Sorry for my english first.
Hello,Im making an android/ios application.
It has only consumable(Non-subscriptable) items like 100 gems, 500 gems
And i would record it on db, to check user’s in-game item purchasement.
But, i cant find a way to validate revenuecat transcation_id in server-side.
I’m now sending transaction_id after restore via REST API to my server.
But If, the endpoint might be exposed, Hackers can send any id via API and server can’t validate it.
Can i know the solution of it.