locked. What would be a good way to do this? Can I abort the transaction using cloud script for an event? Should I write a "PurchaseItem" custom cloud script function that runs the custom validation then calls the real PurchaseItem?

Thanks!

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
v-humcin avatar image
v-humcin answered

A "PurchaseItem" custom cloud script function that verifies that a user is eligible to purchase an item before carrying out the purchase could work depending on how complex the logic needs to be. There is no "PurchaseItem" call in the server API so you would need to have additional api calls for subtracting virtual currency and granting items within the cloudscript, along with the checks against custom data to ensure that a user is eligible.

As long as your required logic will fit within the limits specified for cloudscript execution in the "Limits" section of your game manager, such as "cloudscript execution time" then this could work for you.

6 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

sowee avatar image sowee commented ·

I guess I'd also need to make sure the subtraction of virtual currency and granting of the items act as an atomic operation, I think the PurchaseItem client API call does that behind the scenes?

0 Likes 0 ·
v-humcin avatar image v-humcin ♦ sowee commented ·

Some form of error handling would be good, making it a true atomic operation within cloud script isn't feasible, but logging unforeseen errors can help you do some error correction if one of the calls fail within the cloud script.

It is also important to note that if you went this route, you would also want to disallow the normal "PurchaseItem" call in the API policy to make sure it cannot be called.

Another method for tackling this problem that is worth mentioning is using store segment overrides. However this method would not work as well if you have a large number of items that become unlocked individually. If your game could be configured in a way that beating certain levels will unlock "tiers" of unlocks that could be represented by a statistic rather than custom data then this could work for you.

1 Like 1 ·
sowee avatar image sowee v-humcin ♦ commented ·

For instance, some levels would increment a "upgrade tier" stat and then I'd create segments for players for each tier? I'll have to check how segments are used in store for the final part. Is there a way for players to still see the items even if they are not in the segment? For instance show the item in all store segments but only allow to buy in the appropriate segment?

0 Likes 0 ·
Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.