Microsoft Azure PlayFab logo
    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Add-ons
    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA
  • Runs on PlayFab
  • Pricing
    • Blog
    • Forums
    • Contact us
  • Sign up
  • Sign in
  • Ask a question
  • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges
  • Home /
  • API and SDK Questions /
avatar image
Question by tudorjude47 · Sep 12, 2016 at 03:43 PM · CloudScriptsdks

Question regarding store validation client APIs (for AppStore and GooglePlay store)

Hello,

First of all I'd like to show my appreciation for what you guys did with playfab, it's been great implementing it in my game. On to the problem now : Currently, the iOS and googleplay validation API calls are only handled on the client side. My problem is that once the user has his/her purchase validated on the client I should give them some hard currency and update their inventory on playfab with the new amount of currency, but this is open to exploitation since i'd call a "GiveHardCurrency" script in the client's validation callback. So the current flow would be:

client.purchase ->client.OnSpecificStoreCallbackSuccess -> client.playfabValidate -> client.OnValidationSuccess -> client.callServerScriptThatGivesMeMoney -> server.giveMoney.

The exploitable part is client.callServerScriptThatGivesMeMoney because the validation callback happens in the client. Is there anyway that i could have this validation happen on the server somehow?

Thanks

Comment

People who like this

0 Show 0
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

1 Reply

· Add your reply
  • Sort: 
avatar image
Best Answer

Answer by Brendan · Sep 12, 2016 at 06:35 PM

Thanks! It sounds like what you really want to do is use our receipt validation API calls, since they're entirely server authoritative. The way it works is that you set up items in the PlayFab Catalog (including bundles that hold Virtual Currency, for example), set their prices there or in Stores, and then use the appropriate receipt validation call. What we do is take the receipt you send to us, check that it's valid, that it's actually for your title, that it's for an item in your catalog, and that it has never been used before, and then (and only then) add the item purchased to the player inventory. This write-up is a little out of date (we're about to produce an update), but it does provide all the details for iOS and Android (we'll be adding Amazon's as part of the update): https://playfab.com/show-me-money-receipt-validation-ios-and-android/.

You would then use PurchaseItem for any VC purchases. It checks that the player actually has the amount of currency it takes to purchase the item from your Catalog/Store (which again, is where you define the prices), adds the item(s) and removes the VC.

Comment

People who like this

0 Show 0 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Your answer

Hint: You can notify a user about this post by typing @username

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Navigation

Spaces
  • General Discussion
  • API and SDK Questions
  • Feature Requests
  • PlayStream
  • Bugs
  • Add-on Marketplace
  • LiveOps
  • Follow this Question

    Answers Answers and Comments

    No one has followed this question yet.

    Related Questions

    Getting InvalidDropTable when calling EvaluateRandomResultTable 1 Answer

    Where should I write cloud script code? ,Where do I actually write cloud script code? 1 Answer

    UE4 C++ ExecuteCloudScript FunctionParameter 1 Answer

    Are Epic Games Store SDK API calls available as a REST API callable by a Cloud Script? 1 Answer

    Is it possible to use custom payment providers? 1 Answer

    PlayFab

    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Runs on PlayFab
    • Pricing

    Solutions

    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA

    Engineers

    • Documentation
    • Quickstarts
    • API Reference
    • SDKs
    • Usage Limits

    Resources

    • Forums
    • Contact us
    • Blog
    • Service Health
    • Terms of Service
    • Attribution

    Follow us

    • Facebook
    • Twitter
    • LinkedIn
    • YouTube
    • Sitemap
    • Contact Microsoft
    • Privacy & cookies
    • Terms of use
    • Trademarks
    • Safety & eco
    • About our ads
    • © Microsoft 2020
    • Anonymous
    • Sign in
    • Create
    • Ask a question
    • Create an article
    • Post an idea
    • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Explore
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges