Search Unity

  1. Unity 6 Preview is now available. To find out what's new, have a look at our Unity 6 Preview blog post.
    Dismiss Notice
  2. Unity is excited to announce that we will be collaborating with TheXPlace for a summer game jam from June 13 - June 19. Learn more.
    Dismiss Notice
  3. Dismiss Notice

Question Unity IAP - Server-side validation

Discussion in 'Unity IAP' started by mmiro1, Jun 21, 2023.

  1. mmiro1

    mmiro1

    Joined:
    Oct 5, 2021
    Posts:
    3
    Hello,

    I am implementing purchases for iOS devices using the Unity IAP, and I wanted to be capable of verifying those purchases from the server side. I found out about the verifyReceipt request, which was perfect for my case, and after implementing it, I saw that it is deprecated. I have been searching for a similar way of validating the transactions but haven't found a similar system. Other alternatives that I have seen depend on having the device making the validation, which I want to avoid, or seem to be for subscriptions and not consumable purchases.

    Does anyone know about a similar way for doing this validation on server side using Unity IAP?

    Apple doc for the verifyReceipt request: https://developer.apple.com/documentation/appstorereceipts/verifyreceipt

    Thank you!
     
  2. Baroni

    Baroni

    Joined:
    Aug 20, 2010
    Posts:
    3,290
    Hi there!

    Validating receipts on the device is indeed not a secure method at all and should only be used for checking the general correctness of the receipt at best. For server-side validation, there are several ways available:

    - run your own server that receives receipt requests from your users and validates them with the App Stores, then returns the result back to the app
    - use a service that manages servers and offers receipt validation endpoints, but is mostly limited regarding re-validations like PlayFab or Unity Gaming Services

    Therefore, I would like to introduce you to my asset, the Receipt Validator :)
    This is a managed service with a free plan, that can validate non/consumable products with Google or Apple at the time of purchase. On a paid plan, you could also make use of subscriptions and user inventory, so users request their purchase inventory when launching the app, and nothing is stored locally (further reducing the risk of hacks). The documentation has a quick start and store-specific guides to get you going quickly. Currently the service already validates thousands of purchases each month. If you're interested, create an account and ask more questions in a support ticket, or here ;)