IOS Receipt validation after restore purchase

Question

question

azhdanov@specialbit.com asked Sep 27, '16

IOS Receipt validation after restore purchase

Hello!
I use PlayFabClientAPI.ValidateIOSReceipt in UnityIAP and it's work fine for first item's purchase. But after uninstalling game & trying to restore previously purchased item, I get error in ValidateIOSReceipt error callback:
{
"code": 400,
"status": "BadRequest",
"error": "ReceiptAlreadyUsed",
"errorCode": 1022,
"errorMessage": "iTunes validation result: 0 (Success) from https://sandbox.itunes.apple.com/verifyReceipt",
"CallBackTimeMS": 1256
}

So, should I validating the restoring items via Playfab or I should skip this step & unlock item immediately

In-Game Economy

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 1 · 2017-03-14T01:09:06Z

brendan answered Mar 14, '17

Our sincere apologies for the confusion on this issue. The issue here was one of confusion between "refresh" and "restore" receipts, and we're fixing all documentation to clarify this. In point of fact, the correct process is to submit the receipt obtained via a call to the restoreCompletedTransactions method of SKPaymentQueue in the Store Kit (https://developer.apple.com/reference/storekit/skpaymentqueue/1506123-restorecompletedtransactions). That receipt will contain updated receipts for all non-consumable purchases made by the player, and so will restore purchases made in another account.

Again though, one thing to bear in mind is that this does provide a hacked client with a way to get multiple instances of non-consumable goods, by hitting the restoreCompletedTransactions call multiple times, and using all those receipts. While this would, ultimately, only cause problems for the player (since it would cause the inventory to fill up with these items if they did this a lot), a safer route would be to only sell virtual currencies (a consumable good) in the iTunes store, and then use that VC to make purchases of digital goods via your game's Catalog (using PurchaseItem). And, of course, the best route is always to make sure you can reliably get the player back to their original account on any device by incorporating alternate authentication systems, like Facebook, Twitch, and Google whenever possible.

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 2 · 2016-09-27T21:47:24Z

brendan answered Sep 27, '16

[Edit: Correction - please see the answer above for the way to handle restoring purchases in iOS]

2

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

azhdanov@specialbit.com commented · Sep 27, 2016 at 10:13 PM

I use multiple accounts: at start of game i'm trying to login with GameCenterId(CreateAccount set to true), if it not possible, i trying to login with Facebook(CreateAccount set to false), and even after that I not logged, then I trying to login with DeviceId(CreateAccount set to true). After succeful login i link other accounts to exist playfab account. But as for the rest you are right. I use Unity IAP system, so right now i can't try your suggestion.

0 ·

brendan azhdanov@specialbit.com commented · Sep 27, 2016 at 11:17 PM

The first call, to log in with the Game Center ID, shouldn't fail if you're setting CreateAccount to true. If you're specifying a Game Center ID that exists, it'll log you into that account. If not, it'll create an account and log you into that. One thing to note is that Game Center IDs do not provide any OAuth (or similar) protection on sign-in. While those IDs should be kept secret, they are somewhat weak from a security standpoint. For iOS, I prefer to save a GUID (or the original login device's ID) to the Apple Keychain, so that I can re-use that for login later.

0 ·

question