Android Subscription and unique receipt

Hi,
I got a problem with Subscription and renew (again). On our server, we store the transaction ID to prevent replay of already use iap. On previous version IAP was formatted like GPA-12345-67890-12345 and …1 …2 …3 for renew. Now all the renew are the same format, the receipt is always the same. Is there a way to have a different receipt with each renew of a subscription? Or is there other way to check if a receipt subscription if valid server side?

We are using the purchaseToken now instead of of the OrderID, which was not consistent. Search this page for purchaseToken for more information https://discussions.unity.com/t/632966 page-2

how I understand subscription for Android:

When you buy a subscription, it gives you a receipt on the subscription product.
As long as you got a receipt on a product, that mean you are subscribed. With the receipt you have access to the SubscriptionManager.getSubscriptionInfo()
If I made a solo game, that’s fine, I can handle this informations to disable advertisements or anything usefull.

On my case, I need to tell the server that I just bought a subscription, so I send it the receipt and the server validate the receipt for this period of time and save the transaction ID.
At the end of the period, server disable player bonuses for subscription and the player have to renew the sub.

Since the change of transaction ID, purchasetoken never change from one period of time to another (it used to change with old system and the order-id format with …1 …2 etc).
Does the test purchase change anything? (renew at 7 min and every 5 minutes later for 5 times)
Else if it’s not a test purchase issue, what is the solution to validate server side my receipt to keep security and prevent hacker to replay previous transaction every month?

The funny thing is a receive email for each renew in test mode with the previous format of order id GPA.1234-5678-9012-34567…1 / …2 etc…

What is wrong in my understanding of the process?

Thank you for all the good job on this forum

I’m not sure about this “At the end of the period, server disable player bonuses for subscription” you would not do this on YOUR server, you need to check the product to see if the user still has a receipt, not on your server. If the user has a receipt in the product controller, the subscription is active. Users are not able to purchase multiple or overlapping subscriptions, the the Google billing API that we use would not allow it.

We are facing 2 issues if we just check this on the client:

  • The game is a realtime MMO, so when I subscribe and cancel the sub, the player should not got the subscription bonuses. If I just check on the client, this is a possible hack.
  • How can I track purchase if nothing change on the receip?

No, it’s not a possible hack. The store won’t allow you to purchase duplicate or overlapping subscriptions. If there is a receipt, there is a subscription.

Also, you might want to review this (long) thread. We are working on improved server-side support for IAP https://discussions.unity.com/t/836665

Thanks a lot. We found a solution with google API and the receipt from the client. Thanks a lot for your time

Can you elaborate what your solution was, so it may help others? thx

Ok, the issue was our application server need to know if the client is subscribed and when the subscription expire.

Here is the process:

1 Like