Sorry for my english first.
Hello,Im making an android/ios application.
It has only consumable(Non-subscriptable) items like 100 gems, 500 gems
And i would record it on db, to check user’s in-game item purchasement.
But, i cant find a way to validate revenuecat transcation_id in server-side.
I’m now sending transaction_id after restore via REST API to my server.
But If, the endpoint might be exposed, Hackers can send any id via API and server can’t validate it.
Can i know the solution of it.
+6
Hey
Do you have the SDK installed in your app or are you utilizing only the API? If you are using the SDK, RevenueCat will actually validate the transaction from the store for you when the user purchases the product, so you don't need to do this yourself from the server. Otherwise, if you’re just looking for a way to get the transaction_id to your server in order to grant access to the consumables, I’d recommend Webhooks, which will include the transaction_id as well as the app user id you can use to identify the user. You can also find the transaction id in the response from the GET /subscribers REST API endpoint: https://www.revenuecat.com/reference/subscribers#the-non-subscription-object
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
