Question

Why payment verification is so hard?

  • 12 August 2022
  • 0 replies
  • 47 views

Badge +1

Hello,

We are looking for ways to integrate RevenueCat to our payment process but we are having a bit hard time to understand why payment verification in the server side is so hard or are we missing something?

For the context, we are selling digital goods and our backend server needs to verify payments before completing the purchase flow and unlock the items for use of the client. The only way to achieve this at the moment [1] is using RestAPI and calling ` /subscribers` endpoint [2] but this seems a bit fragile because:

  • SDK returns all purchases (historically) for a product as an array, so client needs to iterate this array and find the corresponding revenueCatId of the purchase that is being made. Lets assume that the last item is the last purchase, so sending that to our backend-server.
  • Our backend calls ` /subscribers` endpoint which returns all purchases for all products for a subscriber. So the logic is the find the revenueCatId sent from client in this list for the product, check the timestamps and make sure that is not processed before. But we are not sure what happens if subscriber has many items, if some of them will be truncated from the response, is there a pagination etc. Also calling this endpoint and loading all purchases historically doesn’t sound very ideal just to verify a purchase.

What we were expecting instead to get a token in client - as a response purchase method of the SDK. Ideally this token would be a JWT which contains unique purchase id, amount etc, and it is valid only short time and signed by your private key. So we would then only be verifying this token with your public keys in our backend. Since this token is short-lived, it would be very straightforward for us to verify it is not processed before. We wouldn’t need to call any endpoint in this case.

 

So we would like to know if you have plans to introduce a token based verification or improve this verification process in any other way? Or, do we miss something about RevenueCat and trying to solve problems that RevenueCat is not aiming to be a solution in the first place?

Thanks.

 

 

[1] -

[2]- https://docs.revenuecat.com/reference/subscribers


0 replies

Be the first to reply!

Reply