I'm working on a workflow where the user buys a "coin" (one-time product) in-app.
The token is used to consume an external service, provided by a server component, that is not running on the phone where the app is running.
The server component is run by the company I work for, so it can be customized at will.
I'm planning on sending the PurchaseToken to the server after acknowledging the purchase (I'm referring to the in-app purchase sample provided here: https://www.b4x.com/android/forum/threads/googleplaybilling-in-app-purchases.109945/).
How can I be sure (server-side) that the received purchased "coin" is regularly acquired using the app and not a forged one?
Is there a way for a server to verify that the received PurchaseToken matches a Google Play one-time product that was purchased successfully?
The token is used to consume an external service, provided by a server component, that is not running on the phone where the app is running.
The server component is run by the company I work for, so it can be customized at will.
I'm planning on sending the PurchaseToken to the server after acknowledging the purchase (I'm referring to the in-app purchase sample provided here: https://www.b4x.com/android/forum/threads/googleplaybilling-in-app-purchases.109945/).
How can I be sure (server-side) that the received purchased "coin" is regularly acquired using the app and not a forged one?
Is there a way for a server to verify that the received PurchaseToken matches a Google Play one-time product that was purchased successfully?
