Receipt Validation Questions



  • I integrated SIS into my app and I'm using the on-device validation system, but my analytics still show me getting tons of "purchase complete" transactions with very few corresponding transactions in the official iTunes sales report, so I seem to have a fair bit of fraud.

    1. Are there any extra steps needed to activate on-device validation for iOS? The 5 Step process in the SIS documentation is mostly about the Google Play Public Key, no mention of iOS. I did Steps 4 & 5, but I might be missing something else.

    2. Is there a callback function for validation failure? I'd be curious to compare the numbers. If I'm getting 100 false "purchase complete" events a day it seems like validation isn't working, but if I'm getting 5,000 "validation failed" events in the same time then it's working almost perfectly!

    3. Is the server-side validation only for subscriptions? The documentation only seems to mention subscriptions (phrases like "If you want to use and verify subscriptions in your game, you will have to set this key" in SIS documentation, and "The app-specific shared secret is a unique code to receive receipts for only this app’s auto-renewable subscriptions" in App Store Connect), but it would be nice to have an extra layer of fraud detection for plain old IAPs.

    Thanks in advance!



    1. Client-side receipt validation is the least protective solution against fake purchases, due to it happening only locally. Client-side receipt validation is not something developed in Simple IAP System, but supported and implemented in Unity IAP itself. As written in its official documentation, there are no further instructions for iOS.

    https://docs.unity3d.com/Manual/UnityIAPValidatingReceipts.html

    1. No separate callback, please open the ReceiptValidatorClient script and search for "failed".

    2. No. Server-side receipt validation is absolutely needed for subscriptions, as otherwise you would not be able to check for expired subscription products for removing access to them. That's why they are mentioned explicitly in that documentation section. However, server-side receipt validation verifies any type of product - consumable, non-consumable and subscription products. I'm not sure where you got that last sentence from which mentions auto-renewable subscriptions.



  • Great, thanks for the extra info! :)

    One more question, if you would. I removed the "Receipt Validator Client" script from the prefab and re-commented out the lines just in case, and then followed the instructions to add the server version, (Added the server script to the IAPManager prefab in my scene, set verification type and URL, edited the necessary lines in the PHP script on my server, built and launched on iOS as a Development Build.), but I'm getting a null reference.

    Here's the error from Xcode...

    NullReferenceException: Object reference not set to an instance of an object.
      at SIS.ReceiptValidatorServer+<WaitForRequest>d__5.MoveNext () [0x00000] in <00000000000000000000000000000000>:0 
      at UnityEngine.SetupCoroutine.InvokeMoveNext (System.Collections.IEnumerator enumerator, System.IntPtr returnValueAddress) [0x00000] in <00000000000000000000000000000000>:0 
    

    Does that ring a bell?



  • Unfortunately not. Could you debug more precisely to find out which line or variable is causing that NRE inside WaitForRequest?


Log in to reply