CODEWITHSUNDEEP
flutterin-app-purchase
Benjamin Az
Benjamin Az

Reputation: 31

How to perform the verification off the In-App purchase?

I have just implemented the In-App purchase on my Flutter App. I saw on various documentations that we should always verify the purchase prior to provide the benefits, but I can't figure out what that is really means.

The PurchaseDetails object provide the followings properties:

  • purchaseID
  • productID
  • verificationData
  • transactionDate
  • status

How are we supposed to use them for the verification ?

Thank you for your help, Benjamin

Upvotes: 1

Views: 3762

Answers (1)

utkarsh
utkarsh

Reputation: 71

but I can't figure out what that is really means.

It simply means that as a service provider, we should be double-checking a successful transaction with the payment processing authority (which is Google/Apple for Android/iOS IAP respectively) to prevent any form of fraud.

How are we supposed to use them for the verification ?

https://pub.dev/documentation/in_app_purchase_platform_interface/latest/in_app_purchase_platform_interface/PurchaseVerificationData-class.html

PurchaseDetails.verificationData exposes two kinds of data (they are used the way they are named):

  • localVerificationData
  • serverVerificationData

Purchase receipt verification can be done either locally (i.e. on the client app) or on (your) server side. Server-side implementation is recommended for security reasons.

Now, this is where verificationData behaviour for iOS and Android changes.

Without going too much into the references (I think they are quite self-explanatory):

  • In case of iOS, localVerificationData=serverVerificationData, and the purchase can be verified either by hitting the verifyReceipt endpoint (can be done either on server-side or client-side), or decrypyting the data on the client/server-side and parse the decrypted data manually.

  • In case of Android, localVerificationData carries the ProductPurchase data, that is otherwise returned by using the token provided by serverVerificationData to request the aforementioned REST endpoint. A purchase is considered 'verified' if purchase status is PURCHASED.

You may also have take care of other situations, depending on your use case.

Hope that the references linked above are useful.

Upvotes: 7

Related Questions