Hello,
First of all I'd like to show my appreciation for what you guys did with playfab, it's been great implementing it in my game. On to the problem now : Currently, the iOS and googleplay validation API calls are only handled on the client side. My problem is that once the user has his/her purchase validated on the client I should give them some hard currency and update their inventory on playfab with the new amount of currency, but this is open to exploitation since i'd call a "GiveHardCurrency" script in the client's validation callback. So the current flow would be:
client.purchase ->client.OnSpecificStoreCallbackSuccess -> client.playfabValidate -> client.OnValidationSuccess -> client.callServerScriptThatGivesMeMoney -> server.giveMoney.
The exploitable part is client.callServerScriptThatGivesMeMoney because the validation callback happens in the client. Is there anyway that i could have this validation happen on the server somehow?
Thanks