Skip to content

In App Purchase Validation

In-App Purchase Validation in ChilliConnect allows your game to verify that purchases completed by players on your device are legitimate and not faked using previous or invalid purchase data in an attempt to acquire extra in game items or currencies without paying for them.

Using ChilliConnect to validate In-App Purchases ensures that the purchase is a valid purchase (by verifying with external services for Amazon and Apple and verifying signature data with Google) and also that the purchase is not using a receipt that has been seen before. Each validation attempt is logged and saved by ChilliConnect so that subsequent requests using the same receipt are rejected.

The In App Purchase module in ChilliConnect allows you to perform standalone validation of purchases. In the majority of cases, you will also want to securely credit the players account with either in game currency or item rewards once the purchase has been validated - you can do this with the the Real Money Purchase object within the game Catalog feature. For a detailed walkthrough on how to implement a full end-to-end In App Purchase system in Unity with ChilliConnect, see the In App Purchase tutorial.

Settings

ChilliConnect supports In-App Purchase Validation for Google Play, the Apple App Store and the Amazon AppStore. To configure your game to work with In-App Purchase Validation, select the "IAP Settings" tab from the game view, and then the "Edit IAP Settings" button.

IAPs

The following settings are available:

Amazon Shared Secret This is available from the Amazon Developer Portal. This can be difficult to find. This direct link should take you to the page that displays the shared key. The link is also provided as part of the Amazon Documentation on verifying In App Purchase receipts
Amazon Sandbox

Whether or not use the Amazon Sandbox Verification Server to validate In-App Purchase receipts for Amazon. This should be checked during development and testing when you are generating test receipts using the Amazon App Tester App.

When this is checked, ChilliConnect will use its instance of the Amazon Receipt Verification Sandbox server, rather than the actual server, to validate amazon receipts. The Sandbox server will verify the format of provided receipt data, but will not check it is an actual valid receipt, or that the shared secret you have provided is correct. This allows you to ensure that from your game you are providing the correct receipt information before testing with actual In-App Purchases prior to launch.

Google Play License Key

This allows ChilliConnect to verify that an In-App Purchase is valid by checking the PurchaseDataSignature against the provided PurchaseData. Your Google Play License Key is available from the Google Play Developer Console. From the "All Applications" view, select your game, then "Services and APIs" under "Development tools". This page should display the License Key under "Licensing & in-app billing":

Copy and paste this value into the settings dialog

App Store Sandbox Whether or not to use the Apple App Store Sandbox to verify apple In-App Purchases. You should configure this based on how your game is currently configured to implement In-App Purchases. Usually, in development and test you will have this value checked.

Viewing purchases

From the ChilliConnect dashboard, you can select the "IAPs" menu option to view a list of all In-App Purchase validation attempts that have been made. Invalid purchases that were rejected by ChilliConnect are show in red.

IapList

To view more details for a particular In-App Purchase attempt, select the item in the table.

IapView

Automatically Recording IAPs

There is an option on the Dashboard to automatically record IAPS when calling any of the validation endpoints. This option can only be enabled if the setting to automatically begin sessions on login is enabled however. When both of these options have been activated each successful validation of an IAP will be recorded into your Metrics. It's important to note that when these options have been turned on LocalCost and LocalCurrency will become required attributes in the validation requests. LocalCurrency is also restricted to be ISO-4217 format only, so any value sent up that is not ISO-4217 will cause an exception to be thrown.

Validating purchases

Depending on the type of In-App Purchase you are attempting validate (Amazon, Google or Apple), ChilliConnect requires different information that must be obtained from the vendor's In-App Purchase SDK. The API documentation for ChilliConnect specified what information is required, as well how to obtain this information from the vendors SDK. The below table summaries the API methods available to your game to validate in app purchases, as well as the relevant links to the vendor documentation:

Vendor ChilliConnect API Information Required Vendor Documentation
Google ValidateGoogleIap Purchase Data, Purchase Signature Implementing In-app Billing
Amazon ValidateAmazonIap ReceiptID and UserID Implementing In-App Purchasing
Apple ValidateAppleIap Receipt Validating Receipts With the App Store